feature #1243: Seting/Clearing resched flag requires ADMIN permissions. Bring back Sconstruct tests.

2025-01-24 02:03:52 +03:00 · 2012-05-01 23:17:22 +02:00 · 2012-05-01 23:17:22 +02:00 · 00b09519fd
commit 00b09519fd
parent f64fccdaad
3 changed files with 39 additions and 28 deletions
--- a/30
+++ b/30
@ -237,22 +237,22 @@ if testing=='yes':
    ])

    build_scripts.extend([
-#        'src/authm/test/SConstruct',
-#        'src/common/test/SConstruct',
-#        'src/host/test/SConstruct',
-#        'src/cluster/test/SConstruct',
-#        'src/datastore/test/SConstruct',
-#        'src/group/test/SConstruct',
-#        'src/image/test/SConstruct',
-#        'src/lcm/test/SConstruct',
-#        'src/pool/test/SConstruct',
-#        'src/template/test/SConstruct',
-#        'src/test/SConstruct',
-#        'src/um/test/SConstruct',
+        'src/authm/test/SConstruct',
+        'src/common/test/SConstruct',
+        'src/host/test/SConstruct',
+        'src/cluster/test/SConstruct',
+        'src/datastore/test/SConstruct',
+        'src/group/test/SConstruct',
+        'src/image/test/SConstruct',
+        'src/lcm/test/SConstruct',
+        'src/pool/test/SConstruct',
+        'src/template/test/SConstruct',
+        'src/test/SConstruct',
+        'src/um/test/SConstruct',
        'src/vm/test/SConstruct',
-#        'src/vnm/test/SConstruct',
-#        'src/xml/test/SConstruct',
-#        'src/vm_template/test/SConstruct',
+        'src/vnm/test/SConstruct',
+        'src/xml/test/SConstruct',
+        'src/vm_template/test/SConstruct',
    ])
 else:
    main_env.Append(testing='no')
--- a/include/RequestManagerVirtualMachine.h
+++ b/include/RequestManagerVirtualMachine.h
@ -49,10 +49,11 @@ protected:
            RequestAttributes& att) = 0;

    bool vm_authorization(int id, 
-                          ImageTemplate *    tmpl,
-                          RequestAttributes& att, 
-                          PoolObjectAuth *   host_perms, 
-                          PoolObjectAuth *   ds_perm);
+                          ImageTemplate *        tmpl,
+                          RequestAttributes&     att, 
+                          PoolObjectAuth *       host_perms, 
+                          PoolObjectAuth *       ds_perm,
+                          AuthRequest::Operation op);

    int get_host_information(int hid, string& name, string& vmm, string& vnm,
            RequestAttributes& att, PoolObjectAuth& host_perms);
@ -73,6 +74,8 @@ protected:
 class VirtualMachineAction : public RequestManagerVirtualMachine
 {
 public:
+    //auth_op is MANAGE for all actions but "resched" and "unresched"
+    //this is dynamically set for each request in the execute method
    VirtualMachineAction():
        RequestManagerVirtualMachine("VirtualMachineAction",
                                     "Performs an action on a virtual machine",
--- a/src/rm/RequestManagerVirtualMachine.cc
+++ b/src/rm/RequestManagerVirtualMachine.cc
@ -22,10 +22,11 @@
 /* -------------------------------------------------------------------------- */

 bool RequestManagerVirtualMachine::vm_authorization(int oid,
-                                                    ImageTemplate *    tmpl,
-                                                    RequestAttributes& att,
-                                                    PoolObjectAuth *   host_perm,
-                                                    PoolObjectAuth *   ds_perm)
+                                                    ImageTemplate *        tmpl,
+                                                    RequestAttributes&     att,
+                                                    PoolObjectAuth *       host_perm,
+                                                    PoolObjectAuth *       ds_perm,
+                                                    AuthRequest::Operation op)
 {
    PoolObjectSQL * object;
    PoolObjectAuth vm_perms;
@ -52,7 +53,7 @@ bool RequestManagerVirtualMachine::vm_authorization(int oid,

    AuthRequest ar(att.uid, att.gid);

-    ar.add_auth(auth_op, vm_perms);
+    ar.add_auth(op, vm_perms);

    if (host_perm != 0)
    {
@ -184,7 +185,14 @@ void VirtualMachineAction::request_execute(xmlrpc_c::paramList const& paramList,
    Nebula& nd = Nebula::instance();
    DispatchManager * dm = nd.get_dm();

-    if ( vm_authorization(id, 0, att, 0, 0) == false )
+    AuthRequest::Operation op = auth_op;
+
+    if (action == "resched" || action == "unresched")
+    {
+        op = AuthRequest::ADMIN;
+    }
+
+    if ( vm_authorization(id, 0, att, 0, 0, op) == false )
    {
        return;
    }
@ -297,7 +305,7 @@ void VirtualMachineDeploy::request_execute(xmlrpc_c::paramList const& paramList,
        return;
    }

-    auth = vm_authorization(id, 0, att, &host_perms, 0);
+    auth = vm_authorization(id, 0, att, &host_perms, 0, auth_op);

    if ( auth == false )
    {
@ -359,7 +367,7 @@ void VirtualMachineMigrate::request_execute(xmlrpc_c::paramList const& paramList
        return;
    }

-    auth = vm_authorization(id, 0, att, &host_perms, 0);
+    auth = vm_authorization(id, 0, att, &host_perms, 0, auth_op);

    if ( auth == false )
    {
@ -531,7 +539,7 @@ void VirtualMachineSaveDisk::request_execute(xmlrpc_c::paramList const& paramLis
    // Authorize the operation
    // -------------------------------------------------------------------------

-    if ( vm_authorization(id, itemplate, att, 0, &ds_perms) == false )
+    if ( vm_authorization(id, itemplate, att, 0, &ds_perms, auth_op) == false )
    {
        delete itemplate;
        return;