wip: sets start_limit to 0 to admins

lib/Ravada.pm

@@ -1381,10 +1381,10 @@ sub _add_grants($self) {
     $self->_add_grant('expose_ports',0,"Can expose virtual machine ports.");
     $self->_add_grant('view_groups',0,'Can view groups.');
     $self->_add_grant('manage_groups',0,'Can manage groups.');
-    $self->_add_grant('start_limit',0,"can have their own limit on started machines.", 1);
+    $self->_add_grant('start_limit',0,"can have their own limit on started machines.", 1, 0);
 }
 
-sub _add_grant($self, $grant, $allowed, $description, $is_int = 0) {
+sub _add_grant($self, $grant, $allowed, $description, $is_int = 0, $default_admin=1) {
     my $sth = $CONNECTOR->dbh->prepare(
         "SELECT id, description FROM grant_types WHERE name=?"
     );
@@ -1401,9 +1401,9 @@ sub _add_grant($self, $grant, $allowed, $description, $is_int = 0) {
     }
     return if $id;
 
-    $sth = $CONNECTOR->dbh->prepare("INSERT INTO grant_types (name, description, is_int)"
-        ." VALUES (?,?,?)");
-    $sth->execute($grant, $description, $is_int);
+    $sth = $CONNECTOR->dbh->prepare("INSERT INTO grant_types (name, description, is_int, default_admin)"
+        ." VALUES (?,?,?,?)");
+    $sth->execute($grant, $description, $is_int, $default_admin);
     $sth->finish;
 
     $sth = $CONNECTOR->dbh->prepare("SELECT id FROM grant_types WHERE name=?");
@@ -1420,6 +1420,7 @@ sub _add_grant($self, $grant, $allowed, $description, $is_int = 0) {
     while (my ($id_user, $name, $is_admin) = $sth->fetchrow ) {
         my $allowed_current = $allowed;
         $allowed_current = 1 if $is_admin;
+        $allowed_current = $default_admin if $is_admin && defined $default_admin;
         eval { $sth_insert->execute($id_user, $id_grant, $allowed_current ) };
         die $@ if $@ && $@ !~/Duplicate entry /;
     }
@@ -2183,6 +2184,7 @@ sub _upgrade_tables {
     $self->_upgrade_table('iptables','id_vm','int DEFAULT NULL');
     $self->_upgrade_table('vms','security','varchar(255) default NULL');
     $self->_upgrade_table('grant_types','enabled','int not null default 1');
+    $self->_upgrade_table('grant_types','default_admin','int not null default 1');
 
     $self->_upgrade_table('vms','mac','char(18)');
     $self->_upgrade_table('vms','tls','text');

lib/Ravada/Auth/SQL.pm

@@ -804,14 +804,15 @@ Grant an user all the permissions
 
 sub grant_admin_permissions($self,$user) {
     my $sth = $$CON->dbh->prepare(
-            "SELECT name FROM grant_types "
+            "SELECT name,default_admin FROM grant_types"
             ." WHERE enabled=1"
             ." ORDER BY name"
     );
     $sth->execute();
     my $grant_found=0;
-    while ( my ($name) = $sth->fetchrow) {
-        $self->grant($user,$name);
+    while ( my ($name, $default_admin) = $sth->fetchrow) {
+        $default_admin=1 if !defined $default_admin;
+        $self->grant($user,$name,$default_admin);
         $grant_found++ if $name eq'grant';
     }
     $sth->finish;

sql/data/insert_grant_types.sql

@@ -21,7 +21,7 @@ INSERT INTO grant_types(name,description) VALUES('remove_clone_all',"can remove
 INSERT INTO grant_types(name,description) VALUES('hibernate_clone_all',"can hibernate any clone.");
 
 /* Special users should be allowed these */
-INSERT INTO grant_types(name,description, is_int) VALUES('start_limit',"can have their own limit on started machines.", 1); /* the value in grants_user will be the maximum number of concurrent machines instead of a boolean */
+INSERT INTO grant_types(name,description, is_int, default_admin) VALUES('start_limit',"can have their own limit on started machines.", 1, 0); /* the value in grants_user will be the maximum number of concurrent machines instead of a boolean */
 
 /* admins should be allowed these */
 INSERT INTO grant_types(name,description) VALUES('clone_all',"can clone any virtual machine.");

sql/mysql/grant_types.sql

@@ -4,6 +4,7 @@ CREATE TABLE `grant_types` (
   `description` varchar(255) NOT NULL,
   `enabled` int default NULL,
   `is_int` int default 0,
+  `default_admin` int default 1,
     UNIQUE(`name`),
     UNIQUE(`description`),
   PRIMARY KEY (`id`)

sql/sqlite/grant_types.sql

@@ -4,5 +4,6 @@ CREATE TABLE `grant_types` (
 ,  `description` varchar(255) NOT NULL
 ,  `enabled` integer default NULL
 ,  `is_int` integer default 0
+,  `default_admin` integer default 1
 ,    UNIQUE(`name`)
 );

t/user/20_grants.t

@@ -71,6 +71,10 @@ sub test_admin {
     my $user = create_user("foo$$","bar",1);
     ok($user->is_admin);
     for my $perm ($user->list_all_permissions) {
+        if ($perm->{name} eq 'start_limit') {
+            is($user->can_do($perm->{name}),undef,$perm->{name});
+            next;
+        }
         is($user->can_do($perm->{name}),1,$perm->{name});
     }
     $user->remove();
@@ -739,8 +743,47 @@ sub test_clone_all {
     diag("TODO test clone all");
 }
 
+sub test_start_many{
+    my $user = create_user("oper_start","bar");
+    my $usera = create_user("admin_start","bar",'is admin');
+    is($user->can_start_many,undef);
+    is($usera->can_start_many,1);
+
+    is($user->can_start_limit,undef);
+    is($usera->can_start_limit,undef);
+
+    $user->remove();
+    $usera->remove();
+}
+
+sub test_start_limit_upgrade{
+    my $sth = connector->dbh->prepare("SELECT id FROM grant_types WHERE name='start_limit'");
+    $sth->execute();
+    my ($id) = $sth->fetchrow;
+
+    $sth = connector->dbh->prepare("DELETE FROM grants_user WHERE id_grant=?");
+    $sth->execute($id);
+
+    $sth = connector->dbh->prepare("DELETE FROM grant_types WHERE id=?");
+    $sth->execute($id);
+
+    my $user = create_user("oper_start","bar");
+    my $usera = create_user("admin_start","bar",'is admin');
+    rvd_back->{_null_grants}=0;
+    rvd_back->_install();
+    is($user->can_start_limit,0);
+    is($usera->can_start_limit,0);
+
+    $user->remove();
+    $usera->remove();
+}
+
+
 ##########################################################
 
+test_start_many();
+test_start_limit_upgrade();
+
 test_defaults();
 test_admin();
 test_grant();