From 8403b179982744da692c9f410c6f36fbf4a68d30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Mart=C3=ADn?= Date: Thu, 23 Jan 2014 15:45:26 +0100 Subject: [PATCH] Feature #2565: Better management of zone & cluster id in ddd/del provider --- include/RequestManagerGroup.h | 19 ++++++++++++++---- src/rm/RequestManagerGroup.cc | 38 +++++++++++++++++++++++++++-------- 2 files changed, 45 insertions(+), 12 deletions(-) diff --git a/include/RequestManagerGroup.h b/include/RequestManagerGroup.h index 4c735c870e..b93161d4cb 100644 --- a/include/RequestManagerGroup.h +++ b/include/RequestManagerGroup.h @@ -78,21 +78,30 @@ public: protected: GroupEditProvider( const string& method_name, const string& help, - const string& params) - :Request(method_name,params,help) + const string& params, + bool _check_obj_exist) + :Request(method_name,params,help), + check_obj_exist(_check_obj_exist) { Nebula& nd = Nebula::instance(); pool = nd.get_gpool(); clpool = nd.get_clpool(); + zonepool = nd.get_zonepool(); aclm = nd.get_aclm(); + local_zone_id = nd.get_zone_id(); + auth_object = PoolObjectSQL::GROUP; auth_op = AuthRequest::ADMIN; }; + ZonePool* zonepool; ClusterPool* clpool; AclManager* aclm; + bool check_obj_exist; + int local_zone_id; + virtual int edit_resource_provider( Group* group, int zone_id, int cluster_id, string& error_msg) = 0; @@ -109,7 +118,8 @@ public: GroupAddProvider(): GroupEditProvider("GroupAddProvider", "Adds a resource provider to the group", - "A:siii"){}; + "A:siii", + true){}; ~GroupAddProvider(){}; @@ -129,7 +139,8 @@ public: GroupDelProvider(): GroupEditProvider("GroupDelProvider", "Deletes a resource provider from the group", - "A:siii"){}; + "A:siii", + false){}; ~GroupDelProvider(){}; diff --git a/src/rm/RequestManagerGroup.cc b/src/rm/RequestManagerGroup.cc index 555f61536d..7c7eecfc9c 100644 --- a/src/rm/RequestManagerGroup.cc +++ b/src/rm/RequestManagerGroup.cc @@ -90,18 +90,20 @@ void GroupEditProvider::request_execute( int zone_id = xmlrpc_c::value_int(paramList.getInt(2)); int cluster_id = xmlrpc_c::value_int(paramList.getInt(3)); - // TODO: zone is now ignored - PoolObjectAuth group_perms; + PoolObjectAuth zone_perms; PoolObjectAuth cluster_perms; string group_name; + string zone_name; string cluster_name; string error_str; Group* group; int rc; + bool zone_exists = false; + bool cluster_exists = false; // ------------------------------------------------------------------------- // Authorize the action @@ -115,15 +117,26 @@ void GroupEditProvider::request_execute( return; } - if (cluster_id != ClusterPool::ALL_RESOURCES) + rc = get_info(zonepool, zone_id, PoolObjectSQL::ZONE, + att, zone_perms, zone_name); + + zone_exists = (rc == 0); + + if ( rc == -1 && check_obj_exist ) + { + return; + } + + // TODO: cluster must exist in target zone, this code only checks locally + + if (cluster_id != ClusterPool::ALL_RESOURCES && zone_id == local_zone_id) { rc = get_info(clpool, cluster_id, PoolObjectSQL::CLUSTER, att, cluster_perms, cluster_name); - // TODO: If cluster does not exist, it may be that the cluster was deleted - // and we should allow to delete the resource provider. + cluster_exists = (rc == 0); - if ( rc == -1 ) + if ( rc == -1 && check_obj_exist ) { return; } @@ -133,8 +146,17 @@ void GroupEditProvider::request_execute( { AuthRequest ar(att.uid, att.group_ids); - ar.add_auth(AuthRequest::ADMIN, group_perms); // ADMIN GROUP - ar.add_auth(AuthRequest::ADMIN, cluster_perms); // ADMIN CLUSTER + ar.add_auth(AuthRequest::ADMIN, group_perms); // ADMIN GROUP + + if (zone_exists) + { + ar.add_auth(AuthRequest::ADMIN, zone_perms); // ADMIN ZONE + } + + if (cluster_exists) + { + ar.add_auth(AuthRequest::ADMIN, cluster_perms); // ADMIN CLUSTER + } if (UserPool::authorize(ar) == -1) {