mirror of
https://github.com/OpenNebula/one.git
synced 2025-03-18 02:50:09 +03:00
Feature #1112: Integrate clusters into acl rules
This commit is contained in:
parent
4d5ea6f8a2
commit
98fcd42e2b
@ -40,7 +40,7 @@ protected:
|
||||
dspool = nd.get_dspool();
|
||||
|
||||
auth_object = PoolObjectSQL::CLUSTER;
|
||||
auth_op = AuthRequest::MANAGE;
|
||||
auth_op = AuthRequest::ADMIN;
|
||||
};
|
||||
|
||||
~RequestManagerCluster(){};
|
||||
|
@ -88,11 +88,12 @@ AclManager::AclManager(SqlDB * _db) : db(_db), lastOID(-1)
|
||||
AuthRequest::MANAGE,
|
||||
error_str);
|
||||
|
||||
// Users in USERS can use any DATASTORE
|
||||
// @1 DATASTORE/* USE
|
||||
// Users in USERS can use the default DATASTORE
|
||||
// @1 DATASTORE/#1 USE
|
||||
add_rule(AclRule::GROUP_ID |
|
||||
1,
|
||||
AclRule::ALL_ID |
|
||||
AclRule::INDIVIDUAL_ID |
|
||||
1 | // TODO: use DatastorePool::DEFAULT_DS_ID
|
||||
PoolObjectSQL::DATASTORE,
|
||||
AuthRequest::USE,
|
||||
error_str);
|
||||
|
@ -254,12 +254,13 @@ void AclRule::build_str()
|
||||
PoolObjectSQL::USER,
|
||||
PoolObjectSQL::TEMPLATE,
|
||||
PoolObjectSQL::GROUP,
|
||||
PoolObjectSQL::DATASTORE
|
||||
PoolObjectSQL::DATASTORE,
|
||||
PoolObjectSQL::CLUSTER
|
||||
};
|
||||
|
||||
bool prefix = false;
|
||||
|
||||
for ( int i = 0; i < 8; i++ )
|
||||
for ( int i = 0; i < 9; i++ )
|
||||
{
|
||||
if ( (resource & objects[i]) != 0 )
|
||||
{
|
||||
|
@ -9,9 +9,9 @@
|
||||
:size: 8
|
||||
:right: true
|
||||
|
||||
:RES_VHNIUTGD:
|
||||
:RES_VHNIUTGDC:
|
||||
:desc: Which resource the rule applies to
|
||||
:size: 12
|
||||
:size: 13
|
||||
|
||||
:RID:
|
||||
:desc: Resource ID
|
||||
@ -26,6 +26,6 @@
|
||||
:default:
|
||||
- :ID
|
||||
- :USER
|
||||
- :RES_VHNIUTGD
|
||||
- :RES_VHNIUTGDC
|
||||
- :RID
|
||||
- :OPE_UMAC
|
||||
|
@ -44,7 +44,7 @@ private
|
||||
def self.resource_mask(str)
|
||||
resource_type=str.split("/")[0]
|
||||
|
||||
mask = "--------"
|
||||
mask = "---------"
|
||||
|
||||
resource_type.split("+").each{|type|
|
||||
case type
|
||||
@ -64,6 +64,8 @@ private
|
||||
mask[6] = "G"
|
||||
when "DATASTORE"
|
||||
mask[7] = "D"
|
||||
when "CLUSTER"
|
||||
mask[8] = "C"
|
||||
end
|
||||
}
|
||||
mask
|
||||
@ -103,8 +105,8 @@ private
|
||||
d['STRING'].split(" ")[0]
|
||||
end
|
||||
|
||||
column :RES_VHNIUTGD, "Resource to which the rule applies",
|
||||
:size => 12 do |d|
|
||||
column :RES_VHNIUTGDC, "Resource to which the rule applies",
|
||||
:size => 13 do |d|
|
||||
OneAclHelper::resource_mask d['STRING'].split(" ")[1]
|
||||
end
|
||||
|
||||
@ -117,7 +119,7 @@ private
|
||||
OneAclHelper::right_mask d['STRING'].split(" ")[2]
|
||||
end
|
||||
|
||||
default :ID, :USER, :RES_VHNIUTGD, :RID, :OPE_UMAC
|
||||
default :ID, :USER, :RES_VHNIUTGDC, :RID, :OPE_UMAC
|
||||
end
|
||||
|
||||
table
|
||||
|
@ -53,7 +53,8 @@ module OpenNebula
|
||||
"USER" => 0x10000000000,
|
||||
"TEMPLATE" => 0x20000000000,
|
||||
"GROUP" => 0x40000000000,
|
||||
"DATASTORE" => 0x100000000000
|
||||
"DATASTORE" => 0x100000000000,
|
||||
"CLUSTER" => 0x200000000000
|
||||
}
|
||||
|
||||
RIGHTS =
|
||||
|
@ -94,7 +94,7 @@ void RequestManagerCluster::add_generic(
|
||||
{
|
||||
AuthRequest ar(att.uid, att.gid);
|
||||
|
||||
ar.add_auth(auth_op, c_perms); // MANAGE CLUSTER
|
||||
ar.add_auth(auth_op, c_perms); // ADMIN CLUSTER
|
||||
ar.add_auth(AuthRequest::ADMIN, obj_perms); // ADMIN OBJECT
|
||||
|
||||
if (UserPool::authorize(ar) == -1)
|
||||
|
Loading…
x
Reference in New Issue
Block a user