From f7d3833c104037c76686e4979a184e4f36dfec87 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tino=20V=C3=A1zquez?= <tinova79@gmail.com>
Date: Fri, 9 Jul 2010 19:32:37 +0200
Subject: [PATCH] feature #203: Adding authorization for Image allocate

---
 src/rm/RequestManagerImageAllocate.cc | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/src/rm/RequestManagerImageAllocate.cc b/src/rm/RequestManagerImageAllocate.cc
index ce266d3a6d..1722c1a3d0 100644
--- a/src/rm/RequestManagerImageAllocate.cc
+++ b/src/rm/RequestManagerImageAllocate.cc
@@ -15,10 +15,12 @@
 /* -------------------------------------------------------------------------- */
 
 #include "RequestManager.h"
-#include "NebulaLog.h"
 
+#include "NebulaLog.h"
 #include "Nebula.h"
 
+#include "AuthManager.h"
+
 /* -------------------------------------------------------------------------- */
 /* -------------------------------------------------------------------------- */
 
@@ -55,6 +57,19 @@ void RequestManager::ImageAllocate::execute(
     }
     
     uid = rc;
+    
+    //Authorize the operation
+    if ( uid != 0 ) // uid == 0 means oneadmin
+    {
+        AuthRequest ar(uid);
+
+        ar.add_auth(AuthRequest::IMAGE,-1,AuthRequest::CREATE,0,false);
+
+        if (UserPool::authorize(ar) == -1)
+        {
+            goto error_authorize;
+        }
+    }
 
     rc = ImageAllocate::ipool->allocate(uid,image_template,&iid);
 
@@ -78,6 +93,10 @@ void RequestManager::ImageAllocate::execute(
 error_authenticate:
     oss << "User not authenticated, aborting ImageAllocate call.";
     goto error_common;
+    
+error_authorize:
+    oss << "User not authorized to allocate a new IMAGE";
+    goto error_common;
 
 error_allocate:
     if (rc == -1)