mirror of
https://github.com/OpenNebula/one.git
synced 2025-03-16 22:50:10 +03:00
Feature #1742: add/del secondary group requires MANAGE GROUP
This commit is contained in:
parent
0bc0f4a353
commit
b4e63d8a33
@ -45,8 +45,9 @@ protected:
|
||||
|
||||
/* -------------------------------------------------------------------- */
|
||||
|
||||
void request_execute(xmlrpc_c::paramList const& _paramList,
|
||||
RequestAttributes& att);
|
||||
void request_execute(
|
||||
xmlrpc_c::paramList const& _paramList,
|
||||
RequestAttributes& att);
|
||||
|
||||
virtual int user_action(int user_id,
|
||||
xmlrpc_c::paramList const& _paramList,
|
||||
@ -131,43 +132,78 @@ public:
|
||||
/* ------------------------------------------------------------------------- */
|
||||
/* ------------------------------------------------------------------------- */
|
||||
|
||||
class UserAddGroup : public RequestManagerUser
|
||||
class UserEditGroup : public Request
|
||||
{
|
||||
public:
|
||||
UserAddGroup():
|
||||
RequestManagerUser("UserAddGroup",
|
||||
"Adds the user to a secondary group",
|
||||
"A:sii")
|
||||
UserEditGroup(
|
||||
const string& method_name,
|
||||
const string& help,
|
||||
const string& params):
|
||||
Request(method_name,params,help)
|
||||
{
|
||||
auth_object = PoolObjectSQL::USER;
|
||||
auth_op = AuthRequest::MANAGE;
|
||||
|
||||
Nebula& nd = Nebula::instance();
|
||||
gpool = nd.get_gpool();
|
||||
upool = nd.get_upool();
|
||||
};
|
||||
|
||||
~UserAddGroup(){};
|
||||
~UserEditGroup(){};
|
||||
|
||||
int user_action(int user_id,
|
||||
xmlrpc_c::paramList const& _paramList,
|
||||
string& err);
|
||||
void request_execute(
|
||||
xmlrpc_c::paramList const& _paramList,
|
||||
RequestAttributes& att);
|
||||
|
||||
virtual int secondary_group_action(
|
||||
int user_id,
|
||||
int group_id,
|
||||
xmlrpc_c::paramList const& _paramList,
|
||||
string& error_str) = 0;
|
||||
|
||||
protected:
|
||||
GroupPool * gpool;
|
||||
UserPool * upool;
|
||||
};
|
||||
|
||||
/* ------------------------------------------------------------------------- */
|
||||
/* ------------------------------------------------------------------------- */
|
||||
|
||||
class UserDelGroup : public RequestManagerUser
|
||||
class UserAddGroup : public UserEditGroup
|
||||
{
|
||||
public:
|
||||
UserAddGroup():
|
||||
UserEditGroup("UserAddGroup",
|
||||
"Adds the user to a secondary group",
|
||||
"A:sii"){};
|
||||
|
||||
~UserAddGroup(){};
|
||||
|
||||
int secondary_group_action(
|
||||
int user_id,
|
||||
int group_id,
|
||||
xmlrpc_c::paramList const& _paramList,
|
||||
string& error_str);
|
||||
};
|
||||
|
||||
/* ------------------------------------------------------------------------- */
|
||||
/* ------------------------------------------------------------------------- */
|
||||
|
||||
class UserDelGroup : public UserEditGroup
|
||||
{
|
||||
public:
|
||||
UserDelGroup():
|
||||
RequestManagerUser("UserDelGroup",
|
||||
"Deletes the user from a secondary group",
|
||||
"A:sii")
|
||||
{
|
||||
auth_op = AuthRequest::MANAGE;
|
||||
};
|
||||
UserEditGroup("UserDelGroup",
|
||||
"Deletes the user from a secondary group",
|
||||
"A:sii"){};
|
||||
|
||||
~UserDelGroup(){};
|
||||
|
||||
int user_action(int user_id,
|
||||
xmlrpc_c::paramList const& _paramList,
|
||||
string& err);
|
||||
int secondary_group_action(
|
||||
int user_id,
|
||||
int group_id,
|
||||
xmlrpc_c::paramList const& _paramList,
|
||||
string& error_str);
|
||||
};
|
||||
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
@ -214,15 +214,83 @@ int UserSetQuota::user_action(int user_id,
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
int UserAddGroup::user_action(
|
||||
int user_id,
|
||||
xmlrpc_c::paramList const& paramList,
|
||||
string& error_str)
|
||||
void UserEditGroup::
|
||||
request_execute(xmlrpc_c::paramList const& paramList,
|
||||
RequestAttributes& att)
|
||||
{
|
||||
int user_id = xmlrpc_c::value_int(paramList.getInt(1));
|
||||
int group_id = xmlrpc_c::value_int(paramList.getInt(2));
