Currently, we display all VBO operations regardless of whether a user's permissions actually allow all of them. VBO ships with the Actions Permissions module to allow for more granular control of this.
I intend to enable this module and assign appropriate permissions to our roles.
These should be:
aegir administrator
execute Platform: Delete (hosting_platform_op_delete)
execute Platform: Lock (hosting_platform_op_lock)
execute Platform: Unlock (hosting_platform_op_unlock)
execute Platform: Verify (hosting_platform_op_verify)
execute Site: Backup (hosting_site_op_backup)
execute Site: Delete (hosting_site_op_delete)
execute Site: Disable (hosting_site_op_disable)
execute Site: Enable (hosting_site_op_enable)
execute Site: Reset password (hosting_site_op_login_reset)
execute Site: Verify (hosting_site_op_verify)
aegir client
execute Site: Backup (hosting_site_op_backup)
execute Site: Delete (hosting_site_op_delete)
execute Site: Disable (hosting_site_op_disable)
execute Site: Enable (hosting_site_op_enable)
execute Site: Reset password (hosting_site_op_login_reset)
execute Site: Verify (hosting_site_op_verify)
aegir platform manager
execute Platform: Delete (hosting_platform_op_delete)
execute Platform: Lock (hosting_platform_op_lock)
execute Platform: Unlock (hosting_platform_op_unlock)
execute Platform: Verify (hosting_platform_op_verify)
execute Site: Delete (hosting_site_op_delete)
execute Site: Disable (hosting_site_op_disable)
execute Site: Enable (hosting_site_op_enable)
execute Site: Verify (hosting_site_op_verify)
Comments
Comment #1
ergonlogicFixed in 4fe1c6b and a0799036. I'm leaving this as 'need review' for now, to get feedback from other maintainers.
Comment #2
anarcat CreditAttribution: anarcat commentedWhere is commit 4fe1c6b?nevermind, it's in hostmaster.Comment #3
anarcat CreditAttribution: anarcat commentedthere are two problems here:
1. module_enable(array('actions_permissions')) is not performed in the install profile
2. i don't understand why we enable install_profile_api - comment says it's to load includes, but module_load_include() is in core...
Comment #4
ergonlogicEnabling install_profile_api is for the install_add_permissions().
Fixed in b11efa60c (on hostmaster).
Comment #5
anarcat CreditAttribution: anarcat commentedyou forgot the comment bit, fixed and pushed 7979b53