Revision dafbc5d3

View differences:

include/AclManager.h
127 127
     *    @param all True if the user can perform the operation over any object
128 128
     *    @param oids Set of object IDs over which the user can operate
129 129
     *    @param gids Set of object group IDs over which the user can operate
130
     *    @param cids Set of object cluster IDs over which the user can operate
130 131
     */
131 132
    void reverse_search(int                       uid,
132 133
                        int                       gid,
......
134 135
                        AuthRequest::Operation    op,
135 136
                        bool&                     all,
136 137
                        vector<int>&              oids,
137
                        vector<int>&              gids);
138
                        vector<int>&              gids,
139
                        vector<int>&              cids);
138 140

  
139 141
    /* ---------------------------------------------------------------------- */
140 142
    /* DB management                                                          */
src/acl/AclManager.cc
707 707
                                AuthRequest::Operation    op,
708 708
                                bool&                     all,
709 709
                                vector<int>&              oids,
710
                                vector<int>&              gids)
710
                                vector<int>&              gids,
711
                                vector<int>&              cids)
711 712
{
712 713
    ostringstream oss;
713 714

  
......
719 720
    long long resource_oid_req = obj_type | AclRule::INDIVIDUAL_ID;
720 721
    long long resource_gid_req = obj_type | AclRule::GROUP_ID;
721 722
    long long resource_all_req = obj_type | AclRule::ALL_ID;
723
    long long resource_cid_req = obj_type | AclRule::CLUSTER_ID;
722 724
    long long rights_req       = op;
723 725

  
724 726
    long long resource_oid_mask =
......
727 729
    long long resource_gid_mask  =
728 730
            ( obj_type | AclRule::GROUP_ID );
729 731

  
732
    long long resource_cid_mask  =
733
            ( obj_type | AclRule::CLUSTER_ID );
734

  
730 735

  
731 736
    // Create a temporal rule, to log the request
732 737
    long long log_resource;
......
789 794
                {
790 795
                    oids.push_back(it->second->resource_id());
791 796
                }
797

  
798
                // Rule grants permission for all objects of a cluster
799
                if ( ( it->second->resource & resource_cid_mask ) == resource_cid_req )
800
                {
801
                    cids.push_back(it->second->resource_id());
802
                }
803

  
792 804
            }
793 805
        }
794 806

  
......
798 810
        {
799 811
            oids.clear();
800 812
            gids.clear();
813
            cids.clear();
801 814
        }
802 815
    }
803 816
}
src/datastore/Datastore.cc
24 24
const char * Datastore::table = "datastore_pool";
25 25

  
26 26
const char * Datastore::db_names =
27
        "oid, name, body, uid, gid, owner_u, group_u, other_u";
27
        "oid, name, body, uid, gid, owner_u, group_u, other_u, cid";
28 28

  
29 29
const char * Datastore::db_bootstrap =
30 30
    "CREATE TABLE IF NOT EXISTS datastore_pool ("
31 31
    "oid INTEGER PRIMARY KEY, name VARCHAR(128), body TEXT, uid INTEGER, "
32 32
    "gid INTEGER, owner_u INTEGER, group_u INTEGER, other_u INTEGER, "
33
    "UNIQUE(name))";
33
    "cid INTEGER, UNIQUE(name))";
34 34

  
35 35
/* ************************************************************************ */
36 36
/* Datastore :: Constructor/Destructor                                      */
......
265 265
        <<          gid                 << ","
266 266
        <<          owner_u             << ","
267 267
        <<          group_u             << ","
268
        <<          other_u             << ")";
268
        <<          other_u             << ","
269
        <<          cluster_id          << ")";
269 270

  
270 271

  
271 272
    rc = db->exec(oss);
src/host/Host.cc
62 62
const char * Host::table = "host_pool";
63 63

  
64 64
const char * Host::db_names =
65
    "oid, name, body, state, last_mon_time, uid, gid, owner_u, group_u, other_u";
65
    "oid, name, body, state, last_mon_time, uid, gid, owner_u, group_u, other_u, cid";
66 66

  
67 67
const char * Host::db_bootstrap = "CREATE TABLE IF NOT EXISTS host_pool ("
68 68
    "oid INTEGER PRIMARY KEY, name VARCHAR(128), body TEXT, state INTEGER, "
69 69
    "last_mon_time INTEGER, uid INTEGER, gid INTEGER, owner_u INTEGER, "
70
    "group_u INTEGER, other_u INTEGER, UNIQUE(name))";
70
    "group_u INTEGER, other_u INTEGER, cid INTEGER, UNIQUE(name))";
71 71

  
72 72

  
73 73
const char * Host::monit_table = "host_monitoring";
......
136 136
        <<          gid                 << ","
137 137
        <<          owner_u             << ","
138 138
        <<          group_u             << ","
139
        <<          other_u             << ")";
139
        <<          other_u             << ","
140
        <<          cluster_id          << ")";
140 141

  
141 142
    rc = db->exec(oss);
142 143

  
src/pool/PoolSQL.cc
593 593

  
594 594
    vector<int> oids;
595 595
    vector<int> gids;
596
    vector<int> cids;
596 597

  
597 598
    aclm->reverse_search(uid,
598 599
                         gid,
......
600 601
                         AuthRequest::USE,
601 602
                         all,
602 603
                         oids,
603
                         gids);
604
                         gids,
605
                         cids);
604 606

  
605 607
    for ( it = oids.begin(); it < oids.end(); it++ )
606 608
    {
......
612 614
        acl_filter << " OR gid = " << *it;
613 615
    }
614 616

  
617
    for ( it = cids.begin(); it < cids.end(); it++ )
618
    {
619
        acl_filter << " OR cid = " << *it;
620
    }
621

  
615 622
    filter = acl_filter.str();
616 623
}
617 624

  
src/vnm/VirtualNetwork.cc
78 78
const char * VirtualNetwork::table        = "network_pool";
79 79

  
80 80
const char * VirtualNetwork::db_names =
81
        "oid, name, body, uid, gid, owner_u, group_u, other_u";
81
        "oid, name, body, uid, gid, owner_u, group_u, other_u, cid";
82 82

  
83 83
const char * VirtualNetwork::db_bootstrap = "CREATE TABLE IF NOT EXISTS"
84 84
    " network_pool (oid INTEGER PRIMARY KEY, name VARCHAR(128),"
85
    " body TEXT, uid INTEGER, gid INTEGER, "
86
    "owner_u INTEGER, group_u INTEGER, other_u INTEGER, UNIQUE(name,uid))";
85
    " body TEXT, uid INTEGER, gid INTEGER,"
86
    " owner_u INTEGER, group_u INTEGER, other_u INTEGER,"
87
    " cid INTEGER, UNIQUE(name,uid))";
87 88

  
88 89
/* -------------------------------------------------------------------------- */
89 90
/* -------------------------------------------------------------------------- */
......
393 394
        <<          gid         << ","
394 395
        <<          owner_u     << ","
395 396
        <<          group_u     << ","
396
        <<          other_u     << ")";
397
        <<          other_u     << ","
398
        <<          cluster_id  << ")";
397 399

  
398 400
    rc = db->exec(oss);
399 401

  

Also available in: Unified diff