Maor Lipchuk has uploaded a new change for review. Change subject: core: Add role of VM run time operator. ......................................................................
core: Add role of VM run time operator. Adding a new pre-defined role of VM run time operator which will act the same as VMOperator only without the permissions for create snapshot. Change-Id: Ifc0e2484aabee5779d6bfaf44e25bab0511e8e16 Bug-Url: https://bugzilla.redhat.com/1111095 Signed-off-by: Maor Lipchuk <mlipc...@redhat.com> --- M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/PredefinedRoles.java A packaging/dbscripts/upgrade/03_06_0760_add_VM_RUN_TIME_PERMISSIONS.sql 2 files changed, 33 insertions(+), 0 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/94/37094/1 diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/PredefinedRoles.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/PredefinedRoles.java index 73a87b4..cce638e 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/PredefinedRoles.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/PredefinedRoles.java @@ -28,6 +28,7 @@ BOOKMARK_ADMIN(new Guid("DEF00011-0000-0000-0000-DEF000000014")), EVENT_NOTIFICATION_ADMIN(new Guid("DEF00011-0000-0000-0000-DEF000000015")), DISK_PROFILE_USER(new Guid("DEF00020-0000-0000-0000-ABC000000010")), + VM_RUN_TIME_OPERATOR(new Guid("DEF00006-0000-0000-0000-DEF000000011")), MAC_POOL_ADMIN(new Guid("DEF00013-0000-0000-0000-DEF000000013")), MAC_POOL_USER(new Guid("DEF00014-0000-0000-0000-DEF000000014")); diff --git a/packaging/dbscripts/upgrade/03_06_0760_add_VM_RUN_TIME_PERMISSIONS.sql b/packaging/dbscripts/upgrade/03_06_0760_add_VM_RUN_TIME_PERMISSIONS.sql new file mode 100644 index 0000000..736f11d --- /dev/null +++ b/packaging/dbscripts/upgrade/03_06_0760_add_VM_RUN_TIME_PERMISSIONS.sql @@ -0,0 +1,32 @@ +Create or replace FUNCTION __temp_set_vm_run_time_permissions() +RETURNS VOID + AS $procedure$ + DECLARE + v_VM_RUN_TIME_ID UUID; + +BEGIN + v_VM_RUN_TIME_ID := 'DEF00006-0000-0000-0000-DEF000000011'; + + -- Add vm run time operator user role + INSERT INTO roles(id,name,description,is_readonly,role_type, app_mode) SELECT v_VM_RUN_TIME_ID, 'VmRunTimeOperator', 'Vm Run Time Operator', true, 2, 1 + WHERE NOT EXISTS (SELECT id,name,description,is_readonly,role_type + FROM roles + WHERE id = v_VM_RUN_TIME_ID + AND name='VmRunTimeOperator' + AND description='Vm Run Time Operator' + AND is_readonly=true + AND role_type=2 + AND app_mode=1); + + -- Add action group with the properties of VM_OPERATOR role (def00006-0000-0000-0000-def000000006) without the vm snpashot manipulation (12). + INSERT INTO roles_groups (role_id, action_group_id) + SELECT 'def00006-0000-0000-0000-def000000011', action_group_id + FROM roles_groups a + WHERE role_id = 'def00006-0000-0000-0000-def000000006' AND action_group_id <> 12; + +END; $procedure$ +LANGUAGE plpgsql; + +SELECT __temp_set_vm_run_time_permissions(); +DROP function __temp_set_vm_run_time_permissions(); + -- To view, visit http://gerrit.ovirt.org/37094 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ifc0e2484aabee5779d6bfaf44e25bab0511e8e16 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Maor Lipchuk <mlipc...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
