Commit d40c11fc authored by Francesc Guasch's avatar Francesc Guasch
Browse files

feat(grants): remove clones

issue #700
parent f05a97fc
......@@ -764,6 +764,34 @@ sub can_change_settings($self, $id_domain=undef) {
return 0;
}
sub can_remove_clones($self, $id_domain) {
my $domain = Ravada::Front::Domain->open($id_domain);
confess "ERROR: domain is not a base " if !$domain->id_base;
return 1 if $self->can_remove_clone_all();
return 0 if !$self->can_remove_clone();
my $base = Ravada::Front::Domain->open($domain->id_base);
return 1 if $base->id_owner == $self->id;
return 0;
}
sub can_remove_machine($self, $domain) {
return 1 if $self->can_remove_all();
return 0 if !$self->can_remove();
$domain = Ravada::Front::Domain->open($domain) if !ref $domain;
if ( $domain->id_owner == $self->id ) {
return 1 if $self->can_do("remove");
}
return $self->can_remove_clones($domain->id) if $domain->id_base;
return 0;
}
sub grants($self) {
$self->_load_grants() if !$self->{_grant};
return () if !$self->{_grant};
......
......@@ -264,7 +264,7 @@ sub _allow_remove($self, $user) {
confess "ERROR: Undefined user" if !defined $user;
die "ERROR: remove not allowed for user ".$user->name
unless $user->can_remove() || $user->is_admin;
unless $user->can_remove_machine($self);
$self->_check_has_clones() if $self->is_known();
if ( $self->is_known
......@@ -274,7 +274,6 @@ sub _allow_remove($self, $user) {
my $base = $self->open($self->id_base);
return if ($user->can_remove_clone_all() || ($base->id_owner == $user->id));
}
$self->_allowed($user);
}
......@@ -469,7 +468,7 @@ sub _allowed {
my $err = $@;
confess "User ".$user->name." [".$user->id."] not allowed to access ".$self->domain
." owned by ".($id_owner or '<UNDEF>')."\n".Dumper($self)
." owned by ".($id_owner or '<UNDEF>')
if (defined $id_owner && $id_owner != $user->id );
confess $err if $err;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment