Moti Asayag has uploaded a new change for review.
Change subject: engine: Require VnicProfile permission for vnic template
......................................................................
engine: Require VnicProfile permission for vnic template
The patch requires permission on the vnic profile which is
used for adding or updating a template vnic.
Change-Id: I745b4f8bf1b658c7160362a4d98aca017a377483
Signed-off-by: Moti Asayag <masa...@redhat.com>
---
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/template/AddVmTemplateInterfaceCommand.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/template/UpdateVmTemplateInterfaceCommand.java
2 files changed, 23 insertions(+), 25 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/62/17362/1
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/template/AddVmTemplateInterfaceCommand.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/template/AddVmTemplateInterfaceCommand.java
index 117af95..1f6eb70 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/template/AddVmTemplateInterfaceCommand.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/template/AddVmTemplateInterfaceCommand.java
@@ -4,7 +4,6 @@
import java.util.Collections;
import java.util.List;
-import org.apache.commons.lang.StringUtils;
import org.ovirt.engine.core.bll.VmCommand;
import org.ovirt.engine.core.bll.VmTemplateHandler;
import org.ovirt.engine.core.bll.utils.PermissionSubject;
@@ -19,6 +18,7 @@
import org.ovirt.engine.core.common.businessentities.network.Network;
import org.ovirt.engine.core.common.businessentities.network.VmInterfaceType;
import org.ovirt.engine.core.common.businessentities.network.VmNic;
+import org.ovirt.engine.core.common.businessentities.network.VnicProfile;
import org.ovirt.engine.core.common.errors.VdcBllMessages;
import org.ovirt.engine.core.common.validation.group.CreateEntity;
import org.ovirt.engine.core.compat.Guid;
@@ -115,17 +115,16 @@
public List<PermissionSubject> getPermissionCheckSubjects() {
List<PermissionSubject> subjects = super.getPermissionCheckSubjects();
- if (getParameters().getInterface() != null &&
StringUtils.isNotEmpty(getNetworkName())
+ if (getParameters().getInterface() != null &&
getParameters().getInterface().getVnicProfileId() != null
&& getVmTemplate() != null) {
- Network network =
getNetworkDAO().getByNameAndCluster(getNetworkName(),
getVmTemplate().getVdsGroupId());
- if (getParameters().getInterface().isPortMirroring()) {
- subjects.add(new PermissionSubject(network == null ? null :
network.getId(),
- VdcObjectType.Network,
- ActionGroup.PORT_MIRRORING));
+ VnicProfile profile =
getVnicProfileDao().get(getParameters().getInterface().getVnicProfileId());
+
+ if (profile != null && profile.isPortMirroring()) {
+ subjects.add(new PermissionSubject(profile.getId(),
VdcObjectType.VnicProfile, ActionGroup.PORT_MIRRORING));
} else {
- subjects.add(new PermissionSubject(network == null ? null :
network.getId(),
- VdcObjectType.Network,
+ subjects.add(new PermissionSubject(profile == null ? null :
profile.getId(),
+ VdcObjectType.VnicProfile,
getActionType().getActionGroup()));
}
}
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/template/UpdateVmTemplateInterfaceCommand.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/template/UpdateVmTemplateInterfaceCommand.java
index a30b180..91f5d6a 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/template/UpdateVmTemplateInterfaceCommand.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/network/template/UpdateVmTemplateInterfaceCommand.java
@@ -2,6 +2,7 @@
import java.util.List;
+import org.apache.commons.lang.ObjectUtils;
import org.apache.commons.lang.StringUtils;
import org.ovirt.engine.core.bll.utils.PermissionSubject;
import org.ovirt.engine.core.bll.validator.VmNicValidator;
@@ -11,9 +12,8 @@
import org.ovirt.engine.core.common.businessentities.ActionGroup;
import org.ovirt.engine.core.common.businessentities.VmDevice;
import org.ovirt.engine.core.common.businessentities.VmDeviceId;
-import org.ovirt.engine.core.common.businessentities.network.Network;
-import
org.ovirt.engine.core.common.businessentities.network.VmNetworkInterface;
import org.ovirt.engine.core.common.businessentities.network.VmNic;
+import org.ovirt.engine.core.common.businessentities.network.VnicProfile;
import org.ovirt.engine.core.common.errors.VdcBllMessages;
import org.ovirt.engine.core.common.validation.group.UpdateEntity;
import org.ovirt.engine.core.compat.Version;
@@ -96,24 +96,23 @@
public List<PermissionSubject> getPermissionCheckSubjects() {
List<PermissionSubject> permissionList =
super.getPermissionCheckSubjects();
- if (getParameters().getInterface() != null &&
StringUtils.isNotEmpty(getNetworkName())
+ if (getParameters().getInterface() != null &&
getParameters().getInterface().getVnicProfileId() != null
&& getVmTemplate() != null) {
- VmNetworkInterface iface =
getVmNetworkInterfaceDao().get(getParameters().getInterface().getId());
- if (iface != null) {
- Network network =
- getNetworkDAO().getByNameAndCluster(getNetworkName(),
getVmTemplate().getVdsGroupId());
+ VmNic oldNic =
getVmNicDao().get(getParameters().getInterface().getId());
+ if (oldNic != null) {
+ VnicProfile profile =
getVnicProfileDao().get(getParameters().getInterface().getVnicProfileId());
- if (getParameters().getInterface().isPortMirroring()
- && (isNetworkChanged(iface) ||
!iface.isPortMirroring())) {
- permissionList.add(new PermissionSubject(network == null ?
null : network.getId(),
- VdcObjectType.Network,
+ if (profile != null && profile.isPortMirroring()
+ && isVnicProfileChanged(oldNic,
getParameters().getInterface())) {
+ permissionList.add(new
PermissionSubject(getParameters().getInterface().getVnicProfileId(),
+ VdcObjectType.VnicProfile,
ActionGroup.PORT_MIRRORING));
} else {
// If the vNic's network is changed, the user should have
permission for using the new network
- if (isNetworkChanged(iface)) {
- permissionList.add(new PermissionSubject(network ==
null ? null : network.getId(),
- VdcObjectType.Network,
+ if (isVnicProfileChanged(oldNic,
getParameters().getInterface())) {
+ permissionList.add(new PermissionSubject(profile ==
null ? null : profile.getId(),
+ VdcObjectType.VnicProfile,
getActionType().getActionGroup()));
}
}
@@ -122,7 +121,7 @@
return permissionList;
}
- private boolean isNetworkChanged(VmNetworkInterface iface) {
- return !getNetworkName().equals(iface.getNetworkName());
+ private boolean isVnicProfileChanged(VmNic oldNic, VmNic newProfile) {
+ return !ObjectUtils.equals(oldNic.getVnicProfileId(),
newProfile.getVnicProfileId());
}
}
--
To view, visit http://gerrit.ovirt.org/17362
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I745b4f8bf1b658c7160362a4d98aca017a377483
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Moti Asayag <masa...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
