From f4ea39b602a4074a2bacd414671d5376430f6303 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 3 Feb 2016 10:02:39 +0100 Subject: [PATCH 01/26] Initial commit. --- packages/xo-acl-resolver/.babelrc | 8 ++ packages/xo-acl-resolver/.editorconfig | 65 ++++++++++++ packages/xo-acl-resolver/.gitignore | 9 ++ packages/xo-acl-resolver/.mocha.js | 5 + packages/xo-acl-resolver/.mocha.opts | 1 + packages/xo-acl-resolver/.npmignore | 10 ++ packages/xo-acl-resolver/.travis.yml | 9 ++ packages/xo-acl-resolver/README.md | 52 +++++++++ packages/xo-acl-resolver/package.json | 56 ++++++++++ packages/xo-acl-resolver/src/index.js | 118 +++++++++++++++++++++ packages/xo-acl-resolver/src/index.spec.js | 17 +++ 11 files changed, 350 insertions(+) create mode 100644 packages/xo-acl-resolver/.babelrc create mode 100644 packages/xo-acl-resolver/.editorconfig create mode 100644 packages/xo-acl-resolver/.gitignore create mode 100644 packages/xo-acl-resolver/.mocha.js create mode 100644 packages/xo-acl-resolver/.mocha.opts create mode 100644 packages/xo-acl-resolver/.npmignore create mode 100644 packages/xo-acl-resolver/.travis.yml create mode 100644 packages/xo-acl-resolver/README.md create mode 100644 packages/xo-acl-resolver/package.json create mode 100644 packages/xo-acl-resolver/src/index.js create mode 100644 packages/xo-acl-resolver/src/index.spec.js diff --git a/packages/xo-acl-resolver/.babelrc b/packages/xo-acl-resolver/.babelrc new file mode 100644 index 000000000..0a89ba36d --- /dev/null +++ b/packages/xo-acl-resolver/.babelrc @@ -0,0 +1,8 @@ +{ + "comments": false, + "compact": true, + "presets": [ + "stage-0", + "es2015" + ] +} diff --git a/packages/xo-acl-resolver/.editorconfig b/packages/xo-acl-resolver/.editorconfig new file mode 100644 index 000000000..da21ef4c5 --- /dev/null +++ b/packages/xo-acl-resolver/.editorconfig @@ -0,0 +1,65 @@ +# http://EditorConfig.org +# +# Julien Fontanet's configuration +# https://gist.github.com/julien-f/8096213 + +# Top-most EditorConfig file. +root = true + +# Common config. +[*] +charset = utf-8 +end_of_line = lf +insert_final_newline = true +trim_trailing_whitespaces = true + +# CoffeeScript +# +# https://github.com/polarmobile/coffeescript-style-guide/blob/master/README.md +[*.{,lit}coffee] +indent_size = 2 +indent_style = space + +# Markdown +[*.{md,mdwn,mdown,markdown}] +indent_size = 4 +indent_style = space + +# Package.json +# +# This indentation style is the one used by npm. +[/package.json] +indent_size = 2 +indent_style = space + +# Jade +[*.jade] +indent_size = 2 +indent_style = space + +# JavaScript +# +# Two spaces seems to be the standard most common style, at least in +# Node.js (http://nodeguide.com/style.html#tabs-vs-spaces). +[*.js] +indent_size = 2 +indent_style = space + +# Less +[*.less] +indent_size = 2 +indent_style = space + +# Sass +# +# Style used for http://libsass.com +[*.s[ac]ss] +indent_size = 2 +indent_style = space + +# YAML +# +# Only spaces are allowed. +[*.yaml] +indent_size = 2 +indent_style = space diff --git a/packages/xo-acl-resolver/.gitignore b/packages/xo-acl-resolver/.gitignore new file mode 100644 index 000000000..6959be1cf --- /dev/null +++ b/packages/xo-acl-resolver/.gitignore @@ -0,0 +1,9 @@ +/.nyc_output/ +/bower_components/ +/dist/ + +npm-debug.log +npm-debug.log.* + +!node_modules/* +node_modules/*/ diff --git a/packages/xo-acl-resolver/.mocha.js b/packages/xo-acl-resolver/.mocha.js new file mode 100644 index 000000000..e6d84e403 --- /dev/null +++ b/packages/xo-acl-resolver/.mocha.js @@ -0,0 +1,5 @@ +Error.stackTraceLimit = 100 + +try { require('trace') } catch (_) {} +try { require('clarify') } catch (_) {} +try { require('source-map-support/register') } catch (_) {} diff --git a/packages/xo-acl-resolver/.mocha.opts b/packages/xo-acl-resolver/.mocha.opts new file mode 100644 index 000000000..6cfd94898 --- /dev/null +++ b/packages/xo-acl-resolver/.mocha.opts @@ -0,0 +1 @@ +--require ./.mocha.js diff --git a/packages/xo-acl-resolver/.npmignore b/packages/xo-acl-resolver/.npmignore new file mode 100644 index 000000000..c31ee82cb --- /dev/null +++ b/packages/xo-acl-resolver/.npmignore @@ -0,0 +1,10 @@ +/examples/ +example.js +example.js.map +*.example.js +*.example.js.map + +/test/ +/tests/ +*.spec.js +*.spec.js.map diff --git a/packages/xo-acl-resolver/.travis.yml b/packages/xo-acl-resolver/.travis.yml new file mode 100644 index 000000000..a9b136ea6 --- /dev/null +++ b/packages/xo-acl-resolver/.travis.yml @@ -0,0 +1,9 @@ +language: node_js +node_js: + - 'stable' + - '4' + - '0.12' + +# Use containers. +# http://docs.travis-ci.com/user/workers/container-based-infrastructure/ +sudo: false diff --git a/packages/xo-acl-resolver/README.md b/packages/xo-acl-resolver/README.md new file mode 100644 index 000000000..6904d5bae --- /dev/null +++ b/packages/xo-acl-resolver/README.md @@ -0,0 +1,52 @@ +# xo-acl-resolver [![Build Status](https://travis-ci.org/vatesfr/xo-acl-resolver.png?branch=master)](https://travis-ci.org/vatesfr/xo-acl-resolver) + +> [Xen-Orchestra](http://xen-orchestra.com/) internal: do ACLs resolution. + +## Install + +Installation of the [npm package](https://npmjs.org/package/xo-acl-resolver): + +``` +> npm install --save xo-acl-resolver +``` + +## Usage + +**TODO** + +## Development + +### Installing dependencies + +``` +> npm install +``` + +### Compilation + +The sources files are watched and automatically recompiled on changes. + +``` +> npm run dev +``` + +### Tests + +``` +> npm run test-dev +``` + +## Contributions + +Contributions are *very* welcomed, either on the documentation or on +the code. + +You may: + +- report any [issue](https://github.com/vatesfr/xo-acl-resolver/issues) + you've encountered; +- fork and create a pull request. + +## License + +ISC © [Vates SAS](https://vates.fr) diff --git a/packages/xo-acl-resolver/package.json b/packages/xo-acl-resolver/package.json new file mode 100644 index 000000000..500ce6922 --- /dev/null +++ b/packages/xo-acl-resolver/package.json @@ -0,0 +1,56 @@ +{ + "name": "xo-acl-resolver", + "version": "0.0.0", + "license": "ISC", + "description": "Xen-Orchestra internal: do ACLs resolution", + "keywords": [], + "homepage": "https://github.com/vatesfr/xo-acl-resolver", + "bugs": "https://github.com/vatesfr/xo-acl-resolver/issues", + "repository": { + "type": "git", + "url": "https://github.com/vatesfr/xo-acl-resolver" + }, + "author": { + "name": "Julien Fontanet", + "email": "julien.fontanet@vates.fr" + }, + "preferGlobal": false, + "main": "dist/", + "bin": {}, + "files": [ + "dist/" + ], + "engines": { + "node": ">=0.12" + }, + "devDependencies": { + "babel-cli": "^6.4.5", + "babel-eslint": "^4.1.8", + "babel-preset-es2015": "^6.3.13", + "babel-preset-stage-0": "^6.3.13", + "clarify": "^1.0.5", + "dependency-check": "^2.5.1", + "mocha": "^2.4.5", + "must": "^0.13.1", + "nyc": "^5.5.0", + "source-map-support": "^0.4.0", + "standard": "^5.4.1", + "trace": "^2.0.2" + }, + "scripts": { + "build": "babel --source-maps --out-dir=dist/ src/", + "depcheck": "dependency-check ./package.json", + "dev": "babel --watch --source-maps --out-dir=dist/ src/", + "dev-test": "mocha --opts .mocha.opts --watch --reporter=min \"dist/**/*.spec.js\"", + "lint": "standard", + "posttest": "npm run lint && npm run depcheck", + "prepublish": "npm run build", + "test": "nyc mocha --opts .mocha.opts \"dist/**/*.spec.js\"" + }, + "standard": { + "ignore": [ + "dist/**" + ], + "parser": "babel-eslint" + } +} diff --git a/packages/xo-acl-resolver/src/index.js b/packages/xo-acl-resolver/src/index.js new file mode 100644 index 000000000..e818d2566 --- /dev/null +++ b/packages/xo-acl-resolver/src/index.js @@ -0,0 +1,118 @@ +// These global variables are not a problem because the algorithm is +// synchronous. +let permissionsByObject +let getObject + +// ------------------------------------------------------------------- + +const authorized = () => true // eslint-disable-line no-unused-vars +const forbiddden = () => false // eslint-disable-line no-unused-vars + +const and = (...checkers) => (object, permission) => { // eslint-disable-line no-unused-vars + for (const checker of checkers) { + if (!checker(object, permission)) { + return false + } + } + return true +} + +const or = (...checkers) => (object, permission) => { // eslint-disable-line no-unused-vars + for (const checker of checkers) { + if (checker(object, permission)) { + return true + } + } + return false +} + +// ------------------------------------------------------------------- + +const checkMember = memberName => (object, permission) => { + const member = object[memberName] + return checkAuthorization(member, permission) +} + +const checkSelf = ({ id }, permission) => { + const permissionsForObject = permissionsByObject[id] + + return ( + permissionsForObject && + permissionsForObject[permission] + ) +} + +// =================================================================== + +const checkAuthorizationByTypes = { + host: or(checkSelf, checkMember('$pool')), + + message: checkMember('$object'), + + network: or(checkSelf, checkMember('$pool')), + + SR: or(checkSelf, checkMember('$pool')), + + task: checkMember('$host'), + + VBD: checkMember('VDI'), + + // Access to a VDI is granted if the user has access to the + // containing SR or to a linked VM. + VDI (vdi, permission) { + // Check authorization for the containing SR. + if (checkAuthorization(vdi.$SR, permission)) { + return true + } + + // Check authorization for each of the connected VMs. + for (const { VM: vm } of vdi.$VBDs) { + if (checkAuthorization(vm, permission)) { + return true + } + } + + return false + }, + + VIF: or(checkMember('$network'), checkMember('$VM')), + + VM: or(checkSelf, checkMember('$container')), + + 'VM-snapshot': checkMember('$snapshot_of'), + + 'VM-template': authorized +} + +// Hoisting is important for this function. +function checkAuthorization (objectId, permission) { + const object = getObject(objectId) + const checker = checkAuthorizationByTypes[object.type] || checkSelf + + return checker(object, permission) +} + +// ------------------------------------------------------------------- + +export default ( + permissionsByObject_, + getObject_, + permissions +) => { + // Assign global variables. + permissionsByObject = permissionsByObject_ + getObject = getObject_ + + try { + for (const [objectId, permission] of permissions) { + if (!checkAuthorization(objectId, permission)) { + return false + } + } + + return true + } finally { + // Free the global variables. + permissionsByObject = getObject = null + } +} diff --git a/packages/xo-acl-resolver/src/index.spec.js b/packages/xo-acl-resolver/src/index.spec.js new file mode 100644 index 000000000..2319bd7d5 --- /dev/null +++ b/packages/xo-acl-resolver/src/index.spec.js @@ -0,0 +1,17 @@ +/* eslint-env mocha */ + +import expect from 'must' + +// =================================================================== + +import myLib from './' + +// =================================================================== + +describe.skip('myLib', () => { + it('does something', () => { + // TODO: some real tests. + + expect(myLib).to.exists() + }) +}) From ed45a9b1567704c585d8adbdd5bc2961cdb855ed Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 3 Feb 2016 11:35:48 +0100 Subject: [PATCH 02/26] VDI-snapshot inherits from its VDI. --- packages/xo-acl-resolver/src/index.