diff --git a/include/ImageTemplate.h b/include/ImageTemplate.h index 0374f3cb4b..a7f27a6275 100644 --- a/include/ImageTemplate.h +++ b/include/ImageTemplate.h @@ -43,6 +43,22 @@ public: return Template::check(rs_attr, restricted_attributes); }; + /** + * Deletes all restricted attributes + */ + void remove_restricted() + { + Template::remove_restricted(restricted_attributes); + }; + + /** + * Deletes all the attributes, except the restricted ones + */ + void remove_all_except_restricted() + { + Template::remove_all_except_restricted(restricted_attributes); + }; + bool is_saving() { string saving; diff --git a/include/PoolObjectSQL.h b/include/PoolObjectSQL.h index f51fd7e7d3..bf1d3b119f 100644 --- a/include/PoolObjectSQL.h +++ b/include/PoolObjectSQL.h @@ -561,17 +561,24 @@ public: /** * Replace template for this object. Object should be updated * after calling this method - * @param tmpl string representation of the template + * @param tmpl_str new contents + * @param keep_restricted If true, the restricted attributes of the + * current template will override the new template + * @param error string describing the error if any + * @return 0 on success */ - virtual int replace_template(const string& tmpl_str, string& error); + virtual int replace_template(const string& tmpl_str, bool keep_restricted, string& error); /** * Append new attributes to this object's template. Object should be updated * after calling this method - * @param tmpl string representation of the template + * @param tmpl_str new contents + * @param keep_restricted If true, the restricted attributes of the + * current template will override the new template + * @param error string describing the error if any + * @return 0 on success */ - virtual int append_template(const string& tmpl_str, string& error); - + virtual int append_template(const string& tmpl_str, bool keep_restricted, string& error); /** * Fills a auth class to perform an authZ/authN request based on the object diff --git a/include/RequestManagerUpdateTemplate.h b/include/RequestManagerUpdateTemplate.h index 650dac561f..64d57de25f 100644 --- a/include/RequestManagerUpdateTemplate.h +++ b/include/RequestManagerUpdateTemplate.h @@ -84,14 +84,6 @@ public: }; ~VirtualMachineUpdateTemplate(){}; - - /* -------------------------------------------------------------------- */ - - int replace_template(PoolObjectSQL * object, const string & tmpl, - const RequestAttributes &att, string &error_str); - - int append_template(PoolObjectSQL * object, const string & tmpl, - const RequestAttributes &att, string &error_str); }; /* ------------------------------------------------------------------------- */ diff --git a/include/Template.h b/include/Template.h index 7a448ff35a..83f1045957 100644 --- a/include/Template.h +++ b/include/Template.h @@ -380,6 +380,16 @@ public: */ int merge(const Template * from_tmpl, string& error_str); + /** + * Deletes all restricted attributes + */ + virtual void remove_restricted(); + + /** + * Deletes all the attributes, except the restricted ones + */ + virtual void remove_all_except_restricted(); + protected: /** * The template attributes @@ -419,6 +429,16 @@ protected: */ bool check(string& rs_attr, const vector &restricted_attributes); + /** + * Deletes all restricted attributes + */ + void remove_restricted(const vector &restricted_attributes); + + /** + * Deletes all the attributes, except the restricted ones + */ + void remove_all_except_restricted(const vector &restricted_attributes); + /** * Updates the xml root element name * diff --git a/include/VirtualMachineTemplate.h b/include/VirtualMachineTemplate.h index 22815021f8..f61aad7c49 100644 --- a/include/VirtualMachineTemplate.h +++ b/include/VirtualMachineTemplate.h @@ -52,21 +52,27 @@ public: return Template::check(rs_attr, restricted_attributes); }; + /** + * Deletes all restricted attributes + */ + void remove_restricted() + { + Template::remove_restricted(restricted_attributes); + }; + + /** + * Deletes all the attributes, except the restricted ones + */ + void remove_all_except_restricted() + { + Template::remove_all_except_restricted(restricted_attributes); + }; + void set_xml_root(const char * _xml_root) { Template::set_xml_root(_xml_root); }; - /** - * Deletes all restricted attributes - */ - void remove_restricted(); - - /** - * Deletes all the attributes, excepts the restricted ones - */ - void remove_all_except_restricted(); - /** * Replaces the given image from the DISK attribute with a new one * @param target_id IMAGE_ID the image to be replaced diff --git