Skip to content
GitLab
Commit 4517096f authored by Francesc Guasch's avatar Francesc Guasch
Browse files

check authorization befor removing domain

parent fa06c580
Hide whitespace changes
Inline Side-by-side
lib/Ravada.pm
View file @ 4517096f
......@@ -6,6 +6,7 @@ use strict;
use Carp qw(carp croak);
use Data::Dumper;
use DBIx::Connector;
use Hash::Util qw(lock_hash);
use Moose;
use POSIX qw(WNOHANG);
use YAML;
......@@ -14,6 +15,7 @@ use Ravada::Auth;
use Ravada::Request;
use Ravada::VM::KVM;
use Ravada::VM::LXC;
use Ravada::VM::Void;
=head1 NAME
......@@ -179,7 +181,6 @@ sub create_domain {
my $request = $args{request} if $args{request};
$request->status("Searching for VM") if $request;
sleep 5;
my $vm = $self->vm->[0];
$vm = $self->search_vm($vm_name) if $vm_name;
......@@ -205,24 +206,19 @@ sub remove_domain {
my $self = shift;
my %arg = @_;
croak "Argument name required "
confess "Argument name required "
if !$arg{name};
croak "Argument id_user required "
if !$arg{id_user};
confess "Argument uid required "
if !$arg{uid};
lock_hash(%arg);
my $domain = $self->search_domain($arg{name}, 1)
or confess "ERROR: I can't find domain $arg{name}";
# TODO allow if user is admin
# my $user = ...
confess "ERROR: Access denied. User ".$arg{id_user}." is not owner of domain $arg{name}"
if $domain->id_owner != $arg{id_user};
# || $user->is_admin();
$domain->remove();
my $user = Ravada::Auth::SQL->search_by_id( $arg{uid});
$domain->remove( $user);
}
=head2 search_domain
......@@ -620,7 +616,10 @@ sub _cmd_remove {
my $request = shift;
$request->status('working');
eval { $self->remove_domain($request->args('name')) };
confess "Unknown user id ".$request->args->{uid}
if !defined $request->args->{uid};
$self->remove_domain(name => $request->args('name'), uid => $request->args('uid'));
$request->status('done');
$request->error($@);
......
lib/Ravada/Domain.pm
View file @ 4517096f
......@@ -41,17 +41,27 @@ our $CONNECTOR = \$Ravada::CONNECTOR;
#
before 'display' => \&_allowed;
before 'remove' => \&_allowed;
sub _allowed {
my $self = shift;
my ($user) = @_;
confess "Missing user uid" if !defined $user;
return if $self->id_owner == $user->id
|| $user->is_admin;
confess "Missing user" if !defined $user;
confess "ERROR: User '$user' not class user , it is ".(ref($user) or 'SCALAR')
if !ref $user || ref($user) !~ /Ravada::Auth/;
die "User ".$user->name." not allowed to access ".$self->domain;
return if $user->is_admin;
my $id_owner;
eval { $id_owner = $self->id_owner };
my $err = $@;
die "User ".$user->name." [".$user->id."] not allowed to access ".$self->domain
." owned by ".($id_owner or '<UNDEF>')."\n".Dumper($self)
if (defined $id_owner && $id_owner != $user->id );
confess $err if $err;
}
##################################################################################3
......
lib/Ravada/Request.pm
View file @ 4517096f
......@@ -30,6 +30,10 @@ our %VALID_ARG = (
,id_owner => 1
,id_template => 1
}
,remove_domain => {
name => 1
,uid => 1
}
);
our $CONNECTOR;
......@@ -115,8 +119,8 @@ sub create_domain {
=head2 remove_domain
my $req = Ravada::Request->create_domain( name => 'bla'
, id_iso => 1
my $req = Ravada::Request->remove_domain( name => 'bla'
, uid => $user->id
);
......@@ -127,14 +131,19 @@ sub remove_domain {
my $proto = shift;
my $class=ref($proto) || $proto;
my $name = shift;
$name = $name->name if ref($name) =~ /Domain/;
my %args = @_;
confess "Missing domain name" if !$args{name};
confess "Name is not scalar" if ref($args{name});
confess "Missing uid" if !$args{uid};
my %args = ( name => $name ) or confess "Missing domain name";
for (keys %args) {
confess "Invalid argument $_" if !$VALID_ARG{'remove_domain'}->{$_};
}
my $self = {};
bless($self,$class);
return $self->_new_request(command => 'remove' , args => encode_json({ name => $name }));
return $self->_new_request(command => 'remove' , args => encode_json(\%args));
}
......
t/30_request.t
View file @ 4517096f
......@@ -9,6 +9,9 @@ use Test::SQL::Data;
use_ok('Ravada');
use_ok('Ravada::Request');
use lib 't/lib';
use Test::Ravada;
my $test = Test::SQL::Data->new(config => 't/etc/sql.conf');
my $ravada;
......@@ -16,11 +19,15 @@ my $ravada;
my ($DOMAIN_NAME) = $0 =~ m{.*/(.*)\.};
my $DOMAIN_NAME_SON=$DOMAIN_NAME."_son";
my $RVD_BACK = rvd_back( $test->connector , 't/etc/ravada.conf');
my $USER = create_user("foo","bar");
my @ARG_CREATE_DOM = (
id_iso => 1
,id_owner => 1
,id_owner => $USER->id
);
#######################################################################
sub test_empty_request {
......@@ -36,7 +43,7 @@ sub test_remove_domain {
if ($domain) {
diag("Removing domain $name");
eval { $domain->remove() };
eval { $domain->remove(user_admin()) };
ok(!$@ , "Error removing domain $name : $@") or exit;
ok(! -e $domain->file_base_img ,"Image file was not removed "
......@@ -135,7 +142,7 @@ sub test_req_create_base {
sub test_req_remove_domain_obj {
my $domain = shift;
my $req = Ravada::Request->remove_domain($domain);
my $req = Ravada::Request->remove_domain(name => $domain->name, uid => user_admin->id);
$ravada->process_requests();
my $domain2 = $ravada->search_domain($domain->name);
......@@ -147,7 +154,7 @@ sub test_req_remove_domain_obj {
sub test_req_remove_domain_name {
my $name = shift;
my $req = Ravada::Request->remove_domain($name);
my $req = Ravada::Request->remove_domain(name => $name, uid => user_admin()->id);
$ravada->process_requests();
......@@ -169,33 +176,6 @@ sub test_list_vm_types {
}
sub remove_old_disks {
my ($name) = $0 =~ m{.*/(.*)\.t};
my $vm = $ravada->search_vm('kvm');
diag("remove old disks");
return if !$vm;
ok($vm,"I can't find a KVM virtual manager");
my $dir_img = $vm->dir_img();
ok($dir_img," I cant find a dir_img in the KVM virtual manager") or return;
for my $count ( 0 .. 10 ) {
my $disk = $dir_img."/$name"."_$count.img";
if ( -e $disk ) {
unlink $disk or die "I can't remove $disk";
}
}
for (qw(iso base)) {
my $disk = $dir_img."/$name".'_'."$_.img";
unlink $disk or die "I can't remove $disk"
if -e $disk;
}
$vm->storage_pool->refresh();
}
################################################
eval { $ravada = Ravada->new(connector => $test->connector) };
......
