Commit 4407235b authored by Francesc Guasch's avatar Francesc Guasch
Browse files

wip: sets start_limit to 0 to admins

parent c1e7fcdd
......@@ -1381,10 +1381,10 @@ sub _add_grants($self) {
$self->_add_grant('expose_ports',0,"Can expose virtual machine ports.");
$self->_add_grant('view_groups',0,'Can view groups.');
$self->_add_grant('manage_groups',0,'Can manage groups.');
$self->_add_grant('start_limit',0,"can have their own limit on started machines.", 1);
$self->_add_grant('start_limit',0,"can have their own limit on started machines.", 1, 0);
}
sub _add_grant($self, $grant, $allowed, $description, $is_int = 0) {
sub _add_grant($self, $grant, $allowed, $description, $is_int = 0, $default_admin=1) {
my $sth = $CONNECTOR->dbh->prepare(
"SELECT id, description FROM grant_types WHERE name=?"
);
......@@ -1401,9 +1401,9 @@ sub _add_grant($self, $grant, $allowed, $description, $is_int = 0) {
}
return if $id;
$sth = $CONNECTOR->dbh->prepare("INSERT INTO grant_types (name, description, is_int)"
." VALUES (?,?,?)");
$sth->execute($grant, $description, $is_int);
$sth = $CONNECTOR->dbh->prepare("INSERT INTO grant_types (name, description, is_int, default_admin)"
." VALUES (?,?,?,?)");
$sth->execute($grant, $description, $is_int, $default_admin);
$sth->finish;
$sth = $CONNECTOR->dbh->prepare("SELECT id FROM grant_types WHERE name=?");
......@@ -1420,6 +1420,7 @@ sub _add_grant($self, $grant, $allowed, $description, $is_int = 0) {
while (my ($id_user, $name, $is_admin) = $sth->fetchrow ) {
my $allowed_current = $allowed;
$allowed_current = 1 if $is_admin;
$allowed_current = $default_admin if $is_admin && defined $default_admin;
eval { $sth_insert->execute($id_user, $id_grant, $allowed_current ) };
die $@ if $@ && $@ !~/Duplicate entry /;
}
......@@ -2183,6 +2184,7 @@ sub _upgrade_tables {
$self->_upgrade_table('iptables','id_vm','int DEFAULT NULL');
$self->_upgrade_table('vms','security','varchar(255) default NULL');
$self->_upgrade_table('grant_types','enabled','int not null default 1');
$self->_upgrade_table('grant_types','default_admin','int not null default 1');
$self->_upgrade_table('vms','mac','char(18)');
$self->_upgrade_table('vms','tls','text');
......
......@@ -804,14 +804,15 @@ Grant an user all the permissions
sub grant_admin_permissions($self,$user) {
my $sth = $$CON->dbh->prepare(
"SELECT name FROM grant_types "
"SELECT name,default_admin FROM grant_types"
." WHERE enabled=1"
." ORDER BY name"
);
$sth->execute();
my $grant_found=0;
while ( my ($name) = $sth->fetchrow) {
$self->grant($user,$name);
while ( my ($name, $default_admin) = $sth->fetchrow) {
$default_admin=1 if !defined $default_admin;
$self->grant($user,$name,$default_admin);
$grant_found++ if $name eq'grant';
}
$sth->finish;
......
......@@ -21,7 +21,7 @@ INSERT INTO grant_types(name,description) VALUES('remove_clone_all',"can remove
INSERT INTO grant_types(name,description) VALUES('hibernate_clone_all',"can hibernate any clone.");
/* Special users should be allowed these */
INSERT INTO grant_types(name,description, is_int) VALUES('start_limit',"can have their own limit on started machines.", 1); /* the value in grants_user will be the maximum number of concurrent machines instead of a boolean */
INSERT INTO grant_types(name,description, is_int, default_admin) VALUES('start_limit',"can have their own limit on started machines.", 1, 0); /* the value in grants_user will be the maximum number of concurrent machines instead of a boolean */
/* admins should be allowed these */
INSERT INTO grant_types(name,description) VALUES('clone_all',"can clone any virtual machine.");
......
......@@ -4,6 +4,7 @@ CREATE TABLE `grant_types` (
`description` varchar(255) NOT NULL,
`enabled` int default NULL,
`is_int` int default 0,
`default_admin` int default 1,
UNIQUE(`name`),
UNIQUE(`description`),
PRIMARY KEY (`id`)
......
......@@ -4,5 +4,6 @@ CREATE TABLE `grant_types` (
, `description` varchar(255) NOT NULL
, `enabled` integer default NULL
, `is_int` integer default 0
, `default_admin` integer default 1
, UNIQUE(`name`)
);
......@@ -71,6 +71,10 @@ sub test_admin {
my $user = create_user("foo$$","bar",1);
ok($user->is_admin);
for my $perm ($user->list_all_permissions) {
if ($perm->{name} eq 'start_limit') {
is($user->can_do($perm->{name}),undef,$perm->{name});
next;
}
is($user->can_do($perm->{name}),1,$perm->{name});
}
$user->remove();
......@@ -739,8 +743,47 @@ sub test_clone_all {
diag("TODO test clone all");
}
sub test_start_many{
my $user = create_user("oper_start","bar");
my $usera = create_user("admin_start","bar",'is admin');
is($user->can_start_many,undef);
is($usera->can_start_many,1);
is($user->can_start_limit,undef);
is($usera->can_start_limit,undef);
$user->remove();
$usera->remove();
}
sub test_start_limit_upgrade{
my $sth = connector->dbh->prepare("SELECT id FROM grant_types WHERE name='start_limit'");
$sth->execute();
my ($id) = $sth->fetchrow;
$sth = connector->dbh->prepare("DELETE FROM grants_user WHERE id_grant=?");
$sth->execute($id);
$sth = connector->dbh->prepare("DELETE FROM grant_types WHERE id=?");
$sth->execute($id);
my $user = create_user("oper_start","bar");
my $usera = create_user("admin_start","bar",'is admin');
rvd_back->{_null_grants}=0;
rvd_back->_install();
is($user->can_start_limit,0);
is($usera->can_start_limit,0);
$user->remove();
$usera->remove();
}
##########################################################
test_start_many();
test_start_limit_upgrade();
test_defaults();
test_admin();
test_grant();
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment