Change in ovirt-engine[master]: engine : vmconsole permissions violates engine permission sc...
masayag at redhat.com
masayag at redhat.com
Sun Oct 11 17:50:25 UTC 2015
Moti Asayag has submitted this change and it was merged.
Change subject: engine : vmconsole permissions violates engine permission scheme
......................................................................
engine : vmconsole permissions violates engine permission scheme
VM consoles should get list of VMs using user group permissions.
CONNECT_TO_SERIAL_CONSOLE action group has been added to SUPER_USER,
VM_OPERATOR and INSTANCE_OPERATOR. Any user with the above role
either by direct permissions or inherited throught the ad group should
be able to list the VMs for which they have inherited permissions on.
Change-Id: I87bef899b1c87066630de857e17e973342f20f2c
Bug-Url: https://bugzilla.redhat.com/1264385
Bug-Url: https://bugzilla.redhat.com/1264391
Signed-off-by: Ravi Nori <rnori at redhat.com>
---
M backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/SearchQueryParsingUtils.java
D backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetAllVmsForAnotherUserQuery.java
A backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetAllVmsForUserAndActionGroupQuery.java
A backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/LoginOnBehalfCommand.java
M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/SessionDataContainer.java
M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/AuditLogType.java
A backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/LoginOnBehalfParameters.java
M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java
M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/ActionGroup.java
M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/EngineError.java
M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/errors/EngineMessage.java
M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/GetEntitiesWithPermittedActionParameters.java
M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java
M backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/VmDao.java
M backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/VmDaoImpl.java
M backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties
M backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties
M backend/manager/modules/dal/src/main/resources/bundles/VdsmErrors.properties
M backend/manager/modules/dal/src/test/java/org/ovirt/engine/core/dao/VmDaoTest.java
M backend/manager/modules/dal/src/test/resources/fixtures.xml
M backend/manager/modules/restapi/interface/definition/src/main/java/org/ovirt/engine/api/model/PermitType.java
M backend/manager/modules/services/src/main/java/org/ovirt/engine/core/services/VMConsoleProxyServlet.java
M frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/AppErrors.java
M frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/configure/roles_ui/RoleTreeView.java
M frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/UIConstants.java
M frontend/webadmin/modules/uicompat/src/main/resources/org/ovirt/engine/ui/uicompat/LocalizedEnums.properties
M frontend/webadmin/modules/userportal-gwtp/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties
M frontend/webadmin/modules/webadmin/src/main/resources/org/ovirt/engine/ui/frontend/AppErrors.properties
A packaging/dbscripts/upgrade/03_06_1890_add_connect_to_serial_console_action_group.sql
M packaging/dbscripts/vms_sp.sql
30 files changed, 423 insertions(+), 57 deletions(-)
Approvals:
Alon Bar-Lev: Verified
Jenkins CI: Passed CI tests
Moti Asayag: Looks good to me, approved
--
To view, visit https://gerrit.ovirt.org/46379
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I87bef899b1c87066630de857e17e973342f20f2c
Gerrit-PatchSet: 21
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Ravi Nori <rnori at redhat.com>
Gerrit-Reviewer: Alon Bar-Lev <alonbl at redhat.com>
Gerrit-Reviewer: Arik Hadas <ahadas at redhat.com>
Gerrit-Reviewer: Eli Mesika <emesika at redhat.com>
Gerrit-Reviewer: Francesco Romani <fromani at redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Michal Skrivanek <michal.skrivanek at redhat.com>
Gerrit-Reviewer: Moti Asayag <masayag at redhat.com>
Gerrit-Reviewer: Omer Frenkel <ofrenkel at redhat.com>
Gerrit-Reviewer: Oved Ourfali <oourfali at redhat.com>
Gerrit-Reviewer: Ravi Nori <rnori at redhat.com>
Gerrit-Reviewer: automation at ovirt.org
More information about the Engine-commits
mailing list