Add role to result of OESS::DB::User::get_workgroups #1155
Comments
|
SQL Script to perform tasks of adding column, modifiying existing connections and removing type column from user all in the scripts folder. Current implementation makes normal users admins, however may switch to normal for security purposes. Parameter removal and addition self explanatory |
|
Authorization separated into two separate functions now housed in OESS::DB::User::authorization_system and OESS::DB::User::authorization_workgroup. Done in an effort to help facilitate the new design goals for workgroup based roles. |
|
Created new functions for adding, editing, and removing a user in the new Database format. Modified the add_user_to_workgroup in new database. In addition added an edit role function to help with new Grouper_ui. Backend work essentially finished at this point moving on to making the changes on the frontend which will be used as API calls in essence. |
|
Finished Writing test cases for all the new User functions. 2 Test cases for add_user and delete_user |
|
Finished Writing test cases for all the new Workgroup functions. 3 test cases add_user |
|
Noticed decom_workgroup function in admin.cgi is unfinished. |
|
add_workgroup function doesn't require a description, so we can't immediately add it over to the new db function for creating a new workgroup unless we want to define a default description or add the field for description in the form. |
|
acl.cgi does not exist |
|
System Checks added for entity.cgi Used workgroup checks where able. Used for every function other than _,may_modify_entities as it already had some way of checking. |
|
OESS::User needs to be updated to reflect the removal of the type field from the db. Possibly also the OESS::Workgroup |
|
Decided to actually flip what I had originally done in entity.cgi and decided to update the checking in _may_modift_entities instead of refactoring the each processes internal checking. Is Update every called on its own? Its missing the initial checks that most other functions in circuits.cgi have. |
|
Finished making initial modifications to circuits.cgi |
|
Finished making initial modifications to vrf.cgi |
|
Didn't make any changes to data.cgi all access checks weren't affected by the database changes. The file is in need to being refactored away from Database.pm towards using DB.pm and its subfiles, but currently no reason to change anything. |
|
User.cgi didn't have anything that required permissions checking. |
|
Updated the authorization checking in the main function of admin/maintenance.cgi. Assuming there is no reason to check on a individual methods as they all require the same level of admin access. |
|
current authorization check is good enough in command.cgi Uses new DB doesn't check user type. |
|
Interface.cgi has a function register_rw_methods with no code written in it. It also currently has no checking for permissions. So No way to update the checks. |
roleto mysql tableuser_workgroup_membership. Valid values areadmin,normal, andread-only.typenormalshould be granted aroleofadminin each of their workgroups. Users oftyperead-onlyshall be granted a role ofread-only.typefrom user table.typeparameter fromadmin/admin.cgi?method=add_userroletoadmin/admin.cgi?method=add_user_to_workgroupadmin/admin.cgi::authorizationto use modified user permissionsacl.cgito use modified user permissionsentity.cgito use modified user permissionscircuit.cgivrf.cgito use modified user permissionsdata.cgito use modified user permissionsuser.cgito use modified user permissionsadmin/maintenance.cgito use modified user permissionscommand.cgito use modified user permissionsdata.cgito use modified user permissionsinterface.cgito use modified user permissionsThe text was updated successfully, but these errors were encountered: