Commit 026868b7 by Bach Dániel

vm: add disk, template acl levels

parent c4ce0792
......@@ -11,6 +11,7 @@ from django.utils.translation import ugettext_lazy as _
from model_utils.models import TimeStampedModel
from sizefield.models import FileSizeField
from acl.models import AclBase
from .tasks import local_tasks, remote_tasks
from common.models import ActivityModel, activitycontextimpl
......@@ -38,10 +39,15 @@ class DataStore(Model):
return self.hostname + '.' + queue_id
class Disk(TimeStampedModel):
class Disk(AclBase, TimeStampedModel):
"""A virtual disk.
('user', _('user')), # see all details
('operator', _('operator')),
('owner', _('owner')), # superuser, can delete, delegate perms
TYPES = [('qcow2-norm', 'qcow2 normal'), ('qcow2-snap', 'qcow2 snapshot'),
('iso', 'iso'), ('raw-ro', 'raw read-only'), ('raw-rw', 'raw')]
name = CharField(blank=True, max_length=100, verbose_name=_("name"))
......@@ -78,7 +78,7 @@ class VirtualMachineDescModel(BaseResourceConfigModel):
abstract = True
class InstanceTemplate(VirtualMachineDescModel, TimeStampedModel):
class InstanceTemplate(AclBase, VirtualMachineDescModel, TimeStampedModel):
"""Virtual machine template.
......@@ -94,6 +94,11 @@ class InstanceTemplate(VirtualMachineDescModel, TimeStampedModel):
* lease times (suspension & deletion)
* time of creation and last modification
('user', _('user')), # see all details
('operator', _('operator')),
('owner', _('owner')), # superuser, can delete, delegate perms
STATES = [('NEW', _('new')), # template has just been created
('SAVING', _('saving')), # changes are being saved
('READY', _('ready'))] # template is ready for instantiation
......@@ -258,6 +263,13 @@ class Instance(AclBase, VirtualMachineDescModel, TimeStampedModel):
disks = template.disks.all() if disks is None else disks
for disk in disks:
if not disk.has_level(owner, 'user'):
raise PermissionDenied()
elif (disk.type == 'qcow2-snap'
and not disk.has_level(owner, 'owner')):
raise PermissionDenied()
networks = (template.interface_set.all() if networks is None
else networks)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment