[Engine-patches] Change in ovirt-engine[master]: core : User is not able to see newly added permissions on ob...

Wed, 26 Feb 2014 08:25:40 -0800 

Ravi Nori has uploaded a new change for review.

Change subject: core : User is not able to see newly added permissions on 
object if he inherited this permission on that object.
......................................................................

core : User is not able to see newly added permissions on object if he 
inherited this permission on that object.

If user inherit some permissions on some object,
than if he try to add new permissions to object
that he inherit permission from, he is not able
to see this newly added permissions.

Fixes the case where a single role TemplateAdmin
can create multiple role_type entries in
permissions_view

Change-Id: I60d0c320453fa30554b6ac63e6652729dd0735d6
Bug-Url: https://bugzilla.redhat.com/877906
Signed-off-by: Ravi Nori <rn...@redhat.com>
---
M packaging/dbscripts/multi_level_administration_sp.sql
1 file changed, 9 insertions(+), 7 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/94/25094/1

diff --git a/packaging/dbscripts/multi_level_administration_sp.sql 
b/packaging/dbscripts/multi_level_administration_sp.sql
index ffd46a2..383380e 100644
--- a/packaging/dbscripts/multi_level_administration_sp.sql
+++ b/packaging/dbscripts/multi_level_administration_sp.sql
@@ -506,17 +506,19 @@
 Create or replace FUNCTION GetAllUsersWithPermissionsByEntityId(v_id UUID, 
v_user_id UUID, v_is_filtered BOOLEAN)
 RETURNS SETOF permissions_view STABLE
    AS $procedure$
+   declare r_type int4;
 BEGIN
-   RETURN QUERY SELECT *
-   FROM permissions_view p
-   WHERE object_id in (select id from fn_get_entity_parents(v_id,
-                                                            (SELECT DISTINCT 
role_type
-                                                               FROM 
permissions_view p
-                                                              WHERE object_id 
= v_id)))
-   AND   (NOT v_is_filtered OR EXISTS (SELECT 1
+   for r_type in (SELECT DISTINCT role_type FROM permissions_view p WHERE 
object_id = v_id)
+   LOOP
+     RETURN QUERY SELECT *
+     FROM permissions_view p
+     WHERE object_id in (select id from fn_get_entity_parents(v_id, r_type))
+     AND   (NOT v_is_filtered OR EXISTS (SELECT 1
                                        FROM   user_flat_groups u
                                        WHERE  p.ad_element_id = u.granted_id
                                        AND    u.user_id       = v_user_id));
+    END LOOP;
+    return;
 END; $procedure$
 LANGUAGE plpgsql;
 


-- 
To view, visit http://gerrit.ovirt.org/25094
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I60d0c320453fa30554b6ac63e6652729dd0735d6
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Ravi Nori <rn...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to