shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-03-23 22:50:09 +03:00
Code Releases Wiki Activity

Feature #687: Let users in the oneadmin group perform any operation, instead of only manage ACL rules

Browse Source
This commit is contained in:
Carlos Martín 2011-06-30 18:03:06 +02:00
parent bc29eaca98
commit 5ae5d85301
2 changed files with 1 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/acl/AclManager.cc
View File

@ -106,12 +106,6 @@ const bool AclManager::authorize(int uid, const set<int> &user_groups,
bool auth = false;
// Only oneadmin, or someone in the oneadmin group can manage acl rules
if ( obj_type == AuthRequest::ACL )
{
return ( uid == 0 || user_groups.count( GroupPool::ONEADMIN_ID ) == 1 );
}
// Build masks for request
long long user_req;
long long resource_oid_req = obj_type + AclRule::INDIVIDUAL_ID + obj_id;

2
src/authm/AuthManager.cc
View File

@ -74,7 +74,7 @@ void AuthRequest::add_auth(Object ob,
// Authorize the request for self authorization
// -------------------------------------------------------------------------
if ( uid == 0 )
if ( uid == 0 || gids.count( GroupPool::ONEADMIN_ID ) == 1 )
{
auth = true;
}