Allon Mureinik has posted comments on this change. Change subject: backend: [wip] add ActionGroup to access image domains ......................................................................
Patch Set 1: (2 comments) .................................................... File backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/ExportRepoImageCommand.java Line 136: List<PermissionSubject> permissionSubjects = new ArrayList<>(); Line 137: permissionSubjects.add(new PermissionSubject(getDiskImage().getId(), Line 138: VdcObjectType.Disk, ActionGroup.ATTACH_DISK)); Line 139: permissionSubjects.add(new PermissionSubject(getParameters().getStorageDomainId(), Line 140: VdcObjectType.Storage, ActionGroup.CREATE_DISK)); // ActionGroup.ACCESS_IMAGE_STORAGE ? there are a gazilion places that need read permission on regular. Let's leave this for a future release, and focus on adding permissions to the glance domain. Line 141: return permissionSubjects; Line 142: } Line 143: Line 144: @Override .................................................... File backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/ActionGroup.java Line 96: MANIPULATE_GLUSTER_HOOK(1003, RoleType.ADMIN, VdcObjectType.GlusterHook, true, ApplicationMode.GlusterOnly), Line 97: MANIPULATE_GLUSTER_SERVICE(1004, RoleType.ADMIN, VdcObjectType.GlusterService, true, ApplicationMode.GlusterOnly), Line 98: Line 99: // Disks action groups Line 100: CREATE_DISK(1100, RoleType.USER, VdcObjectType.Storage, false, ApplicationMode.VirtOnly), ack. +1 Line 101: ATTACH_DISK(1101, RoleType.USER, VdcObjectType.Disk, true, ApplicationMode.VirtOnly), Line 102: EDIT_DISK_PROPERTIES(1102, RoleType.USER, VdcObjectType.Disk, true, ApplicationMode.VirtOnly), Line 103: CONFIGURE_DISK_STORAGE(1103, RoleType.USER, VdcObjectType.Disk, true, ApplicationMode.VirtOnly), Line 104: DELETE_DISK(1104, RoleType.USER, VdcObjectType.Disk, true, ApplicationMode.VirtOnly), -- To view, visit http://gerrit.ovirt.org/18078 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ifbff053962ae1dceef51c7d8ff356fcf527aa5e2 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Federico Simoncelli <fsimo...@redhat.com> Gerrit-Reviewer: Allon Mureinik <amure...@redhat.com> Gerrit-Reviewer: Daniel Erez <de...@redhat.com> Gerrit-Reviewer: Federico Simoncelli <fsimo...@redhat.com> Gerrit-Reviewer: Oved Ourfali <oourf...@redhat.com> Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
