Revision dafbc5d3 src/acl/AclManager.cc

View differences:

src/acl/AclManager.cc
707 707
                                AuthRequest::Operation    op,
708 708
                                bool&                     all,
709 709
                                vector<int>&              oids,
710
                                vector<int>&              gids)
710
                                vector<int>&              gids,
711
                                vector<int>&              cids)
711 712
{
712 713
    ostringstream oss;
713 714

  
......
719 720
    long long resource_oid_req = obj_type | AclRule::INDIVIDUAL_ID;
720 721
    long long resource_gid_req = obj_type | AclRule::GROUP_ID;
721 722
    long long resource_all_req = obj_type | AclRule::ALL_ID;
723
    long long resource_cid_req = obj_type | AclRule::CLUSTER_ID;
722 724
    long long rights_req       = op;
723 725

  
724 726
    long long resource_oid_mask =
......
727 729
    long long resource_gid_mask  =
728 730
            ( obj_type | AclRule::GROUP_ID );
729 731

  
732
    long long resource_cid_mask  =
733
            ( obj_type | AclRule::CLUSTER_ID );
734

  
730 735

  
731 736
    // Create a temporal rule, to log the request
732 737
    long long log_resource;
......
789 794
                {
790 795
                    oids.push_back(it->second->resource_id());
791 796
                }
797

  
798
                // Rule grants permission for all objects of a cluster
799
                if ( ( it->second->resource & resource_cid_mask ) == resource_cid_req )
800
                {
801
                    cids.push_back(it->second->resource_id());
802
                }
803

  
792 804
            }
793 805
        }
794 806

  
......
798 810
        {
799 811
            oids.clear();
800 812
            gids.clear();
813
            cids.clear();
801 814
        }
802 815
    }
803 816
}

Also available in: Unified diff