From f5458362be583c127aa7d3c1e0e27065d7c00fb4 Mon Sep 17 00:00:00 2001 From: nofaralfasi Date: Thu, 8 Jan 2026 15:10:02 +0200 Subject: [PATCH] Add Vulnerability and Advisor permissions for Insights apps --- lib/foreman_rh_cloud/plugin.rb | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/lib/foreman_rh_cloud/plugin.rb b/lib/foreman_rh_cloud/plugin.rb index 5570df85..e3d1cceb 100644 --- a/lib/foreman_rh_cloud/plugin.rb +++ b/lib/foreman_rh_cloud/plugin.rb @@ -71,12 +71,41 @@ def self.register :control_organization_insights, 'insights_cloud/settings': [:set_org_parameter] ) + # Insights Vulnerability permissions + permission( + :view_vulnerability, + {}, + :resource_type => 'ForemanRhCloud' + ) + permission( + :edit_vulnerability, + {}, + :resource_type => 'ForemanRhCloud' + ) + # Insights Advisor permissions + permission( + :view_advisor, + {}, + :resource_type => 'ForemanRhCloud' + ) + permission( + :edit_advisor, + {}, + :resource_type => 'ForemanRhCloud' + ) end - plugin_permissions = [:view_foreman_rh_cloud, :generate_foreman_rh_cloud, :view_insights_hits, :dispatch_cloud_requests, :control_organization_insights] + # Core RH Cloud permissions for inventory upload and sync + rh_cloud_permissions = [:view_foreman_rh_cloud, :generate_foreman_rh_cloud, :view_insights_hits, :dispatch_cloud_requests, :control_organization_insights] + + # Insights application permissions (Vulnerability, Advisor) + insights_permissions = [:view_vulnerability, :edit_vulnerability, :view_advisor, :edit_advisor] + + plugin_permissions = rh_cloud_permissions + insights_permissions role 'ForemanRhCloud', plugin_permissions, 'Role granting permissions to view the hosts inventory, - generate a report, upload it to the cloud and download it locally' + generate a report, upload it to the cloud, download it locally, + and manage Insights Vulnerability and Advisor features' add_permissions_to_default_roles Role::ORG_ADMIN => plugin_permissions, Role::MANAGER => plugin_permissions,