Moti Asayag has uploaded a new change for review. Change subject: engine: Restrict networks visibility ......................................................................
engine: Restrict networks visibility Networks' visibility for users is restricted when a user has a role on either a Data-Center or in a Cluster which an action group that allows to viewing the entity children (in context of DC - to query the networks within that DC, in context of Cluster - to query for the networks which are assigned to the cluster). Note that there is no demarcation for networks related action groups within the role which allows viewing the children. Change-Id: I04765c346f12a1e9f4295e04d625a72746e58ca7 Signed-off-by: Moti Asayag <[email protected]> --- M packaging/dbscripts/create_views.sql 1 file changed, 2 insertions(+), 2 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/46/16246/1 diff --git a/packaging/dbscripts/create_views.sql b/packaging/dbscripts/create_views.sql index fc02d39..34b361a 100644 --- a/packaging/dbscripts/create_views.sql +++ b/packaging/dbscripts/create_views.sql @@ -1472,13 +1472,13 @@ SELECT network.id, ad_element_id FROM network INNER JOIN internal_permissions_view ON object_id = storage_pool_id -WHERE object_type_id = 14 AND role_type = 2 +WHERE object_type_id = 14 AND allows_viewing_children AND role_type = 2 -- Or the user has permissions on the Cluster the networks are assigned to UNION ALL SELECT network_id, ad_element_id FROM network_cluster INNER JOIN internal_permissions_view ON object_id = network_cluster.cluster_id -WHERE object_type_id = 9 AND role_type = 2 +WHERE object_type_id = 9 AND allows_viewing_children AND role_type = 2 -- Or the user has permissions on the VM with the network attached UNION ALL SELECT network_id, ad_element_id -- To view, visit http://gerrit.ovirt.org/16246 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I04765c346f12a1e9f4295e04d625a72746e58ca7 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Moti Asayag <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
