fix(xo-acl-resolver): add PBD resolution rule (#3742)

Fixes #2204
2018-12-03 09:32:18 +01:00 · 2018-12-03 09:32:18 +01:00 · 7b354f364c
commit 7b354f364c
parent 12dd40d330
2 changed files with 9 additions and 4 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -8,8 +8,11 @@

 ### Bug fixes

+- [Home/SRs] Fixed SR status for non admin users [#2204](https://github.com/vatesfr/xen-orchestra/issues/2204) (PR [#3742](https://github.com/vatesfr/xen-orchestra/pull/3742))
+
 ### Released packages

+- xo-acl-resolver v0.4.1
 - xo-server v5.32.0
 - xo-web v5.32.0

--- a/packages/xo-acl-resolver/index.js
+++ b/packages/xo-acl-resolver/index.js
@ -56,6 +56,8 @@ const checkAuthorizationByTypes = {

  network: or(checkSelf, checkMember('$pool')),

+  PBD: or(checkMember('host'), checkMember('SR')),
+
  PIF: checkMember('$host'),

  SR: or(checkSelf, checkMember('$container')),
@ -66,7 +68,7 @@ const checkAuthorizationByTypes = {

  // Access to a VDI is granted if the user has access to the
  // containing SR or to a linked VM.
-  VDI (vdi, permission) {
+  VDI(vdi, permission) {
    // Check authorization for the containing SR.
    if (checkAuthorization(vdi.$SR, permission)) {
      return true
@ -96,7 +98,7 @@ const checkAuthorizationByTypes = {
 }

 // Hoisting is important for this function.
-function checkAuthorization (objectId, permission) {
+function checkAuthorization(objectId, permission) {
  const object = getObject(objectId)
  if (!object) {
    return false
@ -109,7 +111,7 @@ function checkAuthorization (objectId, permission) {

 // -------------------------------------------------------------------

-function assertPermissions (
+function assertPermissions(
  permissionsByObject_,
  getObject_,
  permissions,
@ -141,7 +143,7 @@ function assertPermissions (
 }
 exports.assert = assertPermissions

-exports.check = function checkPermissions () {
+exports.check = function checkPermissions() {
  try {
    assertPermissions.apply(undefined, arguments)
    return true