From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>,
"PVE development discussion" <pve-devel@pve.proxmox.com>,
"Tim Marx" <t.marx@proxmox.com>
Subject: Re: [pve-devel] [PATCH v3 access-control] add ui capabilities endpoint
Date: Thu, 10 Sep 2020 10:19:24 +0200 [thread overview]
Message-ID: <008ff748-78d4-ec63-9680-e6129cf7993d@proxmox.com> (raw)
In-Reply-To: <1599724494.q0shm5qvme.astroid@nora.none>
On 10.09.20 10:00, Fabian Grünbichler wrote:
> On September 9, 2020 9:00 pm, Thomas Lamprecht wrote:
>> On 06.07.20 14:45, Tim Marx wrote:
>>> Signed-off-by: Tim Marx <t.marx@proxmox.com>
>>> ---
>>> * no changes
>>
>> Maybe we could merge this into the "/access/permissions" endpoint, maybe with a
>> "heurisitic" parameter?
>
> IIRC Dominik wanted to slowly replace the caps with permissions anyway,
> the caps are just (still) there because that hasn't happened yet.
>
I wanted that too sine a long time ;-) But that did not made it happen yet..
> I am also not sure whether tokens are a good fit for the regular Web GUI
> - the fact that tickets expire and you are not permanently logged in is
> a feature there IMHO ;)
nobody forces you to use it, and any user can just do the few modifications
and run the gui with tokens, artificial limits for such things are stupid IMO.
Further:
* and active log-out clears it, so people who use it and want to play safe can
do so. I mean, on most sites one is logged in for a few hours to even days,
so if you used a shared or not 100% trusted device you already need to
actively log out from all relevant sides, independent of they use self-expiring
tickets, or something else.
* It's effectively not advertised actively, so mostly for debug use for us.
We could show a hint if a token is entered, though.
"Tokes do not automatically expire, you need to actively log out for that."
> also, permissions has a return schema already, while it does 'match'
> from a structural point of view (a two-level deep hash), it is something
> altogether different semantically.
as the semantics are actively controlled by the requested via a switch that
does not matters much, IMO. They then actively request another semantic.
> TL;DR: iff we really need this, then I'd put it in a separate API call.
We could also just do the "cap heuristic calculation" in the frontend, using
the full permissions, and fill the Cap object with it.
This avoids a new api call or new multiplexer switch for an existing one but
does not needs to restructure the whole UI cap control, yet.
next prev parent reply other threads:[~2020-09-10 8:19 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20200706124544.2126341-1-t.marx@proxmox.com>
2020-09-09 19:00 ` Thomas Lamprecht
2020-09-10 8:00 ` Fabian Grünbichler
2020-09-10 8:19 ` Thomas Lamprecht [this message]
2020-09-10 8:23 ` Fabian Grünbichler
2020-09-10 8:28 ` Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=008ff748-78d4-ec63-9680-e6129cf7993d@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=f.gruenbichler@proxmox.com \
--cc=pve-devel@pve.proxmox.com \
--cc=t.marx@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox