Roy Golan has uploaded a new change for review. Change subject: frontend: consider Everyone->diskProfileUser as basic user permission ......................................................................
frontend: consider Everyone->diskProfileUser as basic user permission Similar to vnicProfileUser, user have permissions on a default profile, but that should not make then view the Extended User Portal Change-Id: I81bf88b7d4d0e16142dfad83b2e0d03039243a18 Bug-Url: https://bugzilla.redhat.com/1225274 Signed-off-by: Roy Golan <rgo...@redhat.com> --- M frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/auth/ApplicationGuids.java M frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/userportal/UserPortalLoginModel.java 2 files changed, 13 insertions(+), 19 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/34/41834/1 diff --git a/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/auth/ApplicationGuids.java b/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/auth/ApplicationGuids.java index 788af26..b6edccf 100644 --- a/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/auth/ApplicationGuids.java +++ b/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/auth/ApplicationGuids.java @@ -14,6 +14,7 @@ quotaConsumer(new Guid("def0000a-0000-0000-0000-def00000000a")), //$NON-NLS-1$ dataCenterAdmin(new Guid("def00002-0000-0000-0000-def000000002")), //$NON-NLS-1$ vnicProfileUser(new Guid("DEF0000A-0000-0000-0000-DEF000000010")), //$NON-NLS-1$ + diskProfileUser(new Guid("DEF00020-0000-0000-0000-ABC000000010")), //$NON-NLS-1$ // ad_groups everyone(new Guid("eee00000-0000-0000-0000-123456789eee")); //$NON-NLS-1$ diff --git a/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/userportal/UserPortalLoginModel.java b/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/userportal/UserPortalLoginModel.java index 4e6f050..a07645e 100644 --- a/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/userportal/UserPortalLoginModel.java +++ b/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/userportal/UserPortalLoginModel.java @@ -22,6 +22,9 @@ import org.ovirt.engine.ui.uicompat.FrontendMultipleQueryAsyncResult; import org.ovirt.engine.ui.uicompat.IFrontendMultipleQueryAsyncCallback; +import static org.ovirt.engine.ui.uicommonweb.auth.ApplicationGuids.*; +import static org.ovirt.engine.ui.uicommonweb.auth.ApplicationGuids.everyone; + public class UserPortalLoginModel extends LoginModel { @@ -180,7 +183,7 @@ loginModel.getUserRoles(loginModel); } - }), ApplicationGuids.engineUser.asGuid()); + }), engineUser.asGuid()); } // Get logged user's permissions and create a list of roles associated with the user (and proceed to Step3). @@ -200,9 +203,11 @@ // ALL Everyone/UserPoralBasedVM permissions and // ALL Everyone/QuotaConsumer persmissions // ALL Everyone/NetworkUser persmissions - if (isEveryoneUserPortalBasedVmPermission(permission) - || isEveryoneQuotaConsumerPermission(permission) - || isEveryoneVnicProfileUserPermission(permission)) { + // ALL Everyone/DiskProfileUser persmissions + if (isPermissionOf(everyone, userTemplateBasedVM, permission) + || isPermissionOf(everyone, quotaConsumer, permission) + || isPermissionOf(everyone, vnicProfileUser, permission) + || isPermissionOf(everyone, diskProfileUser, permission)) { continue; } if (!roleIdList.contains(permission.getRoleId())) @@ -224,21 +229,9 @@ } - private boolean isEveryoneVnicProfileUserPermission(Permission permission) { - return permission.getAdElementId().equals(ApplicationGuids.everyone.asGuid()) && - permission.getRoleId().equals(ApplicationGuids.vnicProfileUser.asGuid()); - } - - private boolean isEveryoneUserPortalBasedVmPermission(Permission permission) { - return permission.getAdElementId().equals(ApplicationGuids.everyone.asGuid()) - && - permission.getRoleId() - .equals(ApplicationGuids.userTemplateBasedVM.asGuid()); - } - - private boolean isEveryoneQuotaConsumerPermission(Permission permission) { - return permission.getAdElementId().equals(ApplicationGuids.everyone.asGuid()) && - permission.getRoleId().equals(ApplicationGuids.quotaConsumer.asGuid()); + private boolean isPermissionOf(ApplicationGuids user, ApplicationGuids role, Permission permission) { + return permission.getAdElementId().equals(user.asGuid()) + && permission.getRoleId().equals(role.asGuid()); } }), loginModel.getLoggedUser().getId()); } -- To view, visit https://gerrit.ovirt.org/41834 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I81bf88b7d4d0e16142dfad83b2e0d03039243a18 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Roy Golan <rgo...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
