Moti Asayag has uploaded a new change for review.
Change subject: engine: Require permission for configure DC network
......................................................................
engine: Require permission for configure DC network
The UpdateNetworkCommand and RemoveNetowrkCommand was modified
to require permission on the target network for updating it.
AddNetworkCommand still requires permission on the Data-Center.
Change-Id: I739bc5f4f76b0c8c712cd604ee0b4a3987a16fd3
Signed-off-by: Moti Asayag <masa...@redhat.com>
---
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/AddNetworkCommand.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/NetworkCommon.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/RemoveNetworkCommand.java
3 files changed, 26 insertions(+), 1 deletion(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/37/9537/1
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/AddNetworkCommand.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/AddNetworkCommand.java
index a59b7c7..fb666ea 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/AddNetworkCommand.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/AddNetworkCommand.java
@@ -1,8 +1,11 @@
package org.ovirt.engine.core.bll.storage;
+import java.util.Collections;
import java.util.List;
+import org.ovirt.engine.core.bll.utils.PermissionSubject;
import org.ovirt.engine.core.common.AuditLogType;
+import org.ovirt.engine.core.common.VdcObjectType;
import org.ovirt.engine.core.common.action.AddNetworkStoragePoolParameters;
import org.ovirt.engine.core.common.businessentities.Network;
import org.ovirt.engine.core.common.validation.group.CreateEntity;
@@ -86,4 +89,11 @@
addValidationGroup(CreateEntity.class);
return super.getValidationGroups();
}
+
+ @Override
+ public List<PermissionSubject> getPermissionCheckSubjects() {
+ return Collections.singletonList(new
PermissionSubject(getStoragePoolId() == null ? null
+ : getStoragePoolId().getValue(),
+ VdcObjectType.StoragePool, getActionType().getActionGroup()));
+ }
}
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/NetworkCommon.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/NetworkCommon.java
index efb8b41..a81a926 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/NetworkCommon.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/NetworkCommon.java
@@ -1,11 +1,15 @@
package org.ovirt.engine.core.bll.storage;
+import java.util.Collections;
import java.util.List;
+import org.ovirt.engine.core.bll.utils.PermissionSubject;
+import org.ovirt.engine.core.common.VdcObjectType;
import org.ovirt.engine.core.common.action.AddNetworkStoragePoolParameters;
import org.ovirt.engine.core.common.businessentities.Network;
import org.ovirt.engine.core.common.config.Config;
import org.ovirt.engine.core.common.config.ConfigValues;
+import org.ovirt.engine.core.compat.Guid;
import org.ovirt.engine.core.compat.NotImplementedException;
import org.ovirt.engine.core.compat.Version;
import org.ovirt.engine.core.dal.VdcBllMessages;
@@ -96,4 +100,14 @@
private boolean isVlanInRange(int vlanId) {
return (vlanId >= 0 && vlanId <= 4095);
}
+
+ @Override
+ public List<PermissionSubject> getPermissionCheckSubjects() {
+ Network network = getParameters().getNetwork();
+ Guid networkId = network == null ? null : network.getId();
+
+ return Collections.singletonList(new PermissionSubject(networkId,
+ VdcObjectType.Network,
+ getActionType().getActionGroup()));
+ }
}
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/RemoveNetworkCommand.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/RemoveNetworkCommand.java
index 4f722a3..986d7ad 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/RemoveNetworkCommand.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/RemoveNetworkCommand.java
@@ -4,8 +4,8 @@
import org.ovirt.engine.core.common.AuditLogType;
import org.ovirt.engine.core.common.action.AddNetworkStoragePoolParameters;
-import org.ovirt.engine.core.common.businessentities.VDSGroup;
import org.ovirt.engine.core.common.businessentities.Network;
+import org.ovirt.engine.core.common.businessentities.VDSGroup;
import org.ovirt.engine.core.dal.VdcBllMessages;
import org.ovirt.engine.core.dal.dbbroker.DbFacade;
import org.ovirt.engine.core.utils.linq.LinqUtils;
@@ -61,4 +61,5 @@
public AuditLogType getAuditLogTypeValue() {
return getSucceeded() ? AuditLogType.NETWORK_REMOVE_NETWORK :
AuditLogType.NETWORK_REMOVE_NETWORK_FAILED;
}
+
}
--
To view, visit http://gerrit.ovirt.org/9537
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I739bc5f4f76b0c8c712cd604ee0b4a3987a16fd3
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Moti Asayag <masa...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