t/35_request_start.t
View file @ 4517096f
......@@ -6,18 +6,16 @@ use Test::SQL::Data;
use_ok('Ravada');
use_ok('Ravada::Request');
use lib 't/lib';
my $test = Test::SQL::Data->new(config => 't/etc/sql.conf');
use Test::Ravada;
my $RAVADA;
my $test = Test::SQL::Data->new(config => 't/etc/sql.conf');
eval { $RAVADA = Ravada->new(connector => $test->connector) };
my $RAVADA = rvd_back($test->connector, 't/etc/ravada.conf');
my @ARG_CREATE_DOM;
my ($DOMAIN_NAME) = $0 =~ m{.*/(.*)\.};
my $CONT = 0;
sub test_request_start {
}
......@@ -33,7 +31,7 @@ sub test_remove_domain {
diag("Removing domain $name");
my @disks = $domain->list_disks();
eval {
$domain->remove();
$domain->remove(user_admin->id);
};
ok(!$@ , "Error removing domain $name ".ref($domain).": $@") or exit;
......@@ -65,7 +63,7 @@ sub test_new_domain {
sub test_start {
my $name = $DOMAIN_NAME."_".$CONT++;
my $name = new_domain_name();
test_remove_domain($name);
......@@ -116,34 +114,6 @@ sub test_start {
return $domain3;
}
sub remove_old_domains {
my ($name) = $0 =~ m{.*/(.*)\.t};
for ( 0 .. 10 ) {
my $dom_name = $name."_$_";
my $domain = $RAVADA->search_domain($dom_name);
$domain->shutdown_now() if $domain;
test_remove_domain($dom_name);
}
}
sub remove_old_disks {
my ($name) = $0 =~ m{.*/(.*)\.t};
my $vm = $RAVADA->search_vm('kvm');
ok($vm,"I can't find a KVM virtual manager") or return;
my $dir_img = $vm->dir_img();
ok($dir_img," I cant find a dir_img in the KVM virtual manager") or return;
for my $count ( 0 .. 10 ) {
my $disk = $dir_img."/$name"."_$count.img";
if ( -e $disk ) {
unlink $disk or die "I can't remove $disk";
}
}
$vm->storage_pool->refresh();
}
###############################################################
#
......@@ -171,7 +141,7 @@ SKIP: {
my $domain = test_start();
$domain->shutdown_now() if $domain;
$domain->remove() if $domain;
$domain->remove(user_admin()) if $domain;
};
done_testing();
t/front/20_create_domain.t
View file @ 4517096f
......@@ -24,12 +24,13 @@ my $RVD_FRONT = Ravada::Front->new( @rvd_args
, backend => $RVD_BACK
);
my $USER = create_user('foo','bar');
my %CREATE_ARGS = (
kvm => { id_iso => 1, id_owner => 1 }
,lxc => { id_template => 1, id_owner => 1 }
kvm => { id_iso => 1, id_owner => $USER->id }
,lxc => { id_template => 1, id_owner => $USER->id }
);
my $USER = create_user('foo','bar');
###################################################################
......@@ -58,7 +59,7 @@ sub test_remove_domain {
if ($domain) {
diag("Removing domain $name");
$domain->remove();
$domain->remove($USER);
}
$domain = $RVD_BACK->search_domain($name);
die "I can't remove old domain $name"
......@@ -108,7 +109,9 @@ for my $vm_name ('kvm','lxc') {
my $display = $RVD_FRONT->domdisplay($name, $USER);
ok($display,"No display for domain $name found. Is it active ?");
ok($display =~ m{\w+://.*?:\d+},"Expecting display a URL, it is '$display'");
ok($display && $display =~ m{\w+://.*?:\d+},"Expecting display a URL, it is '"
.($display or '<UNDEF>')
."'");
$display = undef;
eval { $display = $RVD_FRONT->domdisplay($name ) };
......
