[Kimchi-devel] [PATCH 0/9] authorization: Filter resources by users and groups

Crístian Viana vianac at linux.vnet.ibm.com
Thu Jul 24 14:43:25 UTC 2014 

Reviewed-by: Crístian Viana <vianac at linux.vnet.ibm.com>

On 23-07-2014 17:39, alinefm at linux.vnet.ibm.com wrote:
> From: Aline Manera <alinefm at linux.vnet.ibm.com>
>
> Also move autorization mechanism to controller to be able to distinguish
> resource and collection configuration
>      
> If we use UrlSubNode to also handle the authorization configuration, we won't be
> able to specify different configuration to collection and its resource
> as Kimchi uses the same base URL to both.
>      
> Example:
> @UrlSubNode("vms", True, ["POST", "PUT", "DELETE"], 'guests')
> It meant that all the methods listed were exclusive for admin users.
> Which it is not correct, as a user assigned to a VM can also perform POST,
> PUT and DELETE actions. So fix it by moving the authorization mechanism to
> controller
>
> Aline Manera (5):
>    authorization: Filter resources by users and groups
>    authorization: Restrict Collection access based on admin_methods
>      parameter
>    authorization: Restrict access to Resource instance
>    authorization: Update control files to set role_key and admin_methods
>    authorization: Remove authorization config from UrlSubNode
>
> Crístian Viana (4):
>    Return some groups for every user in mockmodel
>    Move "fake_user" credentials to mockmodel
>    List "admin" as a valid system user in mockmodel
>    authorization: Update test cases based on last changes
>
>   src/kimchi/auth.py                   | 16 +----------
>   src/kimchi/control/base.py           | 56 +++++++++++++++++++++++++++++++-----
>   src/kimchi/control/debugreports.py   |  8 +++++-
>   src/kimchi/control/host.py           | 26 +++++++++++++++--
>   src/kimchi/control/interfaces.py     |  6 +++-
>   src/kimchi/control/networks.py       |  6 +++-
>   src/kimchi/control/storagepools.py   |  6 +++-
>   src/kimchi/control/storageservers.py |  8 +++++-
>   src/kimchi/control/templates.py      |  6 +++-
>   src/kimchi/control/utils.py          | 14 +++++----
>   src/kimchi/control/vms.py            |  6 +++-
>   src/kimchi/exception.py              |  4 +++
>   src/kimchi/i18n.py                   |  1 +
>   src/kimchi/mockmodel.py              |  5 +++-
>   src/kimchi/server.py                 |  4 ---
>   tests/test_authorization.py          | 30 +++++++++++++++++--
>   tests/test_rest.py                   | 19 ++++++------
>   tests/utils.py                       |  9 +++---
>   18 files changed, 172 insertions(+), 58 deletions(-)
>

More information about the Kimchi-devel mailing list