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packages/xo-acl-resolver/src/index.js b/packages/xo-acl-resolver/src/index.js index e818d2566..c949fae5e 100644 --- a/packages/xo-acl-resolver/src/index.js +++ b/packages/xo-acl-resolver/src/index.js @@ -75,6 +75,8 @@ const checkAuthorizationByTypes = { return false }, + 'VDI-snapshot': checkMember('$snapshot_of'), + VIF: or(checkMember('$network'), checkMember('$VM')), VM: or(checkSelf, checkMember('$container')), From bf586d08377ed7329526cbe889538fe5496de3d1 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 3 Feb 2016 11:41:01 +0100 Subject: [PATCH 03/26] 0.0.0-0 --- packages/xo-acl-resolver/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-acl-resolver/package.json b/packages/xo-acl-resolver/package.json index 500ce6922..352885db0 100644 --- a/packages/xo-acl-resolver/package.json +++ b/packages/xo-acl-resolver/package.json @@ -1,6 +1,6 @@ { "name": "xo-acl-resolver", - "version": "0.0.0", + "version": "0.0.0-0", "license": "ISC", "description": "Xen-Orchestra internal: do ACLs resolution", "keywords": [], From defd42f74e73584bf29225da6efb8338097f5e8d Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Fri, 8 Apr 2016 10:46:57 +0200 Subject: [PATCH 04/26] VDI: fix fallback on VM. --- packages/xo-acl-resolver/src/index.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/xo-acl-resolver/src/index.js b/packages/xo-acl-resolver/src/index.js index c949fae5e..328b1e075 100644 --- a/packages/xo-acl-resolver/src/index.js +++ b/packages/xo-acl-resolver/src/index.js @@ -66,8 +66,8 @@ const checkAuthorizationByTypes = { } // Check authorization for each of the connected VMs. - for (const { VM: vm } of vdi.$VBDs) { - if (checkAuthorization(vm, permission)) { + for (const vbdId of vdi.$VBDs) { + if (checkAuthorization(getObject(vbdId).VM, permission)) { return true } } From 1e7d1b1628f1c498e3e85c652d3edf2bc21c9378 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Fri, 8 Apr 2016 11:05:41 +0200 Subject: [PATCH 05/26] 0.0.0 --- packages/xo-acl-resolver/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-acl-resolver/package.json b/packages/xo-acl-resolver/package.json index 352885db0..500ce6922 100644 --- a/packages/xo-acl-resolver/package.json +++ b/packages/xo-acl-resolver/package.json @@ -1,6 +1,6 @@ { "name": "xo-acl-resolver", - "version": "0.0.0-0", + "version": "0.0.0", "license": "ISC", "description": "Xen-Orchestra internal: do ACLs resolution", "keywords": [], From 58aed76aa3eb751690ef8404129c100e24f58027 Mon Sep 17 00:00:00 2001 From: greenkeeperio-bot Date: Wed, 27 Apr 2016 15:44:41 +0200 Subject: [PATCH 06/26] chore(package): update dependencies https://greenkeeper.io/ --- packages/xo-acl-resolver/package.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/xo-acl-resolver/package.json b/packages/xo-acl-resolver/package.json index 500ce6922..7624cdda1 100644 --- a/packages/xo-acl-resolver/package.json +++ b/packages/xo-acl-resolver/package.json @@ -25,16 +25,16 @@ }, "devDependencies": { "babel-cli": "^6.4.5", - "babel-eslint": "^4.1.8", + "babel-eslint": "^6.0.4", "babel-preset-es2015": "^6.3.13", "babel-preset-stage-0": "^6.3.13", "clarify": "^1.0.5", "dependency-check": "^2.5.1", "mocha": "^2.4.5", "must": "^0.13.1", - "nyc": "^5.5.0", + "nyc": "^6.4.0", "source-map-support": "^0.4.0", - "standard": "^5.4.1", + "standard": "^6.0.8", "trace": "^2.0.2" }, "scripts": { From 649ab26da819738660954d34c506cfd39eaf0bc6 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 27 Apr 2016 15:52:13 +0200 Subject: [PATCH 07/26] feat: gracefully handle missing objects --- packages/xo-acl-resolver/src/index.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/packages/xo-acl-resolver/src/index.js b/packages/xo-acl-resolver/src/index.js index 328b1e075..2e45533c2 100644 --- a/packages/xo-acl-resolver/src/index.js +++ b/packages/xo-acl-resolver/src/index.js @@ -89,6 +89,10 @@ const checkAuthorizationByTypes = { // Hoisting is important for this function. function checkAuthorization (objectId, permission) { const object = getObject(objectId) + if (!object) { + return false + } + const checker = checkAuthorizationByTypes[object.type] || checkSelf return checker(object, permission) From c70ca2ff64e329252c72c748d90113f2ce20e22a Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 27 Apr 2016 15:58:22 +0200 Subject: [PATCH 08/26] style: add missing parentheses --- packages/xo-acl-resolver/src/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-acl-resolver/src/index.js b/packages/xo-acl-resolver/src/index.js index 2e45533c2..4e1e3689d 100644 --- a/packages/xo-acl-resolver/src/index.js +++ b/packages/xo-acl-resolver/src/index.js @@ -28,7 +28,7 @@ const or = (...checkers) => (object, permission) => { // eslint-disable-line no- // ------------------------------------------------------------------- -const checkMember = memberName => (object, permission) => { +const checkMember = (memberName) => (object, permission) => { const member = object[memberName] return checkAuthorization(member, permission) } From 4ab24d2fe56a98741efdfc17c002a4a4cf822cf3 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Wed, 27 Apr 2016 16:11:12 +0200 Subject: [PATCH 09/26] 0.1.0 --- packages/xo-acl-resolver/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-acl-resolver/package.json b/packages/xo-acl-resolver/package.json index 7624cdda1..5d2525335 100644 --- a/packages/xo-acl-resolver/package.json +++ b/packages/xo-acl-resolver/package.json @@ -1,6 +1,6 @@ { "name": "xo-acl-resolver", - "version": "0.0.0", + "version": "0.1.0", "license": "ISC", "description": "Xen-Orchestra internal: do ACLs resolution", "keywords": [], From 8b65c280a86b4484b4907eaf86ffc67f855d4762 Mon Sep 17 00:00:00 2001 From: Greenkeeper Date: Tue, 3 May 2016 09:05:49 +0200 Subject: [PATCH 10/26] chore(package): update standard to version 7.0.0 (#4) https://greenkeeper.io/ --- packages/xo-acl-resolver/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-acl-resolver/package.json b/packages/xo-acl-resolver/package.json index 5d2525335..3660a0a5f 100644 --- a/packages/xo-acl-resolver/package.json +++ b/packages/xo-acl-resolver/package.json @@ -34,7 +34,7 @@ "must": "^0.13.1", "nyc": "^6.4.0", "source-map-support": "^0.4.0", - "standard": "^6.0.8", + "standard": "^7.0.0", "trace": "^2.0.2" }, "scripts": { From 7629bf5be25913180254f5f7079211b8b14c3de0 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Tue, 7 Jun 2016 16:26:52 +0200 Subject: [PATCH 11/26] feat: simplify use for single object --- packages/xo-acl-resolver/src/index.js | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/packages/xo-acl-resolver/src/index.js b/packages/xo-acl-resolver/src/index.js index 4e1e3689d..d0d65f5d3 100644 --- a/packages/xo-acl-resolver/src/index.js +++ b/packages/xo-acl-resolver/src/index.js @@ -103,16 +103,21 @@ function checkAuthorization (objectId, permission) { export default ( permissionsByObject_, getObject_, - permissions + permissions, + permission ) => { // Assign global variables. permissionsByObject = permissionsByObject_ getObject = getObject_ try { - for (const [objectId, permission] of permissions) { - if (!checkAuthorization(objectId, permission)) { - return false + if (permission) { + return checkAuthorization(permissions, permission) + } else { + for (const [objectId, permission] of permissions) { + if (!checkAuthorization(objectId, permission)) { + return false + } } } From 46f6911ef83004df7a95ad4b0da624b810e85577 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Tue, 7 Jun 2016 16:27:05 +0200 Subject: [PATCH 12/26] feat(README): add usage --- packages/xo-acl-resolver/README.md | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/packages/xo-acl-resolver/README.md b/packages/xo-acl-resolver/README.md index 6904d5bae..371fa5483 100644 --- a/packages/xo-acl-resolver/README.md +++ b/packages/xo-acl-resolver/README.md @@ -12,7 +12,29 @@ Installation of the [npm package](https://npmjs.org/package/xo-acl-resolver): ## Usage -**TODO** +```js +import check from 'xo-acl-resolver' + +// This object contains a list of permissions returned from +// xo-server's acl.getCurrentPermissions. +const permissions = { /* ... */ } + +// This function should returns synchronously an object from an id. +const getObject = id => { /* ... */ } + +// For a single object: +if (check(permissions, getObject, objectId, permission)) { + console.log(`${permission} set for object ${objectId}`) +} + +// For multiple objects/permissions: +if (check(permissions, getObject, [ + [ object1Id, permission1 ], + [ object12d, permission2 ], +])) { + console.log('all permissions checked') +} +``` ## Development From e1173e6565499a80fef7878ea3c8c5c1f38c13fb Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Tue, 7 Jun 2016 16:27:34 +0200 Subject: [PATCH 13/26] 0.2.0 --- packages/xo-acl-resolver/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-acl-resolver/package.json b/packages/xo-acl-resolver/package.json index 3660a0a5f..5cc9a509c 100644 --- a/packages/xo-acl-resolver/package.json +++ b/packages/xo-acl-resolver/package.json @@ -1,6 +1,6 @@ { "name": "xo-acl-resolver", - "version": "0.1.0", + "version": "0.2.0", "license": "ISC", "description": "Xen-Orchestra internal: do ACLs resolution", "keywords": [], From e02cb56ee0e28fb4d80eded6d93e9ba60c0e2f36 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Fri, 24 Jun 2016 14:32:16 +0200 Subject: [PATCH 14/26] feat(VM-controller): inherits from its container --- packages/xo-acl-resolver/src/index.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packages/xo-acl-resolver/src/index.js b/packages/xo-acl-resolver/src/index.js index d0d65f5d3..a2c1adbfc 100644 --- a/packages/xo-acl-resolver/src/index.js +++ b/packages/xo-acl-resolver/src/index.js @@ -81,6 +81,8 @@ const checkAuthorizationByTypes = { VM: or(checkSelf, checkMember('$container')), + 'VM-controller': checkMember('$container'), + 'VM-snapshot': checkMember('$snapshot_of'), 'VM-template': authorized From 99727447efa5e761561ae59f0e7c8996dc11eaae Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Fri, 24 Jun 2016 14:32:25 +0200 Subject: [PATCH 15/26] 0.2.1 --- packages/xo-acl-resolver/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-acl-resolver/package.json b/packages/xo-acl-resolver/package.json index 5cc9a509c..9e91cc0e9 100644 --- a/packages/xo-acl-resolver/package.json +++ b/packages/xo-acl-resolver/package.json @@ -1,6 +1,6 @@ { "name": "xo-acl-resolver", - "version": "0.2.0", + "version": "0.2.1", "license": "ISC", "description": "Xen-Orchestra internal: do ACLs resolution", "keywords": [], From f115ee18c4c3f2e3de5d6ed5ce30064250dc7417 Mon Sep 17 00:00:00 2001 From: Greenkeeper Date: Fri, 15 Jul 2016 11:27:11 +0200 Subject: [PATCH 16/26] chore(package): update nyc to version 7.0.0 (#10) https://greenkeeper.io/ --- packages/xo-acl-resolver/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-acl-resolver/package.json b/packages/xo-acl-resolver/package.json index 9e91cc0e9..3c9c02a30 100644 --- a/packages/xo-acl-resolver/package.json +++ b/packages/xo-acl-resolver/package.json @@ -32,7 +32,7 @@ "dependency-check": "^2.5.1", "mocha": "^2.4.5", "must": "^0.13.1", - "nyc": "^6.4.0", + "nyc": "^7.0.0", "source-map-support": "^0.4.0", "standard": "^7.0.0", "trace": "^2.0.2" From e763db7102f2b62c4d6e2f17ed358c5f866b7b14 Mon Sep 17 00:00:00 2001 From: Greenkeeper Date: Tue, 2 Aug 2016 16:16:53 +0200 Subject: [PATCH 17/26] chore(package): update mocha to version 3.0.0 (#11) https://greenkeeper.io/ --- packages/xo-acl-resolver/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-acl-resolver/package.json b/packages/xo-acl-resolver/package.json index 3c9c02a30..3c13daf5e 100644 --- a/packages/xo-acl-resolver/package.json +++ b/packages/xo-acl-resolver/package.json @@ -30,7 +30,7 @@ "babel-preset-stage-0": "^6.3.13", "clarify": "^1.0.5", "dependency-check": "^2.5.1", - "mocha": "^2.4.5", + "mocha": "^3.0.0", "must": "^0.13.1", "nyc": "^7.0.0", "source-map-support": "^0.4.0", From d56590c6e689af29f5414781bab15a46900ef823 Mon Sep 17 00:00:00 2001 From: Greenkeeper Date: Tue, 16 Aug 2016 23:41:08 +0200 Subject: [PATCH 18/26] chore(package): update nyc to version 8.0.0 (#12) https://greenkeeper.io/ --- packages/xo-acl-resolver/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-acl-resolver/package.json b/packages/xo-acl-resolver/package.json index 3c13daf5e..1ba1e16a8 100644 --- a/packages/xo-acl-resolver/package.json +++ b/packages/xo-acl-resolver/package.json @@ -32,7 +32,7 @@ "dependency-check": "^2.5.1", "mocha": "^3.0.0", "must": "^0.13.1", - "nyc": "^7.0.0", + "nyc": "^8.0.0", "source-map-support": "^0.4.0", "standard": "^7.0.0", "trace": "^2.0.2" From 1a68c3947d1f2fe24f4fdcc0c5ad3796c2409714 Mon Sep 17 00:00:00 2001 From: Greenkeeper Date: Wed, 24 Aug 2016 17:26:48 +0200 Subject: [PATCH 19/26] chore(package): update standard to version 8.0.0 (#13) https://greenkeeper.io/ --- packages/xo-acl-resolver/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-acl-resolver/package.json b/packages/xo-acl-resolver/package.json index 1ba1e16a8..3a9524a10 100644 --- a/packages/xo-acl-resolver/package.json +++ b/packages/xo-acl-resolver/package.json @@ -34,7 +34,7 @@ "must": "^0.13.1", "nyc": "^8.0.0", "source-map-support": "^0.4.0", - "standard": "^7.0.0", + "standard": "^8.0.0", "trace": "^2.0.2" }, "scripts": { From ea18e4129ca3aac1bbade51640ca28915c0577a6 Mon Sep 17 00:00:00 2001 From: Greenkeeper Date: Tue, 27 Sep 2016 23:37:26 +0200 Subject: [PATCH 20/26] chore(package): update babel-eslint to version 7.0.0 (#14) https://greenkeeper.io/ --- packages/xo-acl-resolver/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-acl-resolver/package.json b/packages/xo-acl-resolver/package.json index 3a9524a10..58386db2e 100644 --- a/packages/xo-acl-resolver/package.json +++ b/packages/xo-acl-resolver/package.json @@ -25,7 +25,7 @@ }, "devDependencies": { "babel-cli": "^6.4.5", - "babel-eslint": "^6.0.4", + "babel-eslint": "^7.0.0", "babel-preset-es2015": "^6.3.13", "babel-preset-stage-0": "^6.3.13", "clarify": "^1.0.5", From 5434b4987ffb76faaf5f01722ac469a82440ca28 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Tue, 4 Oct 2016 15:09:12 +0200 Subject: [PATCH 21/26] chore(package): remove unused deps --- packages/xo-acl-resolver/.mocha.js | 5 ----- packages/xo-acl-resolver/.mocha.opts | 1 - packages/xo-acl-resolver/package.json | 12 ++---------- packages/xo-acl-resolver/src/index.spec.js | 17 ----------------- 4 files changed, 2 insertions(+), 33 deletions(-) delete mode 100644 packages/xo-acl-resolver/.mocha.js delete mode 100644 packages/xo-acl-resolver/.mocha.opts delete mode 100644 packages/xo-acl-resolver/src/index.spec.js diff --git a/packages/xo-acl-resolver/.mocha.js b/packages/xo-acl-resolver/.mocha.js deleted file mode 100644 index e6d84e403..000000000 --- a/packages/xo-acl-resolver/.mocha.js +++ /dev/null @@ -1,5 +0,0 @@ -Error.stackTraceLimit = 100 - -try { require('trace') } catch (_) {} -try { require('clarify') } catch (_) {} -try { require('source-map-support/register') } catch (_) {} diff --git a/packages/xo-acl-resolver/.mocha.opts b/packages/xo-acl-resolver/.mocha.opts deleted file mode 100644 index 6cfd94898..000000000 --- a/packages/xo-acl-resolver/.mocha.opts +++ /dev/null @@ -1 +0,0 @@ ---require ./.mocha.js diff --git a/packages/xo-acl-resolver/package.json b/packages/xo-acl-resolver/package.json index 58386db2e..d7cdc7821 100644 --- a/packages/xo-acl-resolver/package.json +++ b/packages/xo-acl-resolver/package.json @@ -28,24 +28,16 @@ "babel-eslint": "^7.0.0", "babel-preset-es2015": "^6.3.13", "babel-preset-stage-0": "^6.3.13", - "clarify": "^1.0.5", "dependency-check": "^2.5.1", - "mocha": "^3.0.0", - "must": "^0.13.1", - "nyc": "^8.0.0", - "source-map-support": "^0.4.0", - "standard": "^8.0.0", - "trace": "^2.0.2" + "standard": "^8.0.0" }, "scripts": { "build": "babel --source-maps --out-dir=dist/ src/", "depcheck": "dependency-check ./package.json", "dev": "babel --watch --source-maps --out-dir=dist/ src/", - "dev-test": "mocha --opts .mocha.opts --watch --reporter=min \"dist/**/*.spec.js\"", "lint": "standard", "posttest": "npm run lint && npm run depcheck", - "prepublish": "npm run build", - "test": "nyc mocha --opts .mocha.opts \"dist/**/*.spec.js\"" + "prepublish": "npm run build" }, "standard": { "ignore": [ diff --git a/packages/xo-acl-resolver/src/index.spec.js b/packages/xo-acl-resolver/src/index.spec.js deleted file mode 100644 index 2319bd7d5..000000000 --- a/packages/xo-acl-resolver/src/index.spec.js +++ /dev/null @@ -1,17 +0,0 @@ -/* eslint-env mocha */ - -import expect from 'must' - -// =================================================================== - -import myLib from './' - -// =================================================================== - -describe.skip('myLib', () => { - it('does something', () => { - // TODO: some real tests. - - expect(myLib).to.exists() - }) -}) From 75cde40b0e3a22f998502dc11c2fcf9d4fd4c000 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Tue, 4 Oct 2016 15:13:08 +0200 Subject: [PATCH 22/26] fix(VM-template): normal permissions handling Fixes vatesfr/xo-web#1620 --- packages/xo-acl-resolver/src/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-acl-resolver/src/index.js b/packages/xo-acl-resolver/src/index.js index a2c1adbfc..03ef9e4e5 100644 --- a/packages/xo-acl-resolver/src/index.js +++ b/packages/xo-acl-resolver/src/index.js @@ -85,7 +85,7 @@ const checkAuthorizationByTypes = { 'VM-snapshot': checkMember('$snapshot_of'), - 'VM-template': authorized + 'VM-template': or(checkSelf, checkMember('$pool')) } // Hoisting is important for this function. From ea55c10c4df7b519d0259f2d373111a2a7b70a27 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Tue, 4 Oct 2016 15:15:39 +0200 Subject: [PATCH 23/26] chore(package): pnpm compatibility --- packages/xo-acl-resolver/.gitignore | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/packages/xo-acl-resolver/.gitignore b/packages/xo-acl-resolver/.gitignore index 6959be1cf..827e4e420 100644 --- a/packages/xo-acl-resolver/.gitignore +++ b/packages/xo-acl-resolver/.gitignore @@ -1,9 +1,7 @@ -/.nyc_output/ -/bower_components/ /dist/ +/node_modules/ npm-debug.log npm-debug.log.* - -!node_modules/* -node_modules/*/ +pnpm-debug.log +pnpm-debug.log.* From 14bca4bbf7d8fbf87e0bc3efbf9dced2a8520bf0 Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Tue, 4 Oct 2016 15:16:10 +0200 Subject: [PATCH 24/26] 0.2.2 --- packages/xo-acl-resolver/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-acl-resolver/package.json b/packages/xo-acl-resolver/package.json index d7cdc7821..03f0deb2e 100644 --- a/packages/xo-acl-resolver/package.json +++ b/packages/xo-acl-resolver/package.json @@ -1,6 +1,6 @@ { "name": "xo-acl-resolver", - "version": "0.2.1", + "version": "0.2.2", "license": "ISC", "description": "Xen-Orchestra internal: do ACLs resolution", "keywords": [], From 6dc4b4dc1bae9895ff905f185c663cc7775e049e Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Fri, 2 Dec 2016 14:56:19 +0100 Subject: [PATCH 25/26] fix: workaround for VDI snapshots with $snaphot_of which point to themselves --- packages/xo-acl-resolver/src/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-acl-resolver/src/index.js b/packages/xo-acl-resolver/src/index.js index 03ef9e4e5..4e08db43a 100644 --- a/packages/xo-acl-resolver/src/index.js +++ b/packages/xo-acl-resolver/src/index.js @@ -30,7 +30,7 @@ const or = (...checkers) => (object, permission) => { // eslint-disable-line no- const checkMember = (memberName) => (object, permission) => { const member = object[memberName] - return checkAuthorization(member, permission) + return member !== object.id && checkAuthorization(member, permission) } const checkSelf = ({ id }, permission) => { From 0a8fed1950f4422bef90f70f8247917eb221930e Mon Sep 17 00:00:00 2001 From: Julien Fontanet Date: Fri, 2 Dec 2016 14:57:24 +0100 Subject: [PATCH 26/26] 0.2.3 --- packages/xo-acl-resolver/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/xo-acl-resolver/package.json b/packages/xo-acl-resolver/package.json index 03f0deb2e..cd7360322 100644 --- a/packages/xo-acl-resolver/package.json +++ b/packages/xo-acl-resolver/package.json @@ -1,6 +1,6 @@ { "name": "xo-acl-resolver", - "version": "0.2.2", + "version": "0.2.3", "license": "ISC", "description": "Xen-Orchestra internal: do ACLs resolution", "keywords": [],