t/kvm/20_domain_kvm.t
View file @ 4517096f
......@@ -6,6 +6,9 @@ use IPC::Run3;
use Test::More;
use Test::SQL::Data;
use lib 't/lib';
use Test::Ravada;
my $BACKEND = 'KVM';
use_ok('Ravada');
......@@ -13,15 +16,8 @@ use_ok("Ravada::Domain::$BACKEND");
my $test = Test::SQL::Data->new( config => 't/etc/sql.conf');
my @rvd_args = (
config => 't/etc/ravada.conf'
,connector => $test->connector
);
my $RAVADA;
eval { $RAVADA = Ravada->new( @rvd_args ) };
my $CONT= 0;
my $RAVADA = rvd_back($test->connector , 't/etc/ravada.conf');
my $USER = create_user('foo','bar');
sub test_vm_kvm {
my $vm = $RAVADA->search_vm('kvm');
......@@ -34,13 +30,14 @@ sub test_vm_kvm {
}
sub test_remove_domain {
my $name = shift;
my $user = (shift or $USER);
my $domain;
$domain = $RAVADA->search_domain($name,1);
if ($domain) {
diag("Removing domain $name");
$domain->remove();
$domain->remove($user);
}
$domain = $RAVADA->search_domain($name);
die "I can't remove old domain $name"
......@@ -53,7 +50,7 @@ sub test_remove_domain_by_name {
my $name = shift;
diag("Removing domain $name");
$RAVADA->remove_domain($name);
$RAVADA->remove_domain(name => $name, uid => $USER->id);
my $domain = $RAVADA->search_domain($name, 1);
die "I can't remove old domain $name"
......@@ -74,14 +71,13 @@ sub search_domain_db
sub test_new_domain {
my $active = shift;
my ($name) = $0 =~ m{.*/(.*)\.t};
$name .= "_".$CONT++;
my $name = new_domain_name();
test_remove_domain($name);
diag("Creating domain $name");
my $domain = $RAVADA->create_domain(name => $name, id_iso => 1, active => $active
, id_owner => 1
, id_owner => $USER->id
, vm => $BACKEND
);
......@@ -207,7 +203,7 @@ sub test_domain_missing_in_db {
ok($RAVADA->list_domains == $n_domains,"There should be only $n_domains domains "
.", there are ".scalar(@list_domains));
test_remove_domain($domain->name);
test_remove_domain($domain->name, user_admin());
}
}
......@@ -236,34 +232,6 @@ sub test_prepare_import {
}
sub remove_old_domains {
my ($name) = $0 =~ m{.*/(.*)\.t};
for ( 0 .. 10 ) {
my $dom_name = $name."_$_";
my $domain = $RAVADA->search_domain($dom_name);
$domain->shutdown_now() if $domain;
test_remove_domain($dom_name);
}
}
sub remove_old_disks {
my ($name) = $0 =~ m{.*/(.*)\.t};
my $vm = $RAVADA->search_vm('kvm');
ok($vm,"I can't find a KVM virtual manager") or return;
my $dir_img = $vm->dir_img();
ok($dir_img," I cant find a dir_img in the KVM virtual manager") or return;
for my $count ( 0 .. 10 ) {
my $disk = $dir_img."/$name"."_$count.img";
if ( -e $disk ) {
unlink $disk or die "I can't remove $disk";
}
}
$vm->storage_pool->refresh();
}
################################################################
my $vm;
......
t/kvm/22_domain_kvm_base.t
View file @ 4517096f
......@@ -8,6 +8,9 @@ use Test::More;
use Test::SQL::Data;
use XML::LibXML;
use lib 't/lib';
use Test::Ravada;
my $BACKEND = 'KVM';
use_ok('Ravada');
......@@ -15,14 +18,13 @@ use_ok("Ravada::Domain::$BACKEND");
my $test = Test::SQL::Data->new( config => 't/etc/sql.conf');
my $RAVADA;
eval { $RAVADA = Ravada->new( connector => $test->connector) };
my $RAVADA = rvd_back( $test->connector , 't/etc/ravada.conf');
my ($DOMAIN_NAME) = $0 =~ m{.*/(.*)\.};
my $DOMAIN_NAME_SON=$DOMAIN_NAME."_son";
$DOMAIN_NAME_SON =~ s/base_//;
my $USER = create_user('foo','bar');
sub test_vm_kvm {
my $vm = $RAVADA->vm->[0];
......@@ -41,7 +43,7 @@ sub test_remove_domain {
if ($domain) {
diag("Removing domain $name");
eval { $domain->remove() };
eval { $domain->remove(user_admin()) };
ok(!$@ , "Error removing domain $name : $@") ;
if ( $domain->file_base_img ) {
......
