[Engine-patches] Change in ovirt-engine[master]: webdmin: Restrict destination host parameter for administrat...

Tue, 12 Feb 2013 05:08:35 -0800 

Itamar Heim has posted comments on this change.

Change subject: webdmin: Restrict destination host parameter for administrator 
only
......................................................................


Patch Set 4: (1 inline comment)

....................................................
File 
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RunVmCommand.java
Line 870:             final Guid destinationVdsId = 
getParameters().getDestinationVdsId();
Line 871:             if (destinationVdsId != null && 
!destinationVdsId.equals(getVm().getDedicatedVmForVds())) {
Line 872:                 permissionList.add(new 
PermissionSubject(getParameters().getVmId(),
Line 873:                     VdcObjectType.VM,
Line 874:                     ActionGroup.EDIT_VM_PROPERTIES));
> not sure i understand you, power user role (currently) has: 
> LOGIN,CREATE_DISK,CREATE_TEMPLATE,CREATE_VM

poweruser has create_vm, which leads to vmowner/admin, so implicitly gets 
edit_vm_properties.

> but even if it had EDIT_VM_PROPERTIES on this vm, anyway he could update the 
> vm, change the dest host and run, so why not allow (one-time) update during 
> run?

yes, that's exactly the point of this patch - *users* should not be able to set 
anything about hosts.
Line 875:             }
Line 876:         }
Line 877: 
Line 878:         return permissionList;


--
To view, visit http://gerrit.ovirt.org/11303
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I5294854d24b235f2c50fa7f3d4e7472cf7598b53
Gerrit-PatchSet: 4
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Libor Spevak <[email protected]>
Gerrit-Reviewer: Einav Cohen <[email protected]>
Gerrit-Reviewer: Gilad Chaplik <[email protected]>
Gerrit-Reviewer: Itamar Heim <[email protected]>
Gerrit-Reviewer: Libor Spevak <[email protected]>
Gerrit-Reviewer: Michael Pasternak <[email protected]>
Gerrit-Reviewer: Omer Frenkel <[email protected]>
Gerrit-Reviewer: Tomas Jelinek <[email protected]>
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to