feat(acls): allow VM operators to create/delete snapshots (#3482)

Fixes #3443
2018-10-05 11:48:42 +02:00 · 2018-10-05 11:48:42 +02:00 · 0253c63db3
commit 0253c63db3
parent 0d3b2bc814
3 changed files with 18 additions and 8 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -8,6 +8,7 @@
 - [Host/networks] Private networks table [#3387](https://github.com/vatesfr/xen-orchestra/issues/3387) (PR [#3481](https://github.com/vatesfr/xen-orchestra/pull/3481))
 - [Home/pool] Patch count pill now shows the number of unique patches in the pool [#3321](https://github.com/vatesfr/xen-orchestra/issues/3321) (PR [#3483](https://github.com/vatesfr/xen-orchestra/pull/3483))
 - [Patches] Pre-install checks to avoid errors [#3252](https://github.com/vatesfr/xen-orchestra/issues/3252)
+- [Vm/Snapshots] Allow VM operators to create snapshots and delete those they created [#3443](https://github.com/vatesfr/xen-orchestra/issues/3443) (PR [#3482](https://github.com/vatesfr/xen-orchestra/pull/3482))

 ### Bug fixes

--- a/packages/xo-server/src/api/vm.js
+++ b/packages/xo-server/src/api/vm.js
@ -1,4 +1,5 @@
 import concat from 'lodash/concat'
+import defer from 'golike-defer'
 import { format } from 'json-rpc-peer'
 import { ignoreErrors } from 'promise-toolbox'
 import {
@ -740,14 +741,22 @@ export { convertToTemplate as convert }
 // -------------------------------------------------------------------

 // TODO: implement resource sets
-export async function snapshot ({
-  vm,
-  name = `${vm.name_label}_${new Date().toISOString()}`,
-}) {
+export const snapshot = defer(async function (
+  $defer,
+  { vm, name = `${vm.name_label}_${new Date().toISOString()}` }
+) {
  await checkPermissionOnSrs.call(this, vm)

-  return (await this.getXapi(vm).snapshotVm(vm._xapiRef, name)).$id
-}
+  const xapi = this.getXapi(vm)
+  const { $id: snapshotId } = await xapi.snapshotVm(vm._xapiRef, name)
+  $defer.onFailure(() => xapi.deleteVm(snapshotId))
+
+  const { user } = this
+  if (user.permission !== 'admin') {
+    await this.addAcl(user.id, snapshotId, 'admin')
+  }
+  return snapshotId
+})

 snapshot.params = {
  id: { type: 'string' },
@ -755,7 +764,7 @@ snapshot.params = {
 }

 snapshot.resolve = {
-  vm: ['id', 'VM', 'administrate'],
+  vm: ['id', 'VM', 'operate'],
 }

 // -------------------------------------------------------------------
--- a/packages/xo-web/src/xo-app/vm/index.js
+++ b/packages/xo-web/src/xo-app/vm/index.js
@ -153,7 +153,7 @@ export default class Vm extends BaseComponent {
    () => this.props.checkPermissions,
    () => this.props.vm,
    () => this.props.srs,
-    (checkPermissions, vm, srs) => checkPermissions(vm.id, 'administrate')
+    (checkPermissions, vm, srs) => checkPermissions(vm.id, 'operate')
  )

  _setNameDescription = nameDescription =>