Skip to content
Snippets Groups Projects
Commit 8624ae71 authored by Florent Gluck's avatar Florent Gluck
Browse files

Finished reworking capabilities

parent bfee3931
No related branches found
No related tags found
No related merge requests found
Expand all Hide whitespace changes
Inline Side-by-side
Showing
with 321 additions and 351 deletions
common/caps/caps.go
+ 186
215
View file @ 8624ae71
......@@ -5,229 +5,199 @@ import (
"sort"
)
type Capabilities map[string]int
type (
UserCapability string
UserCapabilities map[UserCapability]int
)
const (
CAP_USER_CREATE string = "USER_CREATE"
CAP_USER_DESTROY string = "USER_DESTROY"
CAP_USER_SET_CAPS string = "USER_SET_CAPS"
CAP_USER_UNLOCK string = "USER_UNLOCK"
CAP_USER_RESETPWD string = "USER_RESETPWD"
CAP_USER_LIST string = "USER_LIST"
CAP_VM_LIST string = "VM_LIST"
CAP_VM_LIST_ANY string = "VM_LIST_ANY"
CAP_VM_ATTACH string = "VM_ATTACH"
CAP_VM_ATTACH_ANY string = "VM_ATTACH_ANY"
CAP_VM_START string = "VM_START"
CAP_VM_START_ANY string = "VM_START_ANY"
CAP_VM_STOP string = "VM_STOP"
CAP_VM_STOP_ANY string = "VM_STOP_ANY"
CAP_VM_REBOOT string = "VM_REBOOT"
CAP_VM_REBOOT_ANY string = "VM_REBOOT_ANY"
CAP_VM_CREATE string = "VM_CREATE"
CAP_VM_DESTROY string = "VM_DESTROY"
CAP_VM_DESTROY_ANY string = "VM_DESTROY_ANY"
CAP_VM_EDIT string = "VM_EDIT"
CAP_VM_EDIT_ANY string = "VM_EDIT_ANY"
CAP_VM_SET_ACCESS string = "VM_SET_ACCESS"
CAP_VM_SET_ACCESS_ANY string = "VM_SET_ACCESS_ANY"
CAP_VM_READFS string = "VM_READFS"
CAP_VM_READFS_ANY string = "VM_READFS_ANY"
CAP_VM_WRITEFS string = "VM_WRITEFS"
CAP_VM_WRITEFS_ANY string = "VM_WRITEFS_ANY"
CAP_EXAM_ATTACH string = "EXAM_ATTACH"
CAP_TPL_CREATE string = "TPL_CREATE"
CAP_TPL_EDIT string = "TPL_EDIT"
CAP_TPL_EDIT_ANY string = "TPL_EDIT_ANY"
CAP_TPL_LIST string = "TPL_LIST"
CAP_TPL_LIST_ANY string = "TPL_LIST_ANY"
CAP_TPL_DESTROY string = "TPL_DESTROY"
CAP_TPL_DESTROY_ANY string = "TPL_DESTROY_ANY"
CAP_TPL_READFS string = "TPL_READFS"
CAP_TPL_READFS_ANY string = "TPL_READFS_ANY"
USERCAP_USER_CREATE UserCapability = "USER_CREATE"
USERCAP_USER_DESTROY UserCapability = "USER_DESTROY"
USERCAP_USER_SET_CAPS UserCapability = "USER_SET_CAPS"
USERCAP_USER_UNLOCK UserCapability = "USER_UNLOCK"
USERCAP_USER_RESETPWD UserCapability = "USER_RESETPWD"
USERCAP_USER_LIST UserCapability = "USER_LIST"
USERCAP_VM_LIST_ANY UserCapability = "VM_LIST_ANY"
USERCAP_VM_ATTACH_ANY UserCapability = "VM_ATTACH_ANY"
USERCAP_VM_START_ANY UserCapability = "VM_START_ANY"
USERCAP_VM_STOP_ANY UserCapability = "VM_STOP_ANY"
USERCAP_VM_REBOOT_ANY UserCapability = "VM_REBOOT_ANY"
USERCAP_VM_CREATE UserCapability = "VM_CREATE"
USERCAP_VM_DESTROY_ANY UserCapability = "VM_DESTROY_ANY"
USERCAP_VM_EDIT_ANY UserCapability = "VM_EDIT_ANY"
USERCAP_VM_SET_ACCESS UserCapability = "VM_SET_ACCESS"
USERCAP_VM_SET_ACCESS_ANY UserCapability = "VM_SET_ACCESS_ANY"
USERCAP_VM_READFS_ANY UserCapability = "VM_READFS_ANY"
USERCAP_VM_WRITEFS_ANY UserCapability = "VM_WRITEFS_ANY"
USERCAP_EXAM_ATTACH UserCapability = "EXAM_ATTACH"
USERCAP_TPL_CREATE UserCapability = "TPL_CREATE"
USERCAP_TPL_EDIT UserCapability = "TPL_EDIT"
USERCAP_TPL_EDIT_ANY UserCapability = "TPL_EDIT_ANY"
USERCAP_TPL_LIST UserCapability = "TPL_LIST"
USERCAP_TPL_LIST_ANY UserCapability = "TPL_LIST_ANY"
USERCAP_TPL_DESTROY UserCapability = "TPL_DESTROY"
USERCAP_TPL_DESTROY_ANY UserCapability = "TPL_DESTROY_ANY"
USERCAP_TPL_READFS UserCapability = "TPL_READFS"
USERCAP_TPL_READFS_ANY UserCapability = "TPL_READFS_ANY"
_USERCAP_INVALID_ UserCapability = "_USERCAP_INVALID_"
)
// Capabilities stored in the user config
var userCaps = Capabilities{
CAP_USER_CREATE: 1,
CAP_USER_DESTROY: 1,
CAP_USER_SET_CAPS: 1,
CAP_USER_UNLOCK: 1,
CAP_USER_RESETPWD: 1,
CAP_USER_LIST: 1,
CAP_VM_CREATE: 1,
CAP_VM_DESTROY_ANY: 1,
CAP_VM_EDIT_ANY: 1,
CAP_VM_START_ANY: 1,
CAP_VM_STOP_ANY: 1,
CAP_VM_REBOOT_ANY: 1,
CAP_VM_LIST_ANY: 1,
CAP_VM_ATTACH_ANY: 1,
CAP_VM_SET_ACCESS: 1,
CAP_VM_SET_ACCESS_ANY: 1,
CAP_VM_READFS_ANY: 1,
CAP_VM_WRITEFS_ANY: 1,
CAP_EXAM_ATTACH: 1,
CAP_TPL_CREATE: 1,
CAP_TPL_EDIT: 1,
CAP_TPL_EDIT_ANY: 1,
CAP_TPL_DESTROY: 1,
CAP_TPL_DESTROY_ANY: 1,
CAP_TPL_LIST: 1,
CAP_TPL_LIST_ANY: 1,
CAP_TPL_READFS: 1,
CAP_TPL_READFS_ANY: 1,
var userCapsList = []UserCapability{
USERCAP_USER_CREATE,
USERCAP_USER_DESTROY,
USERCAP_USER_SET_CAPS,
USERCAP_USER_UNLOCK,
USERCAP_USER_RESETPWD,
USERCAP_USER_LIST,
USERCAP_VM_LIST_ANY,
USERCAP_VM_ATTACH_ANY,
USERCAP_VM_START_ANY,
USERCAP_VM_STOP_ANY,
USERCAP_VM_REBOOT_ANY,
USERCAP_VM_CREATE,
USERCAP_VM_DESTROY_ANY,
USERCAP_VM_EDIT_ANY,
USERCAP_VM_SET_ACCESS,
USERCAP_VM_SET_ACCESS_ANY,
USERCAP_VM_READFS_ANY,
USERCAP_VM_WRITEFS_ANY,
USERCAP_EXAM_ATTACH,
USERCAP_TPL_CREATE,
USERCAP_TPL_EDIT,
USERCAP_TPL_EDIT_ANY,
USERCAP_TPL_LIST,
USERCAP_TPL_LIST_ANY,
USERCAP_TPL_DESTROY,
USERCAP_TPL_DESTROY_ANY,
USERCAP_TPL_READFS,
USERCAP_TPL_READFS_ANY,
}
// Returns false if the string is invalid.
func NewUserCapability(s string) (UserCapability, bool) {
switch s {
case "USER_CREATE":
return USERCAP_USER_CREATE, true
case "USER_DESTROY":
return USERCAP_USER_DESTROY, true
case "USER_SET_CAPS":
return USERCAP_USER_SET_CAPS, true
case "USER_UNLOCK":
return USERCAP_USER_UNLOCK, true
case "USER_RESETPWD":
return USERCAP_USER_RESETPWD, true
case "USER_LIST":
return USERCAP_USER_LIST, true
case "VM_LIST_ANY":
return USERCAP_VM_LIST_ANY, true
case "VM_ATTACH_ANY":
return USERCAP_VM_ATTACH_ANY, true
case "VM_START_ANY":
return USERCAP_VM_START_ANY, true
case "VM_STOP_ANY":
return USERCAP_VM_STOP_ANY, true
case "VM_REBOOT_ANY":
return USERCAP_VM_REBOOT_ANY, true
case "VM_CREATE":
return USERCAP_VM_CREATE, true
case "VM_DESTROY_ANY":
return USERCAP_VM_DESTROY_ANY, true
case "VM_EDIT_ANY":
return USERCAP_VM_EDIT_ANY, true
case "VM_SET_ACCESS":
return USERCAP_VM_SET_ACCESS, true
case "VM_SET_ACCESS_ANY":
return USERCAP_VM_SET_ACCESS_ANY, true
case "VM_READFS_ANY":
return USERCAP_VM_READFS_ANY, true
case "VM_WRITEFS_ANY":
return USERCAP_VM_WRITEFS_ANY, true
case "EXAM_ATTACH":
return USERCAP_EXAM_ATTACH, true
case "TPL_CREATE":
return USERCAP_TPL_CREATE, true
case "TPL_EDIT":
return USERCAP_TPL_EDIT, true
case "TPL_EDIT_ANY":
return USERCAP_TPL_EDIT_ANY, true
case "TPL_LIST":
return USERCAP_TPL_LIST, true
case "TPL_LIST_ANY":
return USERCAP_TPL_LIST_ANY, true
case "TPL_DESTROY":
return USERCAP_TPL_DESTROY, true
case "TPL_DESTROY_ANY":
return USERCAP_TPL_DESTROY_ANY, true
case "TPL_READFS":
return USERCAP_TPL_READFS, true
case "TPL_READFS_ANY":
return USERCAP_TPL_READFS_ANY, true
default:
return "", false
}
}
// Returns true if the string cap matches a user capability
func isUserCapValid(cap string) bool {
_, exists := userCaps[cap]
return exists
func (cap UserCapability) String() string {
return string(cap)
}
// Returns true if specified VMAccessCapability exists
func (cap UserCapability) IsValid() bool {
return cap < _USERCAP_INVALID_
}
func (caps UserCapabilities) Add(capName string) error {
cap, success := NewUserCapability(capName)
if !success {
return errors.New("invalid user capability")
}
caps[cap] = 1
return nil
}
// Validates all user capabilities.
func ValidateUserCaps(caps Capabilities) error {
func (caps UserCapabilities) Validate() error {
for cap := range caps {
if !isUserCapValid(cap) {
return errors.New("Invalid capability: " + cap)
if !cap.IsValid() {
return errors.New("invalid user capability: " + cap.String())
}
}
return nil
}
func GetUserCapsNames() []string {
caps := []string{}
for key := range userCaps {
caps = append(caps, key)
}
// Sort caps by name
sort.Slice(caps, func(i, j int) bool {
return caps[i] < caps[j]
})
return caps
}
type UserCapability int
const (
USERCAP_USER_CREATE UserCapability = iota
USERCAP_USER_DESTROY
USERCAP_USER_SET_CAPS
USERCAP_USER_UNLOCK
USERCAP_USER_RESETPWD
USERCAP_USER_LIST
USERCAP_VM_CREATE
USERCAP_VM_DESTROY_ANY
USERCAP_VM_EDIT_ANY
USERCAP_VM_START_ANY
USERCAP_VM_STOP_ANY
USERCAP_VM_REBOOT_ANY
USERCAP_VM_LIST_ANY
USERCAP_VM_ATTACH_ANY
USERCAP_VM_SET_ACCESS
USERCAP_VM_SET_ACCESS_ANY
USERCAP_VM_READFS_ANY
USERCAP_VM_WRITEFS_ANY
USERCAP_EXAM_ATTACH
USERCAP_TPL_CREATE
USERCAP_TPL_EDIT
USERCAP_TPL_EDIT_ANY
USERCAP_TPL_DESTROY
USERCAP_TPL_DESTROY_ANY
USERCAP_TPL_LIST
USERCAP_TPL_LIST_ANY
USERCAP_TPL_READFS
USERCAP_TPL_READFS_ANY
)
func (cap UserCapability) String() string {
switch cap {
case USERCAP_USER_CREATE:
return "USER_CREATE"
case USERCAP_USER_DESTROY:
return "USER_DESTROY"
case USERCAP_USER_SET_CAPS:
return "USER_SET_CAPS"
case USERCAP_USER_UNLOCK:
return "USER_UNLOCK"
case USERCAP_USER_RESETPWD:
return "USER_RESETPWD"
case USERCAP_USER_LIST:
return "USER_LIST"
case USERCAP_VM_CREATE:
return "VM_CREATE"
case USERCAP_VM_DESTROY_ANY:
return "VM_DESTROY_ANY"
case USERCAP_VM_EDIT_ANY:
return "VM_EDIT_ANY"
case USERCAP_VM_START_ANY:
return "VM_START_ANY"
case USERCAP_VM_STOP_ANY:
return "VM_STOP_ANY"
case USERCAP_VM_REBOOT_ANY:
return "VM_REBOOT_ANY"
case USERCAP_VM_LIST_ANY:
return "VM_LIST_ANY"
case USERCAP_VM_ATTACH_ANY:
return "VM_ATTACH_ANY"
case USERCAP_VM_SET_ACCESS:
return "VM_SET_ACCESS"
case USERCAP_VM_SET_ACCESS_ANY:
return "VM_SET_ACCESS_ANY"
case USERCAP_VM_READFS_ANY:
return "VM_READFS_ANY"
case USERCAP_VM_WRITEFS_ANY:
return "VM_WRITEFS_ANY"
case USERCAP_EXAM_ATTACH:
return "EXAM_ATTACH"
case USERCAP_TPL_CREATE:
return "TPL_CREATE"
case USERCAP_TPL_EDIT:
return "TPL_EDIT"
case USERCAP_TPL_EDIT_ANY:
return "TPL_EDIT_ANY"
case USERCAP_TPL_DESTROY:
return "TPL_DESTROY"
case USERCAP_TPL_DESTROY_ANY:
return "TPL_DESTROY_ANY"
case USERCAP_TPL_LIST:
return "TPL_LIST"
case USERCAP_TPL_LIST_ANY:
return "TPL_LIST_ANY"
case USERCAP_TPL_READFS:
return "TPL_READFS"
case USERCAP_TPL_READFS_ANY:
return "TPL_READFS_ANY"
sorted := make([]string, len(userCapsList))
for i, cap := range userCapsList {
sorted[i] = cap.String()
}
return "unknown UserCapability"
// Sort the sorted array in place
sort.Strings(sorted)
return sorted
}
//----------------------------------------------------------------------------------
type VMAccessCapability string
type VMAccessCapabilities map[VMAccessCapability]int
type (
VMAccessCapability string
VMAccessCapabilities map[VMAccessCapability]int
)
const (
VMCAP_SET_ACCESS VMAccessCapability = "VM_SET_ACCESS"
VMCAP_DESTROY VMAccessCapability = "VM_DESTROY"
VMCAP_EDIT VMAccessCapability = "VM_EDIT"
VMCAP_START VMAccessCapability = "VMCAP_START"
VMCAP_START VMAccessCapability = "VM_START"
VMCAP_STOP VMAccessCapability = "VM_STOP"
VMCAP_REBOOT VMAccessCapability = "VM_REBOOT"
VMCAP_LIST VMAccessCapability = "VM_LIST"
......@@ -235,7 +205,7 @@ const (
VMCAP_READFS VMAccessCapability = "VM_READFS"
VMCAP_WRITEFS VMAccessCapability = "VM_WRITEFS"
_VMCAP_INVALID_ = "_VM_ACCESS_INVALID_"
_VMCAP_INVALID_ = "_VMCAP_INVALID_"
)
var vmAccessCapsList = []VMAccessCapability{
......@@ -251,30 +221,31 @@ var vmAccessCapsList = []VMAccessCapability{
VMCAP_WRITEFS,
}
func NewVMAccessCap(capName string) (VMAccessCapability, error) {
switch capName {
// Returns false if the string is invalid.
func NewVMAccessCapability(s string) (VMAccessCapability, bool) {
switch s {
case "VM_SET_ACCESS":
return VMCAP_SET_ACCESS, nil
return VMCAP_SET_ACCESS, true
case "VM_DESTROY":
return VMCAP_DESTROY, nil
return VMCAP_DESTROY, true
case "VM_EDIT":
return VMCAP_EDIT, nil
return VMCAP_EDIT, true
case "VM_START":
return VMCAP_START, nil
return VMCAP_START, true
case "VM_STOP":
return VMCAP_STOP, nil
return VMCAP_STOP, true
case "VM_REBOOT":
return VMCAP_REBOOT, nil
return VMCAP_REBOOT, true
case "VM_LIST":
return VMCAP_LIST, nil
return VMCAP_LIST, true
case "VM_ATTACH":
return VMCAP_ATTACH, nil
return VMCAP_ATTACH, true
case "VM_READFS":
return VMCAP_READFS, nil
return VMCAP_READFS, true
case "VM_WRITEFS":
return VMCAP_WRITEFS, nil
return VMCAP_WRITEFS, true
}
return _VMCAP_INVALID_, errors.New("invalid VMAccessCapability")
return "", false
}
func (cap VMAccessCapability) String() string {
......@@ -287,9 +258,9 @@ func (cap VMAccessCapability) IsValid() bool {
}
func (caps VMAccessCapabilities) Add(capName string) error {
cap, err := NewVMAccessCap(capName)
if err != nil {
return err
cap, success := NewVMAccessCapability(capName)
if !success {
return errors.New("invalid VM access capability")
}
caps[cap] = 1
return nil
......@@ -299,7 +270,7 @@ func (caps VMAccessCapabilities) Add(capName string) error {
func (caps VMAccessCapabilities) Validate() error {
for cap := range caps {
if !cap.IsValid() {
return errors.New("Invalid capability: " + cap.String())
return errors.New("invalid VM access capability: " + cap.String())
}
}
return nil
......
common/params/users.go
+ 10
10
View file @ 8624ae71
......@@ -7,22 +7,22 @@ import (
)
type UserWithPwd struct {
Email string `json:"email" validate:"required,email"`
FirstName string `json:"firstname" validate:"required,min=2,max=32"`
LastName string `json:"lastname" validate:"required,min=2,max=32"`
Pwd string `json:"pwd" validate:"required,min=8"`
Caps caps.Capabilities `json:"caps" validate:"required"`
Email string `json:"email" validate:"required,email"`
FirstName string `json:"firstname" validate:"required,min=2,max=32"`
LastName string `json:"lastname" validate:"required,min=2,max=32"`
Pwd string `json:"pwd" validate:"required,min=8"`
Caps caps.UserCapabilities `json:"caps" validate:"required"`
}
type UserWithoutPwd struct {
Email string `json:"email" validate:"required,email"`
FirstName string `json:"firstname" validate:"required,min=2,max=32"`
LastName string `json:"lastname" validate:"required,min=2,max=32"`
Caps caps.Capabilities `json:"caps" validate:"required"`
Email string `json:"email" validate:"required,email"`
FirstName string `json:"firstname" validate:"required,min=2,max=32"`
LastName string `json:"lastname" validate:"required,min=2,max=32"`
Caps caps.UserCapabilities `json:"caps" validate:"required"`
}
type UserSetCaps struct {
Caps caps.Capabilities
Caps caps.UserCapabilities
}
type UserSetPwd struct {
......
nexush/cmdUser/userCreate.go
+ 12
4
View file @ 8624ae71
......@@ -68,11 +68,15 @@ func (cmd *Add) Run(client *nc.NexusClient, args []string) int {
FirstName: args[1],
LastName: args[2],
Pwd: args[3],
Caps: make(caps.Capabilities),
Caps: make(caps.UserCapabilities),
}
if argc > 4 {
for _, cap := range args[4:] {
p.Caps[cap] = 1
err := p.Caps.Add(cap)
if err != nil {
u.PrintlnErr(cap, ": ", err)
return 1
}
}
}
......@@ -123,13 +127,17 @@ func (cmd *Add) Run(client *nc.NexusClient, args []string) int {
FirstName: columns[1],
LastName: columns[2],
Pwd: columns[3],
Caps: make(map[string]int),
Caps: make(caps.UserCapabilities),
}
capsStr := strings.TrimSpace(columns[4])
if len(capsStr) > 0 {
caps := strings.Split(capsStr, " ")
for _, cap := range caps {
p.Caps[cap] = 1
err := p.Caps.Add(cap)
if err != nil {
u.PrintlnErr(cap, ": ", err)
return 1
}
}
}
......
nexush/cmdUser/userSetCaps.go
+ 14
6
View file @ 8624ae71
......@@ -102,13 +102,17 @@ func (cmd *SetCaps) Run(client *nc.NexusClient, args []string) int {
continue
}
userCaps := &params.UserSetCaps{Caps: make(map[string]int)}
p := &params.UserSetCaps{Caps: make(caps.UserCapabilities)}
capsStr := strings.TrimSpace(columns[1])
if len(capsStr) > 0 {
caps := strings.Split(capsStr, " ")
for _, cap := range caps {
userCaps.Caps[cap] = 1
err := p.Caps.Add(cap)
if err != nil {
u.PrintlnErr(cap, ": ", err)
return 1
}
}
}
......@@ -119,7 +123,7 @@ func (cmd *SetCaps) Run(client *nc.NexusClient, args []string) int {
continue
}
if err := client.UserSetCaps(email, userCaps); err != nil {
if err := client.UserSetCaps(email, p); err != nil {
u.PrintlnErr(err)
statusCode = 1
} else {
......@@ -130,12 +134,16 @@ func (cmd *SetCaps) Run(client *nc.NexusClient, args []string) int {
// Argument is an email address
email := args[0]
userCaps := &params.UserSetCaps{Caps: make(map[string]int)}
p := &params.UserSetCaps{Caps: make(caps.UserCapabilities)}
for _, cap := range args[1:] {
userCaps.Caps[cap] = 1
err := p.Caps.Add(cap)
if err != nil {
u.PrintlnErr(cap, ": ", err)
return 1
}
}
if err := client.UserSetCaps(email, userCaps); err != nil {
if err := client.UserSetCaps(email, p); err != nil {
u.PrintlnErr(err)
statusCode = 1
} else {
......
server/router/routerTemplates.go
+ 13
13
View file @ 8624ae71
......@@ -41,10 +41,10 @@ func (r *RouterTemplates) GetTemplates(c echo.Context) error {
}
// If the logged user has CAP_TPL_LIST_ANY, lists all templates.
if user.HasCapability(caps.CAP_TPL_LIST_ANY) {
if user.HasCapability(caps.USERCAP_TPL_LIST_ANY) {
// Returns all templates
return c.JSONPretty(http.StatusOK, r.tpl.GetNetworkSerializedTemplates(func(template *vms.Template) bool { return true }), " ")
} else if user.HasCapability(caps.CAP_TPL_LIST) {
} else if user.HasCapability(caps.USERCAP_TPL_LIST) {
// Returns templates owned by the logged user and public templates.
return c.JSONPretty(http.StatusOK,
r.tpl.GetNetworkSerializedTemplates(func(template *vms.Template) bool {
......@@ -78,9 +78,9 @@ func (r *RouterTemplates) GetTemplate(c echo.Context) error {
}
// If user has CAP_TPL_LIST_ANY, returns the template.
if user.HasCapability(caps.CAP_TPL_LIST_ANY) {
if user.HasCapability(caps.USERCAP_TPL_LIST_ANY) {
return c.JSONPretty(http.StatusOK, tpl.SerializeToNetwork(), " ")
} else if user.HasCapability(caps.CAP_TPL_LIST) {
} else if user.HasCapability(caps.USERCAP_TPL_LIST) {
// Returns template if owned by the user or template is public.
if tpl.GetOwner() == user.Email || tpl.IsPublic() {
return c.JSONPretty(http.StatusOK, tpl.SerializeToNetwork(), " ")
......@@ -100,7 +100,7 @@ func (r *RouterTemplates) CreateTemplateFromVM(c echo.Context) error {
return echo.NewHTTPError(http.StatusUnauthorized, err.Error())
}
if !user.HasCapability(caps.CAP_TPL_CREATE) {
if !user.HasCapability(caps.USERCAP_TPL_CREATE) {
return echo.NewHTTPError(http.StatusUnauthorized, msgInsufficientCaps)
}
......@@ -120,7 +120,7 @@ func (r *RouterTemplates) CreateTemplateFromVM(c echo.Context) error {
// either VM_LIST_ANY or VM_LIST in the VM access
if !vm.IsOwner(user.Email) {
// Check the user has the required capabilities: either VM_LIST_ANY or VM_LIST in the VM access
if !user.HasCapability(caps.CAP_VM_LIST_ANY) {
if !user.HasCapability(caps.USERCAP_VM_LIST_ANY) {
userCaps, exists := vm.GetAccess()[user.Email]
if !exists {
return echo.NewHTTPError(http.StatusUnauthorized, msgInsufficientCaps)
......@@ -165,7 +165,7 @@ func (r *RouterTemplates) CreateTemplateFromQCOW(c echo.Context) error {
return echo.NewHTTPError(http.StatusUnauthorized, err.Error())
}
if !user.HasCapability(caps.CAP_TPL_CREATE) {
if !user.HasCapability(caps.USERCAP_TPL_CREATE) {
return echo.NewHTTPError(http.StatusUnauthorized, msgInsufficientCaps)
}
......@@ -235,12 +235,12 @@ func (r *RouterTemplates) DeleteTemplate(c echo.Context) error {
return echo.NewHTTPError(http.StatusBadRequest, err.Error())
}
if user.HasCapability(caps.CAP_TPL_DESTROY_ANY) {
if user.HasCapability(caps.USERCAP_TPL_DESTROY_ANY) {
if err := r.tpl.DeleteTemplate(tplID, r.vms); err != nil {
return echo.NewHTTPError(http.StatusNotFound, err.Error())
}
return c.NoContent(http.StatusOK)
} else if user.HasCapability(caps.CAP_TPL_DESTROY) {
} else if user.HasCapability(caps.USERCAP_TPL_DESTROY) {
template, err := r.tpl.GetTemplate(tplID)
if err != nil {
return echo.NewHTTPError(http.StatusNotFound, err.Error())
......@@ -294,9 +294,9 @@ func (r *RouterTemplates) EditTemplate(c echo.Context) error {
return c.JSONPretty(http.StatusOK, editedTpl.SerializeToNetwork(), " ")
}
if user.HasCapability(caps.CAP_TPL_EDIT_ANY) {
if user.HasCapability(caps.USERCAP_TPL_EDIT_ANY) {
return editTemplate(c, tplID)
} else if user.HasCapability(caps.CAP_TPL_EDIT) {
} else if user.HasCapability(caps.USERCAP_TPL_EDIT) {
template, err := r.tpl.GetTemplate(tplID)
if err != nil {
return echo.NewHTTPError(http.StatusNotFound, err.Error())
......@@ -327,14 +327,14 @@ func (r *RouterTemplates) ExportDisk(c echo.Context) error {
return echo.NewHTTPError(http.StatusBadRequest, err.Error())
}
if user.HasCapability(caps.CAP_TPL_READFS_ANY) {
if user.HasCapability(caps.USERCAP_TPL_READFS_ANY) {
template, err := r.tpl.GetTemplate(tplID)
if err != nil {
return echo.NewHTTPError(http.StatusNotFound, err.Error())
}
return c.File(template.GetTemplateDiskPath())
} else if user.HasCapability(caps.CAP_TPL_READFS) {
} else if user.HasCapability(caps.USERCAP_TPL_READFS) {
template, err := r.tpl.GetTemplate(tplID)
if err != nil {
return echo.NewHTTPError(http.StatusNotFound, err.Error())
......
server/router/routerUsers.go
+ 7
7
View file @ 8624ae71
......@@ -31,7 +31,7 @@ func (r *RouterUsers) GetUsers(c echo.Context) error {
return echo.NewHTTPError(http.StatusUnauthorized, err.Error())
}
if !user.HasCapability(caps.CAP_USER_LIST) {
if !user.HasCapability(caps.USERCAP_USER_LIST) {
return echo.NewHTTPError(http.StatusUnauthorized, msgInsufficientCaps)
}
......@@ -66,7 +66,7 @@ func (r *RouterUsers) DeleteUserByEmail(c echo.Context) error {
return echo.NewHTTPError(http.StatusUnauthorized, err.Error())
}
if !user.HasCapability(caps.CAP_USER_DESTROY) {
if !user.HasCapability(caps.USERCAP_USER_DESTROY) {
return echo.NewHTTPError(http.StatusUnauthorized, msgInsufficientCaps)
}
......@@ -92,7 +92,7 @@ func (r *RouterUsers) CreateUser(c echo.Context) error {
return echo.NewHTTPError(http.StatusUnauthorized, err.Error())
}
if !user.HasCapability(caps.CAP_USER_CREATE) {
if !user.HasCapability(caps.USERCAP_USER_CREATE) {
return echo.NewHTTPError(http.StatusUnauthorized, msgInsufficientCaps)
}
......@@ -129,7 +129,7 @@ func (r *RouterUsers) SetUserCaps(c echo.Context) error {
return echo.NewHTTPError(http.StatusUnauthorized, err.Error())
}
if !user.HasCapability(caps.CAP_USER_SET_CAPS) {
if !user.HasCapability(caps.USERCAP_USER_SET_CAPS) {
return echo.NewHTTPError(http.StatusUnauthorized, msgInsufficientCaps)
}
......@@ -140,7 +140,7 @@ func (r *RouterUsers) SetUserCaps(c echo.Context) error {
}
// Checks capabilities are valid.
if err := caps.ValidateUserCaps(p.Caps); err != nil {
if err := p.Caps.Validate(); err != nil {
return echo.NewHTTPError(http.StatusBadRequest, err.Error())
}
......@@ -202,7 +202,7 @@ func (r *RouterUsers) UnlockUser(c echo.Context) error {
return echo.NewHTTPError(http.StatusUnauthorized, err.Error())
}
if !user.HasCapability(caps.CAP_USER_UNLOCK) {
if !user.HasCapability(caps.USERCAP_USER_UNLOCK) {
return echo.NewHTTPError(http.StatusUnauthorized, msgInsufficientCaps)
}
......@@ -228,7 +228,7 @@ func (r *RouterUsers) ResetPwd(c echo.Context) error {
return echo.NewHTTPError(http.StatusUnauthorized, err.Error())
}
if !user.HasCapability(caps.CAP_USER_RESETPWD) {
if !user.HasCapability(caps.USERCAP_USER_RESETPWD) {
return echo.NewHTTPError(http.StatusUnauthorized, msgInsufficientCaps)
}
......
server/router/routerVMs.go
+ 74
74
View file @ 8624ae71
This diff is collapsed.
server/users/user.go
+ 3
20
View file @ 8624ae71
......@@ -13,13 +13,13 @@ var dummyUser = User{}
// Creates an empty user.
func NewEmptyUser() *User {
return &User{Email: "", FirstName: "", LastName: "", Caps: make(caps.Capabilities), Pwd: ""}
return &User{Email: "", FirstName: "", LastName: "", Caps: make(caps.UserCapabilities), Pwd: ""}
}
// Checks that the User structure's fields are valid.
func (user *User) Validate() error {
// Checks the capabilities are valid
if err := caps.ValidateUserCaps(user.Caps); err != nil {
if err := user.Caps.Validate(); err != nil {
return err
}
......@@ -27,24 +27,7 @@ func (user *User) Validate() error {
}
// Returns true if user has the specified capability.
func (user *User) HasCapability(capability string) bool {
func (user *User) HasCapability(capability caps.UserCapability) bool {
_, exists := user.Caps[capability]
return exists
}
func (user *User) GetVMAccessCapabilities() []string {
caps := []string{}
for key := range user.Caps {
caps = append(caps, key)
}
return caps
// capabilities := []string{}
// for cap, _ := range caps.GetVMAccessCapsNames() {
// _, exists := user.Caps[cap]
// if exists {
// capabilities = append(capabilities, cap)
// }
// }
// return capabilities
}
server/vms/vms.go
+ 2
2
View file @ 8624ae71
......@@ -710,7 +710,7 @@ func (vms *VMs) SetVMAccess(vmID uuid.UUID, user *users.User, destUserEmail stri
defer vm.mutex.Unlock()
// If user has VM_SET_ACCESS_ANY, modify is allowed.
if !user.HasCapability(caps.CAP_VM_SET_ACCESS_ANY) {
if !user.HasCapability(caps.USERCAP_VM_SET_ACCESS_ANY) {
// If user is the VM's owner, modify is allowed.
if !vm.IsOwner(user.Email) {
// If user has VM_SET_ACCESS and VM's VM access is present for the same user, modify is allowed.
......@@ -749,7 +749,7 @@ func (vms *VMs) DeleteVMAccess(vmID uuid.UUID, user *users.User, destUserEmail s
defer vm.mutex.Unlock()
// If user has VM_SET_ACCESS_ANY, modify is allowed.
if !user.HasCapability(caps.CAP_VM_SET_ACCESS_ANY) {
if !user.HasCapability(caps.USERCAP_VM_SET_ACCESS_ANY) {
// If user is the VM's owner, modify is allowed.
if !vm.IsOwner(user.Email) {
// If user has VM_SET_ACCESS and VM's VM access is present for the same user, modify is allowed.
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment