From c91a890d4282279e75712f746b1a5161a7a2b6a9 Mon Sep 17 00:00:00 2001 From: Olivier Lambert Date: Fri, 29 May 2015 09:35:20 +0200 Subject: [PATCH] add ACLs in objects --- src/api/disk.js | 2 +- src/api/docker.js | 6 ++-- src/api/host.coffee | 24 ++++++++-------- src/api/message.coffee | 2 +- src/api/pbd.coffee | 6 ++-- src/api/pif.coffee | 6 ++-- src/api/pool.js | 6 ++-- src/api/sr.js | 28 +++++++++---------- src/api/task.coffee | 4 +-- src/api/vbd.coffee | 8 +++--- src/api/vdi.coffee | 8 +++--- src/api/vif.coffee | 6 ++-- src/api/vm.coffee | 62 +++++++++++++++++++++--------------------- 13 files changed, 84 insertions(+), 84 deletions(-) diff --git a/src/api/disk.js b/src/api/disk.js index fcce29387..c64897e77 100644 --- a/src/api/disk.js +++ b/src/api/disk.js @@ -28,5 +28,5 @@ create.params = { } create.resolve = { - sr: ['sr', 'SR'] + sr: ['sr', 'SR', 'administrate'] } diff --git a/src/api/docker.js b/src/api/docker.js index 72e8aa381..80d87aac2 100644 --- a/src/api/docker.js +++ b/src/api/docker.js @@ -10,7 +10,7 @@ register.params = { } register.resolve = { - vm: ['vm', 'VM'] + vm: ['vm', 'VM', 'administrate'] } // ----------------------------------------------------------------------------- @@ -27,7 +27,7 @@ deregister.params = { } deregister.resolve = { - vm: ['vm', 'VM'] + vm: ['vm', 'VM', 'administrate'] } // ----------------------------------------------------------------------------- @@ -61,6 +61,6 @@ for (let fn of [start, stop, restart, pause, unpause]) { } fn.resolve = { - vm: ['vm', 'VM'] + vm: ['vm', 'VM', 'operate'] } } diff --git a/src/api/host.coffee b/src/api/host.coffee index 785b9d603..76c9d3c86 100644 --- a/src/api/host.coffee +++ b/src/api/host.coffee @@ -38,7 +38,7 @@ set.params = optional: true set.resolve = { - host: ['id', 'host'], + host: ['id', 'host', 'administrate'], } exports.set = set @@ -58,7 +58,7 @@ restart.params = { } restart.resolve = { - host: ['id', 'host'], + host: ['id', 'host', 'operate'], } exports.restart = restart @@ -77,7 +77,7 @@ restartAgent.params = { } restartAgent.resolve = { - host: ['id', 'host'], + host: ['id', 'host', 'operate'], } # TODO camel case @@ -97,7 +97,7 @@ start.params = { } start.resolve = { - host: ['id', 'host'], + host: ['id', 'host', 'operate'], } exports.start = start @@ -117,7 +117,7 @@ stop.params = { } stop.resolve = { - host: ['id', 'host'], + host: ['id', 'host', 'operate'], } exports.stop = stop @@ -136,7 +136,7 @@ detach.params = { } detach.resolve = { - host: ['id', 'host'], + host: ['id', 'host', 'administrate'], } exports.detach = detach @@ -155,7 +155,7 @@ enable.params = { } enable.resolve = { - host: ['id', 'host'], + host: ['id', 'host', 'administrate'], } exports.enable = enable @@ -174,7 +174,7 @@ disable.params = { } disable.resolve = { - host: ['id', 'host'], + host: ['id', 'host', 'administrate'], } exports.disable = disable @@ -210,7 +210,7 @@ createNetwork.params = { } createNetwork.resolve = { - host: ['host', 'host'], + host: ['host', 'host', 'administrate'], } createNetwork.permission = 'admin' exports.createNetwork = createNetwork @@ -228,7 +228,7 @@ listMissingPatches.params = { } listMissingPatches.resolve = { - host: ['host', 'host'], + host: ['host', 'host', 'view'], } exports.listMissingPatches = listMissingPatches @@ -244,7 +244,7 @@ installPatch.params = { } installPatch.resolve = { - host: ['host', 'host'] + host: ['host', 'host', 'administrate'] } exports.installPatch = installPatch @@ -337,7 +337,7 @@ stats.params = { } stats.resolve = { - host: ['host', 'host'] + host: ['host', 'host', 'view'] } exports.stats = stats; diff --git a/src/api/message.coffee b/src/api/message.coffee index a43d78434..af9f6dfe1 100644 --- a/src/api/message.coffee +++ b/src/api/message.coffee @@ -14,7 +14,7 @@ delete_.params = { } delete_.resolve = { - message: ['id', 'message'] + message: ['id', 'message', 'administrate'] } exports.delete = delete_ diff --git a/src/api/pbd.coffee b/src/api/pbd.coffee index e547dead6..df267da4e 100644 --- a/src/api/pbd.coffee +++ b/src/api/pbd.coffee @@ -16,7 +16,7 @@ exports.delete.params = { id: { type: 'string' } } exports.delete.resolve = { - PBD: ['id', 'PBD'] + PBD: ['id', 'PBD', 'administrate'] } #===================================================================== @@ -33,7 +33,7 @@ exports.disconnect.params = { id: { type: 'string' } } exports.disconnect.resolve = { - PBD: ['id', 'PBD'] + PBD: ['id', 'PBD', 'administrate'] } #===================================================================== @@ -50,5 +50,5 @@ exports.connect.params = { id: { type: 'string' } } exports.connect.resolve = { - PBD: ['id', 'PBD'] + PBD: ['id', 'PBD', 'administrate'] } diff --git a/src/api/pif.coffee b/src/api/pif.coffee index 15e133919..409d88a4f 100644 --- a/src/api/pif.coffee +++ b/src/api/pif.coffee @@ -14,7 +14,7 @@ exports.delete.params = { id: { type: 'string' } } exports.delete.resolve = { - PIF: ['id', 'PIF'] + PIF: ['id', 'PIF', 'administrate'] } #===================================================================== @@ -31,7 +31,7 @@ exports.disconnect.params = { id: { type: 'string' } } exports.disconnect.resolve = { - PIF: ['id', 'PIF'] + PIF: ['id', 'PIF', 'administrate'] } #===================================================================== # Connect @@ -47,5 +47,5 @@ exports.connect.params = { id: { type: 'string' } } exports.connect.resolve = { - PIF: ['id', 'PIF'] + PIF: ['id', 'PIF', 'administrate'] } diff --git a/src/api/pool.js b/src/api/pool.js index 6f8cd6856..aa126c208 100644 --- a/src/api/pool.js +++ b/src/api/pool.js @@ -22,7 +22,7 @@ set.params = { } set.resolve = { - pool: ['id', 'pool'] + pool: ['id', 'pool', 'administrate'] } // ------------------------------------------------------------------- @@ -41,7 +41,7 @@ installPatch.params = { } installPatch.resolve = { - pool: ['pool', 'pool'] + pool: ['pool', 'pool', 'administrate'] } // ------------------------------------------------------------------- @@ -68,7 +68,7 @@ uploadPatch.params = { } uploadPatch.resolve = { - pool: ['pool', 'pool'] + pool: ['pool', 'pool', 'administrate'] } // Compatibility diff --git a/src/api/sr.js b/src/api/sr.js index 5f2f6fa49..9a122f7ff 100644 --- a/src/api/sr.js +++ b/src/api/sr.js @@ -38,7 +38,7 @@ scan.params = { } scan.resolve = { - SR: ['id', 'SR'] + SR: ['id', 'SR', 'operate'] } // ------------------------------------------------------------------- @@ -57,7 +57,7 @@ destroy.params = { } destroy.resolve = { - SR: ['id', 'SR'] + SR: ['id', 'SR', 'administrate'] } // ------------------------------------------------------------------- @@ -75,7 +75,7 @@ forget.params = { } forget.resolve = { - SR: ['id', 'SR'] + SR: ['id', 'SR', 'administrate'] } // ------------------------------------------------------------------- @@ -120,7 +120,7 @@ createIso.params = { } createIso.resolve = { - host: ['host', 'host'] + host: ['host', 'host', 'administrate'] } // ------------------------------------------------------------------- @@ -175,7 +175,7 @@ createNfs.params = { } createNfs.resolve = { - host: ['host', 'host'] + host: ['host', 'host', 'administrate'] } // ------------------------------------------------------------------- @@ -220,7 +220,7 @@ createLvm.params = { } createLvm.resolve = { - host: ['host', 'host'] + host: ['host', 'host', 'administrate'] } // ------------------------------------------------------------------- @@ -274,7 +274,7 @@ probeNfs.params = { } probeNfs.resolve = { - host: ['host', 'host'] + host: ['host', 'host', 'administrate'] } // ------------------------------------------------------------------- @@ -343,7 +343,7 @@ createIscsi.params = { } createIscsi.resolve = { - host: ['host', 'host'] + host: ['host', 'host', 'administrate'] } // ------------------------------------------------------------------- @@ -419,7 +419,7 @@ probeIscsiIqns.params = { chapPassword: { type: 'string', optional: true } } probeIscsiIqns.resolve = { - host: ['host', 'host'] + host: ['host', 'host', 'administrate'] } // ------------------------------------------------------------------- @@ -496,7 +496,7 @@ probeIscsiLuns.params = { } probeIscsiLuns.resolve = { - host: ['host', 'host'] + host: ['host', 'host', 'administrate'] } // ------------------------------------------------------------------- @@ -553,7 +553,7 @@ probeIscsiExists.params = { } probeIscsiExists.resolve = { - host: ['host', 'host'] + host: ['host', 'host', 'administrate'] } // ------------------------------------------------------------------- @@ -591,7 +591,7 @@ probeNfsExists.params = { } probeNfsExists.resolve = { - host: ['host', 'host'] + host: ['host', 'host', 'administrate'] } // ------------------------------------------------------------------- @@ -634,7 +634,7 @@ reattach.params = { } reattach.resolve = { - host: ['host', 'host'] + host: ['host', 'host', 'administrate'] } // ------------------------------------------------------------------- @@ -677,5 +677,5 @@ reattachIso.params = { } reattachIso.resolve = { - host: ['host', 'host'] + host: ['host', 'host', 'administrate'] } diff --git a/src/api/task.coffee b/src/api/task.coffee index 751509e24..9ba366014 100644 --- a/src/api/task.coffee +++ b/src/api/task.coffee @@ -14,7 +14,7 @@ cancel.params = { } cancel.resolve = { - task: ['id', 'task'], + task: ['id', 'task', 'administrate'], } exports.cancel = cancel @@ -32,7 +32,7 @@ destroy.params = { } destroy.resolve = { - task: ['id', 'task'], + task: ['id', 'task', 'administrate'], } exports.destroy = destroy diff --git a/src/api/vbd.coffee b/src/api/vbd.coffee index 01ba22307..65189b7e7 100644 --- a/src/api/vbd.coffee +++ b/src/api/vbd.coffee @@ -17,7 +17,7 @@ delete_.params = { } delete_.resolve = { - vbd: ['id', 'VBD'], + vbd: ['id', 'VBD', 'administrate'], } exports.delete = delete_ @@ -37,7 +37,7 @@ disconnect.params = { } disconnect.resolve = { - vbd: ['id', 'VBD'], + vbd: ['id', 'VBD', 'administrate'], } exports.disconnect = disconnect @@ -57,7 +57,7 @@ connect.params = { } connect.resolve = { - vbd: ['id', 'VBD'], + vbd: ['id', 'VBD', 'administrate'], } exports.connect = connect @@ -83,7 +83,7 @@ set.params = { } set.resolve = { - vbd: ['id', 'VBD'], + vbd: ['id', 'VBD', 'administrate'], } exports.set = set diff --git a/src/api/vdi.coffee b/src/api/vdi.coffee index 29c5d51c9..14f2384aa 100644 --- a/src/api/vdi.coffee +++ b/src/api/vdi.coffee @@ -21,7 +21,7 @@ delete_.params = { } delete_.resolve = { - vdi: ['id', 'VDI'], + vdi: ['id', 'VDI', 'administrate'], } exports.delete = delete_ @@ -72,7 +72,7 @@ set.params = { } set.resolve = { - vdi: ['id', 'VDI'], + vdi: ['id', 'VDI', 'administrate'], } exports.set = set @@ -93,8 +93,8 @@ migrate.params = { } migrate.resolve = { - vdi: ['id', 'VDI'], - sr: ['sr_id', 'SR'], + vdi: ['id', 'VDI', 'administrate'], + sr: ['sr_id', 'SR', 'administrate'], } exports.migrate = migrate diff --git a/src/api/vif.coffee b/src/api/vif.coffee index b476e4b6f..ea49b3ef3 100644 --- a/src/api/vif.coffee +++ b/src/api/vif.coffee @@ -15,7 +15,7 @@ delete_.params = { } delete_.resolve = { - vif: ['id', 'VIF'] + vif: ['id', 'VIF', 'administrate'] } exports.delete = delete_ @@ -35,7 +35,7 @@ disconnect.params = { } disconnect.resolve = { - vif: ['id', 'VIF'] + vif: ['id', 'VIF', 'operate'] } exports.disconnect = disconnect @@ -55,7 +55,7 @@ connect.params = { } connect.resolve = { - vif: ['id', 'VIF'] + vif: ['id', 'VIF', 'operate'] } exports.connect = connect diff --git a/src/api/vm.coffee b/src/api/vm.coffee index a7dbfd779..f75847723 100644 --- a/src/api/vm.coffee +++ b/src/api/vm.coffee @@ -234,7 +234,7 @@ create.params = { } create.resolve = { - template: ['template', 'VM-template'], + template: ['template', 'VM-template', 'administrate'], } exports.create = create @@ -254,7 +254,7 @@ delete_.params = { } delete_.permission = 'admin' delete_.resolve = { - vm: ['id', ['VM', 'VM-snapshot']] + vm: ['id', ['VM', 'VM-snapshot'], 'administrate'] } exports.delete = delete_ @@ -283,7 +283,7 @@ ejectCd.params = { } ejectCd.resolve = { - vm: ['id', 'VM'] + vm: ['id', 'VM', 'operate'] } ejectCd.permission = 'admin' exports.ejectCd = ejectCd @@ -334,8 +334,8 @@ insertCd.params = { } insertCd.resolve = { - vm: ['id', 'VM'], - vdi: ['cd_id', 'VDI'], + vm: ['id', 'VM', 'operate'], + vdi: ['cd_id', 'VDI', 'operate'], } insertCd.permission = 'admin' exports.insertCd = insertCd @@ -362,7 +362,7 @@ migrate.params = { migrate.resolve = { vm: ['id', 'VM'] - host: ['host_id', 'host'] + host: ['host_id', 'host', 'administrate'] } exports.migrate = migrate @@ -450,11 +450,11 @@ migratePool.params = { } migratePool.resolve = { - vm: ['id', 'VM'], - host: ['target_host_id', 'host'], - sr: ['target_sr_id', 'SR'], - network: ['target_network_id', 'network'], - migrationNetwork: ['migration_network_id', 'network'], + vm: ['id', 'VM', 'administrate'], + host: ['target_host_id', 'host', 'administrate'], + sr: ['target_sr_id', 'SR', 'administrate'], + network: ['target_network_id', 'network', 'administrate'], + migrationNetwork: ['migration_network_id', 'network', 'administrate'], } # TODO: camel case. @@ -563,7 +563,7 @@ set.params = { } set.permission = 'admin' set.resolve = { - VM: ['id', ['VM', 'VM-snapshot']] + VM: ['id', ['VM', 'VM-snapshot'], 'administrate'] } exports.set = set @@ -586,7 +586,7 @@ restart.params = { } restart.resolve = { - vm: ['id', 'VM'] + vm: ['id', 'VM', 'operate'] } exports.restart = restart @@ -613,7 +613,7 @@ clone.params = { clone.resolve = { # TODO: is it necessary for snapshots? - vm: ['id', 'VM'] + vm: ['id', 'VM', 'administrate'] } exports.clone = clone @@ -631,7 +631,7 @@ convert.params = { } convert.resolve = { - vm: ['id', ['VM', 'VM-snapshot']] + vm: ['id', ['VM', 'VM-snapshot'], 'administrate'] } convert.permission = 'admin' exports.convert = convert @@ -648,7 +648,7 @@ snapshot.params = { } snapshot.resolve = { - vm: ['id', 'VM'] + vm: ['id', 'VM', 'administrate'] } snapshot.permission = 'admin' exports.snapshot = snapshot @@ -669,7 +669,7 @@ start.params = { } start.resolve = { - vm: ['id', 'VM'] + vm: ['id', 'VM', 'operate'] } exports.start = start @@ -706,7 +706,7 @@ stop.params = { } stop.resolve = { - vm: ['id', 'VM'] + vm: ['id', 'VM', 'operate'] } exports.stop = stop @@ -723,7 +723,7 @@ suspend.params = { } suspend.resolve = { - vm: ['id', 'VM'] + vm: ['id', 'VM', 'operate'] } suspend.permission = 'admin' exports.suspend = suspend @@ -745,7 +745,7 @@ resume.params = { } resume.resolve = { - vm: ['id', 'VM'] + vm: ['id', 'VM', 'operate'] } resume.permission = 'admin' exports.resume = resume @@ -764,7 +764,7 @@ revert.params = { } revert.resolve = { - snapshot: ['id', 'VM-snapshot'] + snapshot: ['id', 'VM-snapshot', 'administrate'] } revert.permission = 'admin' exports.revert = revert @@ -797,7 +797,7 @@ export_.params = { } export_.resolve = { - vm: ['vm', ['VM', 'VM-snapshot']], + vm: ['vm', ['VM', 'VM-snapshot'], 'administrate'], } export_.permission = 'admin' exports.export = export_; @@ -830,7 +830,7 @@ import_.params = { } import_.resolve = { - host: ['host', 'host'] + host: ['host', 'host', 'administrate'] } import_.permission = 'admin' exports.import = import_ @@ -873,8 +873,8 @@ attachDisk.params = { } attachDisk.resolve = { - vm: ['vm', 'VM'], - vdi: ['vdi', 'VDI'], + vm: ['vm', 'VM', 'administrate'], + vdi: ['vdi', 'VDI', 'administrate'], } attachDisk.permission = 'admin' exports.attachDisk = attachDisk @@ -901,8 +901,8 @@ createInterface.params = { } createInterface.resolve = { - vm: ['vm', 'VM'], - network: ['network', 'network'], + vm: ['vm', 'VM', 'administrate'], + network: ['network', 'network', 'administrate'], } createInterface.permission = 'admin' exports.createInterface = createInterface @@ -923,7 +923,7 @@ attachPci.params = { } attachPci.resolve = { - vm: ['vm', 'VM'], + vm: ['vm', 'VM', 'administrate'], } attachPci.permission = 'admin' exports.attachPci = attachPci @@ -943,7 +943,7 @@ detachPci.params = { } detachPci.resolve = { - vm: ['vm', 'VM'], + vm: ['vm', 'VM', 'administrate'], } detachPci.permission = 'admin' exports.detachPci = detachPci @@ -1047,7 +1047,7 @@ stats.params = { } stats.resolve = { - vm: ['id', ['VM', 'VM-snapshot']], + vm: ['id', ['VM', 'VM-snapshot'], 'view'], } exports.stats = stats; @@ -1070,7 +1070,7 @@ bootOrder.params = { } bootOrder.resolve = { - vm: ['vm', 'VM'], + vm: ['vm', 'VM', 'operate'], } bootOrder.permission = 'admin' exports.bootOrder = bootOrder