-
Task
-
Resolution: Done
-
Normal
-
None
-
None
-
False
-
-
False
NOTE: the ui portion of this is handled in https://issues.redhat.com/browse/AAH-2016
There are a couple of issues this aims to address:
- The list of permissions we expose in the UI is currently hardcoded in the UI in constants
- The list of model permissions we track for users are currently hardcoded in the API under _ui/v1/me/
Whenever a new permission is added, it has to be updated in the UI and API separately. We should make the following changes to address this.
1. Move all the permissions we care about to the api under galaxy_ng/app/constants.py. The data structure for this should look like:
PERMISSIONS = {
"ansible.upload_to_namesapce": {
# Short name to display in the UI
"name": "Upload collections",
# Description to use when the permission is being assigned to a specifc object
"object_description": "Upload collections to this namespace.",
# Description to use when the permission is being assigned globally
"global_description": "Upload collections to any existing namespace.",
# Category to group the permission in the UI.
"ui_category": "collection_namespace"
},
"galaxy.my_permission": {
[...]
}
}
2. Update the _ui/v1/me/ endpoint to iterate through each permission here and return the following:
{
"permissions": {
"ansible.upload_to_namesapce": {
"name": "Upload collections",
"object_description": "Upload collections to this namespace.",
"global_description": "Upload collections to any existing namespace.",
"ui_category": "collection_namespace",
"has_model_permission": true
},
"galaxy.my_permission": {
[...]
}
}
}
3. Update the UI to load permissions and their descriptions from the "me" endpoint. This will include getting rid of all the permissions hardcoded into constants.
The list of permissions should include everything that is in the current LOCKED_ROLES configuration. Descriptions, names and categories for the roles can be copied from the UI: