Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Comment | File | Size | Author |
---|---|---|---|
#27 | 3162125-27.patch | 39.79 KB | liuchanggang |
Comment | File | Size | Author |
---|---|---|---|
#27 | 3162125-27.patch | 39.79 KB | liuchanggang |
Comments
Comment #2
liuchanggang CreditAttribution: liuchanggang commentedComment #3
liuchanggang CreditAttribution: liuchanggang commentedComment #4
yasPlease use
@cloud_context
as the internal string identifier.ApiController::updateAllEntityList()
code can be refactored intoApiController::updateEntityList()
.Could you please double-check this code?
Comment #5
liuchanggang CreditAttribution: liuchanggang commented@yas
Thanks for insight. I have modified ApiController.php as we discussed. Thanks.
Comment #6
yas@liuchanggang
Thank you for the update. I tested the patch and it looks good to me from the point view of the functionality, but could you please refactor the status message? See also my comment at #3162214-5.
Comment #7
yasComment #8
yas@liuchanggang
One more thing,
Please change
'Updated @name in ...'
to'Updated @name of ...'
.Comment #9
liuchanggang CreditAttribution: liuchanggang commented@yas
I changed according to your comments. Thanks.
Comment #10
yasCan you change to:
Can you change
@name
to%cloud_config
?Comment #11
liuchanggang CreditAttribution: liuchanggang commented@yas,
I update code according to your comment.
Also I changed message format to as same as Jigish's
Comment #12
yas@liuchanggang
Thank you for updating the patch.
Can we use
CloudContentEntityTrait::getDisplayLabels()
instead of passing two parameters such as$entity_type_name
and$entity_type_name_plural
? Currently if the entity name has two words e.g.cron jobs
, thencron_jobs
is displayed. We expectcron jobs
in that case.@resource_link
and@cloud_config_link
should be%resource_link
and%cloud_config_link
(Bold and Italic).Comment #13
liuchanggang CreditAttribution: liuchanggang commentedI have removed $entity_type_name_plural from whole controller with getPluralLabel()
On message it shows upper case now, If you think it should be lower case, let me know.
changed fonts to bold and Italic
Comment #15
liuchanggang CreditAttribution: liuchanggang commentedComment #16
yas@liuchanggang
Thank you for updating the patch.
Can you change this code to use
CloudContentEntityTrait::getDisplayLabels()
? Please refer to the patch at #3162214-11and match the variable names as possible.
Ditto.
We need to validate the permission before adding the link. Please refer to the patch at #3162214-11 and match the variable names as possible.
Comment #17
liuchanggang CreditAttribution: liuchanggang commented@yas
Thanks for review,
Updated to getDisplayLabels() and added permission check for resource link.
Comment #18
yas@liuchanggang
Thank you for updating the patch:
Do we need the condition
$account->hasPermission('view all cloud service providers')
in this block? (because this logic handles$resource_link
, not handling$cloud_config_link
)We need
$account->hasPermission('view all cloud service providers')
here but it is not enough to check the permissions. FYI, could you please refer to https://git.drupalcode.org/project/cloud/-/blob/3.x/modules/cloud_servic...?I suggest we should do refactoring to move from
ApiController::getCloudConfigLink()
toCloudConfig::getCloudConfigLink()
. (So we need to refactor OpenStack module, too)Comment #19
liuchanggang CreditAttribution: liuchanggang commented@yas,
Thanks for review.
1, I am not very sure if we should use hasPermission('view all cloud service providers') at resource link, I just used same checking from Openstack side code. However, since the link will go to the resource page of a specific service provider, we might still need checking the permission for that service provider? In other word, do we need checking permissions to both Node and clound-context to access cloud_context/node? If so, we might need this check.
2, I moved getCloudConfigLink() to Cloud_config class, but I left permission checking in controller function. I think permission need be checked in routing or controller level.
Comment #20
yas@liuchanggang
Thank you for the update.
I don't think we need to have this condition since each resource and cloud service provider are different entities. I guess OpenStack code should be refactored.
This can be fine but can you replace these condition to AccessCheckTrait::allowedIfCanAccessCloudConfig() or some other way?
@xiaohua-guan
What do you think?
Comment #21
Xiaohua Guan CreditAttribution: Xiaohua Guan commented@yas @liuchanggang
About the permission, I don't think it should be checked in the function updateAllEntityList. I think the permission should be defined in k8s.route.yml.
For example, About the route below,
The permission of the route below can be modified like this if you want to add a new permission to restrict.
In addition, the code below is OK, but it will be better to use route to create URL if you consider the possibility of changing URL of a route in the future.
TO
Comment #22
liuchanggang CreditAttribution: liuchanggang commented@yas @xiaohua-guan
Thanks for review. I made following changes
1, add permissions "view all cloud service providers" in routing yml and removed it from controller
2, Use AccessCheckTrait::allowedIfCanAccessCloudConfig() to check permissions of provider edit links.
3, changed resource link to Url::fromRoute in ApiController.php and K8sBatchOperations.php
Comment #23
yas@liuchanggang
Thank you for the update. For the better user experience, I understand that you kept this logic ; that is, if the user does have the permission, the Cloud Orchestrator displays the status message w/ the link to the cloud service provider however I want to double-check if @xiaohua-guan agrees to this code or not.
Comment #24
Xiaohua Guan CreditAttribution: Xiaohua Guan commented@yas @liuchanggang
Firstly, I think the code like below is not correct.
The code means that somebody has permission "edit k8s network policy" OR "view all cloud service providers", but the relationship should be AND.
I don't think the code below is necessary, because the person refreshing the resources should has the permission "view all cloud service providers" which is defined in k8s.routing.yml.
Comment #25
liuchanggang CreditAttribution: liuchanggang commented@yas @xiaohua-guan
Thanks for review. I made following changes
1, removed all permission checking logic from ApiControllers.
2, updated permission in yml, and changed the permission to AND condition, like 'view k8s node,view all cloud service providers'
Comment #26
yas@liuchanggang
As we discussed, let's move those two K8sService::clearCacheValue(); to outside of the foreach() loop
I think the patch should be fine in the other portions.
@xiaohua-guan
What do you think?
Comment #27
liuchanggang CreditAttribution: liuchanggang commentedMoved clearCacheValue() to end of the function.
Comment #28
Xiaohua Guan CreditAttribution: Xiaohua Guan commented@yas @liuchanggang
It looks good to me now. So I changed the status to RTBC.
Comment #29
yas@xiaohua-guan
Thank you for your review. I'll merge the patch to
8.x-2.x
and3.x
and close this issue asFixed
.Comment #32
yasComment #33
yasI'll merge to
8.x-1.x
, too for the patch at #3163932Comment #35
yasMerged the patch and closing this issue marked as
Fixed
.