Use Actions Permissions to clean up VBO operations [#2031765]

Currently, we display all VBO operations regardless of whether a user's permissions actually allow all of them. VBO ships with the Actions Permissions module to allow for more granular control of this.

I intend to enable this module and assign appropriate permissions to our roles.

These should be:

aegir administrator
execute Platform: Delete (hosting_platform_op_delete)
execute Platform: Lock (hosting_platform_op_lock)
execute Platform: Unlock (hosting_platform_op_unlock)
execute Platform: Verify (hosting_platform_op_verify)
execute Site: Backup (hosting_site_op_backup)
execute Site: Delete (hosting_site_op_delete)
execute Site: Disable (hosting_site_op_disable)
execute Site: Enable (hosting_site_op_enable)
execute Site: Reset password (hosting_site_op_login_reset)
execute Site: Verify (hosting_site_op_verify)

aegir client
execute Site: Backup (hosting_site_op_backup)
execute Site: Delete (hosting_site_op_delete)
execute Site: Disable (hosting_site_op_disable)
execute Site: Enable (hosting_site_op_enable)
execute Site: Reset password (hosting_site_op_login_reset)
execute Site: Verify (hosting_site_op_verify)

aegir platform manager
execute Platform: Delete (hosting_platform_op_delete)
execute Platform: Lock (hosting_platform_op_lock)
execute Platform: Unlock (hosting_platform_op_unlock)
execute Platform: Verify (hosting_platform_op_verify)
execute Site: Delete (hosting_site_op_delete)
execute Site: Disable (hosting_site_op_disable)
execute Site: Enable (hosting_site_op_enable)
execute Site: Verify (hosting_site_op_verify)

Comments

Comment #1

ergonlogic

he/him

English

Montréal, Québec 🇨🇦

CreditAttribution: ergonlogic commented 30 June 2013 at 17:10

Assigned:	ergonlogic	» Unassigned
Status:	Active	» Needs review

Fixed in 4fe1c6b and a0799036. I'm leaving this as 'need review' for now, to get feedback from other maintainers.

Comment #2

anarcat CreditAttribution: anarcat commented 12 July 2013 at 18:13

~~Where is commit 4fe1c6b?~~ nevermind, it's in hostmaster.

Comment #3

anarcat CreditAttribution: anarcat commented 12 July 2013 at 18:15

Status:

Needs review

» Needs work

there are two problems here:

1. module_enable(array('actions_permissions')) is not performed in the install profile
2. i don't understand why we enable install_profile_api - comment says it's to load includes, but module_load_include() is in core...

Comment #4

ergonlogic

he/him

English

Montréal, Québec 🇨🇦

CreditAttribution: ergonlogic commented 12 July 2013 at 18:26

Status:

Needs work

» Fixed

Enabling install_profile_api is for the install_add_permissions().

Fixed in b11efa60c (on hostmaster).

Comment #5

anarcat CreditAttribution: anarcat commented 12 July 2013 at 19:10

you forgot the comment bit, fixed and pushed 7979b53

Comment #6

26 July 2013 at 19:11

Status:

Fixed

» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Comment #7

9 May 2014 at 13:46

Commit 7979b53 on 6.x-2.x, 7.x-3.x, dev-ssl-ip-allocation-refactor, dev-sni, dev-helmo-3.x by anarcat:
```
clarify why we need install_profile_api still, see #2031765
```
Commit a079903 on 6.x-2.x, 7.x-3.x, dev-ssl-ip-allocation-refactor, dev-sni, dev-helmo-3.x by ergonlogic:
```
Issue #2031765: Clean up VBO operations with Action Permissions.
```

Comment #8

12 June 2014 at 08:59

Commit 7979b53 on 6.x-2.x, 7.x-3.x, dev-ssl-ip-allocation-refactor, dev-sni, dev-helmo-3.x by anarcat:
```
clarify why we need install_profile_api still, see #2031765
```
Commit a079903 on 6.x-2.x, 7.x-3.x, dev-ssl-ip-allocation-refactor, dev-sni, dev-helmo-3.x by ergonlogic:
```
Issue #2031765: Clean up VBO operations with Action Permissions.
```