Arik Hadas has uploaded a new change for review. Change subject: core: change required permissions for removing VM from export domain ......................................................................
core: change required permissions for removing VM from export domain This patch changes the permissions which are required for removing a VM from export domain. Until now, the user had to have import-export permissions on the VM in order to be able to remove it from the export domain - It was problematic in case the VM which is going to be removed doesn't exist in the system. >From now on, we require 'delete vm' permissions on the export domain in order to be able to remove VMs from the export domain, which makes it possible for everyone who has 'delete vm' permissions on the export domain to remove those VMs, also in case they don't exist in the DB. Change-Id: I9f63cc6e53cd082d011bbef72c6a9435b6c1620b Bug-Url: https://bugzilla.redhat.com/1010963 Signed-off-by: Arik Hadas <[email protected]> --- M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RemoveVmFromImportExportCommand.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java 2 files changed, 10 insertions(+), 1 deletion(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/62/20962/1 diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RemoveVmFromImportExportCommand.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RemoveVmFromImportExportCommand.java index 1e708b7..a7ae501 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RemoveVmFromImportExportCommand.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RemoveVmFromImportExportCommand.java @@ -8,6 +8,7 @@ import java.util.Map; import org.ovirt.engine.core.bll.memory.MemoryImageRemoverFromExportDomain; +import org.ovirt.engine.core.bll.utils.PermissionSubject; import org.ovirt.engine.core.common.AuditLogType; import org.ovirt.engine.core.common.VdcObjectType; import org.ovirt.engine.core.common.action.RemoveVmFromImportExportParameters; @@ -174,4 +175,12 @@ } return jobProperties; } + + @Override + public List<PermissionSubject> getPermissionCheckSubjects() { + return Collections.singletonList(new PermissionSubject( + getParameters().getStorageDomainId(), + VdcObjectType.Storage, + getActionType().getActionGroup())); + } } diff --git a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java index 676d70d..1b4d7df 100644 --- a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java +++ b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java @@ -41,7 +41,7 @@ HotUnPlugDiskFromVm(183, ActionGroup.CONFIGURE_VM_STORAGE, false, QuotaDependency.NONE), ChangeFloppy(35, QuotaDependency.NONE), ImportVm(36, ActionGroup.IMPORT_EXPORT_VM, QuotaDependency.STORAGE), - RemoveVmFromImportExport(37, ActionGroup.IMPORT_EXPORT_VM, QuotaDependency.NONE), + RemoveVmFromImportExport(37, ActionGroup.DELETE_VM, QuotaDependency.NONE), RemoveVmTemplateFromImportExport(38, ActionGroup.IMPORT_EXPORT_VM, QuotaDependency.NONE), ImportVmTemplate(39, ActionGroup.IMPORT_EXPORT_VM, QuotaDependency.STORAGE), ChangeVMCluster(40, ActionGroup.EDIT_VM_PROPERTIES, false, QuotaDependency.NONE), -- To view, visit http://gerrit.ovirt.org/20962 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I9f63cc6e53cd082d011bbef72c6a9435b6c1620b Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-3.3 Gerrit-Owner: Arik Hadas <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
