[WIP] Standalone ServiceUI product features require, updating affected roles

[AllenBW]

https://bugzilla.redhat.com/show_bug.cgi?id=1507029

This will require discussion for sure, my understaind of EvmRole-user_self_service was all the sui has to offer (well that was made really easy).

My understanding of EvmRole-user_limited_self_service was everythign except ya cant change the service catalog

[AllenBW]

cc @chriskacerguis
@miq-bot add_label bug

[AllenBW]

woops, working the test failures 😬

[AllenBW]

OK soooo I was talking with @imtayadeway and it looks like I have two options to fix the tests... either update https://github.com/ManageIQ/manageiq/blob/master/app/models/miq_user_role.rb#L61-L67
to fetch not by restrictions, or restore the restrictions... @dclarizio @h-kataria thoughts?

The restrictions no longer apply to the sui, cuz those product features have no power (there). But i defer to the pros 🙇‍♀️ 😍 🍭

[miq-bot]

This pull request is not mergeable. Please rebase and repush.

[AllenBW]

Ok giving up on what I said 3 days ago, added back restrictions, touching as little code as possible in hopes of getting this in ❤️ 🙇

[imtayadeway]

Adding customary ✂️ 🔥 🚽

[gtanzillo]

@AllenBW It's not clear if the features that are being removed were never supposed to be allowed for the roles EvmRole-user_limited_self_service and EvmRole-user_self_service. Users of these roles will no longer have those features when they log into the classic UI. Is that correct and ok?

[AllenBW]

@gtanzillo I can't comment on if the features removed were ever supposed to be allowed, and good point! It is my understanding that these roles are designed to only have sui access/privileges. If this is true, than removing all features when they log into ops sounds like the right call. Thoughts from the powers that be? @chriskacerguis @ohadlevy ?

[chriskacerguis]

I'm on the same page as @AllenBW, but I don't have the history to comment on your question...BUT, like I said, I agree with Allen's assessment

[gtanzillo]

Hmm, I know this was around long before SUI. And, I've seen prod DBs with this role in use. So I'm still not sure.

Does this PR need to be merged before the freeze tonight?

[chriskacerguis]

@gtanzillo no, I don't think so

[dclarizio]

I think we need input from @Loicavenel. Those roles were originally for the self service user in OPS. The Service Catalog area still exists in the OPS UI and some, perhaps many, users/customers still use it for access.

The question for PM is should the existing roles allow both OPS and SUI access to the Services area or should we leave the existing roles as they are and add new OOTB roles for SUI access?

[Loicavenel]

We should keep these roles and update it with new SUI RBAC part to offer same functionalities..or close to. Then users can connect to OSP UI or SUI with the same Role and get the same experience

[AllenBW]

Updated as per your guidance @Loicavenel

[AllenBW]

@miq-bot add_label wip

so additional comments have been made in the bz... https://bugzilla.redhat.com/show_bug.cgi?id=1507029 and ask has been expanded.

For all existing roles that have SUI equivalent functionality, those SUI specific product features should be added to them.

I could use some help on this one 😕 @Loicavenel and anyone else with a firm grasp of roles and product features

[miq-bot]

Checked commits AllenBW/manageiq@161acb8~...c087477 with ruby 2.3.3, rubocop 0.47.1, and haml-lint 0.20.0
0 files checked, 0 offenses detected
Everything looks fine. 🍪

[AllenBW]

@Loicavenel @chriskacerguis Using this mapping (OPS UI & SUI Roles - Sheet1.pdf) we have mapped sui and opsui product features. I know its tedious to review, but you're input on this and where we go from here is very much so appreciated

[Loicavenel]

I am good this PDF is my spreadsheet :)

[AllenBW]

@chriskacerguis @anyone ? Looking for some thoughts/eyes/guidance on what we are doing here ❓ 👍 cuzzz we all know 🐝 💤 don't 💀 till you 🔪 them 🤔

[AllenBW]

@miq-bot remove_label wip

[AllenBW]

Another 5 days has passed, just popping in to remind anyone that notices we have a high priority bz attached to this:

https://bugzilla.redhat.com/show_bug.cgi?id=1507029
cc @chriskacerguis

[gtanzillo]

@AllenBW, looks good 👍 Sorry for the delay getting to this!

[AllenBW]

@gtanzillo No worries!! Apologies if this sounded impatient, know everyone us busy, just wanted to gently keep it on the radar 🍍 💌

thanks for the merge!!

[simaishi]

gaprindashvili/yes ?

[AllenBW]

@simaishi yis yis yis yis shoulda added that as tag, target is 5.9 https://bugzilla.redhat.com/show_bug.cgi?id=1507029

[simaishi]

Gaprindashvili backport details:

$ git log -1
commit 4dcdf3b666d5cf7d4efa5e697626c0a7bf10b4a8
Author: Gregg Tanzillo <gtanzill@redhat.com>
Date:   Tue Nov 14 11:12:40 2017 -0500

    Merge pull request #16329 from AllenBW/bz/#1507029-update-sui-roles-product-features
    
    Standalone ServiceUI product features require, updating affected roles
    (cherry picked from commit e1b3984004e49d540bb43b477f5e0d196fe8eaaa)
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1514189

[martinpovolny]

@AllenBW, @Loicavenel, @gtanzillo : why do we have sui_vm_start and vm_start? Do we really want that? It's the same functionality on a different place so why have 2 different identifiers? It's a potential source of bugs I am afraid.

[Loicavenel]

@martinpovolny you want to be able to Service UI Role and Ops UI Role differently.