shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-03-21 14:50:08 +03:00
Code Releases Wiki Activity

B #2843: Allow administrator to create scope tokens in any group

Browse Source
This commit is contained in:
Ruben S. Montero 2019-02-05 10:48:07 +01:00
parent 30c356c545
commit 262c905a97
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/rm/RequestManagerUser.cc
View File

@ -493,7 +493,14 @@ void UserLogin::request_execute(xmlrpc_c::paramList const& paramList,
}
else if (valid > 0 || valid == -1)
{
if ( egid != -1 && (!user->is_in_group(egid) || att.group_ids.count(egid) == 0) )
/**
* Scoped token checks
* 1. user is in the target group
* 2. Authenticated groups for the user include the target group
* 3. user is not oneadmin or admin group
*/
if ( egid != -1 && !att.is_admin() && ( !user->is_in_group(egid) ||
att.group_ids.count(egid) == 0) )
{
att.resp_msg = "EGID is not in user group list";
failure_response(XML_RPC_API, att);