Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
Gelencsér Szabolcs
/
circlestack
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
0
Merge Requests
0
Pipelines
Wiki
Snippets
Members
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
9c872372
authored
Jul 03, 2014
by
Bach Dániel
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
circle: add missing permission checks
parent
036383f1
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
32 additions
and
10 deletions
+32
-10
circle/dashboard/templates/dashboard/vm-detail.html
+1
-1
circle/dashboard/views.py
+14
-3
circle/storage/models.py
+3
-0
circle/vm/models/instance.py
+4
-0
circle/vm/operations.py
+10
-6
No files found.
circle/dashboard/templates/dashboard/vm-detail.html
View file @
9c872372
...
...
@@ -135,7 +135,7 @@
<i
class=
"icon-tasks icon-2x"
></i><br>
{% trans "Resources" %}
</a>
</li>
<li
{%
if
not
instance
.
is_console_available
%}
class=
"disabled"
{%
endif
%}
>
<li
{%
if
not
instance
.
is_console_available
or
not
perms
.
vm
.
access_console
%}
class=
"disabled"
{%
endif
%}
>
<a
href=
"#console"
data-toggle=
"pill"
data-target=
"#_console"
class=
"text-center"
>
<i
class=
"icon-desktop icon-2x"
></i><br>
{% trans "Console" %}
</a></li>
...
...
circle/dashboard/views.py
View file @
9c872372
...
...
@@ -243,6 +243,8 @@ class VmDetailVncTokenView(CheckedDetailView):
self
.
object
=
self
.
get_object
()
if
not
self
.
object
.
has_level
(
request
.
user
,
'operator'
):
raise
PermissionDenied
()
if
not
request
.
user
.
has_perm
(
'vm.access_console'
):
raise
PermissionDenied
()
if
self
.
object
.
node
:
with
instance_activity
(
code_suffix
=
'console-accessed'
,
instance
=
self
.
object
,
user
=
request
.
user
,
...
...
@@ -637,7 +639,7 @@ class VmDownloadDiskView(FormOperationMixin, VmOperationView):
is_disk_operation
=
True
class
VmMigrateView
(
VmOperationView
):
class
VmMigrateView
(
SuperuserRequiredMixin
,
VmOperationView
):
op
=
'migrate'
icon
=
'truck'
...
...
@@ -984,7 +986,7 @@ class GroupAclUpdateView(AclUpdateView):
kwargs
=
self
.
kwargs
))
class
TemplateChoose
(
TemplateView
):
class
TemplateChoose
(
LoginRequiredMixin
,
TemplateView
):
def
get_template_names
(
self
):
if
self
.
request
.
is_ajax
():
...
...
@@ -1017,6 +1019,9 @@ class TemplateChoose(TemplateView):
else
:
template
=
get_object_or_404
(
InstanceTemplate
,
pk
=
template
)
if
not
template
.
has_level
(
user
,
"user"
):
raise
PermissionDenied
()
instance
=
Instance
.
create_from_template
(
template
=
template
,
owner
=
request
.
user
,
is_base
=
True
)
...
...
@@ -1055,7 +1060,7 @@ class TemplateCreate(SuccessMessageMixin, CreateView):
return
kwargs
def
post
(
self
,
request
,
*
args
,
**
kwargs
):
if
not
self
.
request
.
user
.
has_perm
(
'vm.create_template'
):
if
not
self
.
request
.
user
.
has_perm
(
'vm.create_
base_
template'
):
raise
PermissionDenied
()
form
=
self
.
form_class
(
request
.
POST
,
user
=
request
.
user
)
...
...
@@ -1492,6 +1497,9 @@ class VmCreate(LoginRequiredMixin, TemplateView):
return
[
'dashboard/nojs-wrapper.html'
]
def
get
(
self
,
request
,
form
=
None
,
*
args
,
**
kwargs
):
if
not
request
.
user
.
has_perm
(
'vm.create_vm'
):
raise
PermissionDenied
()
form_error
=
form
is
not
None
template
=
(
form
.
template
.
pk
if
form_error
else
request
.
GET
.
get
(
"template"
))
...
...
@@ -1597,6 +1605,9 @@ class VmCreate(LoginRequiredMixin, TemplateView):
def
post
(
self
,
request
,
*
args
,
**
kwargs
):
user
=
request
.
user
if
not
request
.
user
.
has_perm
(
'vm.create_vm'
):
raise
PermissionDenied
()
# limit chekcs
try
:
limit
=
user
.
profile
.
instance_limit
...
...
circle/storage/models.py
View file @
9c872372
...
...
@@ -106,6 +106,9 @@ class Disk(AclBase, TimeStampedModel):
ordering
=
[
'name'
]
verbose_name
=
_
(
'disk'
)
verbose_name_plural
=
_
(
'disks'
)
permissions
=
(
(
'create_empty_disk'
,
_
(
'Can create an empty disk.'
)),
(
'download_disk'
,
_
(
'Can download a disk.'
)))
class
WrongDiskTypeError
(
Exception
):
...
...
circle/vm/models/instance.py
View file @
9c872372
...
...
@@ -151,6 +151,9 @@ class InstanceTemplate(AclBase, VirtualMachineDescModel, TimeStampedModel):
ordering
=
(
'name'
,
)
permissions
=
(
(
'create_template'
,
_
(
'Can create an instance template.'
)),
(
'create_base_template'
,
_
(
'Can create an instance template (base).'
)),
(
'change_resources'
,
_
(
'Can change resources of a template.'
)),
)
verbose_name
=
_
(
'template'
)
verbose_name_plural
=
_
(
'templates'
)
...
...
@@ -263,6 +266,7 @@ class Instance(AclBase, VirtualMachineDescModel, StatusModel, OperatedMixin,
(
'access_console'
,
_
(
'Can access the graphical console of a VM.'
)),
(
'change_resources'
,
_
(
'Can change resources of a running VM.'
)),
(
'set_resources'
,
_
(
'Can change resources of a new VM.'
)),
(
'create_vm'
,
_
(
'Can create a new VM.'
)),
(
'config_ports'
,
_
(
'Can configure port forwards.'
)),
)
verbose_name
=
_
(
'instance'
)
...
...
circle/vm/operations.py
View file @
9c872372
...
...
@@ -105,6 +105,7 @@ class CreateDiskOperation(InstanceOperation):
id
=
'create_disk'
name
=
_
(
"create disk"
)
description
=
_
(
"Create empty disk for the VM."
)
required_perms
=
(
'storage.create_empty_disk'
,
)
def
check_precond
(
self
):
super
(
CreateDiskOperation
,
self
)
.
check_precond
()
...
...
@@ -131,6 +132,7 @@ class DownloadDiskOperation(InstanceOperation):
description
=
_
(
"Download disk for the VM."
)
abortable
=
True
has_percentage
=
True
required_perms
=
(
'storage.download_disk'
,
)
def
check_precond
(
self
):
super
(
DownloadDiskOperation
,
self
)
.
check_precond
()
...
...
@@ -236,6 +238,12 @@ class MigrateOperation(InstanceOperation):
with
activity
.
sub_activity
(
'rollback_net'
):
self
.
instance
.
deploy_net
()
def
check_auth
(
self
,
user
):
if
not
user
.
is_superuser
:
raise
PermissionDenied
()
super
(
MigrateOperation
,
self
)
.
check_auth
(
user
=
user
)
def
_operation
(
self
,
activity
,
to_node
=
None
,
timeout
=
120
):
if
not
to_node
:
with
activity
.
sub_activity
(
'scheduling'
)
as
sa
:
...
...
@@ -337,6 +345,7 @@ class SaveAsTemplateOperation(InstanceOperation):
Users can instantiate Virtual Machines from Templates.
"""
)
abortable
=
True
required_perms
=
(
'vm.create_template'
,
)
@staticmethod
def
_rename
(
name
):
...
...
@@ -610,18 +619,13 @@ class ResourcesOperation(InstanceOperation):
description
=
_
(
"Change resources"
)
acl_level
=
"owner"
concurrency_check
=
False
required_perms
=
(
'vm.change_resources'
,
)
def
check_precond
(
self
):
super
(
ResourcesOperation
,
self
)
.
check_precond
()
if
self
.
instance
.
status
not
in
[
"STOPPED"
,
"PENDING"
]:
raise
self
.
instance
.
WrongStateError
(
self
.
instance
)
def
check_auth
(
self
,
user
):
if
not
user
.
has_perm
(
'vm.change_resources'
):
raise
PermissionDenied
()
super
(
InstanceOperation
,
self
)
.
check_auth
(
user
=
user
)
def
_operation
(
self
,
user
,
num_cores
,
ram_size
,
max_ram_size
,
priority
):
self
.
instance
.
num_cores
=
num_cores
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment