Libor Spevak has uploaded a new change for review. Change subject: webadmin: Restrict destination host parameter for administrator only ......................................................................
webadmin: Restrict destination host parameter for administrator only Users aren't supposed to be able to provide any host level parameters to commands. Check administrator permission if destination host is specified for RunOnce VM action. Change-Id: I5294854d24b235f2c50fa7f3d4e7472cf7598b53 Bug-Url: https://bugzilla.redhat.com/902353 Signed-off-by: Libor Spevak <[email protected]> --- M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RunVmOnceCommand.java M backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dal/VdcBllMessages.java M backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties M frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/AppErrors.java 4 files changed, 11 insertions(+), 0 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/03/11303/1 diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RunVmOnceCommand.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RunVmOnceCommand.java index 22b4e02..2e333a8 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RunVmOnceCommand.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RunVmOnceCommand.java @@ -33,6 +33,12 @@ returnValue = false; } + // only administrator can specify destination host + if(getParameters().getDestinationVdsId() != null && !getCurrentUser().isAdmin()) { + addCanDoActionMessage(VdcBllMessages.VM_CANNOT_RUN_ONCE_NOT_ADMIN_FOR_DESTINATION_VDS_PARAM); + returnValue = false; + } + return returnValue; } diff --git a/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dal/VdcBllMessages.java b/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dal/VdcBllMessages.java index 360cd41..1580f76 100644 --- a/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dal/VdcBllMessages.java +++ b/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dal/VdcBllMessages.java @@ -609,6 +609,7 @@ NETWORK_EXISTS_IN_ADD_AND_REMOVE, NETWORK_HAVE_NO_INERFACES, VM_CANNOT_RUN_ONCE_WITH_ILLEGAL_SYSPREP_PARAM, + VM_CANNOT_RUN_ONCE_NOT_ADMIN_FOR_DESTINATION_VDS_PARAM, MOVE_VM_CLUSTER_MISSING_NETWORK, ACTION_TYPE_FAILED_STORAGE_POOL_WITH_DEFAULT_VDS_GROUP_CANNOT_BE_LOCALFS, DEFAULT_CLUSTER_CANNOT_BE_ON_LOCALFS, diff --git a/backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties b/backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties index 8d21da7..16daced 100644 --- a/backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties +++ b/backend/manager/modules/dal/src/main/resources/bundles/AppErrors.properties @@ -637,6 +637,7 @@ ACTION_TYPE_FAILED_NAME_MAY_NOT_CONTAIN_SPECIAL_CHARS_OR_DASH=Can not ${action} ${type}. The given name contains special characters. Only lower-case and upper-case letters, numbers, '_', allowed. ACTION_TYPE_FAILED_INVALID_VDS_HOSTNAME=Can not ${action} ${type}. The given Host name is invalid. Only Host names corresponding to RFC-952 and RFC-1123 are allowed. VM_CANNOT_RUN_ONCE_WITH_ILLEGAL_SYSPREP_PARAM=Missing UserName or Password. +VM_CANNOT_RUN_ONCE_NOT_ADMIN_FOR_DESTINATION_VDS_PARAM=Destination host cannot be specified. Administrator permission is required. ACTION_TYPE_FAILED_CANNOT_REMOVE_BUILTIN_GROUP_EVERYONE=Cannot remove the built-in group "Everyone". ACTION_TYPE_FAILED_IMPORT_DATA_DOMAIN_PROHIBITED=Importing data domain is prohibited. ACTION_TYPE_FAILED_VDS_NOT_MATCH_VALID_STATUS=Cannot ${action} ${type}. Valid Host statuses are "Non operational", "Maintenance" or "Connecting". diff --git a/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/AppErrors.java b/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/AppErrors.java index 28eb476..e9090e6 100644 --- a/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/AppErrors.java +++ b/frontend/webadmin/modules/frontend/src/main/java/org/ovirt/engine/ui/frontend/AppErrors.java @@ -1710,6 +1710,9 @@ @DefaultStringValue("Missing UserName or Password.") String VM_CANNOT_RUN_ONCE_WITH_ILLEGAL_SYSPREP_PARAM(); + @DefaultStringValue("Destination host cannot be specified. Administrator permission is required.") + String VM_CANNOT_RUN_ONCE_NOT_ADMIN_FOR_DESTINATION_VDS_PARAM(); + @DefaultStringValue("Cannot remove the built-in group \"Everyone\".") String ACTION_TYPE_FAILED_CANNOT_REMOVE_BUILTIN_GROUP_EVERYONE(); -- To view, visit http://gerrit.ovirt.org/11303 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I5294854d24b235f2c50fa7f3d4e7472cf7598b53 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Libor Spevak <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
