Oved Ourfali has posted comments on this change. Change subject: engine: User who has manipulate_permissions can't see other users ......................................................................
Patch Set 4: I would prefer that you didn't submit this (1 inline comment) .................................................... File backend/manager/dbscripts/user_sp.sql Line 109: RETURN QUERY SELECT users.* Line 110: FROM users Line 111: WHERE (NOT v_is_filtered OR EXISTS (SELECT 1 Line 112: FROM users u, permissions p, roles_groups rg Line 113: WHERE u.user_id = v_user_id AND u.user_id = p.ad_element_id AND p.role_id = rg.role_id AND rg.action_group_id = 502)); Don't like the fact that you're using the action group id in such a query... we tend not to use it in such places. Although I understand the need to be "specific" in this case. How about creating a new view, called user_db_users_permissions_view, that does this logic? That way, at least the logic for the user views will be in one place, and not spread around queries (as this is the only query now, but we may have more in the future). Line 114: END; $procedure$ Line 115: LANGUAGE plpgsql; Line 116: Line 117: -- To view, visit http://gerrit.ovirt.org/14346 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I35852738d60af36ca4f44a175e2c4f8523148732 Gerrit-PatchSet: 4 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Ravi Nori <rn...@redhat.com> Gerrit-Reviewer: Michael Pasternak <mpast...@redhat.com> Gerrit-Reviewer: Oved Ourfali <oourf...@redhat.com> Gerrit-Reviewer: Ravi Nori <rn...@redhat.com> Gerrit-Reviewer: Yair Zaslavsky <yzasl...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
