shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-03-21 14:50:08 +03:00
Code Releases Wiki Activity

Merge branch 'feature-718'

Browse Source
This commit is contained in:
Ruben S. Montero 2011-08-30 15:51:50 +02:00
commit a724af2add
8 changed files with 33 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/AuthManager.h
View File

@ -285,7 +285,8 @@ public:
INFO_POOL = 0x20LL, /**< Auth. to view any object in the pool */
INFO_POOL_MINE= 0x40LL, /**< Auth. to view user and/or group objects */
INSTANTIATE = 0x80LL, /**< Auth. to instantiate a VM from a TEMPLATE*/
CHOWN = 0x100LL /**< Auth. to change ownership of an object */
CHOWN = 0x100LL,/**< Auth. to change ownership of an object */
DEPLOY = 0x200LL /**< Auth. to deploy a VM in a Host */
};
static string Operation_to_str(Operation op)
@ -301,6 +302,7 @@ public:
case INFO_POOL_MINE: return "INFO_POOL_MINE";
case INSTANTIATE: return "INSTANTIATE";
case CHOWN: return "CHOWN";
case DEPLOY: return "DEPLOY";
default: return "";
}
};

9
src/acl/AclRule.cc
View File

@ -201,7 +201,7 @@ bool AclRule::malformed(string& error_str) const
oss << "wrong [rights], it cannot be 0";
}
if ( rights > 0x1FFLL )
if ( rights > 0x2FFLL )
{
if ( error )
{
@ -209,7 +209,7 @@ bool AclRule::malformed(string& error_str) const
}
error = true;
oss << "wrong [rights], it cannot be bigger than 0x1FF";
oss << "wrong [rights], it cannot be bigger than 0x2FF";
}
if ( error )
@ -304,12 +304,13 @@ void AclRule::build_str()
AuthRequest::INFO_POOL,
AuthRequest::INFO_POOL_MINE,
AuthRequest::INSTANTIATE,
AuthRequest::CHOWN
AuthRequest::CHOWN,
AuthRequest::DEPLOY
};
prefix = false;
for ( int i = 0; i < 9; i++ )
for ( int i = 0; i < 10; i++ )
{
if ( (rights & operations[i]) != 0 )
{

6
src/cli/etc/oneacl.yaml
View File

@ -18,9 +18,9 @@
:size: 5
:right: true
:OPE_CDUMIPpTW:
:OPE_CDUMIPpTWd:
:desc: Operation to which the rule applies
:size: 13
:size: 14
:right: true
:default:
@ -28,4 +28,4 @@
- :USER
- :RES_VHNIUTG
- :RID
- :OPE_CDUMIPpTW
- :OPE_CDUMIPpTWd

15
src/cli/one_helper/oneacl_helper.rb
View File

@ -69,7 +69,7 @@ private
# TODO check that @content[:resources_str] is valid
def self.right_mask(str)
mask = "---------"
mask = "----------"
str.split("+").each{|type|
case type
@ -91,6 +91,8 @@ private
mask[7] = "T"
when "CHOWN"
mask[8] = "W"
when "DEPLOY"
mask[9] = "d"
end
}
@ -111,20 +113,21 @@ private
d['STRING'].split(" ")[0]
end
column :RES_VHNIUTG, "Resource to which the rule applies" do |d|
column :RES_VHNIUTG, "Resource to which the rule applies",
:size => 11 do |d|
OneAclHelper::resource_mask d['STRING'].split(" ")[1]
end
column :RID, "Resource ID", :right, :size=>8 do |d|
column :RID, "Resource ID", :right, :size=>5 do |d|
d['STRING'].split(" ")[1].split("/")[1]
end
column :OPE_CDUMIPpTW,
"Operation to which the rule applies" do |d|
column :OPE_CDUMIPpTWd,
"Operation to which the rule applies", :size =>14 do |d|
OneAclHelper::right_mask d['STRING'].split(" ")[2]
end
default :ID, :USER, :RES_VHNIUTG, :RID, :OPE_CDUMIPpTW
default :ID, :USER, :RES_VHNIUTG, :RID, :OPE_CDUMIPpTWd
end
table

1
src/oca/java/src/org/opennebula/client/acl/Acl.java
View File

@ -78,6 +78,7 @@ public class Acl extends PoolElement{
tmpRights.put("INFO_POOL_MINE", 0x40L);
tmpRights.put("INSTANTIATE" , 0x80L);
tmpRights.put("CHOWN" , 0x100L);
tmpRights.put("DEPLOY" , 0x200L);
RIGHTS = Collections.unmodifiableMap(tmpRights);
}

12
src/oca/java/test/AclTest.java
View File

@ -155,7 +155,8 @@ public class AclTest
"#2 IMAGE/#0 INFO",
"@107 IMAGE+TEMPLATE/@100 INFO",
"* VM+IMAGE+TEMPLATE/@100 CREATE+INFO+INFO_POOL",
"#2345 VM+IMAGE+TEMPLATE/* CREATE+INFO+INFO_POOL+INFO_POOL_MINE+INSTANTIATE"
"#2345 VM+IMAGE+TEMPLATE/* CREATE+INFO+INFO_POOL+INFO_POOL_MINE+INSTANTIATE",
"@7 HOST/@100 INFO+INFO_POOL+USE+DEPLOY",
};
long[] users = {
@ -163,7 +164,8 @@ public class AclTest
0x100000002L,
0x20000006bL,
0x400000000L,
0x100000929L
0x100000929L,
0x200000007L
};
long[] resources = {
@ -171,7 +173,8 @@ public class AclTest
0x8100000000L,
0x28200000064L,
0x29200000064L,
0x29400000000L
0x29400000000L,
0x2200000064L
};
long[] rights = {
@ -179,7 +182,8 @@ public class AclTest
0x10L,
0x10L,
0x31L,
0xf1L
0xf1L,
0x234L
};
for( int i = 0; i < rules.length; i++ )

4
src/oca/ruby/OpenNebula/Acl.rb
View File

@ -39,6 +39,7 @@ module OpenNebula
# INFO_POOL_MINE
# INSTANTIATE
# CHOWN
# DEPLOY
class Acl < PoolElement
USERS = {
@ -68,7 +69,8 @@ module OpenNebula
"INFO_POOL" => 0x20, # Auth. to view any object in the pool
"INFO_POOL_MINE"=> 0x40, # Auth. to view user and/or group objects
"INSTANTIATE" => 0x80, # Auth. to instantiate a VM from a TEMPLATE
"CHOWN" => 0x100 # Auth. to change ownership of an object
"CHOWN" => 0x100,# Auth. to change ownership of an object
"DEPLOY" => 0x200 # Auth. to deploy a VM in a Host
}
# Constructor

1
src/rm/RequestManagerVirtualMachine.cc
View File

@ -58,6 +58,7 @@ bool RequestManagerVirtualMachine::vm_authorization(int oid,
if (hid != -1)
{
ar.add_auth(AuthRequest::HOST,hid,-1,AuthRequest::USE,0,false);
ar.add_auth(AuthRequest::HOST,hid,-1,AuthRequest::DEPLOY,0,false);
}
else if (tmpl != 0)
{