mirror of
https://github.com/OpenNebula/one.git
synced 2025-03-22 18:50:08 +03:00
feature #573: Add support for groups and define a default policy
This commit is contained in:
Jaime Melis
parent
27e04919b2
commit
6a97022357
@ -1,16 +1,19 @@
|
||||
---
|
||||
- plugins/dashboard-tab.js:
|
||||
:ALL: true
|
||||
:ALL: false
|
||||
:user:
|
||||
:group:
|
||||
oneadmin: true
|
||||
- plugins/hosts-tab.js:
|
||||
:ALL: true
|
||||
:ALL: false
|
||||
:user:
|
||||
:group:
|
||||
oneadmin: true
|
||||
- plugins/groups-tab.js:
|
||||
:ALL: true
|
||||
:ALL: false
|
||||
:user:
|
||||
:group:
|
||||
oneadmin: true
|
||||
- plugins/templates-tab.js:
|
||||
:ALL: true
|
||||
:user:
|
||||
@ -28,6 +31,7 @@
|
||||
:user:
|
||||
:group:
|
||||
- plugins/users-tab.js:
|
||||
:ALL: true
|
||||
:ALL: false
|
||||
:user:
|
||||
:group:
|
||||
oneadmin: true
|
||||
|
||||
@ -69,19 +69,28 @@ class SunstonePlugins
|
||||
@installed_plugins.include? plugin
|
||||
end
|
||||
|
||||
def authorized_plugins(user,group=nil)
|
||||
def authorized_plugins(user, group)
|
||||
auth_plugins = {"user-plugins"=>Array.new, "plugins"=>Array.new}
|
||||
|
||||
@plugins_conf.each do |plugin_conf|
|
||||
plugin = plugin_conf.keys.first
|
||||
perms = plugin_conf[plugin]
|
||||
perms = plugin_conf[plugin]
|
||||
|
||||
if installed?(plugin)
|
||||
p_path, p_name = plugin.split('/')
|
||||
|
||||
if perms[:user] and perms[:user][user]
|
||||
auth_plugins[p_path] << p_name
|
||||
elsif perms[:group] and perms[:group][group]
|
||||
auth_plugins[p_path] << p_name
|
||||
if perms[:user] and perms[:user].has_key? user
|
||||
if perms[:user][user]
|
||||
auth_plugins[p_path] << p_name
|
||||
else
|
||||
next
|
||||
end
|
||||
elsif perms[:group] and perms[:group].has_key? group
|
||||
if perms[:group][group]
|
||||
auth_plugins[p_path] << p_name
|
||||
else
|
||||
next
|
||||
end
|
||||
elsif perms[:ALL]
|
||||
auth_plugins[p_path] << p_name
|
||||
end
|
||||
|
||||
@ -41,9 +41,13 @@ class SunstoneServer
|
||||
return [500, false]
|
||||
end
|
||||
|
||||
user_pass = user_pool["USER[NAME=\"#{user}\"]/PASSWORD"]
|
||||
user_pass = user_pool["USER[NAME=\"#{user}\"]/PASSWORD"]
|
||||
user_id = user_pool["USER[NAME=\"#{user}\"]/ID"]
|
||||
user_gid = user_pool["USER[NAME=\"#{user}\"]/GID"]
|
||||
user_gname = user_pool["USER[NAME=\"#{user}\"]/GNAME"]
|
||||
|
||||
if user_pass == sha1_pass
|
||||
return [204, user_pool["USER[NAME=\"#{user}\"]/ID"]]
|
||||
return [204, [user_id, user_gid, user_gname]]
|
||||
else
|
||||
return [401, nil]
|
||||
end
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
|
||||
# See the License for the specific language governing permissions and #
|
||||
# limitations under the License. #
|
||||
#--------------------------------------------------------------------------- #
|
||||
#--------------------------------------------------------------------------- #
|
||||
|
||||
ONE_LOCATION = ENV["ONE_LOCATION"]
|
||||
|
||||
@ -76,11 +76,13 @@ helpers do
|
||||
|
||||
rc = SunstoneServer.authorize(user, sha1_pass)
|
||||
if rc[1]
|
||||
session[:user] = user
|
||||
session[:user_id] = rc[1]
|
||||
session[:password] = sha1_pass
|
||||
session[:ip] = request.ip
|
||||
session[:remember] = params[:remember]
|
||||
session[:user] = user
|
||||
session[:user_id] = rc[1][0]
|
||||
session[:user_gid] = rc[1][1]
|
||||
session[:user_gname] = rc[1][2]
|
||||
session[:password] = sha1_pass
|
||||
session[:ip] = request.ip
|
||||
session[:remember] = params[:remember]
|
||||
|
||||
if params[:remember]
|
||||
env['rack.session.options'][:expire_after] = 30*60*60*24
|
||||
@ -137,7 +139,7 @@ get '/' do
|
||||
:expires=>time)
|
||||
|
||||
p = SunstonePlugins.new
|
||||
@plugins = p.authorized_plugins(session[:user])
|
||||
@plugins = p.authorized_plugins(session[:user], session[:user_gname])
|
||||
|
||||
erb :index
|
||||
end
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user