Ma/add read only group #163
Conversation
| @@ -96,6 +96,12 @@ | |||
| {add_acl, [mk_tl(container, [groups, containers]), {organization}], [read], [{group, users}]}, | |||
| {add_acl, [{container, sandboxes}], [create], [{group, users}]}, | |||
|
|
|||
| %% read only users | |||
| {add_acl, | |||
| [mk_tl(container, [cookbooks, data, nodes, roles, environments, policies, cookbook_artifacts, clients, groups, containers])], | |||
There was a problem hiding this comment.
Do we need policy_groups here as well?
|
@chef/lob I think we are likely to have a release with a number of ACL policy changes in the near future. It might be nice to get this in as well for that release and then we can put together a blog post with the policy changes and why we made them. Overall I like this idea. I've left a few comments. Are we going to want to do a mover migration as well to add such a group to existing organizations? |
|
Let's get this merged. I think we can simply forgo a mover migration for now. I have some questions above re adding policyfiles to it but otherwise this looks good. |
|
Looks like we just have a few issues you brought up on this? Still need pedant tests? |
|
Is this still relevant with the read-only changes that landed a little while back? |
|
I'll take on looking at this after we sort out the #886 work |
|
I'm going to to close this out as it is very old. I'll leave the branch in place. Anyone should feel free to resubmit it if they have time to rebase it make make sure it still works as expected. |
tas50
added
Status: Waiting on Contributor
From @manderson26 in chef-boneyard/oc_erchef#99: