Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
I finally got around to testing some of the roles added in #1403208: Add additional roles, only to discover that they aren't all that useful as currently implemented.
The 'aegir administrator' role requires:
- access administration menu
- administer platforms
- administer servers
- access content
- view revisions
- administer hosting aliases
- create site aliases
- edit all quotas
- view all quotas
- view own quota
- access hosting signup form
- administer ssl
- access user profiles
The 'aegir account manager' role requires the following:
- administer clients
- access content
- access user profiles
- edit all quotas
- view all quotas
- view own quota
- edit client uname
The 'aegir client' role requires the following:
- view own quota
- create site aliases
- create verify task
- create clone task
- create migrate task
- administer ssl
The 'aegir platform manager' role requires the following:
- view package
- administer platforms
- cancel own tasks
- view own tasks
- access content
- view own tasks
- view task
- administer sites
- create verify task
- retry failed tasks
Comments
Comment #1
ergonlogicPushed in hostmaster in 8aa500b, and the hook_update in hosting in 97ca920.
Setting to 'needs review' to get some eyes on it from other maintainers.
Comment #2
ergonlogicmissed the 'access task logs' permission for 'aegir client' role. Fixed in 519485c and 1d34fa5.
Comment #3
ergonlogicmissed 'administer clients' for 'platform manager' role, so they can manage platform access control. Fixed in 377a9b7 and 7638442.
Comment #4
ergonlogicmissed 'view package' for 'aegir client' role. Fixed in 1e1b6e7 and a84bfdf.
Comment #5
ergonlogicmissed 'administer tasks' for platform manager to be able to view tasks.
'view platform', 'view revisions' and 'edit site' for clients.
'update status of tasks' for aegir administrator
'view_site' for account managers.
I believe our roles now provide useful feature sets.
Comment #6
ergonlogicCross-reference: #976684: let account managers view all clients
Comment #7
anarcat CreditAttribution: anarcat commentedwhat needs to be reviewed here?
it seems all very shiny, go. :)
Comment #8
anarcat CreditAttribution: anarcat commentedwait, why does the client need administer ssl?
Comment #9
ergonlogicre. #8, I believe they cannot enable SSL on a site without it.
Comment #10
anarcat CreditAttribution: anarcat commentedthat sounds wrong - administer ssl, in my mind, involves a lot more... but maybe we just need to fix SSL permissions in another issue (e.g. #537022: domain-restricted certificates).
Comment #11
ergonlogicWell, all that the 'administer ssl' permission does is control access to the SSL form elements on the site form. Maybe we just need to rename the permission for now, and add back an 'administer ssl' perm if/when appropriate.
Comment #12
anarcat CreditAttribution: anarcat commentedSounds more appropriate - something like 'create ssl certificate'?
Comment #13
ergonlogicFixed #12 in 969fced in hosting and b5fd23b in hostmaster.
Fixed #5 in 0af8e26 in hosting and baa6d77 in hostmaster