1
0
mirror of https://github.com/OpenNebula/one.git synced 2024-12-23 17:33:56 +03:00

Bug #1322: Check if user quota rollback is needed; polish quota error messages

This commit is contained in:
Carlos Martín 2012-06-28 13:21:19 +02:00
parent c1d8dc72a4
commit 1130e37a2e
4 changed files with 85 additions and 19 deletions

View File

@ -160,16 +160,39 @@ protected:
/**
* Performs a basic quota check for this request using the uid/gid
* from the request. Usage counters are updated for the user/group.
* from the request. Usage counters are updated for the user/group.
* On case of error, the failure_response return values are set
*
* @param tmpl describing the object
* @param object type of the object
* @param att the specific request attributes
*
* @return true if the user is authorized.
*/
bool quota_authorization(Template * tmpl,
Quotas::QuotaType qtype,
RequestAttributes& att);
bool quota_authorization(
Template * tmpl,
Quotas::QuotaType qtype,
RequestAttributes& att);
/**
* Performs a basic quota check for this request using the uid/gid
* from the request. Usage counters are updated for the user/group.
* On case of error, the failure_response return values is not set, instead
* the error reason is returned in error_str
*
* @param tmpl describing the object
* @param object type of the object
* @param att the specific request attributes
*
* @param error_str Error reason, if any
* @return true if the user is authorized.
*/
bool quota_authorization(
Template * tmpl,
Quotas::QuotaType qtype,
RequestAttributes& att,
string& error_str);
/**
* Performs rollback on usage counters for a previous quota check operation
* for the request.

View File

@ -137,6 +137,15 @@ bool Request::user_quota_authorization (Template * tmpl,
{
upool->update(user);
}
else
{
ostringstream oss;
oss << object_name(PoolObjectSQL::USER) << " [" << att.uid << "] "
<< error_str;
error_str = oss.str();
}
user->unlock();
@ -170,6 +179,15 @@ bool Request::group_quota_authorization (Template * tmpl,
{
gpool->update(group);
}
else
{
ostringstream oss;
oss << object_name(PoolObjectSQL::GROUP) << " [" << att.gid << "] "
<< error_str;
error_str = oss.str();
}
group->unlock();
@ -229,35 +247,54 @@ void Request::group_quota_rollback(Template * tmpl,
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
bool Request::quota_authorization(Template * tmpl,
bool Request::quota_authorization(Template * tmpl,
Quotas::QuotaType qtype,
RequestAttributes& att)
{
string error_str;
bool auth = quota_authorization(tmpl, qtype, att, error_str);
if ( auth == false )
{
failure_response(AUTHORIZATION,
request_error(error_str, ""),
att);
}
return auth;
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
bool Request::quota_authorization(
Template * tmpl,
Quotas::QuotaType qtype,
RequestAttributes& att,
string& error_str)
{
// uid/gid == -1 means do not update user/group
if ( att.uid != UserPool::ONEADMIN_ID && att.uid != -1)
bool do_user_quota = att.uid != UserPool::ONEADMIN_ID && att.uid != -1;
bool do_group_quota = att.gid != GroupPool::ONEADMIN_ID && att.gid != -1;
if ( do_user_quota )
{
if ( user_quota_authorization(tmpl, qtype, att, error_str) == false )
{
failure_response(AUTHORIZATION,
authorization_error(error_str, att),
att);
return false;
}
}
if ( att.gid != GroupPool::ONEADMIN_ID && att.gid != -1)
if ( do_group_quota )
{
if ( group_quota_authorization(tmpl, qtype, att, error_str) == false )
{
user_quota_rollback(tmpl, qtype, att);
failure_response(AUTHORIZATION,
authorization_error(error_str, att),
att);
if ( do_user_quota )
{
user_quota_rollback(tmpl, qtype, att);
}
return false;
}

View File

@ -37,6 +37,8 @@ PoolObjectSQL * RequestManagerChown::get_and_quota(
PoolObjectSQL * object;
Quotas::QuotaType qtype;
string error_str;
object = pool->get(oid,true);
if ( object == 0 )
@ -86,8 +88,12 @@ PoolObjectSQL * RequestManagerChown::get_and_quota(
RequestAttributes att_new(new_uid, new_gid, att);
RequestAttributes att_old(old_uid, old_gid, att);
if ( quota_authorization(tmpl, qtype, att_new) == false )
if ( quota_authorization(tmpl, qtype, att_new, error_str) == false )
{
failure_response(AUTHORIZATION,
request_error(error_str, ""),
att);
delete tmpl;
return 0;
}
@ -100,7 +106,7 @@ PoolObjectSQL * RequestManagerChown::get_and_quota(
{
quota_rollback(tmpl, qtype, att_new);
quota_authorization(tmpl, qtype, att_old);
quota_authorization(tmpl, qtype, att_old, error_str);
failure_response(NO_EXISTS,
get_error(object_name(auth_object), oid),

View File

@ -230,7 +230,7 @@ bool Quota::check_quota(const string& qid,
{
ostringstream oss;
oss << "Limit of " << limit << " reached for " << metrics[i]
oss << "limit of " << limit << " reached for " << metrics[i]
<< " quota in " << template_name;
if ( !qid.empty() )