diff --git a/include/RequestManagerUser.h b/include/RequestManagerUser.h index be4adc2d49..1e04c610d5 100644 --- a/include/RequestManagerUser.h +++ b/include/RequestManagerUser.h @@ -45,8 +45,9 @@ protected: /* -------------------------------------------------------------------- */ - void request_execute(xmlrpc_c::paramList const& _paramList, - RequestAttributes& att); + void request_execute( + xmlrpc_c::paramList const& _paramList, + RequestAttributes& att); virtual int user_action(int user_id, xmlrpc_c::paramList const& _paramList, @@ -131,43 +132,78 @@ public: /* ------------------------------------------------------------------------- */ /* ------------------------------------------------------------------------- */ -class UserAddGroup : public RequestManagerUser +class UserEditGroup : public Request { public: - UserAddGroup(): - RequestManagerUser("UserAddGroup", - "Adds the user to a secondary group", - "A:sii") + UserEditGroup( + const string& method_name, + const string& help, + const string& params): + Request(method_name,params,help) { + auth_object = PoolObjectSQL::USER; auth_op = AuthRequest::MANAGE; + + Nebula& nd = Nebula::instance(); + gpool = nd.get_gpool(); + upool = nd.get_upool(); }; - ~UserAddGroup(){}; + ~UserEditGroup(){}; - int user_action(int user_id, - xmlrpc_c::paramList const& _paramList, - string& err); + void request_execute( + xmlrpc_c::paramList const& _paramList, + RequestAttributes& att); + + virtual int secondary_group_action( + int user_id, + int group_id, + xmlrpc_c::paramList const& _paramList, + string& error_str) = 0; + +protected: + GroupPool * gpool; + UserPool * upool; }; /* ------------------------------------------------------------------------- */ /* ------------------------------------------------------------------------- */ -class UserDelGroup : public RequestManagerUser +class UserAddGroup : public UserEditGroup +{ +public: + UserAddGroup(): + UserEditGroup("UserAddGroup", + "Adds the user to a secondary group", + "A:sii"){}; + + ~UserAddGroup(){}; + + int secondary_group_action( + int user_id, + int group_id, + xmlrpc_c::paramList const& _paramList, + string& error_str); +}; + +/* ------------------------------------------------------------------------- */ +/* ------------------------------------------------------------------------- */ + +class UserDelGroup : public UserEditGroup { public: UserDelGroup(): - RequestManagerUser("UserDelGroup", - "Deletes the user from a secondary group", - "A:sii") - { - auth_op = AuthRequest::MANAGE; - }; + UserEditGroup("UserDelGroup", + "Deletes the user from a secondary group", + "A:sii"){}; ~UserDelGroup(){}; - int user_action(int user_id, - xmlrpc_c::paramList const& _paramList, - string& err); + int secondary_group_action( + int user_id, + int group_id, + xmlrpc_c::paramList const& _paramList, + string& error_str); }; /* -------------------------------------------------------------------------- */ diff --git a/src/rm/RequestManagerUser.cc b/src/rm/RequestManagerUser.cc index 983da4d076..331d30f1e0 100644 --- a/src/rm/RequestManagerUser.cc +++ b/src/rm/RequestManagerUser.cc @@ -214,15 +214,83 @@ int UserSetQuota::user_action(int user_id, /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -int UserAddGroup::user_action( - int user_id, - xmlrpc_c::paramList const& paramList, - string& error_str) +void UserEditGroup:: + request_execute(xmlrpc_c::paramList const& paramList, + RequestAttributes& att) { + int user_id = xmlrpc_c::value_int(paramList.getInt(1)); int group_id = xmlrpc_c::value_int(paramList.getInt(2)); + int rc; - User* user = static_cast(pool->get(user_id,true)); + string error_str; + + string gname; + string uname; + + PoolObjectAuth uperms; + PoolObjectAuth gperms; + + rc = get_info(upool, user_id, PoolObjectSQL::USER, att, uperms, uname); + + if ( rc == -1 ) + { + return; + } + + rc = get_info(gpool, group_id, PoolObjectSQL::GROUP, att, gperms, gname); + + if ( rc == -1 ) + { + return; + } + + if ( att.uid != UserPool::ONEADMIN_ID ) + { + AuthRequest ar(att.uid, att.group_ids); + + ar.add_auth(AuthRequest::MANAGE, uperms); // MANAGE USER + ar.add_auth(AuthRequest::MANAGE, gperms); // MANAGE GROUP + + if (UserPool::authorize(ar) == -1) + { + failure_response(AUTHORIZATION, + authorization_error(ar.message, att), + att); + + return; + } + } + + if ( secondary_group_action(user_id, group_id, paramList, error_str) < 0 ) + { + failure_response(ACTION, request_error(error_str,""), att); + return; + } + + success_response(user_id, att); +} + +/* -------------------------------------------------------------------------- */ +/* -------------------------------------------------------------------------- */ + +int UserAddGroup::secondary_group_action( + int user_id, + int group_id, + xmlrpc_c::paramList const& _paramList, + string& error_str) +{ + User * user; + Group * group; + + int rc; + + user = upool->get(user_id,true); + + if ( user == 0 ) + { + return -1; + } rc = user->add_group(group_id); @@ -231,26 +299,24 @@ int UserAddGroup::user_action( user->unlock(); error_str = "User is already in this group"; - return rc; + return -1; } - pool->update(user); + upool->update(user); user->unlock(); - Nebula& nd = Nebula::instance(); - GroupPool * gpool = nd.get_gpool(); - Group * group = gpool->get(group_id, true); + group = gpool->get(group_id, true); if( group == 0 ) { - User * user = static_cast(pool->get(user_id,true)); + user = upool->get(user_id,true); if ( user != 0 ) { user->del_group(group_id); - pool->update(user); + upool->update(user); user->unlock(); } @@ -271,15 +337,18 @@ int UserAddGroup::user_action( /* -------------------------------------------------------------------------- */ /* -------------------------------------------------------------------------- */ -int UserDelGroup::user_action( - int user_id, - xmlrpc_c::paramList const& paramList, - string& error_str) +int UserDelGroup::secondary_group_action( + int user_id, + int group_id, + xmlrpc_c::paramList const& _paramList, + string& error_str) { - int group_id = xmlrpc_c::value_int(paramList.getInt(2)); + User * user; + Group * group; + int rc; - User* user = static_cast(pool->get(user_id,true)); + user = upool->get(user_id,true); rc = user->del_group(group_id); @@ -299,20 +368,19 @@ int UserDelGroup::user_action( { error_str = "Cannot remove user from group"; } + return rc; } - pool->update(user); + upool->update(user); user->unlock(); - Nebula& nd = Nebula::instance(); - GroupPool * gpool = nd.get_gpool(); - Group * group = gpool->get(group_id, true); + group = gpool->get(group_id, true); if( group == 0 ) { - //Group does not exists, should never occur + //Group does not exist, should never occur error_str = "Cannot remove user from group"; return -1; }