rPath Appliance Platform Agent:User Roles
From rPath Wiki
Each rPath Appliance Platform Agent (rAPA) plugin includes one or more roles used by the UserManagement plugin. A role provides access to a plugin or plugin functions, and groups created in User Management are assigned one or more of these roles.
Currently all standard rAPA plugins include the admin role, and users must be in a group with the admin role to see and use the plugin. The standard plugins do not have any function-specific roles defined.
[[Template:note=The admin role is added automatically whether or not there are any additional roles defined. No additional decorators are required for admin, but the kid templates should ensure that admin users have all functionality.]]
To designate roles that should have access to all plugin functions, set a value for the roles variable inside the plugin class. The values listed are available for selection when creating a group in the User Management plugin. The following line adds three roles to the plugin:
roles=['view', 'execute', 'configure']
If there are no additional changes to the plugin class, the plugin is only displayed to users in groups with one of the displayed roles, and all plugin functions are available to those users.
To define specific functions for a role within a plugin:
- Use a decorator before the index definition for all roles.
- Use a decorator and definition in the plugin class for each role.
- Add the appropriate code to the front end files of the plugin.
The decorator before the index definition includes all the roles that should have access to the plugin and for which the plugin has defined specific functions:
@raa.identity(raa.authorization.AnyPermissionPresent("view", "configure", "execute"))
 | Roles are statically defined by a plugin, and the roles variable has undefined behavior if it is changed at runtime by a different operation. |