Ravi Nori has uploaded a new change for review. Change subject: engine: User who has manipulate_permissions can't see other users ......................................................................
engine: User who has manipulate_permissions can't see other users Use with manipulate use permissions should be able to see all users in the system. Change-Id: I35852738d60af36ca4f44a175e2c4f8523148732 Bug-Url: https://bugzilla.redhat.com/958050 Signed-off-by: Ravi Nori <[email protected]> --- M backend/manager/dbscripts/user_sp.sql M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetAllDbUsersQuery.java M backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/DbUserDAO.java M backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/DbUserDAODbFacadeImpl.java M backend/manager/modules/dal/src/test/java/org/ovirt/engine/core/dao/DbUserDAOTest.java 5 files changed, 33 insertions(+), 4 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/46/14346/1 diff --git a/backend/manager/dbscripts/user_sp.sql b/backend/manager/dbscripts/user_sp.sql index 3720b41..0d0d6b8 100644 --- a/backend/manager/dbscripts/user_sp.sql +++ b/backend/manager/dbscripts/user_sp.sql @@ -103,11 +103,14 @@ -Create or replace FUNCTION GetAllFromUsers() RETURNS SETOF users +Create or replace FUNCTION GetAllFromUsers(v_user_id UUID, v_is_filtered BOOLEAN) RETURNS SETOF users AS $procedure$ BEGIN RETURN QUERY SELECT users.* - FROM users; + FROM users + WHERE (NOT v_is_filtered OR EXISTS (SELECT 1 + FROM users u, permissions p, roles_groups rg + WHERE u.user_id = v_user_id AND u.user_id = p.ad_element_id AND p.role_id = rg.role_id AND rg.action_group_id = 502)); END; $procedure$ LANGUAGE plpgsql; diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetAllDbUsersQuery.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetAllDbUsersQuery.java index f58eed0..8791219 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetAllDbUsersQuery.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetAllDbUsersQuery.java @@ -13,6 +13,6 @@ protected void executeQueryCommand() { getQueryReturnValue().setReturnValue( DbFacade.getInstance().getDbUserDao() - .get(getUserID())); + .getAll(getUserID(), getParameters().isFiltered())); } } diff --git a/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/DbUserDAO.java b/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/DbUserDAO.java index ba305bd..46a25e3 100644 --- a/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/DbUserDAO.java +++ b/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/DbUserDAO.java @@ -47,6 +47,13 @@ List<DbUser> getAll(); /** + * Retrieves all audit log entries. + * + * @return the list of entries + */ + List<DbUser> getAll(Guid userID, boolean isFiltered); + + /** * Saves the user. * * @param user diff --git a/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/DbUserDAODbFacadeImpl.java b/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/DbUserDAODbFacadeImpl.java index 11fa041..c72d6af 100644 --- a/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/DbUserDAODbFacadeImpl.java +++ b/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/DbUserDAODbFacadeImpl.java @@ -92,8 +92,13 @@ @Override public List<DbUser> getAll() { - MapSqlParameterSource parameterSource = getCustomMapSqlParameterSource(); + return getAll(null, false); + } + @Override + public List<DbUser> getAll(Guid userID, boolean isFiltered) { + MapSqlParameterSource parameterSource = getCustomMapSqlParameterSource() + .addValue("user_id", userID).addValue("is_filtered", isFiltered); return getCallsHandler().executeReadList("GetAllFromUsers", DbUserRowMapper.instance, parameterSource); } diff --git a/backend/manager/modules/dal/src/test/java/org/ovirt/engine/core/dao/DbUserDAOTest.java b/backend/manager/modules/dal/src/test/java/org/ovirt/engine/core/dao/DbUserDAOTest.java index 96a2707..77c0412 100644 --- a/backend/manager/modules/dal/src/test/java/org/ovirt/engine/core/dao/DbUserDAOTest.java +++ b/backend/manager/modules/dal/src/test/java/org/ovirt/engine/core/dao/DbUserDAOTest.java @@ -116,6 +116,20 @@ assertEquals(2, result.size()); } + @Test + public void testGetFilteredWithPermissions() { + List<DbUser> result = dao.getAll(PRIVILEGED_USER_ID, true); + assertNotNull(result); + assertFalse(result.isEmpty()); + } + + @Test + public void testGetFilteredWithoutPermissions() { + List<DbUser> result = dao.getAll(UNPRIVILEGED_USER_ID, true); + assertNull(result); + assertTrue(result.isEmpty()); + } + /** * Retrieves all that match a specified query. */ -- To view, visit http://gerrit.ovirt.org/14346 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I35852738d60af36ca4f44a175e2c4f8523148732 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Ravi Nori <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
