[Engine-patches] Change in ovirt-engine[master]: webdmin: Restrict destination host parameter for administrat...

Tue, 12 Feb 2013 04:48:35 -0800 

Omer Frenkel has posted comments on this change.

Change subject: webdmin: Restrict destination host parameter for administrator 
only
......................................................................


Patch Set 4: Looks good to me, but someone else must approve

(2 inline comments)

....................................................
File 
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RunVmCommand.java
Line 865:                 ActionGroup.CHANGE_VM_CUSTOM_PROPERTIES));
Line 866:         }
Line 867: 
Line 868:         // check, if user can override default target host for VM
Line 869:         if (getVm() != null) {
if the vm is null you can't know if destination host is different from the 
selected one, and also if the vm is null in run vm the operation will fail, i 
wouldn't change it.
Line 870:             final Guid destinationVdsId = 
getParameters().getDestinationVdsId();
Line 871:             if (destinationVdsId != null && 
!destinationVdsId.equals(getVm().getDedicatedVmForVds())) {
Line 872:                 permissionList.add(new 
PermissionSubject(getParameters().getVmId(),
Line 873:                     VdcObjectType.VM,


Line 870:             final Guid destinationVdsId = 
getParameters().getDestinationVdsId();
Line 871:             if (destinationVdsId != null && 
!destinationVdsId.equals(getVm().getDedicatedVmForVds())) {
Line 872:                 permissionList.add(new 
PermissionSubject(getParameters().getVmId(),
Line 873:                     VdcObjectType.VM,
Line 874:                     ActionGroup.EDIT_VM_PROPERTIES));
not sure i understand you, power user role (currently) has: 
LOGIN,CREATE_DISK,CREATE_TEMPLATE,CREATE_VM

but even if it had EDIT_VM_PROPERTIES on this vm, anyway he could update the 
vm, change the dest host and run, so why not allow (one-time) update during run?
Line 875:             }
Line 876:         }
Line 877: 
Line 878:         return permissionList;


--
To view, visit http://gerrit.ovirt.org/11303
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I5294854d24b235f2c50fa7f3d4e7472cf7598b53
Gerrit-PatchSet: 4
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Libor Spevak <[email protected]>
Gerrit-Reviewer: Einav Cohen <[email protected]>
Gerrit-Reviewer: Gilad Chaplik <[email protected]>
Gerrit-Reviewer: Itamar Heim <[email protected]>
Gerrit-Reviewer: Libor Spevak <[email protected]>
Gerrit-Reviewer: Michael Pasternak <[email protected]>
Gerrit-Reviewer: Omer Frenkel <[email protected]>
Gerrit-Reviewer: Tomas Jelinek <[email protected]>
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to