Yair Zaslavsky has posted comments on this change. Change subject: engine: Can't add user without system level admin permission ......................................................................
Patch Set 9: (5 comments) http://gerrit.ovirt.org/#/c/25225/9/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/BackendPermitResource.java File backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/BackendPermitResource.java: Line 32: Line 33: @Override Line 34: protected Permit addParents(Permit permit) { Line 35: if (permit == null) { Line 36: System.out.println("permit is null"); why the system.out.println? Line 37: } Line 38: if (parent == null) { Line 39: System.out.println("parent is null"); Line 40: } http://gerrit.ovirt.org/#/c/25225/9/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/BackendPermitsResource.java File backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/BackendPermitsResource.java: Line 76: Line 77: @Override Line 78: public Permit addParents(Permit permit) { Line 79: if (permit == null) { Line 80: System.out.println("permit is null in BAckendPermitsResource"); same Line 81: } Line 82: if (roleId == null) { Line 83: System.out.println("roleId is null in BAckendPermitsResource"); Line 84: } http://gerrit.ovirt.org/#/c/25225/9/backend/manager/modules/restapi/jaxrs/src/test/java/org/ovirt/engine/api/restapi/resource/BackendPermitResourceTest.java File backend/manager/modules/restapi/jaxrs/src/test/java/org/ovirt/engine/api/restapi/resource/BackendPermitResourceTest.java: Line 55: resource.setMappingLocator(mapperLocator); Line 56: resource.getParent().setMappingLocator(mapperLocator); Line 57: resource.setValidatorLocator(validatorLocator); Line 58: resource.getParent().setValidatorLocator(validatorLocator); Line 59: System.out.println("action = "+ action); same? Line 60: verifyPermit(resource.get(), action); Line 61: } Line 62: } Line 63: http://gerrit.ovirt.org/#/c/25225/9/packaging/dbscripts/upgrade/03_05_0070_add_missing_manipulate_users_permissions.sql File packaging/dbscripts/upgrade/03_05_0070_add_missing_manipulate_users_permissions.sql: Line 13: BEGIN Line 14: v_CLUSTER_ADMIN_ID := 'DEF00001-0000-0000-0000-DEF000000001'; Line 15: v_DATA_CENTER_ADMIN_ID := 'DEF00002-0000-0000-0000-DEF000000002'; Line 16: v_TEMPLATE_OWNER_USER_ID := 'DEF0000A-0000-0000-0000-DEF00000000F'; Line 17: v_DISK_OPERATOR_USER_ID := 'DEF0000A-0000-0000-0000-DEF00000000B'; Oved suggested to add the permission to all roles with manipulate_users, this includes custom roles. and looks like your insert does that, so you can remove all the variables of the roles , like v_CLUSTER_ADMIN_ID. Line 18: v_VM_ADMIN_ID := 'DEF00006-0000-0000-0000-DEF000000006'; Line 19: v_USER_INSTANCE_MANAGER_ID := 'DEF00012-0000-0000-0000-DEF000000012'; Line 20: v_ADD_USERS_AND_GROUPS_FROM_DIRECTORY = 503; Line 21: v_MANIPULATE_PERMISSIONS = 502; Line 18: v_VM_ADMIN_ID := 'DEF00006-0000-0000-0000-DEF000000006'; Line 19: v_USER_INSTANCE_MANAGER_ID := 'DEF00012-0000-0000-0000-DEF000000012'; Line 20: v_ADD_USERS_AND_GROUPS_FROM_DIRECTORY = 503; Line 21: v_MANIPULATE_PERMISSIONS = 502; Line 22: INSERT INTO roles_groups(role_id,action_group_id) please capitalize table names. Line 23: SELECT rg.role_id, v_ADD_USERS_AND_GROUPS_FROM_DIRECTORY Line 24: FROM ROLES_GROUPS rg Line 25: WHERE Line 26: action_group_id = v_MANIPULATE_PERMISSIONS -- To view, visit http://gerrit.ovirt.org/25225 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I308f9cc5edb53b9633d768fd3d382dc9cf62031c Gerrit-PatchSet: 9 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com> Gerrit-Reviewer: Eli Mesika <emes...@redhat.com> Gerrit-Reviewer: Oved Ourfali <oourf...@redhat.com> Gerrit-Reviewer: Ravi Nori <rn...@redhat.com> Gerrit-Reviewer: Yair Zaslavsky <yzasl...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
