Commit 5a017617 authored by Francesc Guasch's avatar Francesc Guasch
Browse files

feat(grants): enable or disable grant types

This also sets the permissions that have been
implemented so far. Those must be enabled at
the sub _enable_grants at Ravada.pm

@joelalju, this when all the grants are implemented
it should be added there.

issue #698
parent d5117808
......@@ -132,8 +132,8 @@ sub BUILD {
$self->_create_tables();
$self->_upgrade_tables();
$self->_init_user_daemon();
$self->_update_data();
$self->_init_user_daemon();
}
sub _init_user_daemon {
......@@ -651,10 +651,59 @@ sub _update_data {
$self->_remove_old_isos();
$self->_update_isos();
$self->_update_grants();
$self->_enable_grants();
$self->_update_user_grants();
$self->_update_domain_drivers_types();
$self->_update_domain_drivers_options();
$self->_update_old_qemus();
}
sub _update_grants($self) {
my $sth = $CONNECTOR->dbh->prepare(
"UPDATE grant_types"
." SET name='create_machine' "
." WHERE name = 'create_domain'"
);
$sth->execute();
}
sub _enable_grants($self) {
return;
my $sth = $CONNECTOR->dbh->prepare(
"UPDATE grant_types set enabled=0"
);
my @grants = (
'change_settings','clone', 'create_base', 'create_machine'
,'grant'
,'hibernate_clone'
,'remove_clone', 'remove_clone_all'
,'screenshot', 'shutdown_clone'
);
$sth = $CONNECTOR->dbh->prepare("SELECT id,name FROM grant_types");
$sth->execute;
my %grant_exists;
while (my ($id, $name) = $sth->fetchrow ) {
$grant_exists{$name} = $id;
}
$sth = $CONNECTOR->dbh->prepare(
"UPDATE grant_types set enabled=1 WHERE name=?"
);
my %done;
for my $name ( @grants ) {
die "Duplicate grant $name " if $done{$name};
die "Permission $name doesn't exist at table grant_types"
."\n".Dumper(\%grant_exists)
if !$grant_exists{$name};
$sth->execute($name);
}
}
sub _update_old_qemus($self) {
......@@ -831,6 +880,8 @@ sub _upgrade_tables {
$self->_upgrade_table('domains_network','allowed','int not null default 1');
$self->_upgrade_table('grant_types','enabled','int not null default 1');
}
......
......@@ -554,18 +554,22 @@ sub can_do($self, $grant) {
}
sub _load_grants($self) {
my $sth = $$CON->dbh->prepare(
"SELECT gt.name, gu.allowed"
my $sth;
eval { $sth= $$CON->dbh->prepare(
"SELECT gt.name, gu.allowed, gt.enabled"
." FROM grant_types gt LEFT JOIN grants_user gu "
." ON gt.id = gu.id_grant "
." AND gu.id_user=?"
);
$sth->execute($self->id);
my ($name, $allowed);
$sth->bind_columns(\($name, $allowed));
};
confess $@ if $@;
my ($name, $allowed, $enabled);
$sth->bind_columns(\($name, $allowed, $enabled));
while ($sth->fetch) {
$self->{_grant}->{$name} = $allowed;# or undef);
$self->{_grant}->{$name} = $allowed if $enabled;
$self->{_grant_disabled}->{$name} = !$enabled;
}
$sth->finish;
}
......@@ -654,6 +658,10 @@ Grant an user a specific permission, or revoke it
=cut
sub grant($self,$user,$permission,$value=1) {
confess "ERROR: permission '$permission' disabled "
if $self->{_grant_disabled}->{$permission};
if ( !$self->can_grant() && $self->name ne $Ravada::USER_DAEMON_NAME ) {
my @perms = $self->list_permissions();
confess "ERROR: ".$self->name." can't grant permissions for ".$user->name."\n"
......
......@@ -2,6 +2,7 @@ CREATE TABLE `grant_types` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` char(32) NOT NULL,
`description` varchar(255) NOT NULL,
`enabled` int not null default 1,
UNIQUE(`name`),
UNIQUE(`description`),
PRIMARY KEY (`id`)
......
CREATE TABLE `grant_types` (
`id` integer NOT NULL primary key AUTOINCREMENT,
`name` char(32) NOT NULL,
`description` varchar(255) NOT NULL,
UNIQUE (`name`),
UNIQUE (`description`)
`id` integer NOT NULL PRIMARY KEY AUTOINCREMENT
, `name` char(32) NOT NULL
, `description` varchar(255) NOT NULL
, `enabled` integer not null default 1
, UNIQUE(`name`)
, UNIQUE(`description`)
);
......@@ -129,7 +129,6 @@ sub rvd_back {
, config => ( $CONFIG or $DEFAULT_CONFIG)
, warn_error => 0
);
$rvd->_update_isos();
$USER_ADMIN = create_user('admin','admin',1) if !$USER_ADMIN;
$ARG_CREATE_DOM{KVM} = [ id_iso => search_id_iso('Alpine') ];
......@@ -155,7 +154,6 @@ sub init {
$Ravada::CONNECTOR = $CONNECTOR if !$Ravada::CONNECTOR;
Ravada::Auth::SQL::_init_connector($CONNECTOR);
$USER_ADMIN = create_user('admin','admin',1) if $create_user;
$Ravada::Domain::MIN_FREE_MEMORY = 512*1024;
......
......@@ -173,7 +173,8 @@ sub test_view_clones {
my $clones;
eval{ $clones = rvd_front->list_clones() };
is(scalar @$clones,0) or return;
is($@,'');
is(scalar @$clones,0, Dumper($clones)) or return;
my $clone = $domain->clone(user => $usera,name => new_domain_name());
eval{ $clones = rvd_front->list_clones() };
......@@ -635,6 +636,9 @@ sub test_change_settings($vm_name) {
is($user->can_change_settings($clone->id), 1);
is($usera->can_change_settings($clone->id), 1);
$clone->remove(user_admin);
$domain->remove(user_admin);
$user->remove();
$usera->remove();
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment