Omer Frenkel has posted comments on this change.
Change subject: engine,webdmin: Restrict destination host parameter for
administrator roles
......................................................................
Patch Set 6: (3 inline comments)
i think we need to check also on add vm/template (in case field is not null) no?
....................................................
File backend/manager/dbscripts/upgrade/03_02_0510_add_edit_admin_vm_props.sql
Line 18: id,
Line 19: 205 -- EDIT_ADMIN_TEMPLATE_PROPERTIES
Line 20: from roles
Line 21: where
Line 22: name in ('SuperUser', 'ClusterAdmin', 'DataCenterAdmin',
'TemplateAdmin')
probably right (template is considered DC entity) but i think TemplateOwner is
missing, no?
Line 23: and not exists (
Line 24: select 1 from roles_groups rg
Line 25: where
Line 26: rg.role_id in (select id from roles where name in
('SuperUser', 'ClusterAdmin', 'DataCenterAdmin', 'TemplateAdmin')
....................................................
File
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/ActionGroup.java
Line 14: EDIT_VM_PROPERTIES(3, RoleType.USER, VdcObjectType.VM, true,
ApplicationMode.VirtOnly),
Line 15: /**
Line 16: * Admin role can specify destinationVdsId to override default
target host.
Line 17: */
Line 18: EDIT_ADMIN_VM_PROPERTIES(15, RoleType.ADMIN, VdcObjectType.VM,
true, ApplicationMode.VirtOnly),
why here and not after number 14? next one who would like to add a vm role
might miss it
Line 19: VM_BASIC_OPERATIONS(4, RoleType.USER, VdcObjectType.VM, true,
ApplicationMode.VirtOnly),
Line 20: CHANGE_VM_CD(5, RoleType.USER, VdcObjectType.VM, true,
ApplicationMode.VirtOnly),
Line 21: MIGRATE_VM(6, RoleType.USER, VdcObjectType.VM, true,
ApplicationMode.VirtOnly),
Line 22:
Line 48: CONFIGURE_HOST_NETWORK(104, RoleType.ADMIN, VdcObjectType.VDS,
true),
Line 49: // templates actions groups
Line 50: CREATE_TEMPLATE(200, RoleType.USER, VdcObjectType.VmTemplate,
false, ApplicationMode.VirtOnly),
Line 51: EDIT_TEMPLATE_PROPERTIES(201, RoleType.USER,
VdcObjectType.VmTemplate, true, ApplicationMode.VirtOnly),
Line 52: EDIT_ADMIN_TEMPLATE_PROPERTIES(205, RoleType.ADMIN,
VdcObjectType.VmTemplate, true, ApplicationMode.VirtOnly),
please move it to keep the order
Line 53: DELETE_TEMPLATE(202, RoleType.USER, VdcObjectType.VmTemplate,
true, ApplicationMode.VirtOnly),
Line 54: COPY_TEMPLATE(203, RoleType.USER, VdcObjectType.VmTemplate, true,
ApplicationMode.VirtOnly),
Line 55: CONFIGURE_TEMPLATE_NETWORK(204, RoleType.USER,
VdcObjectType.VmTemplate, true, ApplicationMode.VirtOnly),
Line 56: // vm pools actions groups
--
To view, visit http://gerrit.ovirt.org/11303
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I5294854d24b235f2c50fa7f3d4e7472cf7598b53
Gerrit-PatchSet: 6
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Libor Spevak <[email protected]>
Gerrit-Reviewer: Einav Cohen <[email protected]>
Gerrit-Reviewer: Gilad Chaplik <[email protected]>
Gerrit-Reviewer: Itamar Heim <[email protected]>
Gerrit-Reviewer: Libor Spevak <[email protected]>
Gerrit-Reviewer: Michael Pasternak <[email protected]>
Gerrit-Reviewer: Omer Frenkel <[email protected]>
Gerrit-Reviewer: Oved Ourfali <[email protected]>
Gerrit-Reviewer: Tomas Jelinek <[email protected]>
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches
