mirror of
https://github.com/OpenNebula/one.git
synced 2024-12-23 17:33:56 +03:00
* This commit syncs oned and API specification for the ALL flag. The internal defines were not consistent with the API specification.
This commit is contained in:
parent
9959ceac06
commit
82d2191dfd
@ -75,10 +75,10 @@ public:
|
||||
*/
|
||||
enum LockStates
|
||||
{
|
||||
ST_NONE = 0x0LL,
|
||||
ST_USE = 0x1LL,
|
||||
ST_MANAGE = 0x2LL,
|
||||
ST_ADMIN = 0x4LL
|
||||
ST_NONE = 0,
|
||||
ST_USE = 1,
|
||||
ST_MANAGE = 2,
|
||||
ST_ADMIN = 3
|
||||
};
|
||||
|
||||
static const long int LockableObject;
|
||||
@ -530,7 +530,10 @@ public:
|
||||
*
|
||||
* @return 0 if the lock was granted, -1 if the object is already locked
|
||||
*/
|
||||
int lock_db(const int owner, const int req_id, const int level);
|
||||
int lock_db(const int owner,
|
||||
const int req_id,
|
||||
const int level,
|
||||
const bool is_admin);
|
||||
|
||||
/**
|
||||
* Unlocks the DB lock for external applications. The object must be locked
|
||||
|
@ -40,9 +40,13 @@ protected:
|
||||
void request_execute(xmlrpc_c::paramList const& _paramList,
|
||||
RequestAttributes& att) override;
|
||||
|
||||
int lock_db(PoolObjectSQL * object, const int owner, const int req_id, const int level)
|
||||
int lock_db(PoolObjectSQL * object,
|
||||
const int owner,
|
||||
const int req_id,
|
||||
const int level,
|
||||
const bool is_admin)
|
||||
{
|
||||
return object->lock_db(owner, req_id, level);
|
||||
return object->lock_db(owner, req_id, level, is_admin);
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -195,11 +195,11 @@ bool AclManager::authorize(
|
||||
long long user_req;
|
||||
long long resource_oid_req;
|
||||
|
||||
if (static_cast<long long int>(op) & 0x10LL) //No lockable object
|
||||
if (op & 0x10LL) //No lockable object
|
||||
{
|
||||
op = static_cast<AuthRequest::Operation>(op & 0x0FLL);
|
||||
}
|
||||
else if (obj_perms.locked > 0 && obj_perms.locked <= static_cast<long long int>(op))
|
||||
else if (obj_perms.locked > 0 && obj_perms.locked <= op)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
@ -385,11 +385,11 @@ bool AclManager::oneadmin_authorize(
|
||||
const PoolObjectAuth& obj_perms,
|
||||
AuthRequest::Operation op) const
|
||||
{
|
||||
if (static_cast<long long int>(op) & 0x10LL) //No lockable object
|
||||
if (op & 0x10LL) //No lockable object
|
||||
{
|
||||
return true;
|
||||
}
|
||||
else if (obj_perms.locked > 0 && obj_perms.locked <= static_cast<long long int>(op))
|
||||
else if (obj_perms.locked > 0 && obj_perms.locked <= op)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
@ -1016,7 +1016,7 @@ void Image::set_state(ImageState _state)
|
||||
}
|
||||
else if (state == LOCKED)
|
||||
{
|
||||
lock_db(-1,-1, PoolObjectSQL::LockStates::ST_USE);
|
||||
lock_db(-1,-1, PoolObjectSQL::LockStates::ST_USE, true);
|
||||
}
|
||||
|
||||
if (_state != LOCKED )
|
||||
|
@ -587,13 +587,22 @@ bool PoolObjectSQL::name_is_valid(const string& obj_name,
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
int PoolObjectSQL::lock_db(const int owner, const int req_id, const int level)
|
||||
int PoolObjectSQL::lock_db(const int owner,
|
||||
const int req_id,
|
||||
const int level,
|
||||
const bool is_admin)
|
||||
{
|
||||
if ( level < ST_NONE || level > ST_ADMIN )
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (locked != ST_NONE && lock_owner != owner && !is_admin)
|
||||
{
|
||||
// Only admin can override lock
|
||||
return -1;
|
||||
}
|
||||
|
||||
locked = static_cast<LockStates>(level);
|
||||
lock_time = time(0);
|
||||
lock_owner = owner;
|
||||
|
@ -62,6 +62,27 @@ void RequestManagerLock::request_execute(xmlrpc_c::paramList const& paramList,
|
||||
return;
|
||||
}
|
||||
|
||||
switch(level)
|
||||
{
|
||||
case 1: //USE + MANAGE + ADMIN
|
||||
level = PoolObjectSQL::ST_USE;
|
||||
break;
|
||||
case 2: //MANAGE + ADMIN
|
||||
level = PoolObjectSQL::ST_MANAGE;
|
||||
break;
|
||||
case 3: //ADMIN
|
||||
level = PoolObjectSQL::ST_ADMIN;
|
||||
break;
|
||||
case 4: //ALL equals USE
|
||||
level = PoolObjectSQL::ST_USE;
|
||||
break;
|
||||
|
||||
default:
|
||||
att.resp_msg = "Wrong lock level specified";
|
||||
failure_response(ACTION, att);
|
||||
return;
|
||||
}
|
||||
|
||||
if ((auth_object & PoolObjectSQL::LockableObject) != 0)
|
||||
{
|
||||
if ( test && object->test_lock_db(att.resp_msg) != 0 )
|
||||
@ -70,7 +91,7 @@ void RequestManagerLock::request_execute(xmlrpc_c::paramList const& paramList,
|
||||
}
|
||||
else
|
||||
{
|
||||
rc = lock_db(object.get(), owner, att.req_id, level);
|
||||
rc = lock_db(object.get(), owner, att.req_id, level, att.is_admin());
|
||||
|
||||
pool->update(object.get());
|
||||
|
||||
@ -87,6 +108,7 @@ void RequestManagerLock::request_execute(xmlrpc_c::paramList const& paramList,
|
||||
}
|
||||
else
|
||||
{
|
||||
att.resp_msg = "Object cannot be locked.";
|
||||
failure_response(AUTHORIZATION, att);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user