Commit c71b552d authored by Francesc Guasch's avatar Francesc Guasch
Browse files

feat(grants): enable or disable permissions

issue #698
parent 815421d9
......@@ -671,17 +671,32 @@ sub _update_grants($self) {
$sth->execute();
}
sub _null_grants($self) {
my $sth = $CONNECTOR->dbh->prepare("SELECT count(*) FROM grant_types "
." WHERE enabled = NULL "
);
$sth->execute;
my ($count) = $sth->fetchrow;
exit if !$count && $self->{_null}++;
return $count;
}
sub _enable_grants($self) {
return if $self->_null_grants();
my $sth = $CONNECTOR->dbh->prepare(
"UPDATE grant_types set enabled=0"
);
$sth->execute;
my @grants = (
'change_settings','clone', 'create_base', 'create_machine'
'change_settings', 'change_settings_all', 'change_settings_clones'
,'clone', 'clone_all', 'create_base', 'create_machine'
,'grant'
,'hibernate_clone'
,'remove_clone', 'remove_clone_all'
,'screenshot', 'shutdown_clone'
,'manage_users'
,'remove', 'remove_all', 'remove_clone', 'remove_clone_all'
,'shutdown_all', 'shutdown_clone'
);
$sth = $CONNECTOR->dbh->prepare("SELECT id,name FROM grant_types");
......@@ -696,7 +711,6 @@ sub _enable_grants($self) {
);
my %done;
for my $name ( sort @grants ) {
warn "enabling $name";
die "Duplicate grant $name " if $done{$name};
die "Permission $name doesn't exist at table grant_types"
."\n".Dumper(\%grant_exists)
......@@ -705,6 +719,7 @@ sub _enable_grants($self) {
$sth->execute($name);
}
}
sub _update_old_qemus($self) {
......
/* any user should be allowed these */
INSERT INTO grant_types(name,description) VALUES('clone',"can clone public virtual machines.");
INSERT INTO grant_types(name,description) VALUES('change_settings',"can change the settings of owned virtual machines.");
INSERT INTO grant_types(name,description) VALUES('remove',"can remove any virtual machines owned by the user.");
INSERT INTO grant_types(name,description,enabled) VALUES('clone',"can clone public virtual machines.",1);
INSERT INTO grant_types(name,description,enabled) VALUES('change_settings',"can change the settings of owned virtual machines.",1);
INSERT INTO grant_types(name,description,enabled) VALUES('remove',"can remove any virtual machine owned by the user.",1);
INSERT INTO grant_types(name,description) VALUES('screenshot',"can take a screenshot of any virtual machine owned by the user.");
/* managers should be allowed these */
......@@ -10,13 +10,13 @@ INSERT INTO grant_types(name,description) VALUES('create_machine',"can create vi
INSERT INTO grant_types(name,description) VALUES('create_base',"can create bases.");
/* managers should be allowed these */
INSERT INTO grant_types(name,description) VALUES('change_settings_clones',"can change the settings of any virtual machines cloned from one base owned by the user.");
INSERT INTO grant_types(name,description) VALUES('change_settings_clones',"can change the settings of any virtual machine cloned from one base owned by the user.");
INSERT INTO grant_types(name,description) VALUES('remove_clone',"can remove clones from virtual machines owned by the user.");
INSERT INTO grant_types(name,description) VALUES('shutdown_clone',"can shutdown clones from virtual machines owned by the user.");
INSERT INTO grant_types(name,description) VALUES('hibernate_clone',"can hibernate clones from virtual machines owned by the user.");
/* operators should be allowed these */
INSERT INTO grant_types(name,description) VALUES('change_settings_all',"can change the settings of any virtual machines.");
INSERT INTO grant_types(name,description) VALUES('change_settings_all',"can change the settings of any virtual machine.");
INSERT INTO grant_types(name,description) VALUES('remove_clone_all',"can remove any clone.");
INSERT INTO grant_types(name,description) VALUES('hibernate_clone_all',"can hibernate any clone.");
......@@ -27,5 +27,5 @@ INSERT INTO grant_types(name,description) VALUES('shutdown_all',"can shutdown an
INSERT INTO grant_types(name,description) VALUES('hibernate_all',"can hibernate any virtual machine.");
INSERT INTO grant_types(name,description) VALUES('screenshot_all',"can take a screenshot of any virtual machine.");
INSERT INTO grant_types(name,description) VALUES('grant','can grant permissions to other users');
INSERT INTO grant_types(name,description, enabled) VALUES('grant','can grant permissions to other users', 1);
INSERT INTO grant_types(name,description) VALUES('manage_users','can manage users.');
......@@ -2,7 +2,7 @@ CREATE TABLE `grant_types` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` char(32) NOT NULL,
`description` varchar(255) NOT NULL,
`enabled` int not null default 1,
`enabled` int default NULL,
UNIQUE(`name`),
UNIQUE(`description`),
PRIMARY KEY (`id`)
......
......@@ -2,7 +2,7 @@ CREATE TABLE `grant_types` (
`id` integer NOT NULL PRIMARY KEY AUTOINCREMENT
, `name` char(32) NOT NULL
, `description` varchar(255) NOT NULL
, `enabled` integer not null default 1
, `enabled` integer default NULL
, UNIQUE(`name`)
, UNIQUE(`description`)
);
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment