openems icon indicating copy to clipboard operation
openems copied to clipboard
Published 3 months ago verified publisher icon OpenEMS

Advanced Access Control and Role Management

Open sWalbrun opened this issue 6 years ago • 2 comments

Hey Stefan,

Metadata.UserBased can be ignored I guess it is time for a first check of the code: AccessControl has been changed currently only with UI and Edge. For setting up some tests you have to configure two AccessControlProvidersJSON. Therefore you have to downloads the attached files and add them via their file location

RoleMasterDataV2_I.txt RoleMasterDataV2_II.txt WebConsoleConfiguration

The image shows how to link to the attached files

When logging in with the default password, the channels (of getting started example) should be shown on the UI as before but the AccessControl did an intersection before

Please let me know if everything worked or if this description was too short.

sWalbrun avatar Jun 11 '19 12:06 sWalbrun

Hi Sebastian,

thanks for the Pull-Request. I tried reading through it, but there are a lot of changes in files that I suspect you only touched by accident, or were auto-formatted using an auto-formatting algorithm that is different to the one Eclipse uses. I don't want to be picky, but could you try to reduce the pull-request to the files you actually need to change?

There is even a Checkstyle definition in OpenEMS that I am trying to embrace: cnf/checkstyle.xml.

For the package name io.openems.backend.metadata.user_based: underscores in package names are not recommended by convention. Actually I would suggest for this new implementation to replace the metadata.file bundle. From what I know only we as FENECON use it - and only in a couple of specific projects. In my opinion there is not too much sense in keeping multiple file-based metadata providers around.

I tried activating the UserBased component, but the above JSON-files do not seem to be current anymore as "users" is excepted to be a JsonArray.

sfeilmeier avatar Jun 17 '19 20:06 sfeilmeier

Puuuh... this is a huge amount of code, touching a lot of files. I don't feel it's quite finished yet. I took some hours to merge it with develop and adjusted some parts where I felt it's fitting better with the rest of the codebase. I also marked some places with "FIXME" where I see need for discussions or improvements.

For my TODO in AccessControlProviderStatic (https://github.com/OpenEMS/openems/pull/590/commits/f33d4aee6b99c0752d9f051ed5bdb54a120ea34a#diff-40866391f1f3790541c229f6bc56412cR54): It will be impossible to define all possible Channel-Adresses. Can we not use some kind of wildcard or regular expression to allow everything? Or at least make a special handling for a "admin" Role that is allowed to do anything? "Installer" and "Owner" are not that important for me, as they are hardly used in reality currently.

sfeilmeier avatar Aug 11 '19 18:08 sfeilmeier

I recommend this pull request to be closed, since it seems that there is no interest in merging this and OpenEMS made a long way since this PR was made.

hydroid7 avatar Oct 16 '23 13:10 hydroid7