Re: [Kimchi-devel] [PATCH 0/9] authorization: Filter resources by users and groups

24 Jul 2014


      Reviewed-by: Crístian Viana <vianac@linux.vnet.ibm.com>

On 23-07-2014 17:39, alinefm@linux.vnet.ibm.com wrote:
...
From: Aline Manera <alinefm@linux.vnet.ibm.com>
Also move autorization mechanism to controller to be able to distinguish
resource and collection configuration
If we use UrlSubNode to also handle the authorization configuration, we won't be
able to specify different configuration to collection and its resource
as Kimchi uses the same base URL to both.
Example:
@UrlSubNode("vms", True, ["POST", "PUT", "DELETE"], 'guests')
It meant that all the methods listed were exclusive for admin users.
Which it is not correct, as a user assigned to a VM can also perform POST,
PUT and DELETE actions. So fix it by moving the authorization mechanism to
controller
Aline Manera (5):
   authorization: Filter resources by users and groups
   authorization: Restrict Collection access based on admin_methods
     parameter
   authorization: Restrict access to Resource instance
   authorization: Update control files to set role_key and admin_methods
   authorization: Remove authorization config from UrlSubNode
Crístian Viana (4):
   Return some groups for every user in mockmodel
   Move "fake_user" credentials to mockmodel
   List "admin" as a valid system user in mockmodel
   authorization: Update test cases based on last changes
src/kimchi/auth.py                   | 16 +----------
  src/kimchi/control/base.py           | 56 +++++++++++++++++++++++++++++++-----
  src/kimchi/control/debugreports.py   |  8 +++++-
  src/kimchi/control/host.py           | 26 +++++++++++++++--
  src/kimchi/control/interfaces.py     |  6 +++-
  src/kimchi/control/networks.py       |  6 +++-
  src/kimchi/control/storagepools.py   |  6 +++-
  src/kimchi/control/storageservers.py |  8 +++++-
  src/kimchi/control/templates.py      |  6 +++-
  src/kimchi/control/utils.py          | 14 +++++----
  src/kimchi/control/vms.py            |  6 +++-
  src/kimchi/exception.py              |  4 +++
  src/kimchi/i18n.py                   |  1 +
  src/kimchi/mockmodel.py              |  5 +++-
  src/kimchi/server.py                 |  4 ---
  tests/test_authorization.py          | 30 +++++++++++++++++--
  tests/test_rest.py                   | 19 ++++++------
  tests/utils.py                       |  9 +++---
  18 files changed, 172 insertions(+), 58 deletions(-)