[Kimchi-devel] [PATCH 0/9] authorization: Filter resources by users and groups

alinefm at linux.vnet.ibm.com alinefm at linux.vnet.ibm.com
Wed Jul 23 20:39:11 UTC 2014 

From: Aline Manera <alinefm at linux.vnet.ibm.com>

Also move autorization mechanism to controller to be able to distinguish
resource and collection configuration
    
If we use UrlSubNode to also handle the authorization configuration, we won't be
able to specify different configuration to collection and its resource
as Kimchi uses the same base URL to both.
    
Example:
@UrlSubNode("vms", True, ["POST", "PUT", "DELETE"], 'guests')
It meant that all the methods listed were exclusive for admin users.
Which it is not correct, as a user assigned to a VM can also perform POST,
PUT and DELETE actions. So fix it by moving the authorization mechanism to
controller

Aline Manera (5):
  authorization: Filter resources by users and groups
  authorization: Restrict Collection access based on admin_methods
    parameter
  authorization: Restrict access to Resource instance
  authorization: Update control files to set role_key and admin_methods
  authorization: Remove authorization config from UrlSubNode

Crístian Viana (4):
  Return some groups for every user in mockmodel
  Move "fake_user" credentials to mockmodel
  List "admin" as a valid system user in mockmodel
  authorization: Update test cases based on last changes

 src/kimchi/auth.py                   | 16 +----------
 src/kimchi/control/base.py           | 56 +++++++++++++++++++++++++++++++-----
 src/kimchi/control/debugreports.py   |  8 +++++-
 src/kimchi/control/host.py           | 26 +++++++++++++++--
 src/kimchi/control/interfaces.py     |  6 +++-
 src/kimchi/control/networks.py       |  6 +++-
 src/kimchi/control/storagepools.py   |  6 +++-
 src/kimchi/control/storageservers.py |  8 +++++-
 src/kimchi/control/templates.py      |  6 +++-
 src/kimchi/control/utils.py          | 14 +++++----
 src/kimchi/control/vms.py            |  6 +++-
 src/kimchi/exception.py              |  4 +++
 src/kimchi/i18n.py                   |  1 +
 src/kimchi/mockmodel.py              |  5 +++-
 src/kimchi/server.py                 |  4 ---
 tests/test_authorization.py          | 30 +++++++++++++++++--
 tests/test_rest.py                   | 19 ++++++------
 tests/utils.py                       |  9 +++---
 18 files changed, 172 insertions(+), 58 deletions(-)

-- 
1.9.3

More information about the Kimchi-devel mailing list