Feature #2694: Force ACL rule zone to be the local zone when oned is standalone

This way the import process to a federation is simplified
2024-12-23 17:33:56 +03:00 · 2014-02-13 17:23:42 +01:00 · 2014-02-13 17:23:42 +01:00 · 41756a9de3
commit 41756a9de3
parent 8a28fc7eea
3 changed files with 22 additions and 4 deletions
--- a/include/AclManager.h
+++ b/include/AclManager.h
@ -38,12 +38,16 @@ class AclManager : public Callbackable, public ActionListener
 public:

    /**
+     *
     *  @param _db pointer to the DB
     *  @param zone_id of the Zone
-     *  @param refresh_cache will reload periodically rules from the DB
+     * @param is_federation_enabled true is this oned is part of a federation
+     * @param is_federation_slave true is this oned is a federation slave. It
+     * it is true, it will reload periodically rules from the DB
     *  @param timer_period period to reload the rules
     */
-    AclManager(SqlDB * _db, int zone_id, bool _refresh_cache, time_t timer);
+    AclManager(SqlDB * _db, int zone_id, bool is_federation_enabled,
+            bool is_federation_slave, time_t timer);

    virtual ~AclManager();

@ -210,7 +214,8 @@ protected:
     *  from DB)
     */
    AclManager(int _zone_id)
-        :zone_id(_zone_id), db(0),lastOID(0), is_federation_slave(false)
+        :zone_id(_zone_id), db(0),lastOID(0), is_federation_enabled(false),
+         is_federation_slave(false)
    {
       pthread_mutex_init(&mutex, 0);
    };
@ -415,6 +420,11 @@ private:
    // Refresh loop thread
    // ----------------------------------------

+    /**
+     * Flag to know if this oned is part of a federation
+     */
+    bool            is_federation_enabled;
+
    /**
     * Flag to refresh the cache periodically
     */
--- a/src/acl/AclManager.cc
+++ b/src/acl/AclManager.cc
@ -51,9 +51,11 @@ int AclManager::init_cb(void *nil, int num, char **values, char **names)
 AclManager::AclManager(
    SqlDB * _db,
    int     _zone_id,
+    bool    _is_federation_enabled,
    bool    _is_federation_slave,
    time_t  _timer_period)
        :zone_id(_zone_id), db(_db), lastOID(-1),
+        is_federation_enabled(_is_federation_enabled),
        is_federation_slave(_is_federation_slave), timer_period(_timer_period)
 {
    ostringstream oss;
@ -527,6 +529,11 @@ int AclManager::add_rule(long long user, long long resource, long long rights,
        return -1;
    }

+    if (!is_federation_enabled)
+    {
+        zone = AclRule::INDIVIDUAL_ID | zone_id;
+    }
+
    lock();

    if (lastOID == INT_MAX)
--- a/src/nebula/Nebula.cc
+++ b/src/nebula/Nebula.cc
@ -701,7 +701,8 @@ void Nebula::start(bool bootstrap_only)
    // ---- ACL Manager ----
    try
    {
-        aclm = new AclManager(db, zone_id, is_federation_slave(), timer_period);
+        aclm = new AclManager(db, zone_id, is_federation_enabled(),
+                is_federation_slave(), timer_period);
    }
    catch (bad_alloc&)
    {