shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-03-26 06:50:09 +03:00
Code Releases Wiki Activity

bug #3659: Advance GROUP_ADMIN comparison

Browse Source
This commit is contained in:
Ruben S. Montero 2015-03-08 21:36:20 +01:00
parent 58cc44b955
commit 0cdb1bba32
2 changed files with 10 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/rm/RequestManagerAllocate.cc
View File

@ -530,7 +530,7 @@ bool TemplateAllocate::allocate_authorization(
RequestAttributes& att,
PoolObjectAuth * cluster_perms)
{
if ( att.uid == UserPool::ONEADMIN_ID )
if ( att.uid == UserPool::ONEADMIN_ID || att.gid == GroupPool::ONEADMIN_ID )
{
return true;
}
@ -542,21 +542,17 @@ bool TemplateAllocate::allocate_authorization(
VirtualMachineTemplate * ttmpl = static_cast<VirtualMachineTemplate *>(tmpl);
// ------------ Check template for restricted attributes -------------------
if ( att.uid != UserPool::ONEADMIN_ID && att.gid != GroupPool::ONEADMIN_ID )
if (ttmpl->check(aname))
{
if (ttmpl->check(aname))
{
ostringstream oss;
ostringstream oss;
oss << "VM Template includes a restricted attribute " << aname;
oss << "VM Template includes a restricted attribute " << aname;
failure_response(AUTHORIZATION,
authorization_error(oss.str(), att),
att);
failure_response(AUTHORIZATION,
authorization_error(oss.str(), att),
att);
return false;
}
return false;
}
return true;

4
src/rm/RequestManagerUpdateTemplate.cc
View File

@ -95,8 +95,8 @@ void RequestManagerUpdateTemplate::request_execute(
object = pool->get(oid,true);
if ( object == 0 )
{
if ( object == 0 )
{
failure_response(NO_EXISTS,
get_error(object_name(auth_object),oid),
att);