Tal Nisan has submitted this change and it was merged.
Change subject: core, frontend: Prevent console stealing from admin user
......................................................................
core, frontend: Prevent console stealing from admin user
Before this patch all users were able to take over a console from other
users. Now the console can only be stealed by admin users
(DbUser#isAdmin()).
* ConfitureConsoleOptionsQuery calls SetVmTicketCommand using
runAction() instead of runInternalAction() to allow premissions
checking
* ConfigureConsoleOptionsQuery reports errors of nested
SetVmTicketCommand calls in VdcQueryReturnValue#exceptionString
* SetVmTicketCommand has extended permission checking taking into
account current console user (VM#getConsoleUserId()).
* Frontend calls of ConfitureConsoleOptionsQuery are able to show
localized error messages to users (limited to one string error key, so
variable replacements are no available).
Change-Id: I83ce78829d3f435d0e8d98ab133777c32268303e
Signed-off-by: Jakub Niedermertl <jniederm(a)redhat.com>
Bug-Url:
https://bugzilla.redhat.com/1297018
---
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/ConfigureConsoleOptionsQuery.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/SetVmTicketCommand.java
M
backend/manager/modules/bll/src/test/java/org/ovirt/engine/core/bll/ConfigureConsoleOptionsQueryTest.java
M
backend/manager/modules/bll/src/test/java/org/ovirt/engine/core/bll/SetVmTicketCommandTest.java
M
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/EngineMessage.java
M backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties
M
frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/AppErrors.java
A
frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/ShowErrorAsyncQuery.java
M
frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/vms/SpiceConsoleModel.java
M
frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/vms/VncConsoleModel.java
M
frontend/webadmin/modules/userportal-gwtp/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties
M
frontend/webadmin/modules/webadmin/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties
12 files changed, 192 insertions(+), 11 deletions(-)
Approvals:
Tomas Jelinek: Looks good to me, but someone else must approve
Jakub Niedermertl: Verified
Jenkins CI: Passed CI tests
Arik Hadas: Looks good to me, approved
--
To view, visit
https://gerrit.ovirt.org/53127
To unsubscribe, visit
https://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I83ce78829d3f435d0e8d98ab133777c32268303e
Gerrit-PatchSet: 3
Gerrit-Project: ovirt-engine
Gerrit-Branch: ovirt-engine-3.6
Gerrit-Owner: Jakub Niedermertl <jniederm(a)redhat.com>
Gerrit-Reviewer: Arik Hadas <ahadas(a)redhat.com>
Gerrit-Reviewer: Jakub Niedermertl <jniederm(a)redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Tal Nisan <tnisan(a)redhat.com>
Gerrit-Reviewer: Tomas Jelinek <tjelinek(a)redhat.com>
Gerrit-Reviewer: gerrit-hooks <automation(a)ovirt.org>