We should be able to restrict users to certain platforms somehow. I'm not sure if we should proceed as in sites (where it's a client-based ACL) or by creating a permission per platform (ugly) or even by creating a special permission for "restricted platforms". Any ideas?

CommentFileSizeAuthor
#7 559450_v3.patch9.78 KBmig5
#5 559450_v2.patch9.46 KBmig5
#1 558450_restricted_platforms.patch4.64 KBmig5

Comments

Anonymous’s picture

Anonymous (not verified) commented
Version: 6.x-0.3-rc4 » 6.x-0.3
Status: Active » Needs review
StatusFileSize
new 558450_restricted_platforms.patch4.64 KB

Beginnings of a solution.. maybe

It works.

TODO:

1) Only show the allowed platforms in hosting_site_form() instead of all of them (currently it handles what platform the client can create the site on in hosting_site_validate() )
2) Reduce some duplication of code, factor some some stuff into common functions
3) Add an 'Allowed platforms' list in hosting_client_view()
4) Maybe a better solution than comma delimited platform nids in the hosting_client table, but implementing traditional permissions just felt too hard

ac’s picture

ac
Primary language English
Location Perth
commented

subscribe

Anonymous’s picture

Anonymous (not verified) commented

anarcat's pointed out that this should perhaps not be stored in hosting_client, but cleaner to be in its own hosting_client_platforms table.

I'll likely change this tonight so unless you're curious to try the above (which works), perhaps wait til I've updated as it'll save headaches if the data's gonna move into another table.

Anonymous’s picture

Anonymous (not verified) commented
Status: Needs review » Needs work
Anonymous’s picture

Anonymous (not verified) commented
Status: Needs work » Needs review
StatusFileSize
new 559450_v2.patch9.46 KB

Forget this stupid patch, it's not working.

Anonymous’s picture

Anonymous (not verified) commented
Status: Needs review » Needs work
Anonymous’s picture

Anonymous (not verified) commented
Status: Needs work » Needs review
StatusFileSize
new 559450_v3.patch9.78 KB

Have it working again. I think. default platform switching (see 5) below) was buggy.

excerpt from earlier:

1) A lot of code refactored and made into functions so it's a lot cleaner
2) the data is in a 'hosting_client_platforms' table on its own
3) There's an 'Allowed platforms' list on the Client node view under 'Allowed Users'
4) We assume that the Platform defined as the 'default' platform is allowed to be used by all clients.
5) If the default platform is changed to be a different platform, that platform is added to the list of allowed platforms if it wasn't already allowed.

The only feature that *isn't* currently there, is displaying only the list of allowed platforms on the 'Add site' form depending on what client is going to be creating the site.
Instead all platforms are shown as normal, and I use hook_validate() to throw an error if the platform is not allowed to be used by that client.

I've been beating my head against a wall for too long trying to work out a way to 'dynamically' change the form to only show the allowed platforms depending on the client: I was able to do this for the *default* client that gets loaded (nid 1), that's easy enough, but to get it to change the way the install profile form dynamically changes depending on what platform's been chosen? Beyond me. I can't see how it'd work with the autocomplete field for the client, but couldn't get it to work after turning this into a select combobox or radio boxes either (I was thinking an 'event' driven field type like the radio box for the Client might 'trigger' the Platform list to change, but I lack the skills.

Hopefully someone can take this patch and make this last bit work, but I'm satisfied the rest of it works just fine.

univate’s picture

univate commented

One simple permission related idea would be to have the ability to hide platforms, at the moment this can be done by unpublishing the platform and this does work although it then doesn't appear in your platform list which you probably still want to happen if you have sites running on it. Its also not as intuitive as having a status field could just state if the platform (active/hidden). The idea with this is it then allows you to stop any new sites from being added to that platform (at least by clients/users).

One problem I see with the current implementation here is that, when you add a new platform you are going to need to go to all your clients and enable that platform manually and there is a similar problem if you want to removing the platform from a lot of clients.

I wonder whether it would make more sense to have the permission on the user instead of the client? Then you could also use roles to manage permission for groups of platforms. There may be a ACL module already that could be used for this.

Anonymous’s picture

Anonymous (not verified) commented

I have rolled in Platform access control per client that actually works, into my Platform Management work. #602128: Platform management

I did this because it occurred to me if a user could have the ability to delete a Platform, better that that platform potentially only belong to them and not other clients (even though a Platform can't be deleted unless all sites on it are deleted.. but it can't hurt to be sure)

So please test access control alongside the platform management work, in the dev-platform_management branches in git.aegirproject.org (both repos)

adrian’s picture

adrian commented
Status: Needs review » Fixed

good work.

this has been merged into master.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.