a/src/pool/PoolObjectSQL.cc b/src/pool/PoolObjectSQL.cc index ca00f38928..1e34ffb8f7 100644 --- a/src/pool/PoolObjectSQL.cc +++ b/src/pool/PoolObjectSQL.cc @@ -167,7 +167,8 @@ void PoolObjectSQL::clear_template_error_message() /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -int PoolObjectSQL::replace_template(const string& tmpl_str, string& error) +int PoolObjectSQL::replace_template( + const string& tmpl_str, bool keep_restricted, string& error) { Template * new_tmpl = get_new_template(); @@ -183,6 +184,19 @@ int PoolObjectSQL::replace_template(const string& tmpl_str, string& error) return -1; } + if (keep_restricted) + { + new_tmpl->remove_restricted(); + + if (obj_template != 0) + { + obj_template->remove_all_except_restricted(); + + string aux_error; + new_tmpl->merge(obj_template, aux_error); + } + } + delete obj_template; obj_template = new_tmpl; @@ -193,7 +207,8 @@ int PoolObjectSQL::replace_template(const string& tmpl_str, string& error) /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -int PoolObjectSQL::append_template(const string& tmpl_str, string& error) +int PoolObjectSQL::append_template( + const string& tmpl_str, bool keep_restricted, string& error) { Template * new_tmpl = get_new_template(); @@ -209,6 +224,11 @@ int PoolObjectSQL::append_template(const string& tmpl_str, string& error) return -1; } + if (keep_restricted) + { + new_tmpl->remove_restricted(); + } + if ( obj_template != 0 ) { obj_template->merge(new_tmpl, error); diff --git a/src/rm/RequestManagerUpdateTemplate.cc b/src/rm/RequestManagerUpdateTemplate.cc index c4228deb7a..1a1382afc1 100644 --- a/src/rm/RequestManagerUpdateTemplate.cc +++ b/src/rm/RequestManagerUpdateTemplate.cc @@ -27,7 +27,14 @@ int RequestManagerUpdateTemplate::replace_template( const RequestAttributes &att, string &error_str) { - return object->replace_template(tmpl, error_str); + if (att.uid!=UserPool::ONEADMIN_ID && att.gid!=GroupPool::ONEADMIN_ID) + { + return object->replace_template(tmpl, true, error_str); + } + else + { + return object->replace_template(tmpl, false, error_str); + } } /* ------------------------------------------------------------------------- */ @@ -39,49 +46,13 @@ int RequestManagerUpdateTemplate::append_template( const RequestAttributes &att, string &error_str) { - return object->append_template(tmpl, error_str); -} - -/* ------------------------------------------------------------------------- */ -/* ------------------------------------------------------------------------- */ - -int VirtualMachineUpdateTemplate::replace_template( - PoolObjectSQL * object, - const string & tmpl, - const RequestAttributes & att, - string & error_str) -{ - VirtualMachine* vm = static_cast(object); - if (att.uid!=UserPool::ONEADMIN_ID && att.gid!=GroupPool::ONEADMIN_ID) { - return vm->replace_template(tmpl, true, error_str); + return object->append_template(tmpl, true, error_str); } else { - return vm->replace_template(tmpl, false, error_str); - } - -} - -/* ------------------------------------------------------------------------- */ -/* ------------------------------------------------------------------------- */ - -int VirtualMachineUpdateTemplate::append_template( - PoolObjectSQL * object, - const string & tmpl, - const RequestAttributes & att, - string & error_str) -{ - VirtualMachine* vm = static_cast(object); - - if (att.uid!=UserPool::ONEADMIN_ID && att.gid!=GroupPool::ONEADMIN_ID) - { - return vm->append_template(tmpl, true, error_str); - } - else - { - return vm->append_template(tmpl, false, error_str); + return object->append_template(tmpl, false, error_str); } } diff --git a/src/template/Template.cc b/src/template/Template.cc index adcb71ce6f..5b7d820e6c 100644 --- a/src/template/Template.cc +++ b/src/template/Template.cc @@ -860,3 +860,125 @@ bool Template::check(string& rs_attr, const vector &restricted_attribute /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ +void Template::remove_restricted() +{} + +/* -------------------------------------------------------------------------- */ +/* -------------------------------------------------------------------------- */ + +void Template::remove_all_except_restricted() +{} + +/* -------------------------------------------------------------------------- */ +/* -------------------------------------------------------------------------- */ + +void Template::remove_restricted(const vector &restricted_attributes) +{ + size_t pos; + string avector, vattr; + vector values; + + for (unsigned int i=0; i < restricted_attributes.size(); i++) + { + pos = restricted_attributes[i].find("/"); + + if (pos != string::npos) //Vector Attribute + { + int num; + + avector = restricted_attributes[i].substr(0,pos); + vattr = restricted_attributes[i].substr(pos+1); + + if ((num = get(avector,values)) > 0 ) //Template contains the attr + { + VectorAttribute * attr; + + for (int j=0; j(values[j]); + + if (attr == 0) + { + continue; + } + + attr->remove(vattr); + } + } + } + else //Single Attribute + { + erase(restricted_attributes[i]); + } + } +} + +/* -------------------------------------------------------------------------- */ +/* -------------------------------------------------------------------------- */ + +void Template::remove_all_except_restricted(const vector &restricted_attributes) +{ + size_t pos; + string avector, vattr; + vector values; + + vector restricted; + + for (unsigned int i=0; i < restricted_attributes.size(); i++) + { + pos = restricted_attributes[i].find("/"); + + if (pos != string::npos) //Vector Attribute + { + int num; + + avector = restricted_attributes[i].substr(0,pos); + vattr = restricted_attributes[i].substr(pos+1); + + if ((num = get(avector,values)) > 0 ) //Template contains the attr + { + VectorAttribute * attr; + + for (int j=0; j(values[j]); + + if (attr == 0) + { + continue; + } + + if ( !attr->vector_value(vattr.c_str()).empty() ) + { + restricted.push_back(attr); + } + } + } + } + else //Single Attribute + { + this->get(restricted_attributes[i], restricted); + } + } + + vector::iterator res_it; + + for (res_it = restricted.begin(); res_it != restricted.end(); res_it++) + { + remove(*res_it); + } + + multimap::iterator att_it; + + for ( att_it = attributes.begin(); att_it != attributes.end(); att_it++) + { + delete att_it->second; + } + + attributes.clear(); + + for (res_it = restricted.begin(); res_it != restricted.end(); res_it++) + { + set(*res_it); + } +} diff --git a/src/vm/VirtualMachineTemplate.cc b/src/vm/VirtualMachineTemplate.cc index 233a4a0ae4..12c4a46ac6 100644 --- a/src/vm/VirtualMachineTemplate.cc +++ b/src/vm/VirtualMachineTemplate.cc @@ -15,128 +15,12 @@ /* -------------------------------------------------------------------------- */ #include "VirtualMachineTemplate.h" -#include "Host.h" /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ vector VirtualMachineTemplate::restricted_attributes; -/* -------------------------------------------------------------------------- */ -/* -------------------------------------------------------------------------- */ - -void VirtualMachineTemplate::remove_restricted() -{ - size_t pos; - string avector, vattr; - vector values; - - for (unsigned int i=0; i < restricted_attributes.size(); i++) - { - pos = restricted_attributes[i].find("/"); - - if (pos != string::npos) //Vector Attribute - { - int num; - - avector = restricted_attributes[i].substr(0,pos); - vattr = restricted_attributes[i].substr(pos+1); - - if ((num = get(avector,values)) > 0 ) //Template contains the attr - { - VectorAttribute * attr; - - for (int j=0; j(values[j]); - - if (attr == 0) - { - continue; - } - - attr->remove(vattr); - } - } - } - else //Single Attribute - { - erase(restricted_attributes[i]); - } - } -} - -/* -------------------------------------------------------------------------- */ -/* -------------------------------------------------------------------------- */ - -void VirtualMachineTemplate::remove_all_except_restricted() -{ - size_t pos; - string avector, vattr; - vector values; - - vector restricted; - - for (unsigned int i=0; i < restricted_attributes.size(); i++) - { - pos = restricted_attributes[i].find("/"); - - if (pos != string::npos) //Vector Attribute - { - int num; - - avector = restricted_attributes[i].substr(0,pos); - vattr = restricted_attributes[i].substr(pos+1); - - if ((num = get(avector,values)) > 0 ) //Template contains the attr - { - VectorAttribute * attr; - - for (int j=0; j(values[j]); - - if (attr == 0) - { - continue; - } - - if ( !attr->vector_value(vattr.c_str()).empty() ) - { - restricted.push_back(attr); - } - } - } - } - else //Single Attribute - { - this->get(restricted_attributes[i], restricted); - } - } - - vector::iterator res_it; - - for (res_it = restricted.begin(); res_it != restricted.end(); res_it++) - { - remove(*res_it); - } - - multimap::iterator att_it; - - for ( att_it = attributes.begin(); att_it != attributes.end(); att_it++) - { - delete att_it->second; - } - - attributes.clear(); - - for (res_it = restricted.begin(); res_it != restricted.end(); res_it++) - { - set(*res_it); - } -} - - /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */