mirror of
https://github.com/OpenNebula/one.git
synced 2024-12-23 17:33:56 +03:00
Bug #1322: Check if user quota rollback is needed; polish quota error messages
This commit is contained in:
parent
c1d8dc72a4
commit
1130e37a2e
@ -160,16 +160,39 @@ protected:
|
||||
|
||||
/**
|
||||
* Performs a basic quota check for this request using the uid/gid
|
||||
* from the request. Usage counters are updated for the user/group.
|
||||
* from the request. Usage counters are updated for the user/group.
|
||||
* On case of error, the failure_response return values are set
|
||||
*
|
||||
* @param tmpl describing the object
|
||||
* @param object type of the object
|
||||
* @param att the specific request attributes
|
||||
*
|
||||
* @return true if the user is authorized.
|
||||
*/
|
||||
bool quota_authorization(Template * tmpl,
|
||||
Quotas::QuotaType qtype,
|
||||
RequestAttributes& att);
|
||||
bool quota_authorization(
|
||||
Template * tmpl,
|
||||
Quotas::QuotaType qtype,
|
||||
RequestAttributes& att);
|
||||
|
||||
/**
|
||||
* Performs a basic quota check for this request using the uid/gid
|
||||
* from the request. Usage counters are updated for the user/group.
|
||||
* On case of error, the failure_response return values is not set, instead
|
||||
* the error reason is returned in error_str
|
||||
*
|
||||
* @param tmpl describing the object
|
||||
* @param object type of the object
|
||||
* @param att the specific request attributes
|
||||
*
|
||||
* @param error_str Error reason, if any
|
||||
* @return true if the user is authorized.
|
||||
*/
|
||||
bool quota_authorization(
|
||||
Template * tmpl,
|
||||
Quotas::QuotaType qtype,
|
||||
RequestAttributes& att,
|
||||
string& error_str);
|
||||
|
||||
/**
|
||||
* Performs rollback on usage counters for a previous quota check operation
|
||||
* for the request.
|
||||
|
@ -137,6 +137,15 @@ bool Request::user_quota_authorization (Template * tmpl,
|
||||
{
|
||||
upool->update(user);
|
||||
}
|
||||
else
|
||||
{
|
||||
ostringstream oss;
|
||||
|
||||
oss << object_name(PoolObjectSQL::USER) << " [" << att.uid << "] "
|
||||
<< error_str;
|
||||
|
||||
error_str = oss.str();
|
||||
}
|
||||
|
||||
user->unlock();
|
||||
|
||||
@ -170,6 +179,15 @@ bool Request::group_quota_authorization (Template * tmpl,
|
||||
{
|
||||
gpool->update(group);
|
||||
}
|
||||
else
|
||||
{
|
||||
ostringstream oss;
|
||||
|
||||
oss << object_name(PoolObjectSQL::GROUP) << " [" << att.gid << "] "
|
||||
<< error_str;
|
||||
|
||||
error_str = oss.str();
|
||||
}
|
||||
|
||||
group->unlock();
|
||||
|
||||
@ -229,35 +247,54 @@ void Request::group_quota_rollback(Template * tmpl,
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
bool Request::quota_authorization(Template * tmpl,
|
||||
bool Request::quota_authorization(Template * tmpl,
|
||||
Quotas::QuotaType qtype,
|
||||
RequestAttributes& att)
|
||||
{
|
||||
string error_str;
|
||||
|
||||
bool auth = quota_authorization(tmpl, qtype, att, error_str);
|
||||
|
||||
if ( auth == false )
|
||||
{
|
||||
failure_response(AUTHORIZATION,
|
||||
request_error(error_str, ""),
|
||||
att);
|
||||
}
|
||||
|
||||
return auth;
|
||||
}
|
||||
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
bool Request::quota_authorization(
|
||||
Template * tmpl,
|
||||
Quotas::QuotaType qtype,
|
||||
RequestAttributes& att,
|
||||
string& error_str)
|
||||
{
|
||||
// uid/gid == -1 means do not update user/group
|
||||
|
||||
if ( att.uid != UserPool::ONEADMIN_ID && att.uid != -1)
|
||||
bool do_user_quota = att.uid != UserPool::ONEADMIN_ID && att.uid != -1;
|
||||
bool do_group_quota = att.gid != GroupPool::ONEADMIN_ID && att.gid != -1;
|
||||
|
||||
if ( do_user_quota )
|
||||
{
|
||||
if ( user_quota_authorization(tmpl, qtype, att, error_str) == false )
|
||||
{
|
||||
failure_response(AUTHORIZATION,
|
||||
authorization_error(error_str, att),
|
||||
att);
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
if ( att.gid != GroupPool::ONEADMIN_ID && att.gid != -1)
|
||||
if ( do_group_quota )
|
||||
{
|
||||
if ( group_quota_authorization(tmpl, qtype, att, error_str) == false )
|
||||
{
|
||||
user_quota_rollback(tmpl, qtype, att);
|
||||
|
||||
failure_response(AUTHORIZATION,
|
||||
authorization_error(error_str, att),
|
||||
att);
|
||||
if ( do_user_quota )
|
||||
{
|
||||
user_quota_rollback(tmpl, qtype, att);
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
@ -37,6 +37,8 @@ PoolObjectSQL * RequestManagerChown::get_and_quota(
|
||||
PoolObjectSQL * object;
|
||||
Quotas::QuotaType qtype;
|
||||
|
||||
string error_str;
|
||||
|
||||
object = pool->get(oid,true);
|
||||
|
||||
if ( object == 0 )
|
||||
@ -86,8 +88,12 @@ PoolObjectSQL * RequestManagerChown::get_and_quota(
|
||||
RequestAttributes att_new(new_uid, new_gid, att);
|
||||
RequestAttributes att_old(old_uid, old_gid, att);
|
||||
|
||||
if ( quota_authorization(tmpl, qtype, att_new) == false )
|
||||
if ( quota_authorization(tmpl, qtype, att_new, error_str) == false )
|
||||
{
|
||||
failure_response(AUTHORIZATION,
|
||||
request_error(error_str, ""),
|
||||
att);
|
||||
|
||||
delete tmpl;
|
||||
return 0;
|
||||
}
|
||||
@ -100,7 +106,7 @@ PoolObjectSQL * RequestManagerChown::get_and_quota(
|
||||
{
|
||||
quota_rollback(tmpl, qtype, att_new);
|
||||
|
||||
quota_authorization(tmpl, qtype, att_old);
|
||||
quota_authorization(tmpl, qtype, att_old, error_str);
|
||||
|
||||
failure_response(NO_EXISTS,
|
||||
get_error(object_name(auth_object), oid),
|
||||
|
@ -230,7 +230,7 @@ bool Quota::check_quota(const string& qid,
|
||||
{
|
||||
ostringstream oss;
|
||||
|
||||
oss << "Limit of " << limit << " reached for " << metrics[i]
|
||||
oss << "limit of " << limit << " reached for " << metrics[i]
|
||||
<< " quota in " << template_name;
|
||||
|
||||
if ( !qid.empty() )
|
||||
|
Loading…
Reference in New Issue
Block a user