t/kvm/25_domain_kvm_dothings.t
View file @ 4517096f
......@@ -6,29 +6,36 @@ use IPC::Run3;
use Test::More;
use Test::SQL::Data;
use lib 't/lib';
use Test::Ravada;
use_ok('Ravada');
use_ok('Ravada::Domain::KVM');
my $test = Test::SQL::Data->new( config => 't/etc/sql.conf');
my $RAVADA;
my $VMM;
eval { $RAVADA = Ravada->new( connector => $test->connector) };
my $RAVADA = rvd_back( $test->connector , 't/etc/ravada.conf');
my $REMOTE_VIEWER = `which remote-viewer`;
chomp $REMOTE_VIEWER;
my $USER = create_user('foo','bar');
##############################################################
#
sub test_remove_domain {
my $name = shift;
my $user = ( shift or $USER);
my $domain;
$domain = $RAVADA->search_domain($name,1);
if ($domain) {
diag("Removing domain $name");
$domain->remove();
$domain->remove($user);
}
$domain = $RAVADA->search_domain($name,1);
die "I can't remove old domain $name"
......@@ -36,25 +43,6 @@ sub test_remove_domain {
}
sub remove_old_disks {
my ($name) = $0 =~ m{.*/(.*)\.t};
my $vm = $RAVADA->search_vm('kvm');
ok($vm,"I can't find a KVM virtual manager") or return;
my $dir_img = $vm->dir_img();
ok($dir_img," I cant find a dir_img in the KVM virtual manager") or return;
for my $count ( 0 .. 10 ) {
my $disk = $dir_img."/$name"."_$count.img";
if ( -e $disk ) {
unlink $disk or die "I can't remove $disk";
}
}
$vm->storage_pool->refresh();
}
##############################################################
eval { $VMM = $RAVADA->search_vm('kvm') } if $RAVADA;
......@@ -68,9 +56,14 @@ remove_old_disks();
my ($name) = $0 =~ m{.*/(.*)\.t};
$name .= "_0";
test_remove_domain($name);
test_remove_domain($name, user_admin());
my $domain = $VMM->create_domain(name => $name, id_iso => 1 , active => 0, id_owner => 1);
my $domain = $VMM->create_domain(
name => $name
, id_iso => 1
, active => 0
, id_owner => $USER->id
);
ok($domain,"Domain not created") and do {
......
t/kvm/30_request.t
View file @ 4517096f
......@@ -18,6 +18,7 @@ my $test = Test::SQL::Data->new(config => 't/etc/sql.conf');
my $RAVADA;
my $VMM;
my $CONT = 0;
my $USER;
sub test_req_prepare_base {
my $name = shift;
......@@ -41,7 +42,7 @@ sub test_remove_domain {
if ($domain) {
diag("Removing domain $name");
eval { $domain->remove() };
eval { $domain->remove($USER) };
ok(!$@ , "Error removing domain $name : $@") or exit;
ok(! -e $domain->file_base_img ,"Image file was not removed "
......@@ -63,7 +64,7 @@ sub test_req_clone {
my $req = Ravada::Request->create_domain(
name => $name
,id_base => $domain_father->id
,id_owner => 1
,id_owner => $USER->id
,vm => $BACKEND
);
ok($req);
......@@ -101,7 +102,7 @@ sub test_req_create_domain_iso {
my $req = Ravada::Request->create_domain(
name => $name
,id_iso => 1
,id_owner => 1
,id_owner => $USER->id
,vm => $BACKEND
);
ok($req);
......@@ -131,7 +132,7 @@ sub test_force_kvm {
my $req = Ravada::Request->create_domain(
name => $name
,id_iso => 1
,id_owner => 1
,id_owner => $USER->id
,vm => 'kvm'
);
ok($req);
......@@ -162,7 +163,8 @@ sub test_force_kvm {