Yaniv Bronhaim has uploaded a new change for review. Change subject: engine: Permission given to a group doesn't apply to its member because of wrong view creation (#847333) ......................................................................
engine: Permission given to a group doesn't apply to its member because of wrong view creation (#847333) This patch fixing creation of user_permission_permissions_view. The error was that user of a group doesn't get the same permissions that the group does have. The user gets its own specific permissions only. This happens because the view user_permissions_permissions_view using user_flat_groups in a wrong way, the view supposes to make a table of permissions connected to user_id as permission_view, but this view connects also subusers of groups to their group's permissions. But it doesn't do that right, that's the reason why GetPermissionsByAdElementIdQuery returns only permissions on specific user without including its group permissions. The real bug is the wrong output of - user_permission_permissions_view. If that view output is correct and somewhere else we use it, the function GetPermissionsByAdElementIdQuery implemented wrong. Change-Id: Ice68f05528f5952848f47c029f2216d7ddd7899e Signed-off-by: Yaniv Bronhaim <[email protected]> --- M backend/manager/dbscripts/create_views.sql 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/62/7262/1 diff --git a/backend/manager/dbscripts/create_views.sql b/backend/manager/dbscripts/create_views.sql index 4f2e4fc..36a917b 100644 --- a/backend/manager/dbscripts/create_views.sql +++ b/backend/manager/dbscripts/create_views.sql @@ -1314,7 +1314,7 @@ -- Permissions on permissions CREATE OR REPLACE VIEW user_permissions_permissions_view (entity_id, user_id) AS -SELECT DISTINCT id, ad_element_id +SELECT DISTINCT id, user_id FROM permissions_view JOIN user_flat_groups ON granted_id = ad_element_id; -- To view, visit http://gerrit.ovirt.org/7262 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ice68f05528f5952848f47c029f2216d7ddd7899e Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yaniv Bronhaim <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
