Feature #2570: Configurable ACLs for admin group

Also, user creation permission for admins now configurable as wel Also, user creation permission for admins now configurable as welll
2025-03-08 20:58:17 +03:00 · 2014-01-07 18:40:21 +01:00 · 2014-01-07 18:40:21 +01:00 · 96bbfe05ac
commit 96bbfe05ac
parent b1cba2c1b5
1 changed files with 18 additions and 7 deletions
--- a/src/oca/ruby/opennebula/group.rb
+++ b/src/oca/ruby/opennebula/group.rb
@ -158,16 +158,27 @@ module OpenNebula

                    # Set ACLs for group admin
                    acls = Array.new
-                    if !group_hash[:resources]
-                        group_hash[:resources] = GROUP_DEFAULT_ACLS
+
+                    if group_hash[:admin_group_resources]
+                        group_acls_str = group_hash[:admin_group_resources]
+                    elsif group_hash[:resources]
+                        group_acls_str = group_hash[:resources]
+                    else
+                        group_acls_str = GROUP_DEFAULT_ACLS
                    end

-                    acls << "@#{admin_group.id} USER/* CREATE"
-                    acls << "@#{admin_group.id} USER/@#{self.id} " \
-                            "USE+MANAGE+ADMIN"
+                    if !group_hash[:admin_manage_users]
+                        group_hash[:admin_manage_users] = "YES"
+                    end
+
+                    if group_hash[:admin_manage_users].upcase == "YES"
+                        acls << "@#{admin_group.id} USER/* CREATE"
+                        acls << "@#{admin_group.id} USER/@#{self.id} " \
+                                "USE+MANAGE+ADMIN"
+                    end
+                    
                    acls << "@#{admin_group.id} " \
-                            "#{group_hash[:resources]}/@#{self.id} " \
-                            "USE+MANAGE"
+                            "#{group_acls_str}/@#{self.id} CREATE+USE+MANAGE"

                    rc, tmp = create_group_acls(acls)