shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-03-22 18:50:08 +03:00
Code Releases Wiki Activity

Feature #862: RequestManagerPoolInfoFilter filters results by USE right

Browse Source
This commit is contained in:
Carlos Martín 2012-01-04 22:12:39 +01:00
parent ed68b74c5d
commit 3582843023
5 changed files with 77 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/image/Image.cc
View File

@ -73,11 +73,13 @@ Image::~Image()
const char * Image::table = "image_pool";
const char * Image::db_names = "oid, name, body, uid, gid";
const char * Image::db_names =
"oid, name, body, uid, gid, owner_u, group_u, other_u";
const char * Image::db_bootstrap = "CREATE TABLE IF NOT EXISTS image_pool ("
"oid INTEGER PRIMARY KEY, name VARCHAR(128), body TEXT, uid INTEGER, "
"gid INTEGER, UNIQUE(name,uid) )";
"gid INTEGER, owner_u INTEGER, group_u INTEGER, other_u INTEGER, "
"UNIQUE(name,uid) )";
/* ------------------------------------------------------------------------ */
/* ------------------------------------------------------------------------ */
@ -279,7 +281,10 @@ int Image::insert_replace(SqlDB *db, bool replace, string& error_str)
<< "'" << sql_name << "',"
<< "'" << sql_xml << "',"
<< uid << ","
<< gid << ")";
<< gid << ","
<< owner_u << ","
<< group_u << ","
<< other_u << ")";
rc = db->exec(oss);

84
src/rm/RequestManagerPoolInfoFilter.cc
View File

@ -77,56 +77,60 @@ void RequestManagerPoolInfoFilter::request_execute(
vector<int> gids;
switch(filter_flag)
if ( att.uid == 0 || att.gid == 0 )
{
case MINE:
uid_filter << "uid = " << att.uid; // TODO: add owner_USE restriction
break;
all = true;
}
else
{
aclm->reverse_search(att.uid, att.gid, auth_object,
AuthRequest::USE, all, oids, gids);
}
case ALL:
if ( att.uid == 0 || att.gid == 0 )
{
all = true;
}
else
{
aclm->reverse_search(att.uid, att.gid, auth_object,
AuthRequest::USE, all, oids, gids);
}
if ( filter_flag != ALL )
{
int uid;
if ( !all ) // If all == true, there is not a uid or gid restriction
{
vector<int>::iterator it;
if ( filter_flag == MINE )
{
uid = att.uid;
}
else
{
uid = filter_flag;
}
// Default rights: Users can see and use their resources, and
// the public ones in their group
uid_filter << "uid = " << att.uid; // TODO: add owner_USE restriction
uid_filter << "uid = " << uid;
}
// VMs don't have public column, are considered private
if ( auth_object != PoolObjectSQL::VM )
{
// TODO add group, other permission restrictions
uid_filter << " OR (gid = " << att.gid << " AND public = 1)";
}
if ( !all ) // If all == true, there is not a uid or gid restriction
{
vector<int>::iterator it;
for ( it=oids.begin(); it< oids.end(); it++ )
{
uid_filter << " OR uid = " << *it;
}
if ( filter_flag != ALL )
{
uid_filter << " AND ";
}
for ( it=gids.begin(); it< gids.end(); it++ )
{
uid_filter << " OR gid = " << *it;
}
}
// Permissions included in the resources
uid_filter
<< "("
<< "(uid = " << att.uid << " AND owner_u = 1) OR "
<< "(gid = " << att.gid << " AND group_u = 1) OR "
<< "other_u = 1";
break;
for ( it=oids.begin(); it< oids.end(); it++ )
{
uid_filter << " OR oid = " << *it;
}
default:
// TODO: add authorization check, user can MANAGE User with ID filter_flag
uid_filter << "uid = " << filter_flag;
for ( it=gids.begin(); it< gids.end(); it++ )
{
uid_filter << " OR gid = " << *it;
}
break;
uid_filter << ")";
}
uid_str = uid_filter.str();

