Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 12EAD200B74 for ; Thu, 18 Aug 2016 02:49:32 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 0FD37160AB5; Thu, 18 Aug 2016 00:49:32 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 2D107160A8C for ; Thu, 18 Aug 2016 02:49:31 +0200 (CEST) Received: (qmail 25062 invoked by uid 500); 18 Aug 2016 00:49:30 -0000 Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list dev@cloudstack.apache.org Received: (qmail 25049 invoked by uid 99); 18 Aug 2016 00:49:29 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 18 Aug 2016 00:49:29 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 48B001A5B69 for ; Thu, 18 Aug 2016 00:49:29 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.179 X-Spam-Level: * X-Spam-Status: No, score=1.179 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id 0GT4YbX2q2W6 for ; Thu, 18 Aug 2016 00:49:27 +0000 (UTC) Received: from mail-ua0-f181.google.com (mail-ua0-f181.google.com [209.85.217.181]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id B60425FBDE for ; Thu, 18 Aug 2016 00:49:26 +0000 (UTC) Received: by mail-ua0-f181.google.com with SMTP id 97so6187500uav.3 for ; Wed, 17 Aug 2016 17:49:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=5Xtuu54iNM4Huwe1qhBOW/RoMXjRtLbjwwN1w2E0eSA=; b=hWEKNLLOaXHZ1KDRUl0dgouLzv71yMswwPk1JIc2p3T8krj5WvPyuRrbUZ2s48mek4 B9ulTfOJ1l/jmevFeFVd01QT6u1Iqvg9gFyn3SbtwqaHyJeduJYnBIZIhIbXPfeAZXWF A/XUcDpmsCD/EhGyopY5Z8LeBy55EXz2FDfXLB9TRgjN9mc50V+Pd1JDXJ4CeotCUACL vZwDEm6yIPDFVnX1ou7EplvlvVfurHqSZLK1bwzl9Aq9UsRSAm79E1yqQtBO7t+2K+IX wKTSUIqNpsfGvFlDEQwTZLhFriE698TVcL+qGMIWcStAMCITLMTzVEhf6/l+6Ijo9Y0J t2WA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=5Xtuu54iNM4Huwe1qhBOW/RoMXjRtLbjwwN1w2E0eSA=; b=gkFAY4+FzFyhZtLxx9YQrjyFApDLMF27xezt+tldtzOoF/ZC/uh/6r1rDyRNSaK4oM 45V0yXPwTqITxJl98ly4PtywOqIyy4rRuTuPYMfloq1B1J8/+kXtiIUIPJRVwuYMhbha lp3xSdHdqz/K8k6gYJPfc9c42TJR6i+1qLCZncdvMY2755zO3/YNeRvHhHoXeidoqPxE M3lp3xo944faXhE30yQJfJEvDDLny9DYzDH8jDAvgVTp+EoiJCDF0ozQNLH/LFMWZ+ZY MlqEu4kSpZB7gnOC5agZjREh2n2X0Pf3d1AUXaeCryduEbR7PjYW+z786vc+qWtO0T8h +xSg== X-Gm-Message-State: AEkoouu0etZQuukTsMD/oNbAuvl/zjQcat2wkfKvYHxWV0wRO9VkXa6QO/dQd/vx4CzZor2173mlecdesnLhKA== X-Received: by 10.31.178.131 with SMTP id b125mr21634874vkf.72.1471481365589; Wed, 17 Aug 2016 17:49:25 -0700 (PDT) MIME-Version: 1.0 Received: by 10.31.60.195 with HTTP; Wed, 17 Aug 2016 17:49:24 -0700 (PDT) Received: by 10.31.60.195 with HTTP; Wed, 17 Aug 2016 17:49:24 -0700 (PDT) In-Reply-To: References: From: Will Stevens Date: Wed, 17 Aug 2016 20:49:24 -0400 Message-ID: Subject: RE: Hiding buttons based on role To: dev@cloudstack.apache.org Content-Type: multipart/alternative; boundary=001a114388e816f686053a4df407 archived-at: Thu, 18 Aug 2016 00:49:32 -0000 --001a114388e816f686053a4df407 Content-Type: text/plain; charset=UTF-8 Right. By one off, I mean, I don't expect the entire community to adopt this approach. The one thing to pay attention to with this approach is that every time you change a roles permissions, you have to adapt and redeploy the CSS to reflect the permission change. I don't remember if you have to rebuild to pick up a new CSS file (I sure hope not). You could put the css in an object store (like s3) and reference it in ACS, then update the CORS settings to 'allow origin X' and serve it from a central location. This way if you have multiple installs of ACS that will have the same permissions you can update the visibility on all in a single place. How you want to manage it will depend on how you are configuring and managing your ACS setups, but you the idea. On Aug 17, 2016 8:34 PM, "Marty Godsey" wrote: > Not elegant but will work. This is not a one off to a degree. It's for my > own servers but I will have at least 10-20 management server across the > country in different zones but this allows me to "hide" some elements that > won't be used until a more elegant way is created/available. > > Thank you for the direction Will. > > Regards, > Marty Godsey > > -----Original Message----- > From: Will Stevens [mailto:williamstevens@gmail.com] > Sent: Wednesday, August 17, 2016 8:29 PM > To: dev@cloudstack.apache.org > Subject: RE: Hiding buttons based on role > > If I was doing a one off solution for my own use case with a limited > scope, I would do it he following. > > Apply a CSS class to the tag which corresponds to the role. Then I > would use CSS to 'display:none' on the elements you want to turn off by > referencing the body role class (and keep the permissions applied so if > they unhide it won't work). > > It is not an elegant solution, but it will work. > > On Aug 17, 2016 8:19 PM, "Marty Godsey" wrote: > > > > > > Ok. Thank you. > > > > I think for the time being I will enable all the project APIs again > > but > deny access to create a project.. this way at least he API errors on page > load go away. > > > > This is something I think would be nice to have in the permissions > > area > now since we have granular rules. A way to "turn off" certain areas of the > GUI and/or ACS functionality. > > > > Regards, > > Marty Godsey > > > > -----Original Message----- > > From: Will Stevens [mailto:williamstevens@gmail.com] > > Sent: Wednesday, August 17, 2016 8:10 PM > > To: dev@cloudstack.apache.org > > Subject: RE: Hiding buttons based on role > > > > Yes. Most of the UI is built using huge json structures. These will > > need > to be adapted to account for a user's role. I don't think there has been > work done on that yet, but I could be wrong. > > > > @rohit, do you know if anyone has looked into this at all yet? > > > > On Aug 17, 2016 7:41 PM, "Marty Godsey" wrote: > > > > > With that being said, we are now getting into the area of UI > > > modification to hide the button huh? > > > > > > Regards, > > > Marty Godsey > > > > > > -----Original Message----- > > > From: Will Stevens [mailto:williamstevens@gmail.com] > > > Sent: Wednesday, August 17, 2016 7:23 PM > > > To: dev@cloudstack.apache.org > > > Subject: Re: Hiding buttons based on role > > > > > > My understanding is that the permissions can be set, but they > > > currently do not modify the UI in any way. I believe what you are > > > experiencing is the expected behavior. > > > > > > Cheers, > > > > > > Will > > > > > > On Aug 17, 2016 6:47 PM, "Marty Godsey" wrote: > > > > > > > Is it possible to hide a button based upon a role? As an example I > > > > want to hide and deny access to the projects tab. I can modify the > > > > role access to the API but the button is still present. In fact I > > > > get an API error that states I don't have access. > > > > > > > > Regards, > > > > Marty Godsey > > > > > > > > > > > > --001a114388e816f686053a4df407--