Allon Mureinik has posted comments on this change.
Change subject: backend: [wip] add ActionGroup to access image domains
......................................................................
Patch Set 1: Code-Review-1
(4 comments)
....................................................
File
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/ExportRepoImageCommand.java
Line 134: @Override
Line 135: public List<PermissionSubject> getPermissionCheckSubjects() {
Line 136: List<PermissionSubject> permissionSubjects = new
ArrayList<>();
Line 137: permissionSubjects.add(new
PermissionSubject(getDiskImage().getId(),
Line 138: VdcObjectType.Disk, ActionGroup.ATTACH_DISK));
IIUC, ACCESS_IMAGE_STORAGE should replace this, no?
Line 139: permissionSubjects.add(new
PermissionSubject(getParameters().getStorageDomainId(),
Line 140: VdcObjectType.Storage, ActionGroup.CREATE_DISK)); //
ActionGroup.ACCESS_IMAGE_STORAGE ?
Line 141: return permissionSubjects;
Line 142: }
....................................................
File
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/ActionGroup.java
Line 96: MANIPULATE_GLUSTER_HOOK(1003, RoleType.ADMIN,
VdcObjectType.GlusterHook, true, ApplicationMode.GlusterOnly),
Line 97: MANIPULATE_GLUSTER_SERVICE(1004, RoleType.ADMIN,
VdcObjectType.GlusterService, true, ApplicationMode.GlusterOnly),
Line 98:
Line 99: // Disks action groups
Line 100: CREATE_DISK(1100, RoleType.USER, VdcObjectType.Storage, false,
ApplicationMode.VirtOnly),
Are you sure about this?
Line 101: ATTACH_DISK(1101, RoleType.USER, VdcObjectType.Disk, true,
ApplicationMode.VirtOnly),
Line 102: EDIT_DISK_PROPERTIES(1102, RoleType.USER, VdcObjectType.Disk,
true, ApplicationMode.VirtOnly),
Line 103: CONFIGURE_DISK_STORAGE(1103, RoleType.USER, VdcObjectType.Disk,
true, ApplicationMode.VirtOnly),
Line 104: DELETE_DISK(1104, RoleType.USER, VdcObjectType.Disk, true,
ApplicationMode.VirtOnly),
....................................................
File packaging/dbscripts/upgrade/03_03_0780_image_domains_permissions.sql
Line 1: -- Adding the ACCESS_IMAGE_STORAGE action to the relevant roles
Line 2: INSERT INTO roles_groups (role_id, action_group_id) VALUES
Line 3: ('00000000-0000-0000-0001-000000000001', 1106), -- UserRole
Are you sure about this one?
Line 4: ('def00008-0000-0000-0000-def000000008', 1106), -- TemplateAdmin
Line 5: ('00000000-0000-0000-0000-000000000001', 1106), -- SuperUser
Line 6: ('def00003-0000-0000-0000-def000000003', 1106), -- StorageAdmin
Line 3: ('00000000-0000-0000-0001-000000000001', 1106), -- UserRole
Line 4: ('def00008-0000-0000-0000-def000000008', 1106), -- TemplateAdmin
Line 5: ('00000000-0000-0000-0000-000000000001', 1106), -- SuperUser
Line 6: ('def00003-0000-0000-0000-def000000003', 1106), -- StorageAdmin
Line 7: ('00000000-0000-0000-0001-000000000002', 1106); -- PowerUserRole
upgrade scripts should be re-entrant.
See, e.g., 03_01_1340_add_disk_permissions_to_vm_creator_role.sql
--
To view, visit http://gerrit.ovirt.org/18078
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Ifbff053962ae1dceef51c7d8ff356fcf527aa5e2
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Federico Simoncelli <[email protected]>
Gerrit-Reviewer: Allon Mureinik <[email protected]>
Gerrit-Reviewer: Daniel Erez <[email protected]>
Gerrit-Reviewer: Federico Simoncelli <[email protected]>
Gerrit-Reviewer: Oved Ourfali <[email protected]>
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches
