Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
Gyuricska Milán
/
cloud
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
0
Merge Requests
0
Pipelines
Wiki
Snippets
Members
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
9c872372
authored
Jul 03, 2014
by
Bach Dániel
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
circle: add missing permission checks
parent
036383f1
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
32 additions
and
10 deletions
+32
-10
circle/dashboard/templates/dashboard/vm-detail.html
+1
-1
circle/dashboard/views.py
+14
-3
circle/storage/models.py
+3
-0
circle/vm/models/instance.py
+4
-0
circle/vm/operations.py
+10
-6
No files found.
circle/dashboard/templates/dashboard/vm-detail.html
View file @
9c872372
...
@@ -135,7 +135,7 @@
...
@@ -135,7 +135,7 @@
<i
class=
"icon-tasks icon-2x"
></i><br>
<i
class=
"icon-tasks icon-2x"
></i><br>
{% trans "Resources" %}
</a>
{% trans "Resources" %}
</a>
</li>
</li>
<li
{%
if
not
instance
.
is_console_available
%}
class=
"disabled"
{%
endif
%}
>
<li
{%
if
not
instance
.
is_console_available
or
not
perms
.
vm
.
access_console
%}
class=
"disabled"
{%
endif
%}
>
<a
href=
"#console"
data-toggle=
"pill"
data-target=
"#_console"
class=
"text-center"
>
<a
href=
"#console"
data-toggle=
"pill"
data-target=
"#_console"
class=
"text-center"
>
<i
class=
"icon-desktop icon-2x"
></i><br>
<i
class=
"icon-desktop icon-2x"
></i><br>
{% trans "Console" %}
</a></li>
{% trans "Console" %}
</a></li>
...
...
circle/dashboard/views.py
View file @
9c872372
...
@@ -243,6 +243,8 @@ class VmDetailVncTokenView(CheckedDetailView):
...
@@ -243,6 +243,8 @@ class VmDetailVncTokenView(CheckedDetailView):
self
.
object
=
self
.
get_object
()
self
.
object
=
self
.
get_object
()
if
not
self
.
object
.
has_level
(
request
.
user
,
'operator'
):
if
not
self
.
object
.
has_level
(
request
.
user
,
'operator'
):
raise
PermissionDenied
()
raise
PermissionDenied
()
if
not
request
.
user
.
has_perm
(
'vm.access_console'
):
raise
PermissionDenied
()
if
self
.
object
.
node
:
if
self
.
object
.
node
:
with
instance_activity
(
code_suffix
=
'console-accessed'
,
with
instance_activity
(
code_suffix
=
'console-accessed'
,
instance
=
self
.
object
,
user
=
request
.
user
,
instance
=
self
.
object
,
user
=
request
.
user
,
...
@@ -637,7 +639,7 @@ class VmDownloadDiskView(FormOperationMixin, VmOperationView):
...
@@ -637,7 +639,7 @@ class VmDownloadDiskView(FormOperationMixin, VmOperationView):
is_disk_operation
=
True
is_disk_operation
=
True
class
VmMigrateView
(
VmOperationView
):
class
VmMigrateView
(
SuperuserRequiredMixin
,
VmOperationView
):
op
=
'migrate'
op
=
'migrate'
icon
=
'truck'
icon
=
'truck'
...
@@ -984,7 +986,7 @@ class GroupAclUpdateView(AclUpdateView):
...
@@ -984,7 +986,7 @@ class GroupAclUpdateView(AclUpdateView):
kwargs
=
self
.
kwargs
))
kwargs
=
self
.
kwargs
))
class
TemplateChoose
(
TemplateView
):
class
TemplateChoose
(
LoginRequiredMixin
,
TemplateView
):
def
get_template_names
(
self
):
def
get_template_names
(
self
):
if
self
.
request
.
is_ajax
():
if
self
.
request
.
is_ajax
():
...
@@ -1017,6 +1019,9 @@ class TemplateChoose(TemplateView):
...
@@ -1017,6 +1019,9 @@ class TemplateChoose(TemplateView):
else
:
else
:
template
=
get_object_or_404
(
InstanceTemplate
,
pk
=
template
)
template
=
get_object_or_404
(
InstanceTemplate
,
pk
=
template
)
if
not
template
.
has_level
(
user
,
"user"
):
raise
PermissionDenied
()
instance
=
Instance
.
create_from_template
(
instance
=
Instance
.
create_from_template
(
template
=
template
,
owner
=
request
.
user
,
is_base
=
True
)
template
=
template
,
owner
=
request
.
user
,
is_base
=
True
)
...
@@ -1055,7 +1060,7 @@ class TemplateCreate(SuccessMessageMixin, CreateView):
...
@@ -1055,7 +1060,7 @@ class TemplateCreate(SuccessMessageMixin, CreateView):
return
kwargs
return
kwargs
def
post
(
self
,
request
,
*
args
,
**
kwargs
):
def
post
(
self
,
request
,
*
args
,
**
kwargs
):
if
not
self
.
request
.
user
.
has_perm
(
'vm.create_template'
):
if
not
self
.
request
.
user
.
has_perm
(
'vm.create_
base_
template'
):
raise
PermissionDenied
()
raise
PermissionDenied
()
form
=
self
.
form_class
(
request
.
POST
,
user
=
request
.
user
)
form
=
self
.
form_class
(
request
.
POST
,
user
=
request
.
user
)
...
@@ -1492,6 +1497,9 @@ class VmCreate(LoginRequiredMixin, TemplateView):
...
@@ -1492,6 +1497,9 @@ class VmCreate(LoginRequiredMixin, TemplateView):
return
[
'dashboard/nojs-wrapper.html'
]
return
[
'dashboard/nojs-wrapper.html'
]
def
get
(
self
,
request
,
form
=
None
,
*
args
,
**
kwargs
):
def
get
(
self
,
request
,
form
=
None
,
*
args
,
**
kwargs
):
if
not
request
.
user
.
has_perm
(
'vm.create_vm'
):
raise
PermissionDenied
()
form_error
=
form
is
not
None
form_error
=
form
is
not
None
template
=
(
form
.
template
.
pk
if
form_error
template
=
(
form
.
template
.
pk
if
form_error
else
request
.
GET
.
get
(
"template"
))
else
request
.
GET
.
get
(
"template"
))
...
@@ -1597,6 +1605,9 @@ class VmCreate(LoginRequiredMixin, TemplateView):
...
@@ -1597,6 +1605,9 @@ class VmCreate(LoginRequiredMixin, TemplateView):
def
post
(
self
,
request
,
*
args
,
**
kwargs
):
def
post
(
self
,
request
,
*
args
,
**
kwargs
):
user
=
request
.
user
user
=
request
.
user
if
not
request
.
user
.
has_perm
(
'vm.create_vm'
):
raise
PermissionDenied
()
# limit chekcs
# limit chekcs
try
:
try
:
limit
=
user
.
profile
.
instance_limit
limit
=
user
.
profile
.
instance_limit
...
...
circle/storage/models.py
View file @
9c872372
...
@@ -106,6 +106,9 @@ class Disk(AclBase, TimeStampedModel):
...
@@ -106,6 +106,9 @@ class Disk(AclBase, TimeStampedModel):
ordering
=
[
'name'
]
ordering
=
[
'name'
]
verbose_name
=
_
(
'disk'
)
verbose_name
=
_
(
'disk'
)
verbose_name_plural
=
_
(
'disks'
)
verbose_name_plural
=
_
(
'disks'
)
permissions
=
(
(
'create_empty_disk'
,
_
(
'Can create an empty disk.'
)),
(
'download_disk'
,
_
(
'Can download a disk.'
)))
class
WrongDiskTypeError
(
Exception
):
class
WrongDiskTypeError
(
Exception
):
...
...
circle/vm/models/instance.py
View file @
9c872372
...
@@ -151,6 +151,9 @@ class InstanceTemplate(AclBase, VirtualMachineDescModel, TimeStampedModel):
...
@@ -151,6 +151,9 @@ class InstanceTemplate(AclBase, VirtualMachineDescModel, TimeStampedModel):
ordering
=
(
'name'
,
)
ordering
=
(
'name'
,
)
permissions
=
(
permissions
=
(
(
'create_template'
,
_
(
'Can create an instance template.'
)),
(
'create_template'
,
_
(
'Can create an instance template.'
)),
(
'create_base_template'
,
_
(
'Can create an instance template (base).'
)),
(
'change_resources'
,
_
(
'Can change resources of a template.'
)),
)
)
verbose_name
=
_
(
'template'
)
verbose_name
=
_
(
'template'
)
verbose_name_plural
=
_
(
'templates'
)
verbose_name_plural
=
_
(
'templates'
)
...
@@ -263,6 +266,7 @@ class Instance(AclBase, VirtualMachineDescModel, StatusModel, OperatedMixin,
...
@@ -263,6 +266,7 @@ class Instance(AclBase, VirtualMachineDescModel, StatusModel, OperatedMixin,
(
'access_console'
,
_
(
'Can access the graphical console of a VM.'
)),
(
'access_console'
,
_
(
'Can access the graphical console of a VM.'
)),
(
'change_resources'
,
_
(
'Can change resources of a running VM.'
)),
(
'change_resources'
,
_
(
'Can change resources of a running VM.'
)),
(
'set_resources'
,
_
(
'Can change resources of a new VM.'
)),
(
'set_resources'
,
_
(
'Can change resources of a new VM.'
)),
(
'create_vm'
,
_
(
'Can create a new VM.'
