Tal Nisan has submitted this change and it was merged. Change subject: engine : vmconsole permissions violates engine permission scheme ...................................................................... engine : vmconsole permissions violates engine permission scheme VM consoles should get list of VMs using user group permissions. CONNECT_TO_SERIAL_CONSOLE action group has been added to SUPER_USER, VM_OPERATOR and INSTANCE_OPERATOR. Any user with the above role either by direct permissions or inherited throught the ad group should be able to list the VMs for which they have inherited permissions on. Change-Id: I87bef899b1c87066630de857e17e973342f20f2c Bug-Url: https://bugzilla.redhat.com/1264385 Bug-Url: https://bugzilla.redhat.com/1264391 Signed-off-by: Ravi Nori <rnori@redhat.com> --- M backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/SearchQueryParsingUtils.java D backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetAllVmsForAnotherUserQuery.java A backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetAllVmsForUserAndActionGroupQuery.java A backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginOnBehalfCommand.java M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/SessionDataContainer.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java A backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/LoginOnBehalfParameters.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/ActionGroup.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/EngineError.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/EngineMessage.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/GetEntitiesWithPermittedActionParameters.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java M backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/VmDao.java M backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/VmDaoImpl.java M backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties M backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties M backend/manager/modules/dal/src/main/resources/bundles/VdsmErrors.properties M backend/manager/modules/dal/src/test/java/org/ovirt/engine/core/dao/VmDaoTest.java M backend/manager/modules/dal/src/test/resources/fixtures.xml M backend/manager/modules/restapi/interface/definition/src/main/java/org/ovirt/engine/api/model/PermitType.java M backend/manager/modules/services/src/main/java/org/ovirt/engine/core/services/VMConsoleProxyServlet.java M frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/AppErrors.java M frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/configure/roles_ui/RoleTreeView.java M frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/UIConstants.java M frontend/webadmin/modules/uicompat/src/main/resources/org/ovirt/engine/ui/uicompat/LocalizedEnums.properties M frontend/webadmin/modules/userportal-gwtp/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties M frontend/webadmin/modules/webadmin/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties A packaging/dbscripts/upgrade/03_06_1900_add_connect_to_serial_console_action_group.sql M packaging/dbscripts/vms_sp.sql 30 files changed, 423 insertions(+), 57 deletions(-) Approvals: Alon Bar-Lev: Verified Ravi Nori: Verified Jenkins CI: Passed CI tests Moti Asayag: Looks good to me, approved -- To view, visit https://gerrit.ovirt.org/47190 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: I87bef899b1c87066630de857e17e973342f20f2c Gerrit-PatchSet: 3 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-3.6 Gerrit-Owner: Alon Bar-Lev <alonbl@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alonbl@redhat.com> Gerrit-Reviewer: Jenkins CI Gerrit-Reviewer: Moti Asayag <masayag@redhat.com> Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczewski@gmail.com> Gerrit-Reviewer: Ravi Nori <rnori@redhat.com> Gerrit-Reviewer: Tal Nisan <tnisan@redhat.com> Gerrit-Reviewer: automation@ovirt.org