Feature #2613: add provider creates an acl rule to USE the ZONE

2025-03-23 22:50:09 +03:00 · 2014-01-23 13:16:35 +01:00 · 2014-01-23 13:16:35 +01:00 · 090dbb456c
commit 090dbb456c
parent 25fa9186aa
1 changed files with 32 additions and 2 deletions
--- a/src/rm/RequestManagerGroup.cc
+++ b/src/rm/RequestManagerGroup.cc
@ -208,7 +208,7 @@ int GroupAddProvider::edit_acl_rules(
        mask_prefix = AclRule::CLUSTER_ID | cluster_id;
    }

-    // @<gid> HOST/%<cid> MANAGE
+    // @<gid> HOST/%<cid> MANAGE #<zone>
    rc += aclm->add_rule(
            AclRule::GROUP_ID |
            group_id,
@ -223,7 +223,7 @@ int GroupAddProvider::edit_acl_rules(

            error_msg);

-    // @<gid> DATASTORE+NET/%<cid> USE
+    // @<gid> DATASTORE+NET/%<cid> USE #<zone>
    rc += aclm->add_rule(
            AclRule::GROUP_ID |
            group_id,
@ -239,6 +239,21 @@ int GroupAddProvider::edit_acl_rules(

            error_msg);

+    // @<gid> ZONE/#<zone> USE *
+    rc += aclm->add_rule(
+            AclRule::GROUP_ID |
+            group_id,
+
+            PoolObjectSQL::ZONE |
+            AclRule::INDIVIDUAL_ID |
+            zone_id,
+
+            AuthRequest::USE,
+
+            AclRule::ALL_ID,
+
+            error_msg);
+
    if (rc != 0)
    {
        return -1;
@ -306,6 +321,21 @@ int GroupDelProvider::edit_acl_rules(

            error_msg);

+    // @<gid> ZONE/#<zone> USE *
+    rc += aclm->del_rule(
+            AclRule::GROUP_ID |
+            group_id,
+
+            PoolObjectSQL::ZONE |
+            AclRule::INDIVIDUAL_ID |
+            zone_id,
+
+            AuthRequest::USE,
+
+            AclRule::ALL_ID,
+
+            error_msg);
+
    if (rc != 0)
    {
        return -1;