mirror of
https://github.com/OpenNebula/one.git
synced 2025-03-21 14:50:08 +03:00
* This commit syncs oned and API specification for the ALL flag. The internal defines were not consistent with the API specification. (cherry picked from commit 82d2191dfda8d4ef031223929a6a76949ae050aa)
This commit is contained in:
Pavel Czerný
Ruben S. Montero
parent
b7b662b5ff
commit
269ca271d2
@ -75,10 +75,10 @@ public:
|
||||
*/
|
||||
enum LockStates
|
||||
{
|
||||
ST_NONE = 0x0LL,
|
||||
ST_USE = 0x1LL,
|
||||
ST_MANAGE = 0x2LL,
|
||||
ST_ADMIN = 0x4LL
|
||||
ST_NONE = 0,
|
||||
ST_USE = 1,
|
||||
ST_MANAGE = 2,
|
||||
ST_ADMIN = 3
|
||||
};
|
||||
|
||||
static const long int LockableObject;
|
||||
@ -530,7 +530,10 @@ public:
|
||||
*
|
||||
* @return 0 if the lock was granted, -1 if the object is already locked
|
||||
*/
|
||||
int lock_db(const int owner, const int req_id, const int level);
|
||||
int lock_db(const int owner,
|
||||
const int req_id,
|
||||
const int level,
|
||||
const bool is_admin);
|
||||
|
||||
/**
|
||||
* Unlocks the DB lock for external applications. The object must be locked
|
||||
|
||||
@ -40,9 +40,13 @@ protected:
|
||||
void request_execute(xmlrpc_c::paramList const& _paramList,
|
||||
RequestAttributes& att) override;
|
||||
|
||||
int lock_db(PoolObjectSQL * object, const int owner, const int req_id, const int level)
|
||||
int lock_db(PoolObjectSQL * object,
|
||||
const int owner,
|
||||
const int req_id,
|
||||
const int level,
|
||||
const bool is_admin)
|
||||
{
|
||||
return object->lock_db(owner, req_id, level);
|
||||
return object->lock_db(owner, req_id, level, is_admin);
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
@ -195,11 +195,11 @@ bool AclManager::authorize(
|
||||
long long user_req;
|
||||
long long resource_oid_req;
|
||||
|
||||
if (static_cast<long long int>(op) & 0x10LL) //No lockable object
|
||||
if (op & 0x10LL) //No lockable object
|
||||
{
|
||||
op = static_cast<AuthRequest::Operation>(op & 0x0FLL);
|
||||
}
|
||||
else if (obj_perms.locked > 0 && obj_perms.locked <= static_cast<long long int>(op))
|
||||
else if (obj_perms.locked > 0 && obj_perms.locked <= op)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
@ -385,11 +385,11 @@ bool AclManager::oneadmin_authorize(
|
||||
const PoolObjectAuth& obj_perms,
|
||||
AuthRequest::Operation op) const
|
||||
{
|
||||
if (static_cast<long long int>(op) & 0x10LL) //No lockable object
|
||||
if (op & 0x10LL) //No lockable object
|
||||
{
|
||||
return true;
|
||||
}
|
||||
else if (obj_perms.locked > 0 && obj_perms.locked <= static_cast<long long int>(op))
|
||||
else if (obj_perms.locked > 0 && obj_perms.locked <= op)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -1016,7 +1016,7 @@ void Image::set_state(ImageState _state)
|
||||
}
|
||||
else if (state == LOCKED)
|
||||
{
|
||||
lock_db(-1,-1, PoolObjectSQL::LockStates::ST_USE);
|
||||
lock_db(-1,-1, PoolObjectSQL::LockStates::ST_USE, true);
|
||||
}
|
||||
|
||||
if (_state != LOCKED )
|
||||
|
||||
@ -587,13 +587,22 @@ bool PoolObjectSQL::name_is_valid(const string& obj_name,
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
int PoolObjectSQL::lock_db(const int owner, const int req_id, const int level)
|
||||
int PoolObjectSQL::lock_db(const int owner,
|
||||
const int req_id,
|
||||
const int level,
|
||||
const bool is_admin)
|
||||
{
|
||||
if ( level < ST_NONE || level > ST_ADMIN )
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (locked != ST_NONE && lock_owner != owner && !is_admin)
|
||||
{
|
||||
// Only admin can override lock
|
||||
return -1;
|
||||
}
|
||||
|
||||
locked = static_cast<LockStates>(level);
|
||||
lock_time = time(0);
|
||||
lock_owner = owner;
|
||||
|
||||
@ -62,6 +62,27 @@ void RequestManagerLock::request_execute(xmlrpc_c::paramList const& paramList,
|
||||
return;
|
||||
}
|
||||
|
||||
switch(level)
|
||||
{
|
||||
case 1: //USE + MANAGE + ADMIN
|
||||
level = PoolObjectSQL::ST_USE;
|
||||
break;
|
||||
case 2: //MANAGE + ADMIN
|
||||
level = PoolObjectSQL::ST_MANAGE;
|
||||
break;
|
||||
case 3: //ADMIN
|
||||
level = PoolObjectSQL::ST_ADMIN;
|
||||
break;
|
||||
case 4: //ALL equals USE
|
||||
level = PoolObjectSQL::ST_USE;
|
||||
break;
|
||||
|
||||
default:
|
||||
att.resp_msg = "Wrong lock level specified";
|
||||
failure_response(ACTION, att);
|
||||
return;
|
||||
}
|
||||
|
||||
if ((auth_object & PoolObjectSQL::LockableObject) != 0)
|
||||
{
|
||||
if ( test && object->test_lock_db(att.resp_msg) != 0 )
|
||||
@ -70,7 +91,7 @@ void RequestManagerLock::request_execute(xmlrpc_c::paramList const& paramList,
|
||||
}
|
||||
else
|
||||
{
|
||||
rc = lock_db(object.get(), owner, att.req_id, level);
|
||||
rc = lock_db(object.get(), owner, att.req_id, level, att.is_admin());
|
||||
|
||||
pool->update(object.get());
|
||||
|
||||
@ -87,6 +108,7 @@ void RequestManagerLock::request_execute(xmlrpc_c::paramList const& paramList,
|
||||
}
|
||||
else
|
||||
{
|
||||
att.resp_msg = "Object cannot be locked.";
|
||||
failure_response(AUTHORIZATION, att);
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user