13
src/vm/VirtualMachine.cc
View File

@ -93,11 +93,13 @@ VirtualMachine::~VirtualMachine()
const char * VirtualMachine::table = "vm_pool";
const char * VirtualMachine::db_names =
"oid, name, body, uid, gid, last_poll, state, lcm_state";
"oid, name, body, uid, gid, last_poll, state, lcm_state, "
"owner_u, group_u, other_u";
const char * VirtualMachine::db_bootstrap = "CREATE TABLE IF NOT EXISTS "
"vm_pool (oid INTEGER PRIMARY KEY, name VARCHAR(128), body TEXT, uid INTEGER, "
"gid INTEGER, last_poll INTEGER, state INTEGER, lcm_state INTEGER)";
"gid INTEGER, last_poll INTEGER, state INTEGER, lcm_state INTEGER, "
"owner_u INTEGER, group_u INTEGER, other_u INTEGER)";
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
@ -112,7 +114,7 @@ int VirtualMachine::select(SqlDB * db)
Nebula& nd = Nebula::instance();
// Rebuld the VirtualMachine object
// Rebuild the VirtualMachine object
rc = PoolObjectSQL::select(db);
if( rc != 0 )
@ -558,7 +560,10 @@ int VirtualMachine::insert_replace(SqlDB *db, bool replace, string& error_str)
<< gid << ","
<< last_poll << ","
<< state << ","
<< lcm_state << ")";
<< lcm_state << ","
<< owner_u << ","
<< group_u << ","
<< other_u << ")";
db->free_str(sql_deploy_id);
db->free_str(sql_name);

11
src/vm_template/VMTemplate.cc
View File

@ -59,11 +59,13 @@ VMTemplate::~VMTemplate()
const char * VMTemplate::table = "template_pool";
const char * VMTemplate::db_names = "oid, name, body, uid, gid";
const char * VMTemplate::db_names =
"oid, name, body, uid, gid, owner_u, group_u, other_u";
const char * VMTemplate::db_bootstrap =
"CREATE TABLE IF NOT EXISTS template_pool (oid INTEGER PRIMARY KEY, "
"name VARCHAR(128), body TEXT, uid INTEGER, gid INTEGER)";
"name VARCHAR(128), body TEXT, uid INTEGER, gid INTEGER, "
"owner_u INTEGER, group_u INTEGER, other_u INTEGER)";
/* ------------------------------------------------------------------------ */
/* ------------------------------------------------------------------------ */
@ -155,7 +157,10 @@ int VMTemplate::insert_replace(SqlDB *db, bool replace, string& error_str)
<< "'" << sql_name << "',"
<< "'" << sql_xml << "',"
<< uid << ","
<< gid << ")";
<< gid << ","
<< owner_u << ","
<< group_u << ","
<< other_u << ")";
rc = db->exec(oss);

11
src/vnm/VirtualNetwork.cc
View File

@ -73,11 +73,13 @@ VirtualNetwork::~VirtualNetwork()
const char * VirtualNetwork::table = "network_pool";
const char * VirtualNetwork::db_names = "oid, name, body, uid, gid";
const char * VirtualNetwork::db_names =
"oid, name, body, uid, gid, owner_u, group_u, other_u";
const char * VirtualNetwork::db_bootstrap = "CREATE TABLE IF NOT EXISTS"
" network_pool (oid INTEGER PRIMARY KEY, name VARCHAR(128),"
" body TEXT, uid INTEGER, gid INTEGER, UNIQUE(name,uid))";
" body TEXT, uid INTEGER, gid INTEGER, "
"owner_u INTEGER, group_u INTEGER, other_u INTEGER, UNIQUE(name,uid))";
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
@ -384,7 +386,10 @@ int VirtualNetwork::insert_replace(SqlDB *db, bool replace, string& error_str)
<< "'" << sql_name << "',"
<< "'" << sql_xml << "',"
<< uid << ","
<< gid << ")";
<< gid << ","
<< owner_u << ","
<< group_u << ","
<< other_u << ")";
rc = db->exec(oss);