Feature #2727: Delete acl rules that apply to a zone when that zone is deleted

2025-03-25 02:50:08 +03:00 · 2014-02-21 15:23:24 +01:00 · 2014-02-21 15:23:24 +01:00 · 7744150944
commit 7744150944
parent 3a0fefc1c1
4 changed files with 72 additions and 0 deletions
--- a/include/AclManager.h
+++ b/include/AclManager.h
@ -142,6 +142,13 @@ public:
     */
    void del_cid_rules(int cid);

+    /**
+     * Deletes rules that apply to this cluster id
+     *
+     * @param zid The zone id
+     */
+    void del_zid_rules(int zid);
+
    /**
     * Deletes all rules that apply to this resource
     *
@ -308,6 +315,13 @@ private:
            long long resource_req,
            long long resource_mask);

+    /**
+     * Deletes all rules that match the zone mask
+     *
+     * @param zone_req Mask to match
+     */
+    void del_zone_matching_rules(long long zone_req);
+
    // ----------------------------------------
    // Local zone
    // ----------------------------------------
--- a/include/RequestManagerDelete.h
+++ b/include/RequestManagerDelete.h
@ -310,6 +310,8 @@ public:
    };

    ~ZoneDelete(){};
+
+    int drop(int oid, PoolObjectSQL * object, string& error_msg);
 };

 /* -------------------------------------------------------------------------- */
--- a/src/acl/AclManager.cc
+++ b/src/acl/AclManager.cc
@ -785,6 +785,18 @@ void AclManager::del_cid_rules(int cid)
 /* -------------------------------------------------------------------------- */
 /* -------------------------------------------------------------------------- */

+void AclManager::del_zid_rules(int zid)
+{
+    long long request = AclRule::INDIVIDUAL_ID | zid;
+
+    // Delete rules that match
+    // __  __/__  __ #zid
+    del_zone_matching_rules(request);
+}
+
+/* -------------------------------------------------------------------------- */
+/* -------------------------------------------------------------------------- */
+
 void AclManager::del_resource_rules(int oid, PoolObjectSQL::ObjectType obj_type)
 {
    long long request = obj_type |
@ -862,6 +874,35 @@ void AclManager::del_resource_matching_rules(long long resource_req,
 /* -------------------------------------------------------------------------- */
 /* -------------------------------------------------------------------------- */

+void AclManager::del_zone_matching_rules(long long zone_req)
+{
+    multimap<long long, AclRule *>::iterator        it;
+
+    vector<int>             oids;
+    vector<int>::iterator   oid_it;
+    string                  error_str;
+
+    lock();
+
+    for ( it = acl_rules.begin(); it != acl_rules.end(); it++ )
+    {
+        if ( it->second->zone == zone_req )
+        {
+            oids.push_back(it->second->oid);
+        }
+    }
+
+    unlock();
+
+    for ( oid_it = oids.begin() ; oid_it < oids.end(); oid_it++ )
+    {
+        del_rule(*oid_it, error_str);
+    }
+}
+
+/* -------------------------------------------------------------------------- */
+/* -------------------------------------------------------------------------- */
+
 void AclManager::reverse_search(int                       uid,
                                const set<int>&           user_groups,
                                PoolObjectSQL::ObjectType obj_type,
--- a/src/rm/RequestManagerDelete.cc
+++ b/src/rm/RequestManagerDelete.cc
@ -302,3 +302,18 @@ int UserDelete::drop(int oid, PoolObjectSQL * object, string& error_msg)

    return rc;
 }
+
+/* ------------------------------------------------------------------------- */
+/* ------------------------------------------------------------------------- */
+
+int ZoneDelete::drop(int oid, PoolObjectSQL * object, string& error_msg)
+{
+    int rc = RequestManagerDelete::drop(oid, object, error_msg);
+
+    if ( rc == 0 )
+    {
+        aclm->del_zid_rules(oid);
+    }
+
+    return rc;
+}