[Engine-patches] Change in ovirt-engine[master]: core: Make regular user owner of VMs he created

Mon, 15 Jun 2015 09:02:12 -0700 

Hello Shmuel Melamud,

I'd like you to do a code review.  Please visit

    https://gerrit.ovirt.org/42392

to review the following change.

Change subject: core: Make regular user owner of VMs he created
......................................................................

core: Make regular user owner of VMs he created

If regular user has permission to create a VM and does this through
webadmin UI (having also ReadOnlyAdmin role) or REST API with
Filter: false, he doesn't get ownership for this VM by default. This is
OK for admin users, but non-admin users will effectively loose access to
their VMs.

To fix this, additional check is made for webadmin UI users and REST API
with Filter: false users, checking if they have permission to manage the
VM being created. If not, this permission is added for them.

Change-Id: I7e814ab024ceed63e3ec7fce82ca574fa5be1c8b
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1121144
Signed-off-by: Shmuel Melamud <smela...@redhat.com>
---
M 
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddVmCommand.java
1 file changed, 7 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/92/42392/1

diff --git 
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddVmCommand.java
 
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddVmCommand.java
index fb2e3a9..f0264e1 100644
--- 
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddVmCommand.java
+++ 
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddVmCommand.java
@@ -1290,7 +1290,7 @@
 
     protected void addVmPermission() {
         UniquePermissionsSet permissionsToAdd = new UniquePermissionsSet();
-        if ((getParameters()).isMakeCreatorExplicitOwner()) {
+        if (isMakeCreatorExplicitOwner()) {
             permissionsToAdd.addPermission(getCurrentUser().getId(), 
PredefinedRoles.VM_OPERATOR.getId(),
                     getVmId(), VdcObjectType.VM);
         }
@@ -1307,6 +1307,12 @@
         }
     }
 
+    private boolean isMakeCreatorExplicitOwner() {
+        return getParameters().isMakeCreatorExplicitOwner() ||
+                !checkUserAuthorization(
+                        getCurrentUser().getId(), 
ActionGroup.MANIPULATE_PERMISSIONS, getVmId(), VdcObjectType.VM);
+    }
+
     private void copyTemplatePermissions(UniquePermissionsSet 
permissionsToAdd) {
         PermissionDAO dao = getDbFacade().getPermissionDao();
 


-- 
To view, visit https://gerrit.ovirt.org/42392
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I7e814ab024ceed63e3ec7fce82ca574fa5be1c8b
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Shmuel Leib Melamud <smela...@redhat.com>
Gerrit-Reviewer: Shmuel Melamud <smela...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to