Ravi Nori has uploaded a new change for review. Change subject: engine : query execution failed due to insufficient permissions ......................................................................
engine : query execution failed due to insufficient permissions Adding a disk using a user with DiskCreator privileges logs insufficient permissions message in the log Change-Id: I11adfe9c49d1e57ecc88d1828ed63884016c33e8 Bug-Url: https://bugzilla.redhat.com/1153043 Signed-off-by: Ravi Nori <rn...@redhat.com> --- M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetTasksStatusesByTasksIDsQuery.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java 2 files changed, 11 insertions(+), 2 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/44/34844/1 diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetTasksStatusesByTasksIDsQuery.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetTasksStatusesByTasksIDsQuery.java index 2cf21eb..9937105 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetTasksStatusesByTasksIDsQuery.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetTasksStatusesByTasksIDsQuery.java @@ -2,6 +2,7 @@ import org.ovirt.engine.core.bll.tasks.CommandCoordinatorUtil; import org.ovirt.engine.core.common.queries.GetTasksStatusesByTasksIDsParameters; +import org.ovirt.engine.core.dal.dbbroker.DbFacade; public class GetTasksStatusesByTasksIDsQuery<P extends GetTasksStatusesByTasksIDsParameters> extends QueriesCommandBase<P> { @@ -11,6 +12,14 @@ @Override protected void executeQueryCommand() { - getQueryReturnValue().setReturnValue(CommandCoordinatorUtil.pollTasks(getParameters().getTasksIDs())); + if (getUser().isAdmin() || + DbFacade.getInstance().getAsyncTaskDao().getVdsmTaskIdsByUser(getUserID()). + containsAll(getParameters().getTasksIDs())) { + getQueryReturnValue().setReturnValue(CommandCoordinatorUtil.pollTasks(getParameters().getTasksIDs())); + } else { + String errMessage = "Query execution failed due to insufficient permissions. Users can only query tasks started by them."; + log.error(errMessage); + getQueryReturnValue().setExceptionString(errMessage); + } } } diff --git a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java index 435e101..83664cd 100644 --- a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java +++ b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java @@ -280,7 +280,7 @@ GetoVirtISOs, // Async Tasks - GetTasksStatusesByTasksIDs, + GetTasksStatusesByTasksIDs(VdcQueryAuthType.User), // Quota GetQuotaByStoragePoolId, -- To view, visit http://gerrit.ovirt.org/34844 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I11adfe9c49d1e57ecc88d1828ed63884016c33e8 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-3.5 Gerrit-Owner: Ravi Nori <rn...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