|
||||
|
||||
int rc;
|
||||
|
||||
User* user = static_cast<User *>(pool->get(user_id,true));
|
||||
string error_str;
|
||||
|
||||
string gname;
|
||||
string uname;
|
||||
|
||||
PoolObjectAuth uperms;
|
||||
PoolObjectAuth gperms;
|
||||
|
||||
rc = get_info(upool, user_id, PoolObjectSQL::USER, att, uperms, uname);
|
||||
|
||||
if ( rc == -1 )
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
rc = get_info(gpool, group_id, PoolObjectSQL::GROUP, att, gperms, gname);
|
||||
|
||||
if ( rc == -1 )
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
if ( att.uid != UserPool::ONEADMIN_ID )
|
||||
{
|
||||
AuthRequest ar(att.uid, att.group_ids);
|
||||
|
||||
ar.add_auth(AuthRequest::MANAGE, uperms); // MANAGE USER
|
||||
ar.add_auth(AuthRequest::MANAGE, gperms); // MANAGE GROUP
|
||||
|
||||
if (UserPool::authorize(ar) == -1)
|
||||
{
|
||||
failure_response(AUTHORIZATION,
|
||||
authorization_error(ar.message, att),
|
||||
att);
|
||||
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if ( secondary_group_action(user_id, group_id, paramList, error_str) < 0 )
|
||||
{
|
||||
failure_response(ACTION, request_error(error_str,""), att);
|
||||
return;
|
||||
}
|
||||
|
||||
success_response(user_id, att);
|
||||
}
|
||||
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
int UserAddGroup::secondary_group_action(
|
||||
int user_id,
|
||||
int group_id,
|
||||
xmlrpc_c::paramList const& _paramList,
|
||||
string& error_str)
|
||||
{
|
||||
User * user;
|
||||
Group * group;
|
||||
|
||||
int rc;
|
||||
|
||||
user = upool->get(user_id,true);
|
||||
|
||||
if ( user == 0 )
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
|
||||
rc = user->add_group(group_id);
|
||||
|
||||
@ -231,26 +299,24 @@ int UserAddGroup::user_action(
|
||||
user->unlock();
|
||||
|
||||
error_str = "User is already in this group";
|
||||
return rc;
|
||||
return -1;
|
||||
}
|
||||
|
||||
pool->update(user);
|
||||
upool->update(user);
|
||||
|
||||
user->unlock();
|
||||
|
||||
Nebula& nd = Nebula::instance();
|
||||
GroupPool * gpool = nd.get_gpool();
|
||||
Group * group = gpool->get(group_id, true);
|
||||
group = gpool->get(group_id, true);
|
||||
|
||||
if( group == 0 )
|
||||
{
|
||||
User * user = static_cast<User *>(pool->get(user_id,true));
|
||||
user = upool->get(user_id,true);
|
||||
|
||||
if ( user != 0 )
|
||||
{
|
||||
user->del_group(group_id);
|
||||
|
||||
pool->update(user);
|
||||
upool->update(user);
|
||||
|
||||
user->unlock();
|
||||
}
|
||||
@ -271,15 +337,18 @@ int UserAddGroup::user_action(
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* -------------------------------------------------------------------------- */
|
||||
|
||||
int UserDelGroup::user_action(
|
||||
int user_id,
|
||||
xmlrpc_c::paramList const& paramList,
|
||||
string& error_str)
|
||||
int UserDelGroup::secondary_group_action(
|
||||
int user_id,
|
||||
int group_id,
|
||||
xmlrpc_c::paramList const& _paramList,
|
||||
string& error_str)
|
||||
{
|
||||
int group_id = xmlrpc_c::value_int(paramList.getInt(2));
|
||||
User * user;
|
||||
Group * group;
|
||||
|
||||
int rc;
|
||||
|
||||
User* user = static_cast<User *>(pool->get(user_id,true));
|
||||
user = upool->get(user_id,true);
|
||||
|
||||
rc = user->del_group(group_id);
|
||||
|
||||
@ -299,20 +368,19 @@ int UserDelGroup::user_action(
|
||||
{
|
||||
error_str = "Cannot remove user from group";
|
||||
}
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
pool->update(user);
|
||||
upool->update(user);
|
||||
|
||||
user->unlock();
|
||||
|
||||
Nebula& nd = Nebula::instance();
|
||||
GroupPool * gpool = nd.get_gpool();
|
||||
Group * group = gpool->get(group_id, true);
|
||||
group = gpool->get(group_id, true);
|
||||
|
||||
if( group == 0 )
|
||||
{
|
||||
//Group does not exists, should never occur
|
||||
//Group does not exist, should never occur
|
||||
error_str = "Cannot remove user from group";
|
||||
return -1;
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user