diff --git a/src/sunstone/etc/sunstone-plugins.yaml b/src/sunstone/etc/sunstone-plugins.yaml index 05b6eb0aed..133556742c 100644 --- a/src/sunstone/etc/sunstone-plugins.yaml +++ b/src/sunstone/etc/sunstone-plugins.yaml @@ -1,16 +1,19 @@ --- - plugins/dashboard-tab.js: - :ALL: true + :ALL: false :user: :group: + oneadmin: true - plugins/hosts-tab.js: - :ALL: true + :ALL: false :user: :group: + oneadmin: true - plugins/groups-tab.js: - :ALL: true + :ALL: false :user: :group: + oneadmin: true - plugins/templates-tab.js: :ALL: true :user: @@ -28,6 +31,7 @@ :user: :group: - plugins/users-tab.js: - :ALL: true + :ALL: false :user: :group: + oneadmin: true diff --git a/src/sunstone/models/SunstonePlugins.rb b/src/sunstone/models/SunstonePlugins.rb index e9246437f2..63b08e550b 100644 --- a/src/sunstone/models/SunstonePlugins.rb +++ b/src/sunstone/models/SunstonePlugins.rb @@ -69,19 +69,28 @@ class SunstonePlugins @installed_plugins.include? plugin end - def authorized_plugins(user,group=nil) + def authorized_plugins(user, group) auth_plugins = {"user-plugins"=>Array.new, "plugins"=>Array.new} @plugins_conf.each do |plugin_conf| plugin = plugin_conf.keys.first - perms = plugin_conf[plugin] + perms = plugin_conf[plugin] + if installed?(plugin) p_path, p_name = plugin.split('/') - if perms[:user] and perms[:user][user] - auth_plugins[p_path] << p_name - elsif perms[:group] and perms[:group][group] - auth_plugins[p_path] << p_name + if perms[:user] and perms[:user].has_key? user + if perms[:user][user] + auth_plugins[p_path] << p_name + else + next + end + elsif perms[:group] and perms[:group].has_key? group + if perms[:group][group] + auth_plugins[p_path] << p_name + else + next + end elsif perms[:ALL] auth_plugins[p_path] << p_name end diff --git a/src/sunstone/models/SunstoneServer.rb b/src/sunstone/models/SunstoneServer.rb index d654f50649..0ed284f9a7 100644 --- a/src/sunstone/models/SunstoneServer.rb +++ b/src/sunstone/models/SunstoneServer.rb @@ -41,9 +41,13 @@ class SunstoneServer return [500, false] end - user_pass = user_pool["USER[NAME=\"#{user}\"]/PASSWORD"] + user_pass = user_pool["USER[NAME=\"#{user}\"]/PASSWORD"] + user_id = user_pool["USER[NAME=\"#{user}\"]/ID"] + user_gid = user_pool["USER[NAME=\"#{user}\"]/GID"] + user_gname = user_pool["USER[NAME=\"#{user}\"]/GNAME"] + if user_pass == sha1_pass - return [204, user_pool["USER[NAME=\"#{user}\"]/ID"]] + return [204, [user_id, user_gid, user_gname]] else return [401, nil] end diff --git a/src/sunstone/sunstone-server.rb b/src/sunstone/sunstone-server.rb index 96a15d8a03..5c63fc18ac 100755 --- a/src/sunstone/sunstone-server.rb +++ b/src/sunstone/sunstone-server.rb @@ -15,7 +15,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # # See the License for the specific language governing permissions and # # limitations under the License. # -#--------------------------------------------------------------------------- # +#--------------------------------------------------------------------------- # ONE_LOCATION = ENV["ONE_LOCATION"] @@ -76,11 +76,13 @@ helpers do rc = SunstoneServer.authorize(user, sha1_pass) if rc[1] - session[:user] = user - session[:user_id] = rc[1] - session[:password] = sha1_pass - session[:ip] = request.ip - session[:remember] = params[:remember] + session[:user] = user + session[:user_id] = rc[1][0] + session[:user_gid] = rc[1][1] + session[:user_gname] = rc[1][2] + session[:password] = sha1_pass + session[:ip] = request.ip + session[:remember] = params[:remember] if params[:remember] env['rack.session.options'][:expire_after] = 30*60*60*24 @@ -137,7 +139,7 @@ get '/' do :expires=>time) p = SunstonePlugins.new - @plugins = p.authorized_plugins(session[:user]) + @plugins = p.authorized_plugins(session[:user], session[:user_gname]) erb :index end