Change in ovirt-engine[ovirt-engine-3.6]: core, frontend: Prevent console stealing from admin user

8 Feb 2016

      Tal Nisan has submitted this change and it was merged.

Change subject: core, frontend: Prevent console stealing from admin user
......................................................................

core, frontend: Prevent console stealing from admin user

Before this patch all users were able to take over a console from other
users. Now the console can only be stealed by admin users
(DbUser#isAdmin()).

* ConfitureConsoleOptionsQuery calls SetVmTicketCommand using
  runAction() instead of runInternalAction() to allow premissions
  checking
* ConfigureConsoleOptionsQuery reports errors of nested
  SetVmTicketCommand calls in VdcQueryReturnValue#exceptionString
* SetVmTicketCommand has extended permission checking taking into
  account current console user (VM#getConsoleUserId()).
* Frontend calls of ConfitureConsoleOptionsQuery are able to show
  localized error messages to users (limited to one string error key, so
  variable replacements are no available).

Change-Id: I83ce78829d3f435d0e8d98ab133777c32268303e
Signed-off-by: Jakub Niedermertl <jniederm@redhat.com>
Bug-Url: https://bugzilla.redhat.com/1297018
---
M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/ConfigureConsoleOptionsQuery.java
M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/SetVmTicketCommand.java
M backend/manager/modules/bll/src/test/java/org/ovirt/engine/core/bll/ConfigureConsoleOptionsQueryTest.java
M backend/manager/modules/bll/src/test/java/org/ovirt/engine/core/bll/SetVmTicketCommandTest.java
M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/EngineMessage.java
M backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties
M frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/AppErrors.java
A frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/ShowErrorAsyncQuery.java
M frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/vms/SpiceConsoleModel.java
M frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/vms/VncConsoleModel.java
M frontend/webadmin/modules/userportal-gwtp/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties
M frontend/webadmin/modules/webadmin/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties
12 files changed, 192 insertions(+), 11 deletions(-)

Approvals:
  Tomas Jelinek: Looks good to me, but someone else must approve
  Jakub Niedermertl: Verified
  Jenkins CI: Passed CI tests
  Arik Hadas: Looks good to me, approved

-- 
To view, visit https://gerrit.ovirt.org/53127
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I83ce78829d3f435d0e8d98ab133777c32268303e
Gerrit-PatchSet: 3
Gerrit-Project: ovirt-engine
Gerrit-Branch: ovirt-engine-3.6
Gerrit-Owner: Jakub Niedermertl <jniederm@redhat.com>
Gerrit-Reviewer: Arik Hadas <ahadas@redhat.com>
Gerrit-Reviewer: Jakub Niedermertl <jniederm@redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Tal Nisan <tnisan@redhat.com>
Gerrit-Reviewer: Tomas Jelinek <tjelinek@redhat.com>
Gerrit-Reviewer: gerrit-hooks <automation@ovirt.org>

tnisan＠redhat.com

tags

participants (1)