Skip to content

Dev notes: users profile for Inkscope

Jump to bottom Edit New page
Alain Dechorgnat edited this page Dec 1, 2015 · 5 revisions

For the moment, Inkscope doesn't manage inkscope user profiles.

We could imagine two profiles.

  • administrator
  • supervizor

User with the admistrator profile would have a full access to inkscope functionalities. On the other side, users with supervizor profile would not be able to interact with the ceph cluster. They could only visualize. What the functionnalities to forbid for supervirors:

  • Cluster flags (whole page)
  • OSD status page (buttons get In, get Out, get Down, reweight)
  • OSD map page (button 'reweight by utilization')
  • Pool management (button 'new pool', 'modify', delete', make snapshot)
  • Block device images (button 'new image'and all action buttons in image detail)
  • RGW user management (button 'new user' and all action buttons in user detail)
  • RGW bucket management (button 'new bucket' and all action buttons in bucket detail)
  • Misc / Erasure profile management (button 'new profile', delete')

###client side### At the client side, we just have to hide the access to forbidden page, or hide forbidden action buttons. For this we could apply a ccs style class (with display:none)

###server side###

  • serve the css according to user
  • forbid access to some page with .htaccess
  • control apache connected user in inkscopeCtrl and apply restriction.
  • for actions using directy ceph-rest-api, we can restrict to GET requests for supervizors with .htaccess.
Add a custom sidebar
Clone this wiki locally