diff --git a/src/image/Image.cc b/src/image/Image.cc index 682141f582..ec9f9da4e5 100644 --- a/src/image/Image.cc +++ b/src/image/Image.cc @@ -73,11 +73,13 @@ Image::~Image() const char * Image::table = "image_pool"; -const char * Image::db_names = "oid, name, body, uid, gid"; +const char * Image::db_names = + "oid, name, body, uid, gid, owner_u, group_u, other_u"; const char * Image::db_bootstrap = "CREATE TABLE IF NOT EXISTS image_pool (" "oid INTEGER PRIMARY KEY, name VARCHAR(128), body TEXT, uid INTEGER, " - "gid INTEGER, UNIQUE(name,uid) )"; + "gid INTEGER, owner_u INTEGER, group_u INTEGER, other_u INTEGER, " + "UNIQUE(name,uid) )"; /* ------------------------------------------------------------------------ */ /* ------------------------------------------------------------------------ */ @@ -279,7 +281,10 @@ int Image::insert_replace(SqlDB *db, bool replace, string& error_str) << "'" << sql_name << "'," << "'" << sql_xml << "'," << uid << "," - << gid << ")"; + << gid << "," + << owner_u << "," + << group_u << "," + << other_u << ")"; rc = db->exec(oss); diff --git a/src/rm/RequestManagerPoolInfoFilter.cc b/src/rm/RequestManagerPoolInfoFilter.cc index 854702db29..76c24e64e7 100644 --- a/src/rm/RequestManagerPoolInfoFilter.cc +++ b/src/rm/RequestManagerPoolInfoFilter.cc @@ -77,56 +77,60 @@ void RequestManagerPoolInfoFilter::request_execute( vector gids; - switch(filter_flag) + + if ( att.uid == 0 || att.gid == 0 ) { - case MINE: - uid_filter << "uid = " << att.uid; // TODO: add owner_USE restriction - break; + all = true; + } + else + { + aclm->reverse_search(att.uid, att.gid, auth_object, + AuthRequest::USE, all, oids, gids); + } - case ALL: - if ( att.uid == 0 || att.gid == 0 ) - { - all = true; - } - else - { - aclm->reverse_search(att.uid, att.gid, auth_object, - AuthRequest::USE, all, oids, gids); - } + if ( filter_flag != ALL ) + { + int uid; - if ( !all ) // If all == true, there is not a uid or gid restriction - { - vector::iterator it; + if ( filter_flag == MINE ) + { + uid = att.uid; + } + else + { + uid = filter_flag; + } - // Default rights: Users can see and use their resources, and - // the public ones in their group - uid_filter << "uid = " << att.uid; // TODO: add owner_USE restriction + uid_filter << "uid = " << uid; + } - // VMs don't have public column, are considered private - if ( auth_object != PoolObjectSQL::VM ) - { - // TODO add group, other permission restrictions - uid_filter << " OR (gid = " << att.gid << " AND public = 1)"; - } + if ( !all ) // If all == true, there is not a uid or gid restriction + { + vector::iterator it; - for ( it=oids.begin(); it< oids.end(); it++ ) - { - uid_filter << " OR uid = " << *it; - } + if ( filter_flag != ALL ) + { + uid_filter << " AND "; + } - for ( it=gids.begin(); it< gids.end(); it++ ) - { - uid_filter << " OR gid = " << *it; - } - } + // Permissions included in the resources + uid_filter + << "(" + << "(uid = " << att.uid << " AND owner_u = 1) OR " + << "(gid = " << att.gid << " AND group_u = 1) OR " + << "other_u = 1"; - break; + for ( it=oids.begin(); it< oids.end(); it++ ) + { + uid_filter << " OR oid = " << *it; + } - default: - // TODO: add authorization check, user can MANAGE User with ID filter_flag - uid_filter << "uid = " << filter_flag; + for ( it=gids.begin(); it< gids.end(); it++ ) + { + uid_filter << " OR gid = " << *it; + } - break; + uid_filter << ")"; } uid_str = uid_filter.str(); diff --git a/src/vm/VirtualMachine.cc b/src/vm/VirtualMachine.cc index 3f03a25b74..2f314504f1 100644 --- a/src/vm/VirtualMachine.cc +++ b/src/vm/VirtualMachine.cc @@ -93,11 +93,13 @@ VirtualMachine::~VirtualMachine() const char * VirtualMachine::table = "vm_pool"; const char * VirtualMachine::db_names = - "oid, name, body, uid, gid, last_poll, state, lcm_state"; + "oid, name, body, uid, gid, last_poll, state, lcm_state, " + "owner_u, group_u, other_u"; const char * VirtualMachine::db_bootstrap = "CREATE TABLE IF NOT EXISTS " "vm_pool (oid INTEGER PRIMARY KEY, name VARCHAR(128), body TEXT, uid INTEGER, " - "gid INTEGER, last_poll INTEGER, state INTEGER, lcm_state INTEGER)"; + "gid INTEGER, last_poll INTEGER, state INTEGER, lcm_state INTEGER, " + "owner_u INTEGER, group_u INTEGER, other_u INTEGER)"; /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ @@ -112,7 +114,7 @@ int VirtualMachine::select(SqlDB * db) Nebula& nd = Nebula::instance(); - // Rebuld the VirtualMachine object + // Rebuild the VirtualMachine object rc = PoolObjectSQL::select(db); if( rc != 0 ) @@ -558,7 +560,10 @@ int VirtualMachine::insert_replace(SqlDB *db, bool replace, string& error_str) << gid << "," << last_poll << "," << state << "," - << lcm_state << ")"; + << lcm_state << "," + << owner_u << "," + << group_u << "," + << other_u << ")"; db->free_str(sql_deploy_id); db->free_str(sql_name); diff --git a/src/vm_template/VMTemplate.cc b/src/vm_template/VMTemplate.cc index 44d5870791..c6792385a4 100644 --- a/src/vm_template/VMTemplate.cc +++ b/src/vm_template/VMTemplate.cc @@ -59,11 +59,13 @@ VMTemplate::~VMTemplate() const char * VMTemplate::table = "template_pool"; -const char * VMTemplate::db_names = "oid, name, body, uid, gid"; +const char * VMTemplate::db_names = + "oid, name, body, uid, gid, owner_u, group_u, other_u"; const char * VMTemplate::db_bootstrap = "CREATE TABLE IF NOT EXISTS template_pool (oid INTEGER PRIMARY KEY, " - "name VARCHAR(128), body TEXT, uid INTEGER, gid INTEGER)"; + "name VARCHAR(128), body TEXT, uid INTEGER, gid INTEGER, " + "owner_u INTEGER, group_u INTEGER, other_u INTEGER)"; /* ------------------------------------------------------------------------ */ /* ------------------------------------------------------------------------ */ @@ -155,7 +157,10 @@ int VMTemplate::insert_replace(SqlDB *db, bool replace, string& error_str) << "'" << sql_name << "'," << "'" << sql_xml << "'," << uid << "," - << gid << ")"; + << gid << "," + << owner_u << "," + << group_u << "," + << other_u << ")"; rc = db->exec(oss); diff --git a/src/vnm/VirtualNetwork.cc b/src/vnm/VirtualNetwork.cc index 34a9a8ad2e..955f823f73 100644 --- a/src/vnm/VirtualNetwork.cc +++ b/src/vnm/VirtualNetwork.cc @@ -73,11 +73,13 @@ VirtualNetwork::~VirtualNetwork() const char * VirtualNetwork::table = "network_pool"; -const char * VirtualNetwork::db_names = "oid, name, body, uid, gid"; +const char * VirtualNetwork::db_names = + "oid, name, body, uid, gid, owner_u, group_u, other_u"; const char * VirtualNetwork::db_bootstrap = "CREATE TABLE IF NOT EXISTS" " network_pool (oid INTEGER PRIMARY KEY, name VARCHAR(128)," - " body TEXT, uid INTEGER, gid INTEGER, UNIQUE(name,uid))"; + " body TEXT, uid INTEGER, gid INTEGER, " + "owner_u INTEGER, group_u INTEGER, other_u INTEGER, UNIQUE(name,uid))"; /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ @@ -384,7 +386,10 @@ int VirtualNetwork::insert_replace(SqlDB *db, bool replace, string& error_str) << "'" << sql_name << "'," << "'" << sql_xml << "'," << uid << "," - << gid << ")"; + << gid << "," + << owner_u << "," + << group_u << "," + << other_u << ")"; rc = db->exec(oss);