F #2347: Update default ACLS to grant VMGroup create permission

2025-01-25 06:03:36 +03:00 · 2017-01-27 12:11:26 +01:00 · 2017-01-27 12:11:26 +01:00 · f3a3f9cde1
commit f3a3f9cde1
parent a845425a1d
3 changed files with 10 additions and 5 deletions
--- a/src/group/Group.cc
+++ b/src/group/Group.cc
@ -353,7 +353,7 @@ void Group::add_admin_rules(int user_id)
        NebulaLog::log("GROUP",Log::ERROR,error_msg);
    }

-    // #<uid> VM+NET+IMAGE+TEMPLATE+DOCUMENT+SECGROUP+VROUTER/@<gid> USE+MANAGE *
+    // #<uid> VM+NET+IMAGE+TEMPLATE+DOCUMENT+SECGROUP+VROUTER+VMGROUP/@<gid> USE+MANAGE *
    if ( aclm->add_rule(
            AclRule::INDIVIDUAL_ID |
            user_id,
@ -365,6 +365,7 @@ void Group::add_admin_rules(int user_id)
            PoolObjectSQL::DOCUMENT |
            PoolObjectSQL::SECGROUP |
            PoolObjectSQL::VROUTER |
+            PoolObjectSQL::VMGROUP |
            AclRule::GROUP_ID |
            oid,

@ -449,7 +450,7 @@ void Group::del_admin_rules(int user_id)
        NebulaLog::log("GROUP",Log::ERROR,error_msg);
    }

-    // #<uid> VM+NET+IMAGE+TEMPLATE+DOCUMENT+SECGROUP+VROUTER/@<gid> USE+MANAGE *
+    // #<uid> VM+NET+IMAGE+TEMPLATE+DOCUMENT+SECGROUP+VROUTER+VMGROUP/@<gid> USE+MANAGE *
    if ( aclm->del_rule(
            AclRule::INDIVIDUAL_ID |
            user_id,
@ -461,6 +462,7 @@ void Group::del_admin_rules(int user_id)
            PoolObjectSQL::DOCUMENT |
            PoolObjectSQL::SECGROUP |
            PoolObjectSQL::VROUTER |
+            PoolObjectSQL::VMGROUP |
            AclRule::GROUP_ID |
            oid,

--- a/src/oca/ruby/opennebula/acl.rb
+++ b/src/oca/ruby/opennebula/acl.rb
@ -23,14 +23,17 @@ module OpenNebula
    #                  @<num>
    #                  ALL
    #     RESOURCE  -> + separated list and "/{#,@,%}<num>|ALL"
-    #                  VM,
+    #                  VM
    #                  HOST
    #                  NET
    #                  IMAGE
    #                  USER
    #                  TEMPLATE
    #                  GROUP
-    #                  ACL
+    #                  DATASTORE
+    #                  CLUSTER
+    #                  DOCUMENT
+    #                  ZONE
    #                  SECGROUP
    #                  VDC
    #                  VROUTER
--- a/src/oca/ruby/opennebula/group.rb
+++ b/src/oca/ruby/opennebula/group.rb
@ -37,7 +37,7 @@ module OpenNebula
        SELF = -1

        # Default resource ACL's for group users (create)
-        GROUP_DEFAULT_ACLS = "VM+IMAGE+TEMPLATE+DOCUMENT+SECGROUP+VROUTER"
+        GROUP_DEFAULT_ACLS = "VM+IMAGE+TEMPLATE+DOCUMENT+SECGROUP+VROUTER+VMGROUP"

        # The default view for group and group admins, must be defined in
        # sunstone_views.yaml