Omer Frenkel has submitted this change and it was merged.
Change subject: engine,webdmin: Restrict destination host parameter for administrators
......................................................................
engine,webdmin: Restrict destination host parameter for administrators
Users aren't supposed to be able to provide any host level parameters
to commands.
New action groups added:
- EDIT_ADMIN_VM_PROPERTIES
- EDIT_ADMIN_TEMPLATE_PROPERTIES
The permission check is applied if e.g. destination host is specified
and is different from the default VM destination host
for Run/RunOnce/UpdateVM/UpdateVmTemplate/AddVM/AddVmTemplate VM actions.
The new action groups are assigned to:
- SuperUser, DataCenterAdmin, (ClusterAdmin, TemplateAdmin) roles.
GUI role tree is updated.
Permissions are propagated into REST API layer.
Change-Id: I5294854d24b235f2c50fa7f3d4e7472cf7598b53
Bug-Url:
https://bugzilla.redhat.com/902353
Signed-off-by: Libor Spevak <lspevak(a)redhat.com>
---
A backend/manager/dbscripts/upgrade/03_03_0030_add_edit_admin_vm_props.sql
M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddVmCommand.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddVmFromScratchCommand.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddVmFromSnapshotCommand.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddVmTemplateCommand.java
M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RunVmCommand.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/UpdateVmCommand.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/UpdateVmTemplateCommand.java
M
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/ActionGroup.java
M
backend/manager/modules/restapi/interface/definition/src/main/java/org/ovirt/engine/api/model/PermitType.java
M
backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/PermitMapper.java
M
frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/configure/roles_ui/RoleTreeView.java
M
frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/Constants.java
M
frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/LocalizedEnums.java
M
frontend/webadmin/modules/uicompat/src/main/resources/org/ovirt/engine/ui/uicompat/LocalizedEnums.properties
15 files changed, 177 insertions(+), 29 deletions(-)
Approvals:
Libor Spevak: Verified
Omer Frenkel:
Oved Ourfali: Looks good to me, approved
--
To view, visit
http://gerrit.ovirt.org/11303
To unsubscribe, visit
http://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I5294854d24b235f2c50fa7f3d4e7472cf7598b53
Gerrit-PatchSet: 8
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Libor Spevak <lspevak(a)redhat.com>
Gerrit-Reviewer: Einav Cohen <ecohen(a)redhat.com>
Gerrit-Reviewer: Gilad Chaplik <gchaplik(a)redhat.com>
Gerrit-Reviewer: Itamar Heim <iheim(a)redhat.com>
Gerrit-Reviewer: Libor Spevak <lspevak(a)redhat.com>
Gerrit-Reviewer: Michael Pasternak <mpastern(a)redhat.com>
Gerrit-Reviewer: Omer Frenkel <ofrenkel(a)redhat.com>
Gerrit-Reviewer: Oved Ourfali <oourfali(a)redhat.com>
Gerrit-Reviewer: Tomas Jelinek <tjelinek(a)redhat.com>