1
0
mirror of https://github.com/OpenNebula/one.git synced 2025-03-18 02:50:09 +03:00

Feature #1112: Integrate clusters into acl rules

This commit is contained in:
Carlos Martín 2012-02-28 15:29:32 +01:00
parent 4d5ea6f8a2
commit 98fcd42e2b
7 changed files with 20 additions and 15 deletions

View File

@ -40,7 +40,7 @@ protected:
dspool = nd.get_dspool();
auth_object = PoolObjectSQL::CLUSTER;
auth_op = AuthRequest::MANAGE;
auth_op = AuthRequest::ADMIN;
};
~RequestManagerCluster(){};

View File

@ -88,11 +88,12 @@ AclManager::AclManager(SqlDB * _db) : db(_db), lastOID(-1)
AuthRequest::MANAGE,
error_str);
// Users in USERS can use any DATASTORE
// @1 DATASTORE/* USE
// Users in USERS can use the default DATASTORE
// @1 DATASTORE/#1 USE
add_rule(AclRule::GROUP_ID |
1,
AclRule::ALL_ID |
AclRule::INDIVIDUAL_ID |
1 | // TODO: use DatastorePool::DEFAULT_DS_ID
PoolObjectSQL::DATASTORE,
AuthRequest::USE,
error_str);

View File

@ -254,12 +254,13 @@ void AclRule::build_str()
PoolObjectSQL::USER,
PoolObjectSQL::TEMPLATE,
PoolObjectSQL::GROUP,
PoolObjectSQL::DATASTORE
PoolObjectSQL::DATASTORE,
PoolObjectSQL::CLUSTER
};
bool prefix = false;
for ( int i = 0; i < 8; i++ )
for ( int i = 0; i < 9; i++ )
{
if ( (resource & objects[i]) != 0 )
{

View File

@ -9,9 +9,9 @@
:size: 8
:right: true
:RES_VHNIUTGD:
:RES_VHNIUTGDC:
:desc: Which resource the rule applies to
:size: 12
:size: 13
:RID:
:desc: Resource ID
@ -26,6 +26,6 @@
:default:
- :ID
- :USER
- :RES_VHNIUTGD
- :RES_VHNIUTGDC
- :RID
- :OPE_UMAC

View File

@ -44,7 +44,7 @@ private
def self.resource_mask(str)
resource_type=str.split("/")[0]
mask = "--------"
mask = "---------"
resource_type.split("+").each{|type|
case type
@ -64,6 +64,8 @@ private
mask[6] = "G"
when "DATASTORE"
mask[7] = "D"
when "CLUSTER"
mask[8] = "C"
end
}
mask
@ -103,8 +105,8 @@ private
d['STRING'].split(" ")[0]
end
column :RES_VHNIUTGD, "Resource to which the rule applies",
:size => 12 do |d|
column :RES_VHNIUTGDC, "Resource to which the rule applies",
:size => 13 do |d|
OneAclHelper::resource_mask d['STRING'].split(" ")[1]
end
@ -117,7 +119,7 @@ private
OneAclHelper::right_mask d['STRING'].split(" ")[2]
end
default :ID, :USER, :RES_VHNIUTGD, :RID, :OPE_UMAC
default :ID, :USER, :RES_VHNIUTGDC, :RID, :OPE_UMAC
end
table

View File

@ -53,7 +53,8 @@ module OpenNebula
"USER" => 0x10000000000,
"TEMPLATE" => 0x20000000000,
"GROUP" => 0x40000000000,
"DATASTORE" => 0x100000000000
"DATASTORE" => 0x100000000000,
"CLUSTER" => 0x200000000000
}
RIGHTS =

View File

@ -94,7 +94,7 @@ void RequestManagerCluster::add_generic(
{
AuthRequest ar(att.uid, att.gid);
ar.add_auth(auth_op, c_perms); // MANAGE CLUSTER
ar.add_auth(auth_op, c_perms); // ADMIN CLUSTER
ar.add_auth(AuthRequest::ADMIN, obj_perms); // ADMIN OBJECT
if (UserPool::authorize(ar) == -1)