shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-03-29 18:50:08 +03:00
Code Releases Wiki Activity

Feature #1556: onevm update does not allow users to change restricted attributes

Browse Source
This commit is contained in:
Carlos Martín 2013-03-12 15:19:00 +01:00
parent 154e871aac
commit 948f7bc301
6 changed files with 197 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
include/RequestManagerUpdateTemplate.h
View File

@ -42,6 +42,9 @@ protected:
void request_execute(xmlrpc_c::paramList const& _paramList,
RequestAttributes& att);
virtual int replace_template(PoolObjectSQL * object, const string & tmpl,
const RequestAttributes &att, string &error_str);
};
/* ------------------------------------------------------------------------- */
@ -78,6 +81,11 @@ public:
};
~VirtualMachineUpdateTemplate(){};
/* -------------------------------------------------------------------- */
int replace_template(PoolObjectSQL * object, const string & tmpl,
const RequestAttributes &att, string &error_str);
};
/* ------------------------------------------------------------------------- */

6
include/VirtualMachine.h
View File

@ -691,10 +691,12 @@ public:
/**
* This function replaces the *user template*.
* @param tmpl_str new contents
* @param keep_restricted If true, the restricted attributes of the
* current template will override the new template
* @param error string describing the error if any
* @return 0 on success
*/
int replace_template(const string& tmpl_str, string& error);
int replace_template(const string& tmpl_str, bool keep_restricted, string& error);
void get_user_template_attribute(
const char * name,
@ -1207,7 +1209,7 @@ private:
* User template to store custom metadata. This template can be updated
*
*/
Template * user_obj_template;
VirtualMachineTemplate * user_obj_template;
// *************************************************************************
// DataBase implementation (Private)

16
include/VirtualMachineTemplate.h
View File

@ -32,6 +32,12 @@ public:
VirtualMachineTemplate():
Template(false,'=',"TEMPLATE"){};
VirtualMachineTemplate(
bool _replace_mode,
const char _separator,
const char * _xml_root):
Template(_replace_mode, _separator, _xml_root){};
~VirtualMachineTemplate(){};
VirtualMachineTemplate(VirtualMachineTemplate& vmt):Template(vmt){};
@ -51,6 +57,16 @@ public:
Template::set_xml_root(_xml_root);
};
/**
* Deletes all restricted attributes
*/
void remove_restricted();
/**
* Deletes all the attributes, excepts the restricted ones
*/
void remove_all_except_restricted();
private:
friend class VirtualMachinePool;

38
src/rm/RequestManagerUpdateTemplate.cc
View File

@ -21,6 +21,40 @@ using namespace std;
/* ------------------------------------------------------------------------- */
/* ------------------------------------------------------------------------- */
int RequestManagerUpdateTemplate::replace_template(
PoolObjectSQL * object,
const string & tmpl,
const RequestAttributes &att,
string &error_str)
{
return object->replace_template(tmpl, error_str);
}
/* ------------------------------------------------------------------------- */
/* ------------------------------------------------------------------------- */
int VirtualMachineUpdateTemplate::replace_template(
PoolObjectSQL * object,
const string & tmpl,
const RequestAttributes & att,
string & error_str)
{
VirtualMachine* vm = static_cast<VirtualMachine*>(object);
if (att.uid!=UserPool::ONEADMIN_ID && att.gid!=GroupPool::ONEADMIN_ID)
{
return vm->replace_template(tmpl, true, error_str);
}
else
{
return vm->replace_template(tmpl, false, error_str);
}
}
/* ------------------------------------------------------------------------- */
/* ------------------------------------------------------------------------- */
void RequestManagerUpdateTemplate::request_execute(
xmlrpc_c::paramList const& paramList,
RequestAttributes& att)
@ -49,7 +83,9 @@ void RequestManagerUpdateTemplate::request_execute(
return;
}
rc = object->replace_template(tmpl, error_str);
rc = replace_template(object, tmpl, att, error_str);
// rc = object->replace_template(tmpl, error_str);
if ( rc != 0 )
{

24
src/vm/VirtualMachine.cc
View File

@ -70,7 +70,7 @@ VirtualMachine::VirtualMachine(int id,
}
else
{
user_obj_template = new Template(false,'=',"USER_TEMPLATE");
user_obj_template = new VirtualMachineTemplate(false,'=',"USER_TEMPLATE");
}
obj_template = new VirtualMachineTemplate;
@ -3143,9 +3143,13 @@ void VirtualMachine::update_info(
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int VirtualMachine::replace_template(const string& tmpl_str, string& error)
int VirtualMachine::replace_template(
const string& tmpl_str,
bool keep_restricted,
string& error)
{
Template * new_tmpl = new Template(false,'=',"USER_TEMPLATE");
VirtualMachineTemplate * new_tmpl =
new VirtualMachineTemplate(false,'=',"USER_TEMPLATE");
if ( new_tmpl == 0 )
{
@ -3159,11 +3163,21 @@ int VirtualMachine::replace_template(const string& tmpl_str, string& error)
return -1;
}
if (user_obj_template != 0)
if (keep_restricted)
{
delete user_obj_template;
new_tmpl->remove_restricted();
if (user_obj_template != 0)
{
user_obj_template->remove_all_except_restricted();
string aux_error;
new_tmpl->merge(user_obj_template, aux_error);
}
}
delete user_obj_template;
user_obj_template = new_tmpl;
return 0;

113
src/vm/VirtualMachineTemplate.cc
View File

@ -23,3 +23,116 @@ vector<string> VirtualMachineTemplate::restricted_attributes;
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void VirtualMachineTemplate::remove_restricted()
{
size_t pos;
string avector, vattr;
vector<Attribute *> values;
for (unsigned int i=0; i < restricted_attributes.size(); i++)
{
pos = restricted_attributes[i].find("/");
if (pos != string::npos) //Vector Attribute
{
int num;
avector = restricted_attributes[i].substr(0,pos);
vattr = restricted_attributes[i].substr(pos+1);
if ((num = get(avector,values)) > 0 ) //Template contains the attr
{
VectorAttribute * attr;
for (int j=0; j<num ; j++ )
{
attr = dynamic_cast<VectorAttribute *>(values[j]);
if (attr == 0)
{
continue;
}
attr->remove(vattr);
}
}
}
else //Single Attribute
{
erase(restricted_attributes[i]);
}
}
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
void VirtualMachineTemplate::remove_all_except_restricted()
{
size_t pos;
string avector, vattr;
vector<Attribute *> values;
vector<Attribute *> restricted;
for (unsigned int i=0; i < restricted_attributes.size(); i++)
{
pos = restricted_attributes[i].find("/");
if (pos != string::npos) //Vector Attribute
{
int num;
avector = restricted_attributes[i].substr(0,pos);
vattr = restricted_attributes[i].substr(pos+1);
if ((num = get(avector,values)) > 0 ) //Template contains the attr
{
VectorAttribute * attr;
for (int j=0; j<num ; j++ )
{
attr = dynamic_cast<VectorAttribute *>(values[j]);
if (attr == 0)
{
continue;
}
if ( !attr->vector_value(vattr.c_str()).empty() )
{
restricted.push_back(attr);
}
}
}
}
else //Single Attribute
{
this->get(restricted_attributes[i], restricted);
}
}
vector<Attribute *>::iterator res_it;
for (res_it = restricted.begin(); res_it != restricted.end(); res_it++)
{
remove(*res_it);
}
multimap<string,Attribute *>::iterator att_it;
for ( att_it = attributes.begin(); att_it != attributes.end(); att_it++)
{
delete att_it->second;
}
attributes.clear();
for (res_it = restricted.begin(); res_it != restricted.end(); res_it++)
{
set(*res_it);
}
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */