mirror of
https://github.com/OpenNebula/one.git
synced 2025-03-16 22:50:10 +03:00
bug: Users can now acces their own information and change passwd
This commit is contained in:
parent
75bcc46dd7
commit
5bef4fd900
@ -82,15 +82,20 @@ void AuthRequest::add_auth(Object ob,
|
||||
gid == GroupPool::ONEADMIN_ID ||
|
||||
|
||||
// User is the owner of the object, for certain operations
|
||||
( owner == uid &&
|
||||
( op == DELETE || op == USE || op == MANAGE ||
|
||||
op == INFO || op == INSTANTIATE )
|
||||
( owner == uid &&
|
||||
( op == DELETE || op == USE || op == MANAGE ||
|
||||
op == INFO || op == INSTANTIATE )
|
||||
) ||
|
||||
|
||||
// Object is public and user is in its group, for certain operations
|
||||
( pub && ( gid == ob_gid ) &&
|
||||
(op == USE || op == INSTANTIATE || op == INFO ) &&
|
||||
(ob == NET || ob == IMAGE || ob == TEMPLATE)
|
||||
( pub && ( gid == ob_gid ) &&
|
||||
( op == USE || op == INSTANTIATE || op == INFO ) &&
|
||||
( ob == NET || ob == IMAGE || ob == TEMPLATE)
|
||||
) ||
|
||||
|
||||
// User can show and MANAGE (change passwd) their own information
|
||||
( uid == ob_id_int && ob == USER &&
|
||||
( op == INFO || op == MANAGE )
|
||||
)
|
||||
)
|
||||
{
|
||||
|
@ -28,11 +28,6 @@ void RequestManagerInfo::request_execute(xmlrpc_c::paramList const& paramList,
|
||||
PoolObjectSQL * object;
|
||||
string str;
|
||||
|
||||
if ( basic_authorization(oid, att) == false )
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
if ( oid == -1 )
|
||||
{
|
||||
if ( auth_object == AuthRequest::USER )
|
||||
@ -45,6 +40,11 @@ void RequestManagerInfo::request_execute(xmlrpc_c::paramList const& paramList,
|
||||
}
|
||||
}
|
||||
|
||||
if ( basic_authorization(oid, att) == false )
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
object = pool->get(oid,true);
|
||||
|
||||
if ( object == 0 )
|
||||
|
Loading…
x
Reference in New Issue
Block a user