From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
Dominik Csapak <d.csapak@proxmox.com>
Subject: Re: [pve-devel] [PATCH common/cluster/qemu/container/wt/manager v7] add tags to ui
Date: Fri, 16 Sep 2022 09:19:31 +0200 [thread overview]
Message-ID: <075c15f6-15e2-caf1-8605-a9bf53f0ad05@proxmox.com> (raw)
In-Reply-To: <20220621092012.1776825-1-d.csapak@proxmox.com>
Am 21/06/2022 um 11:19 schrieb Dominik Csapak:
> this series brings the already existing 'tags' for ct/vms to the gui:
> * tags can be edited in the status toolbar of the guest
> * existing tags will be shown in the tree/global search/resource grids
> * when editing a tag, a list of existing tags will be shown
> * by default, the color is (consistently) autogenerated based on the
> text
> * that color can be overriden in datacenter -> options (cluster wide)
> (edit window for browser local storage is TBD)
> * by default, the text color is either white or black, depending which
> provides the greater contrast (according to SAPC)
> * this text color can also be overridden
> * there are multiple shapes available for the tree (see [0])
> * adds new 'admin' tags that need higher privliges, these can then be
> used to enable features like 'inlude in backup by tag', etc.
I didn't find the permission semantics for non-admin tags when skimming
the series, but after thinking about it off an on again recently I figure
that it could be seen as quite problematic in general to even assign existing
tags, then visible in the resource view, if the user got only limited privileges
to a VM; and that it could be quite problematic for such users to create new
ones, allowing typo squatting, slurs, ...? to have ill effects to other users
or admins of the same system/cluster. I mean to a certain degree this can be
correlated to the permission semantics of the hostname, but still there's more
of them and they're way flashier.
One method could be (always talking about non-admin tags for now):
* allow unrestricted usage of those for users with Sys.Modify on / + the rights
on the object to modify (i.e., for guests that would be VM.Modify on /vms/<vmid>)
* for users without the powerful Sys.Modify on / we could give the admins the decision,
for example through a datactenter.cfg property that could work like:
user-tag-privs: useable=<none|existing|free|list>[,list=<tag1;tag2;...>]
Meaning:
- useable=none -> only users with powerful Sys.Modify -> / can configure tags
- useable=existing -> currently existing tags can be used, the list could be added
as base-set (so that users that only got one VM can actually set some)
- useable=free -> existing can be used freely and new ones can be added freely,
the list would only act as base suggestion set.
- useable=list -> well, the list reflects all allowed tags to use (independent
if they exist for that users POV or don't).
This would be still orthogonal to admin:tags (as their purpose is to avoid users
adding a possible OK tag to a unwanted guest due to actions like backup using said
tag).
ps, semi-related. I'd like (as it not strictly insist on that, but I find it a bit
too ugly to do) to not further extend the already misused /version call if possible.
I just find it unidiomatic and adding a new one now with the current extra info would
be possible, we then could remove that extra info from /version with the next major
release.
