Alert : plugins ... permitions

YinYang · 2006-11-30 15:21:04

Hi,

I've just noticed that plugins are not managed on the permitions, for example for a group that only has reading permitions, is allowed to use the pluging.

To what extend shouldn't the permitions be managed in GLPI, and not inside the plugin ;)

MoYo · 2006-12-01 21:47:25

no i think it need to be manage in the plugin. because some informations may need read right and other ones need write right.

GLPI can not know which right you need to see or not to see the plugin item.

YinYang · 2006-12-05 17:01:41

Ok then there would be duplication of permition management.

On the GLPI core, and in every plugin.

Another issue would be, If I close the configuration display for some groups or users, the link would still appear on the configuration menu ( this would not be a problem until we click and return an empty page ).

For me this is the main 2 problems to give the management to the plugin. Do you agree ?

About the glpi knowing ... why not use the hooks... isn't GLPI using it to call procedures during some GLPI events ?

Last edited by YinYang (2006-12-05 17:02:39)

MoYo · 2006-12-05 18:54:19

YinYang wrote:

Ok then there would be duplication of permition management.
On the GLPI core, and in every plugin.
Another issue would be, If I close the configuration display for some groups or users, the link would still appear on the configuration menu ( this would not be a problem until we click and return an empty page ).
For me this is the main 2 problems to give the management to the plugin. Do you agree ?

Maybe but I do not see how to manage rights for plugins in the core.
Ther are too multiple possibilities.
A plugin can have no right system. Another a complex one etc etc...

I do not understand your second point.
If the plugin is well written the link will appear but you will not see anything. Is it a problem ?

YinYang wrote:

About the glpi knowing ... why not use the hooks... isn't GLPI using it to call procedures during some GLPI events ?

GLPI already use hooks for the plugins.

YinYang · 2006-12-07 13:51:35

The thing is, a good ACL implemented could integrate plugin schemes also.

About the second point, it's not a problem of implementation or funtionallaty but a problem of user interface.

Why appear the plugins link if you can do anything inside ?

When you press a link and nothing appear people say immediatly ... somethings wrong.

MoYo · 2006-12-07 14:29:14

If you want to contriibute : send us a specification.
You could also send us an implemetation of such an ACL sheme and the link with the plugin system.

You could also send a request to the plugin team to work on this task.

Plugin rights and GLPI rights can not be manage with the same system.
GLPI right may store the right of manage rights for plugins.
But a new system must to be implement for plugin rights.
It is possible but someone must do it.
And core devs have no time to do it.

MoYo · 2006-12-10 16:02:06

For the config pages if the plugin is well written you will not see links.

Example (define config page if specific right):

 // Config page
 if (haveRight("config","w") && TableExists("glpi_plugin_applicatifs"))
     $PLUGIN_HOOKS['config_page']['applicatifs'] = 'front/plugin_applicatifs.config.php';

tsmr · 2006-12-10 16:31:37

I think that the current system is coherent.

If you have'nt define right for a plugin, it will be visible only by that having the right to modify the configuration of GLPI.

After you must to define which profile will have such right on such plugin.

YinYang · 2006-12-12 16:56:35

That's exactly my point, is that by that code sould be by default on the plugin system not on the plugin itself.

By default config sould include plugin config, and at this time that's not what happens, I a user only has right to set the view fields on the searches it sees a simple plugin.

I'm not discussing that further right management shouldn't be on the plugin it self ( that's an option I now agree due to the plugin arquitecture ), but basic config option sould include or exclude plugin config's link also, and not force that code to be included in every plugin.

That information is not on the plugin tutorials or informations

Last edited by YinYang (2006-12-12 16:56:48)

tsmr · 2006-12-12 17:52:48

YinYang wrote:

I a user only has right to set the view fields on the searches it sees a simple plugin.

With which plugin ?

YinYang · 2006-12-15 14:10:44

On any plugin with no user right management ( the one I made earlier ).

If a regular user goes to config to personalize its search fields it sees the link to plugin config.

That's why the default configuration question

Forum GLPI-Project

Announcement

#1 2006-11-30 15:21:04

Alert : plugins ... permitions

#2 2006-12-01 21:47:25

Re: Alert : plugins ... permitions

#3 2006-12-05 17:01:41

Re: Alert : plugins ... permitions

#4 2006-12-05 18:54:19

Re: Alert : plugins ... permitions

#5 2006-12-07 13:51:35

Re: Alert : plugins ... permitions

#6 2006-12-07 14:29:14

Re: Alert : plugins ... permitions

#7 2006-12-10 16:02:06

Re: Alert : plugins ... permitions

#8 2006-12-10 16:31:37

Re: Alert : plugins ... permitions

#9 2006-12-12 16:56:35

Re: Alert : plugins ... permitions

#10 2006-12-12 17:52:48

Re: Alert : plugins ... permitions

#11 2006-12-15 14:10:44

Re: Alert : plugins ... permitions

Board footer