[Engine-patches] Change in ovirt-engine[ovirt-engine-3.5]: core: Use new permission for LSM

mlipchuk Mon, 26 Jan 2015 09:41:09 -0800

Maor Lipchuk has uploaded a new change for review.

Change subject: core: Use new permission for LSM
......................................................................


core: Use new permission for LSM

Add new permission for LSM to be used for all the roles which has the
permissions for CONFIGURE_DISK_STORAGE.

Change the permissions at LiveMigrateVmDisksCommand to be used for
DISK_LIVE_STORAGE_MIGRATION on the disk, instead using the permissions
for MANIPULATE_VM_SNAPSHOTS on the VM.

Change-Id: I3ba7e03780ba6ef455447a4eaa34a71b1f63d8cb
Signed-off-by: Maor Lipchuk <[email protected]>
---
M 
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/lsm/LiveMigrateVmDisksCommand.java
M 
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/ActionGroup.java
M 
frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/configure/roles_ui/RoleTreeView.java
M 
frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/UIConstants.java
A packaging/dbscripts/upgrade/03_05_1230_add_LSM_action_group_id.sql
5 files changed, 28 insertions(+), 9 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/95/37295/1

diff --git 
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/lsm/LiveMigrateVmDisksCommand.java
 
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/lsm/LiveMigrateVmDisksCommand.java
index 91877d0..f7f426d 100644
--- 
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/lsm/LiveMigrateVmDisksCommand.java
+++ 
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/lsm/LiveMigrateVmDisksCommand.java
@@ -161,16 +161,9 @@
             if (diskImage != null) {
                 permissionList.add(new PermissionSubject(diskImage.getId(),
                         VdcObjectType.Disk,
-                        ActionGroup.CONFIGURE_DISK_STORAGE));
+                        ActionGroup.DISK_LIVE_STORAGE_MIGRATION));
             }
-            permissionList.add(new 
PermissionSubject(parameters.getTargetStorageDomainId(),
-                    VdcObjectType.Storage,
-                    ActionGroup.CREATE_DISK));
-            permissionList.add(new PermissionSubject(parameters.getVmId(),
-                    VdcObjectType.VM,
-                    ActionGroup.MANIPULATE_VM_SNAPSHOTS));
         }
-
         return permissionList;
     }
 
diff --git 
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/ActionGroup.java
 
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/ActionGroup.java
index c0758b8..7c517d9 100644
--- 
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/ActionGroup.java
+++ 
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/ActionGroup.java
@@ -104,6 +104,7 @@
     DELETE_DISK(1104, RoleType.USER, true, ApplicationMode.VirtOnly),
     CONFIGURE_SCSI_GENERIC_IO(1105, RoleType.ADMIN, true, 
ApplicationMode.VirtOnly),
     ACCESS_IMAGE_STORAGE(1106, RoleType.USER, false, ApplicationMode.VirtOnly),
+    DISK_LIVE_STORAGE_MIGRATION(1107, RoleType.USER, true, 
ApplicationMode.VirtOnly),
 
     // VNIC Profiles
     CONFIGURE_NETWORK_VNIC_PROFILE(1203, RoleType.ADMIN, true, 
ApplicationMode.VirtOnly),
diff --git 
a/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/configure/roles_ui/RoleTreeView.java
 
b/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/configure/roles_ui/RoleTreeView.java
index a7c6c05..229a919 100644
--- 
a/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/configure/roles_ui/RoleTreeView.java
+++ 
b/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/configure/roles_ui/RoleTreeView.java
@@ -105,7 +105,9 @@
                                         new 
RoleNode(ActionGroup.CONFIGURE_SCSI_GENERIC_IO,
                                                 
getConstants().allowToChangeSGIORoleTreeTooltip()),
                                         new 
RoleNode(ActionGroup.ACCESS_IMAGE_STORAGE,
-                                                
getConstants().allowAccessImageDomainRoleTreeTooltip()) }),
+                                                
getConstants().allowAccessImageDomainRoleTreeTooltip()),
+                                        new 
RoleNode(ActionGroup.DISK_LIVE_STORAGE_MIGRATION,
+                                                
getConstants().allowToLiveMigrateDiskToAnotherStorageDomainRoleTreeTooltip())}),
                         new 
RoleNode(getConstants().attachDiskProfileRoleTree(),
                                 
getConstants().notePermissionsContainingDiskProfileOperationsRoleTreeTooltip(),
                                 new RoleNode[] {
diff --git 
a/frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/UIConstants.java
 
b/frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/UIConstants.java
index 9e7add3..356651b 100644
--- 
a/frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/UIConstants.java
+++ 
b/frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/UIConstants.java
@@ -1318,6 +1318,9 @@
     @DefaultStringValue("Allow to move Disk to another Storage Domain")
     String allowToMoveDiskToAnotherStorageDomainRoleTreeTooltip();
 
+    @DefaultStringValue("Allow to live migrate a Disk to another Storage 
Domain")
+    String allowToLiveMigrateDiskToAnotherStorageDomainRoleTreeTooltip();
+
     @DefaultStringValue("Allow to attach Disk to a VM")
     String allowToAttachDiskToVmRoleTreeTooltip();
 
diff --git a/packaging/dbscripts/upgrade/03_05_1230_add_LSM_action_group_id.sql 
b/packaging/dbscripts/upgrade/03_05_1230_add_LSM_action_group_id.sql
new file mode 100644
index 0000000..12ae6c5
--- /dev/null
+++ b/packaging/dbscripts/upgrade/03_05_1230_add_LSM_action_group_id.sql
@@ -0,0 +1,20 @@
+Create or replace FUNCTION __temp_add_LSM_permissions()
+RETURNS VOID
+   AS $procedure$
+   DECLARE
+   v_action_group_id INTEGER;
+
+BEGIN
+   v_action_group_id := 1107;
+
+-- copy the action group id to all the roles which has permissions to 
CONFIGURE_DISK_STORAGE (1103)
+INSERT INTO roles_groups (role_id, action_group_id)
+SELECT role_id, v_action_group_id
+FROM roles_groups a
+WHERE action_group_id = 1103;
+
+END; $procedure$
+LANGUAGE plpgsql;
+
+SELECT __temp_add_LSM_permissions();
+DROP function __temp_add_LSM_permissions();


-- 
To view, visit http://gerrit.ovirt.org/37295
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I3ba7e03780ba6ef455447a4eaa34a71b1f63d8cb
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: ovirt-engine-3.5
Gerrit-Owner: Maor Lipchuk <[email protected]>
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches

[Engine-patches] Change in ovirt-engine[ovirt-engine-3.5]: core: Use new permission for LSM

Reply via email to