1
0
mirror of https://github.com/OpenNebula/one.git synced 2025-03-16 22:50:10 +03:00

bug: Users can now acces their own information and change passwd

This commit is contained in:
Ruben S. Montero 2011-07-11 17:20:10 +02:00
parent 75bcc46dd7
commit 5bef4fd900
2 changed files with 16 additions and 11 deletions

View File

@ -82,15 +82,20 @@ void AuthRequest::add_auth(Object ob,
gid == GroupPool::ONEADMIN_ID ||
// User is the owner of the object, for certain operations
( owner == uid &&
( op == DELETE || op == USE || op == MANAGE ||
op == INFO || op == INSTANTIATE )
( owner == uid &&
( op == DELETE || op == USE || op == MANAGE ||
op == INFO || op == INSTANTIATE )
) ||
// Object is public and user is in its group, for certain operations
( pub && ( gid == ob_gid ) &&
(op == USE || op == INSTANTIATE || op == INFO ) &&
(ob == NET || ob == IMAGE || ob == TEMPLATE)
( pub && ( gid == ob_gid ) &&
( op == USE || op == INSTANTIATE || op == INFO ) &&
( ob == NET || ob == IMAGE || ob == TEMPLATE)
) ||
// User can show and MANAGE (change passwd) their own information
( uid == ob_id_int && ob == USER &&
( op == INFO || op == MANAGE )
)
)
{

View File

@ -28,11 +28,6 @@ void RequestManagerInfo::request_execute(xmlrpc_c::paramList const& paramList,
PoolObjectSQL * object;
string str;
if ( basic_authorization(oid, att) == false )
{
return;
}
if ( oid == -1 )
{
if ( auth_object == AuthRequest::USER )
@ -45,6 +40,11 @@ void RequestManagerInfo::request_execute(xmlrpc_c::paramList const& paramList,
}
}
if ( basic_authorization(oid, att) == false )
{
return;
}
object = pool->get(oid,true);
if ( object == 0 )