next prev parent reply other threads:[~2022-09-16 7:20 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-21 9:19 Dominik Csapak
2022-06-21 9:19 ` [pve-devel] [PATCH common v7 1/2] JSONSchema: refactor tag regex Dominik Csapak
2022-09-20 11:37 ` [pve-devel] applied: " Thomas Lamprecht
2022-06-21 9:19 ` [pve-devel] [PATCH common v7 2/2] JSONSchema: pve-tag: add syntax for 'admin' tags Dominik Csapak
2022-06-21 9:19 ` [pve-devel] [PATCH cluster v7 1/3] add CFS_IPC_GET_GUEST_CONFIG_PROPERTIES method Dominik Csapak
2022-06-21 9:19 ` [pve-devel] [PATCH cluster v7 2/3] Cluster: add get_guest_config_properties Dominik Csapak
2022-06-21 9:19 ` [pve-devel] [PATCH cluster v7 3/3] datacenter.cfg: add option for tag-style Dominik Csapak
2022-06-21 9:19 ` [pve-devel] [PATCH widget-toolkit v7 1/3] add tag related helpers Dominik Csapak
2022-09-14 14:15 ` Aaron Lauterer
2022-06-21 9:19 ` [pve-devel] [PATCH widget-toolkit v7 2/3] add class for 'admin' tags Dominik Csapak
2022-06-21 9:19 ` [pve-devel] [PATCH widget-toolkit v7 3/3] Toolkit: add override for Ext.dd.DragDropManager Dominik Csapak
2022-06-21 9:19 ` [pve-devel] [PATCH qemu-server v7 1/1] api: update: check 'admin' tags privileges Dominik Csapak
2022-09-14 14:15 ` Aaron Lauterer
2022-09-15 11:46 ` Dominik Csapak
2022-06-21 9:19 ` [pve-devel] [PATCH container v7 1/1] check_ct_modify_config_perm: " Dominik Csapak
2022-06-21 9:19 ` [pve-devel] [PATCH manager v7 01/14] api: /cluster/resources: add tags to returned properties Dominik Csapak
2022-09-14 14:15 ` Aaron Lauterer
2022-06-21 9:20 ` [pve-devel] [PATCH manager v7 02/14] api: /version: add 'tag-style' Dominik Csapak
2022-06-21 9:20 ` [pve-devel] [PATCH manager v7 03/14] ui: parse and save tag color overrides from /version Dominik Csapak
2022-06-21 9:20 ` [pve-devel] [PATCH manager v7 04/14] ui: tree/ResourceTree: collect tags on update Dominik Csapak
2022-06-21 9:20 ` [pve-devel] [PATCH manager v7 05/14] ui: add form/TagColorGrid Dominik Csapak
2022-09-14 14:15 ` Aaron Lauterer
2022-06-21 9:20 ` [pve-devel] [PATCH manager v7 06/14] ui: dc/OptionView: add editors for tag settings Dominik Csapak
2022-06-21 9:20 ` [pve-devel] [PATCH manager v7 07/14] ui: add form/Tag Dominik Csapak
2022-09-14 14:15 ` Aaron Lauterer
2022-09-14 14:36 ` Aaron Lauterer
2022-06-21 9:20 ` [pve-devel] [PATCH manager v7 08/14] ui: add form/TagEdit.js Dominik Csapak
2022-09-14 14:15 ` Aaron Lauterer
2022-06-21 9:20 ` [pve-devel] [PATCH manager v7 09/14] ui: {lxc, qemu}/Config: show Tags and make them editable Dominik Csapak
2022-06-21 9:20 ` [pve-devel] [PATCH manager v7 10/14] ui: tree/ResourceTree: show Tags in tree Dominik Csapak
2022-09-14 14:15 ` Aaron Lauterer
2022-09-15 11:54 ` Dominik Csapak
2022-06-21 9:20 ` [pve-devel] [PATCH manager v7 11/14] ui: form/GlobalSearchField: display tags and allow to search for them Dominik Csapak
2022-06-21 9:20 ` [pve-devel] [PATCH manager v7 12/14] ui: form/Tag: add 'admin-tag' class to admin tags Dominik Csapak
2022-06-21 9:20 ` [pve-devel] [PATCH manager v7 13/14] ui: ResourceGrid: render tags Dominik Csapak
2022-06-21 9:20 ` [pve-devel] [PATCH manager v7 14/14] ui: form/Tag(Edit): add drag & drop when editing tags Dominik Csapak
2022-09-14 14:15 ` Aaron Lauterer
2022-09-15 11:56 ` Dominik Csapak
2022-09-14 14:34 ` [pve-devel] [PATCH common/cluster/qemu/container/wt/manager v7] add tags to ui Aaron Lauterer
2022-09-16 7:19 ` Thomas Lamprecht [this message]
2022-09-16 7:50 ` Dominik Csapak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=075c15f6-15e2-caf1-8605-a9bf53f0ad05@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=d.csapak@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox