Ravi Nori has uploaded a new change for review. Change subject: restapi: Privileged user cannot create VM via API (#876460) ......................................................................
restapi: Privileged user cannot create VM via API (#876460) PowerUser can create VM from GUI but the operation fails from API. /api/vms to create a VM throws insufficient permissions error. Change-Id: I604883bc48dce3f326046d59534fb9134c1bbb29 Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=876460 Signed-off-by: Ravi Nori <[email protected]> --- M backend/manager/dbscripts/vm_templates_sp.sql M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetVmTemplateQuery.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/GetVmTemplateParameters.java M backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/VmTemplateDAO.java M backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/VmTemplateDAODbFacadeImpl.java M backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/BackendVmsResource.java 6 files changed, 61 insertions(+), 4 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/48/9248/1 diff --git a/backend/manager/dbscripts/vm_templates_sp.sql b/backend/manager/dbscripts/vm_templates_sp.sql index d62df46..b505c57 100644 --- a/backend/manager/dbscripts/vm_templates_sp.sql +++ b/backend/manager/dbscripts/vm_templates_sp.sql @@ -270,6 +270,19 @@ LANGUAGE plpgsql; +Create or replace FUNCTION GetVmTemplateByVmtName(v_vmt_name VARCHAR(255), v_user_id UUID, v_is_filtered boolean) RETURNS SETOF vm_templates_view + AS $procedure$ +BEGIN + RETURN QUERY SELECT vm_templates.* + FROM vm_templates_view vm_templates + WHERE name = v_vmt_name + AND (NOT v_is_filtered OR EXISTS (SELECT 1 + FROM user_vm_template_permissions_view + WHERE user_id = v_user_id AND entity_id = vmt_guid)); +END; $procedure$ +LANGUAGE plpgsql; + + diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetVmTemplateQuery.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetVmTemplateQuery.java index 070166b..2d4d03b 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetVmTemplateQuery.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetVmTemplateQuery.java @@ -11,8 +11,14 @@ @Override protected void executeQueryCommand() { - VmTemplate vmt = DbFacade.getInstance().getVmTemplateDao() + VmTemplate vmt; + if (getParameters().getName() != null) { + vmt = DbFacade.getInstance().getVmTemplateDao() + .getByName(getParameters().getName(), getUserID(), getParameters().isFiltered()); + } else { + vmt = DbFacade.getInstance().getVmTemplateDao() .get(getParameters().getId(), getUserID(), getParameters().isFiltered()); + } VmTemplateHandler.UpdateDisksFromDb(vmt); getQueryReturnValue().setReturnValue(vmt); } diff --git a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/GetVmTemplateParameters.java b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/GetVmTemplateParameters.java index 0c56eb7..7ddfe9f 100644 --- a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/GetVmTemplateParameters.java +++ b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/GetVmTemplateParameters.java @@ -5,16 +5,25 @@ public class GetVmTemplateParameters extends VdcQueryParametersBase { private static final long serialVersionUID = 8906662143775124331L; + private Guid _id = new Guid(); + private String _name; + public GetVmTemplateParameters(Guid id) { _id = id; } - private Guid _id = new Guid(); + public GetVmTemplateParameters(String name) { + _name = name; + } public Guid getId() { return _id; } + public String getName() { + return _name; + } + public GetVmTemplateParameters() { } } diff --git a/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/VmTemplateDAO.java b/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/VmTemplateDAO.java index 010c7a8..86f28f7 100644 --- a/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/VmTemplateDAO.java +++ b/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/VmTemplateDAO.java @@ -27,6 +27,19 @@ public VmTemplate get(Guid id, Guid userID, boolean isFiltered); /** + * Retrieves the template with the given id with optional filtering. + * + * @param name + * The name to look by (can't be <code>null</code>). + * @param userID + * the ID of the user requesting the information + * @param isFiltered + * Whether the results should be filtered according to the user's permissions + * @return The entity instance, or <code>null</code> if not found. + */ + public VmTemplate getByName(String name, Guid userID, boolean isFiltered); + + /** * Retrieves all templates with optional filtering. * * @param userID diff --git a/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/VmTemplateDAODbFacadeImpl.java b/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/VmTemplateDAODbFacadeImpl.java index 63ccb3d..f23cdca 100644 --- a/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/VmTemplateDAODbFacadeImpl.java +++ b/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/VmTemplateDAODbFacadeImpl.java @@ -39,6 +39,14 @@ } @Override + public VmTemplate getByName(String name, Guid userID, boolean isFiltered) { + return getCallsHandler().executeRead("GetVmTemplateByVmtName", + VMTemplateRowMapper.instance, + getCustomMapSqlParameterSource() + .addValue("vmt_name", name).addValue("user_id", userID).addValue("is_filtered", isFiltered)); + } + + @Override public List<VmTemplate> getAll() { return getAll(null, false); } diff --git a/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/BackendVmsResource.java b/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/BackendVmsResource.java index c8862aa..50dc7a6 100644 --- a/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/BackendVmsResource.java +++ b/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/BackendVmsResource.java @@ -409,9 +409,17 @@ } protected Guid getTemplateId(VM vm) { - return vm.getTemplate().isSetId() ? asGuid(vm.getTemplate().getId()) : getEntity( + return vm.getTemplate().isSetId() ? asGuid(vm.getTemplate().getId()) : getTemplateByName(vm).getId(); + } + + private VmTemplate getTemplateByName(VM vm) { + return isFiltered() ? lookupTemplateByName(vm.getTemplate().getName()) : getEntity( VmTemplate.class, SearchType.VmTemplate, - "Template: name=" + vm.getTemplate().getName()).getId(); + "Template: name=" + vm.getTemplate().getName()); + } + + public VmTemplate lookupTemplateByName(String name) { + return getEntity(VmTemplate.class, VdcQueryType.GetVmTemplate, new GetVmTemplateParameters(name), "GetVmTemplate"); } public VmTemplate lookupTemplate(Guid id) { -- To view, visit http://gerrit.ovirt.org/9248 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I604883bc48dce3f326046d59534fb9134c1bbb29 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Ravi Nori <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