)),
(
'config_ports'
,
_
(
'Can configure port forwards.'
)),
(
'config_ports'
,
_
(
'Can configure port forwards.'
)),
)
)
verbose_name
=
_
(
'instance'
)
verbose_name
=
_
(
'instance'
)
...
...
circle/vm/operations.py
View file @
9c872372
...
@@ -105,6 +105,7 @@ class CreateDiskOperation(InstanceOperation):
...
@@ -105,6 +105,7 @@ class CreateDiskOperation(InstanceOperation):
id
=
'create_disk'
id
=
'create_disk'
name
=
_
(
"create disk"
)
name
=
_
(
"create disk"
)
description
=
_
(
"Create empty disk for the VM."
)
description
=
_
(
"Create empty disk for the VM."
)
required_perms
=
(
'storage.create_empty_disk'
,
)
def
check_precond
(
self
):
def
check_precond
(
self
):
super
(
CreateDiskOperation
,
self
)
.
check_precond
()
super
(
CreateDiskOperation
,
self
)
.
check_precond
()
...
@@ -131,6 +132,7 @@ class DownloadDiskOperation(InstanceOperation):
...
@@ -131,6 +132,7 @@ class DownloadDiskOperation(InstanceOperation):
description
=
_
(
"Download disk for the VM."
)
description
=
_
(
"Download disk for the VM."
)
abortable
=
True
abortable
=
True
has_percentage
=
True
has_percentage
=
True
required_perms
=
(
'storage.download_disk'
,
)
def
check_precond
(
self
):
def
check_precond
(
self
):
super
(
DownloadDiskOperation
,
self
)
.
check_precond
()
super
(
DownloadDiskOperation
,
self
)
.
check_precond
()
...
@@ -236,6 +238,12 @@ class MigrateOperation(InstanceOperation):
...
@@ -236,6 +238,12 @@ class MigrateOperation(InstanceOperation):
with
activity
.
sub_activity
(
'rollback_net'
):
with
activity
.
sub_activity
(
'rollback_net'
):
self
.
instance
.
deploy_net
()
self
.
instance
.
deploy_net
()
def
check_auth
(
self
,
user
):
if
not
user
.
is_superuser
:
raise
PermissionDenied
()
super
(
MigrateOperation
,
self
)
.
check_auth
(
user
=
user
)
def
_operation
(
self
,
activity
,
to_node
=
None
,
timeout
=
120
):
def
_operation
(
self
,
activity
,
to_node
=
None
,
timeout
=
120
):
if
not
to_node
:
if
not
to_node
:
with
activity
.
sub_activity
(
'scheduling'
)
as
sa
:
with
activity
.
sub_activity
(
'scheduling'
)
as
sa
:
...
@@ -337,6 +345,7 @@ class SaveAsTemplateOperation(InstanceOperation):
...
@@ -337,6 +345,7 @@ class SaveAsTemplateOperation(InstanceOperation):
Users can instantiate Virtual Machines from Templates.
Users can instantiate Virtual Machines from Templates.
"""
)
"""
)
abortable
=
True
abortable
=
True
required_perms
=
(
'vm.create_template'
,
)
@staticmethod
@staticmethod
def
_rename
(
name
):
def
_rename
(
name
):
...
@@ -610,18 +619,13 @@ class ResourcesOperation(InstanceOperation):
...
@@ -610,18 +619,13 @@ class ResourcesOperation(InstanceOperation):
description
=
_
(
"Change resources"
)
description
=
_
(
"Change resources"
)
acl_level
=
"owner"
acl_level
=
"owner"
concurrency_check
=
False
concurrency_check
=
False
required_perms
=
(
'vm.change_resources'
,
)
def
check_precond
(
self
):
def
check_precond
(
self
):
super
(
ResourcesOperation
,
self
)
.
check_precond
()
super
(
ResourcesOperation
,
self
)
.
check_precond
()
if
self
.
instance
.
status
not
in
[
"STOPPED"
,
"PENDING"
]:
if
self
.
instance
.
status
not
in
[
"STOPPED"
,
"PENDING"
]:
raise
self
.
instance
.
WrongStateError
(
self
.
instance
)
raise
self
.
instance
.
WrongStateError
(
self
.
instance
)
def
check_auth
(
self
,
user
):
if
not
user
.
has_perm
(
'vm.change_resources'
):
raise
PermissionDenied
()
super
(
InstanceOperation
,
self
)
.
check_auth
(
user
=
user
)
def
_operation
(
self
,
user
,
num_cores
,
ram_size
,
max_ram_size
,
priority
):
def
_operation
(
self
,
user
,
num_cores
,
ram_size
,
max_ram_size
,
priority
):
self
.
instance
.
num_cores
=
num_cores
self
.
instance
.
num_cores
=
num_cores
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment