NuKVM/xen-orchestra
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit.

Browse Source
This commit is contained in:
Julien Fontanet 2016-02-03 10:02:39 +01:00
commit f4ea39b602
11 changed files with 350 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
packages/xo-acl-resolver/.babelrc Normal file
View File

@ -0,0 +1,8 @@
{
"comments": false,
"compact": true,
"presets": [
"stage-0",
"es2015"
]
}

65
packages/xo-acl-resolver/.editorconfig Normal file
View File

@ -0,0 +1,65 @@
# http://EditorConfig.org
#
# Julien Fontanet's configuration
# https://gist.github.com/julien-f/8096213
# Top-most EditorConfig file.
root = true
# Common config.
[*]
charset = utf-8
end_of_line = lf
insert_final_newline = true
trim_trailing_whitespaces = true
# CoffeeScript
#
# https://github.com/polarmobile/coffeescript-style-guide/blob/master/README.md
[*.{,lit}coffee]
indent_size = 2
indent_style = space
# Markdown
[*.{md,mdwn,mdown,markdown}]
indent_size = 4
indent_style = space
# Package.json
#
# This indentation style is the one used by npm.
[/package.json]
indent_size = 2
indent_style = space
# Jade
[*.jade]
indent_size = 2
indent_style = space
# JavaScript
#
# Two spaces seems to be the standard most common style, at least in
# Node.js (http://nodeguide.com/style.html#tabs-vs-spaces).
[*.js]
indent_size = 2
indent_style = space
# Less
[*.less]
indent_size = 2
indent_style = space
# Sass
#
# Style used for http://libsass.com
[*.s[ac]ss]
indent_size = 2
indent_style = space
# YAML
#
# Only spaces are allowed.
[*.yaml]
indent_size = 2
indent_style = space

9
packages/xo-acl-resolver/.gitignore vendored Normal file
View File

@ -0,0 +1,9 @@
/.nyc_output/
/bower_components/
/dist/
npm-debug.log
npm-debug.log.*
!node_modules/*
node_modules/*/

5
packages/xo-acl-resolver/.mocha.js Normal file
View File

@ -0,0 +1,5 @@
Error.stackTraceLimit = 100
try { require('trace') } catch (_) {}
try { require('clarify') } catch (_) {}
try { require('source-map-support/register') } catch (_) {}

1
packages/xo-acl-resolver/.mocha.opts Normal file
View File

@ -0,0 +1 @@
--require ./.mocha.js

10
packages/xo-acl-resolver/.npmignore Normal file
View File

@ -0,0 +1,10 @@
/examples/
example.js
example.js.map
*.example.js
*.example.js.map
/test/
/tests/
*.spec.js
*.spec.js.map

9
packages/xo-acl-resolver/.travis.yml Normal file
View File

@ -0,0 +1,9 @@
language: node_js
node_js:
- 'stable'
- '4'
- '0.12'
# Use containers.
# http://docs.travis-ci.com/user/workers/container-based-infrastructure/
sudo: false

52
packages/xo-acl-resolver/README.md Normal file
View File

@ -0,0 +1,52 @@
# xo-acl-resolver [![Build Status](https://travis-ci.org/vatesfr/xo-acl-resolver.png?branch=master)](https://travis-ci.org/vatesfr/xo-acl-resolver)
> [Xen-Orchestra](http://xen-orchestra.com/) internal: do ACLs resolution.
## Install
Installation of the [npm package](https://npmjs.org/package/xo-acl-resolver):
```
> npm install --save xo-acl-resolver
```
## Usage
**TODO**
## Development
### Installing dependencies
```
> npm install
```
### Compilation
The sources files are watched and automatically recompiled on changes.
```
> npm run dev
```
### Tests
```
> npm run test-dev
```
## Contributions
Contributions are *very* welcomed, either on the documentation or on
the code.
You may:
- report any [issue](https://github.com/vatesfr/xo-acl-resolver/issues)
you've encountered;
- fork and create a pull request.
## License
ISC © [Vates SAS](https://vates.fr)

56
packages/xo-acl-resolver/package.json Normal file
View File

@ -0,0 +1,56 @@
{
"name": "xo-acl-resolver",
"version": "0.0.0",
"license": "ISC",
"description": "Xen-Orchestra internal: do ACLs resolution",
"keywords": [],
"homepage": "https://github.com/vatesfr/xo-acl-resolver",
"bugs": "https://github.com/vatesfr/xo-acl-resolver/issues",
"repository": {
"type": "git",
"url": "https://github.com/vatesfr/xo-acl-resolver"
},
"author": {
"name": "Julien Fontanet",
"email": "julien.fontanet@vates.fr"
},
"preferGlobal": false,
"main": "dist/",
"bin": {},
"files": [
"dist/"
],
"engines": {
"node": ">=0.12"
},
"devDependencies": {
"babel-cli": "^6.4.5",
"babel-eslint": "^4.1.8",
"babel-preset-es2015": "^6.3.13",
"babel-preset-stage-0": "^6.3.13",
"clarify": "^1.0.5",
"dependency-check": "^2.5.1",
"mocha": "^2.4.5",
"must": "^0.13.1",
"nyc": "^5.5.0",
"source-map-support": "^0.4.0",
"standard": "^5.4.1",
"trace": "^2.0.2"
},
"scripts": {
"build": "babel --source-maps --out-dir=dist/ src/",
"depcheck": "dependency-check ./package.json",
"dev": "babel --watch --source-maps --out-dir=dist/ src/",
"dev-test": "mocha --opts .mocha.opts --watch --reporter=min \"dist/**/*.spec.js\"",
"lint": "standard",
"posttest": "npm run lint && npm run depcheck",
"prepublish": "npm run build",
"test": "nyc mocha --opts .mocha.opts \"dist/**/*.spec.js\""
},
"standard": {
"ignore": [
"dist/**"
],
"parser": "babel-eslint"
}
}

118
packages/xo-acl-resolver/src/index.js Normal file
View File

@ -0,0 +1,118 @@
// These global variables are not a problem because the algorithm is
// synchronous.
let permissionsByObject
let getObject
// -------------------------------------------------------------------
const authorized = () => true // eslint-disable-line no-unused-vars
const forbiddden = () => false // eslint-disable-line no-unused-vars
const and = (...checkers) => (object, permission) => { // eslint-disable-line no-unused-vars
for (const checker of checkers) {
if (!checker(object, permission)) {
return false
}
}
return true
}
const or = (...checkers) => (object, permission) => { // eslint-disable-line no-unused-vars
for (const checker of checkers) {
if (checker(object, permission)) {
return true
}
}
return false
}
// -------------------------------------------------------------------
const checkMember = memberName => (object, permission) => {
const member = object[memberName]
return checkAuthorization(member, permission)
}
const checkSelf = ({ id }, permission) => {
const permissionsForObject = permissionsByObject[id]
return (
permissionsForObject &&
permissionsForObject[permission]
)
}
// ===================================================================
const checkAuthorizationByTypes = {
host: or(checkSelf, checkMember('$pool')),
message: checkMember('$object'),
network: or(checkSelf, checkMember('$pool')),
SR: or(checkSelf, checkMember('$pool')),
task: checkMember('$host'),
VBD: checkMember('VDI'),
// Access to a VDI is granted if the user has access to the
// containing SR or to a linked VM.
VDI (vdi, permission) {
// Check authorization for the containing SR.
if (checkAuthorization(vdi.$SR, permission)) {
return true
}
// Check authorization for each of the connected VMs.
for (const { VM: vm } of vdi.$VBDs) {
if (checkAuthorization(vm, permission)) {
return true
}
}
return false
},
VIF: or(checkMember('$network'), checkMember('$VM')),
VM: or(checkSelf, checkMember('$container')),
'VM-snapshot': checkMember('$snapshot_of'),
'VM-template': authorized
}
// Hoisting is important for this function.
function checkAuthorization (objectId, permission) {
const object = getObject(objectId)
const checker = checkAuthorizationByTypes[object.type] || checkSelf
return checker(object, permission)
}
// -------------------------------------------------------------------
export default (
permissionsByObject_,
getObject_,
permissions
) => {
// Assign global variables.
permissionsByObject = permissionsByObject_
getObject = getObject_
try {
for (const [objectId, permission] of permissions) {
if (!checkAuthorization(objectId, permission)) {
return false
}
}
return true
} finally {
// Free the global variables.
permissionsByObject = getObject = null
}
}

17
packages/xo-acl-resolver/src/index.spec.js Normal file
View File

@ -0,0 +1,17 @@
/* eslint-env mocha */
import expect from 'must'
// ===================================================================
import myLib from './'
// ===================================================================
describe.skip('myLib', () => {
it('does something', () => {
// TODO: some real tests.
expect(myLib).to.exists()
})
})