From 7e824a39a24b3533ad2a846397f4f234b5a9d92b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Mart=C3=ADn?= Date: Wed, 19 Feb 2014 18:42:28 +0100 Subject: [PATCH] Feature #2736: Default group ACL allows to create DOCUMENTs This way we can remove the default acl that allowed everybody to create them, and let the admin decide when a new group is defined. --- src/acl/AclManager.cc | 12 ++---------- src/oca/ruby/opennebula/group.rb | 2 +- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/src/acl/AclManager.cc b/src/acl/AclManager.cc index fa525a922f..96f8ede4d7 100644 --- a/src/acl/AclManager.cc +++ b/src/acl/AclManager.cc @@ -83,22 +83,14 @@ AclManager::AclManager( string error_str; // Users in group USERS can create standard resources - // @1 VM+NET+IMAGE+TEMPLATE/* CREATE # + // @1 VM+NET+IMAGE+TEMPLATE+DOCUMENT/* CREATE # add_rule(AclRule::GROUP_ID | 1, AclRule::ALL_ID | PoolObjectSQL::VM | PoolObjectSQL::NET | PoolObjectSQL::IMAGE | - PoolObjectSQL::TEMPLATE, - AuthRequest::CREATE, - AclRule::INDIVIDUAL_ID | - zone_id, - error_str); - - // * DOCUMENT/* CREATE # - add_rule(AclRule::ALL_ID, - AclRule::ALL_ID | + PoolObjectSQL::TEMPLATE | PoolObjectSQL::DOCUMENT, AuthRequest::CREATE, AclRule::INDIVIDUAL_ID | diff --git a/src/oca/ruby/opennebula/group.rb b/src/oca/ruby/opennebula/group.rb index cebbaa9980..84caa911ac 100644 --- a/src/oca/ruby/opennebula/group.rb +++ b/src/oca/ruby/opennebula/group.rb @@ -36,7 +36,7 @@ module OpenNebula SELF = -1 # Default resource ACL's for group users (create) - GROUP_DEFAULT_ACLS = "VM+IMAGE+NET+TEMPLATE" + GROUP_DEFAULT_ACLS = "VM+IMAGE+NET+TEMPLATE+DOCUMENT" ALL_CLUSTERS_IN_ZONE = 10 # Creates a Group description with just its identifier