Revision bfaabf35 src/authm/AuthManager.cc

View differences:

src/authm/AuthManager.cc
39 39
    ostringstream oss;
40 40
    bool          auth;
41 41

  
42
    switch (ob)
43
    {
44
        case VM:       oss << "VM:" ; break;
45
        case HOST:     oss << "HOST:" ; break;
46
        case NET:      oss << "NET:" ; break;
47
        case IMAGE:    oss << "IMAGE:" ; break;
48
        case USER:     oss << "USER:" ; break;
49
        case TEMPLATE: oss << "TEMPLATE:" ; break;
50
        case GROUP:    oss << "GROUP:" ; break;
51
    }
42
    oss << Object_to_str(ob) << ":";
52 43

  
53 44
    if (op == CREATE || op == INSTANTIATE) //encode the ob_id, it is a template
54 45
    {
......
69 60
        oss << ob_id << ":";
70 61
    }
71 62

  
72
    switch (op)
73
    {
74
        case CREATE:
75
            oss << "CREATE:" ;
76
            break;
77

  
78
        case DELETE:
79
            oss << "DELETE:" ;
80
            break;
81

  
82
        case USE:
83
            oss << "USE:" ;
84
            break;
85

  
86
        case MANAGE:
87
            oss << "MANAGE:" ;
88
            break;
89
            
90
        case INFO:
91
            oss << "INFO:" ;
92
            break;
93

  
94
        case INFO_POOL:
95
            oss << "INFO_POOL:" ;
96
            break;
97

  
98
        case INFO_POOL_MINE:
99
            oss << "INFO_POOL_MINE:" ;
100
            break;
101

  
102
        case INSTANTIATE:
103
            oss << "INSTANTIATE:" ;
104
            break;
105

  
106
        case CHOWN:
107
            oss << "CHOWN:" ;
108
            break;
109
    }
63
    oss << Operation_to_str(op) << ":";
110 64

  
111 65
    oss << owner << ":" << pub;
112 66

  
......
120 74
    }
121 75
    else
122 76
    {
123
        auth = false;
77
        // TODO, the set of object ids is needed
78
        set<int> emtpy_set;
124 79

  
125
        switch (op)
126
        {
127
            case CREATE:
128
                if ( ob == VM || ob == NET || ob == IMAGE || ob == TEMPLATE )
129
                {
130
                    auth = true;
131
                }
132
                break;
133

  
134
            case INSTANTIATE:
135
                if ( ob == VM )
136
                {
137
                    auth = true;
138
                }
139
                break;
140

  
141
            case DELETE:
142
                auth = owner == uid;
143
                break;
144

  
145
            case USE:
146
                if (ob == NET || ob == IMAGE || ob == TEMPLATE)
147
                {
148
                    auth = (owner == uid) || pub;
149
                }
150
                else if (ob == HOST)
151
                {
152
                    auth = true;
153
                }
154
                break;
155

  
156
            case MANAGE:
157
                auth = owner == uid;
158
                break;
159
                
160
            case INFO: 
161
                if ( ob != USER ) // User info only for root or owner
162
                {
163
                    auth = true;
164
                }
165
                else 
166
                {
167
                    istringstream iss(ob_id);
168
                    int ob_id_int;
169

  
170
                    iss >> ob_id_int;
171

  
172
                    if (ob_id_int == uid)
173
                    {
174
                        auth = true;
175
                    }
176
                }
177
                break;
178

  
179
            case INFO_POOL:
180
                if ( ob != USER ) // User pool only for oneadmin
181
                {
182
                    auth = true;
183
                }
184
                break;
185

  
186
            case INFO_POOL_MINE:
187
                auth = true;
188
                break;
189
            case CHOWN: //true only for oneadmin
190
                break;
191
        }
80
        int         ob_gid = 0;
81

  
82
        istringstream iss(ob_id);
83
        int ob_id_int;
84

  
85
        iss >> ob_id_int;
86

  
87
        Nebula&     nd   = Nebula::instance();
88
        AclManager* aclm = nd.get_aclm();
89

  
90
        auth = aclm->authorize(uid, emtpy_set, ob, ob_id_int, ob_gid, op);
192 91
    }
193 92

  
194 93
    self_authorize = self_authorize && auth;

Also available in: Unified diff