[Engine-patches] Change in ovirt-engine[master]: engine: Modify Network Assign to Cluster Command permissions

masayag Wed, 28 Nov 2012 03:07:58 -0800

Moti Asayag has uploaded a new change for review.

Change subject: engine: Modify Network Assign to Cluster Command permissions
......................................................................


engine: Modify Network Assign to Cluster Command permissions

The patch modifies the required permissions for performing Network
assignment or removing a network from a Cluster.

Those operations will require a permission on the Network only and
no longer requires permission on the Cluster.

Change-Id: Iff1edaeaf323a7a5b7c407e06d2ff9e3dae3430a
Signed-off-by: Moti Asayag <masa...@redhat.com>
---
M 
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AttachNetworkToVdsGroupCommand.java
M 
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/DetachNetworkToVdsGroupCommand.java
M 
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java
3 files changed, 26 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/40/9540/1

diff --git 
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AttachNetworkToVdsGroupCommand.java
 
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AttachNetworkToVdsGroupCommand.java
index 5c4b499..80ffc49 100644
--- 
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AttachNetworkToVdsGroupCommand.java
+++ 
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AttachNetworkToVdsGroupCommand.java
@@ -1,9 +1,12 @@
 package org.ovirt.engine.core.bll;
 
+import java.util.Collections;
 import java.util.List;
 
 import org.apache.commons.lang.StringUtils;
+import org.ovirt.engine.core.bll.utils.PermissionSubject;
 import org.ovirt.engine.core.common.AuditLogType;
+import org.ovirt.engine.core.common.VdcObjectType;
 import org.ovirt.engine.core.common.action.AttachNetworkToVdsGroupParameter;
 import org.ovirt.engine.core.common.businessentities.Network;
 import org.ovirt.engine.core.common.businessentities.NetworkClusterId;
@@ -156,4 +159,12 @@
         return getSucceeded() ? 
AuditLogType.NETWORK_ATTACH_NETWORK_TO_VDS_GROUP
                 : AuditLogType.NETWORK_ATTACH_NETWORK_TO_VDS_GROUP_FAILED;
     }
+
+    @Override
+    public List<PermissionSubject> getPermissionCheckSubjects() {
+        Guid networkId = getParameters().getNetwork() == null ? null : 
getParameters().getNetwork().getId();
+        return Collections.singletonList(new PermissionSubject(networkId,
+                VdcObjectType.Network,
+                getActionType().getActionGroup()));
+    }
 }
diff --git 
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/DetachNetworkToVdsGroupCommand.java
 
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/DetachNetworkToVdsGroupCommand.java
index f84d956..22c5322 100644
--- 
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/DetachNetworkToVdsGroupCommand.java
+++ 
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/DetachNetworkToVdsGroupCommand.java
@@ -1,8 +1,11 @@
 package org.ovirt.engine.core.bll;
 
+import java.util.Collections;
 import java.util.List;
 
+import org.ovirt.engine.core.bll.utils.PermissionSubject;
 import org.ovirt.engine.core.common.AuditLogType;
+import org.ovirt.engine.core.common.VdcObjectType;
 import org.ovirt.engine.core.common.action.AttachNetworkToVdsGroupParameter;
 import org.ovirt.engine.core.common.businessentities.IVdcQueryable;
 import org.ovirt.engine.core.common.businessentities.VM;
@@ -16,6 +19,7 @@
 import org.ovirt.engine.core.common.queries.SearchReturnValue;
 import org.ovirt.engine.core.common.queries.VdcQueryReturnValue;
 import org.ovirt.engine.core.common.queries.VdcQueryType;
+import org.ovirt.engine.core.compat.Guid;
 import org.ovirt.engine.core.compat.StringHelper;
 import org.ovirt.engine.core.dal.VdcBllMessages;
 import org.ovirt.engine.core.dal.dbbroker.DbFacade;
@@ -130,4 +134,12 @@
         addCanDoActionMessage(VdcBllMessages.VAR__ACTION__DETACH);
         addCanDoActionMessage(VdcBllMessages.VAR__TYPE__NETWORK);
     }
+
+    @Override
+    public List<PermissionSubject> getPermissionCheckSubjects() {
+        Guid networkId = getParameters().getNetwork() == null ? null : 
getParameters().getNetwork().getId();
+        return Collections.singletonList(new PermissionSubject(networkId,
+                VdcObjectType.Network,
+                getActionType().getActionGroup()));
+    }
 }
diff --git 
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java
 
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java
index 37e1d37..487492d 100644
--- 
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java
+++ 
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java
@@ -83,7 +83,7 @@
     DetachNetworkFromVdsInterface(151, ActionGroup.CONFIGURE_HOST_NETWORK, 
QuotaDependency.NONE),
     AddBond(152, ActionGroup.CONFIGURE_HOST_NETWORK, QuotaDependency.NONE),
     RemoveBond(153, ActionGroup.CONFIGURE_HOST_NETWORK, QuotaDependency.NONE),
-    AddNetwork(154, ActionGroup.CONFIGURE_STORAGE_POOL_NETWORK, false, 
QuotaDependency.NONE),
+    AddNetwork(154, ActionGroup.CREATE_STORAGE_POOL_NETWORK, false, 
QuotaDependency.NONE),
     RemoveNetwork(155, ActionGroup.CONFIGURE_STORAGE_POOL_NETWORK, false, 
QuotaDependency.NONE),
     UpdateNetwork(156, ActionGroup.CONFIGURE_STORAGE_POOL_NETWORK, false, 
QuotaDependency.NONE),
     CommitNetworkChanges(157, ActionGroup.CONFIGURE_HOST_NETWORK, 
QuotaDependency.NONE),
@@ -168,8 +168,8 @@
     AddVdsGroup(704, ActionGroup.CREATE_CLUSTER, false, QuotaDependency.NONE),
     UpdateVdsGroup(705, ActionGroup.EDIT_CLUSTER_CONFIGURATION, false, 
QuotaDependency.NONE),
     RemoveVdsGroup(706, ActionGroup.DELETE_CLUSTER, false, 
QuotaDependency.NONE),
-    AttachNetworkToVdsGroup(708, ActionGroup.CONFIGURE_CLUSTER_NETWORK, false, 
QuotaDependency.NONE),
-    DetachNetworkToVdsGroup(709, ActionGroup.CONFIGURE_CLUSTER_NETWORK, false, 
QuotaDependency.NONE),
+    AttachNetworkToVdsGroup(708, ActionGroup.ASSIGN_CLUSTER_NETWORK, false, 
QuotaDependency.NONE),
+    DetachNetworkToVdsGroup(709, ActionGroup.ASSIGN_CLUSTER_NETWORK, false, 
QuotaDependency.NONE),
     @Deprecated
     // AttachNetworkToVdsGroup is taking over this functionality
     UpdateDisplayToVdsGroup(710, ActionGroup.EDIT_CLUSTER_CONFIGURATION, 
false, QuotaDependency.NONE),


--
To view, visit http://gerrit.ovirt.org/9540
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Iff1edaeaf323a7a5b7c407e06d2ff9e3dae3430a
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Moti Asayag <masa...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

[Engine-patches] Change in ovirt-engine[master]: engine: Modify Network Assign to Cluster Command permissions

Reply via email to