Omer Frenkel has posted comments on this change.
Change subject: core: use instance type in addVm + permissions
......................................................................
Patch Set 13: (3 inline comments)
....................................................
File
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddVmCommand.java
Line 808: protected boolean checkPermissions(final List<PermissionSubject>
permSubjects) {
Line 809: for (PermissionSubject permSubject : permSubjects) {
Line 810: // if user is using instance type, then create_instance
on the cluster is enough
Line 811: if (permSubject.getObjectType() ==
VdcObjectType.VdsGroups && instanceTypeId != null) {
Line 812:
permSubject.setActionGroup(ActionGroup.CREATE_INSTANCE);
its a little more complicated:
getPemissionCheckSubject returns "static" list of what to check,
but when user is using instance type, 2 permissions are suitable on the cluster:
1. create_instance
2. create_vm
so user need one of which, means here i have to check if user has one, and if
not check the other, this is "dynamic" and cannot be done within
getPemissionCheckSubject.
hope its more clear
Line 813: if (checkSinglePermission(permSubject,
getReturnValue().getCanDoActionMessages())) {
Line 814: continue;
Line 815: }
Line 816:
....................................................
File
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/PredefinedRoles.java
Line 21: VM_CREATOR(new Guid("DEF0000A-0000-0000-0000-DEF00000000D")),
Line 22: TEMPLATE_CREATOR(new Guid("DEF0000A-0000-0000-0000-DEF00000000E")),
Line 23: TEMPLATE_OWNER(new Guid("DEF0000A-0000-0000-0000-DEF00000000F")),
Line 24: NETWORK_USER(new Guid("DEF0000A-0000-0000-0000-DEF000000010")),
Line 25: INSTANCE_CREATOR(new Guid("DEF00011-0000-0000-0000-DEF000000011")),
the INSTANCE_CREATOR role will be given to users in order to create instances
(vms) from instance types, not to create instance_types (which then i would
name it INSTANCE_TYPE_CREATOR but luckily no special permission requested for
that, any one who can create template can create instance type currently)
Line 26: INSTANCE_OPERATOR(new
Guid("DEF00012-0000-0000-0000-DEF000000012"));
Line 27:
Line 28: private Guid id;
Line 29:
....................................................
File
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/ActionGroup.java
Line 39: * Admin role can specify destinationVdsId to override default
target host.
Line 40: */
Line 41: EDIT_ADMIN_VM_PROPERTIES(15, RoleType.ADMIN, VdcObjectType.VM,
true, ApplicationMode.VirtOnly),
Line 42:
Line 43: CREATE_INSTANCE(16, RoleType.USER, VdcObjectType.VM, false,
ApplicationMode.VirtOnly),
this is exactly what it means, this is action group for creating instances
(vms) out of instance types (templates) and its used in AddVmCommand
Line 44:
Line 45: // host (vds) actions groups
Line 46: CREATE_HOST(100, RoleType.ADMIN, VdcObjectType.VDS, true),
Line 47: EDIT_HOST_CONFIGURATION(101, RoleType.ADMIN, VdcObjectType.VDS,
true),
--
To view, visit http://gerrit.ovirt.org/12281
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: If9058907d1021b09981671e905defb91ed645d65
Gerrit-PatchSet: 13
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Omer Frenkel <ofren...@redhat.com>
Gerrit-Reviewer: Omer Frenkel <ofren...@redhat.com>
Gerrit-Reviewer: Roy Golan <rgo...@redhat.com>
Gerrit-Reviewer: Tomas Jelinek <tjeli...@redhat.com>
Gerrit-Reviewer: oVirt Jenkins CI Server
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
