Removed all occurences of VM_LIST in client and server code

common/caps/caps.go

@@ -18,7 +18,6 @@ const (
 	USERCAP_USER_RESETPWD UserCapability = "USER_RESETPWD"
 	USERCAP_USER_LIST     UserCapability = "USER_LIST"
 
-	USERCAP_VM_LIST_ANY       UserCapability = "VM_LIST_ANY"
 	USERCAP_VM_ATTACH_ANY     UserCapability = "VM_ATTACH_ANY"
 	USERCAP_VM_START_ANY      UserCapability = "VM_START_ANY"
 	USERCAP_VM_STOP_ANY       UserCapability = "VM_STOP_ANY"
@@ -54,7 +53,6 @@ var userCapsList = []UserCapability{
 	USERCAP_USER_RESETPWD,
 	USERCAP_USER_LIST,
 
-	USERCAP_VM_LIST_ANY,
 	USERCAP_VM_ATTACH_ANY,
 	USERCAP_VM_START_ANY,
 	USERCAP_VM_STOP_ANY,
@@ -96,8 +94,6 @@ func NewUserCapability(s string) (UserCapability, bool) {
 	case "USER_LIST":
 		return USERCAP_USER_LIST, true
 
-	case "VM_LIST_ANY":
-		return USERCAP_VM_LIST_ANY, true
 	case "VM_ATTACH_ANY":
 		return USERCAP_VM_ATTACH_ANY, true
 	case "VM_START_ANY":
@@ -184,7 +180,6 @@ func (caps UserCapabilities) HasVMxxxAnyCapability() bool {
 	count += caps[USERCAP_VM_START_ANY]
 	count += caps[USERCAP_VM_STOP_ANY]
 	count += caps[USERCAP_VM_REBOOT_ANY]
-	count += caps[USERCAP_VM_LIST_ANY]
 	count += caps[USERCAP_VM_ATTACH_ANY]
 	count += caps[USERCAP_VM_READFS_ANY]
 	count += caps[USERCAP_VM_WRITEFS_ANY]
@@ -216,7 +211,6 @@ const (
 	VMCAP_START      VMAccessCapability = "VM_START"
 	VMCAP_STOP       VMAccessCapability = "VM_STOP"
 	VMCAP_REBOOT     VMAccessCapability = "VM_REBOOT"
-	VMCAP_LIST       VMAccessCapability = "VM_LIST"
 	VMCAP_ATTACH     VMAccessCapability = "VM_ATTACH"
 	VMCAP_READFS     VMAccessCapability = "VM_READFS"
 	VMCAP_WRITEFS    VMAccessCapability = "VM_WRITEFS"
@@ -231,7 +225,6 @@ var vmAccessCapsList = []VMAccessCapability{
 	VMCAP_START,
 	VMCAP_STOP,
 	VMCAP_REBOOT,
-	VMCAP_LIST,
 	VMCAP_ATTACH,
 	VMCAP_READFS,
 	VMCAP_WRITEFS,
@@ -264,8 +257,6 @@ func NewVMAccessCapability(s string) (VMAccessCapability, bool) {
 		return VMCAP_STOP, true
 	case "VM_REBOOT":
 		return VMCAP_REBOOT, true
-	case "VM_LIST":
-		return VMCAP_LIST, true
 	case "VM_ATTACH":
 		return VMCAP_ATTACH, true
 	case "VM_READFS":

docs/access_control.md

@@ -26,7 +26,6 @@ The table below lists all potential capabilities associated to a user:
 | VM_START_ANY      | Can start **ANY** VM                              |
 | VM_STOP_ANY       | Can kill/shutdown **ANY** VM                      |
 | VM_REBOOT_ANY     | Can Reboot **ANY** VM                             |
-| VM_LIST_ANY       | Can list **ANY** VM                               |
 | VM_ATTACH_ANY     | Can attach to **ANY** VM                          |
 | VM_READFS_ANY     | Can export files from **ANY** VM                  |
 | VM_WRITEFS_ANY    | Can import files into **ANY** VM                  |
@@ -54,12 +53,11 @@ These capabilities are called "VM access capabilities":
 |---            |---                                                                 |
 | VM_SET_ACCESS | User can add/change access to the (running or stopped) VM          |
 |               | VM_SET_ACCESS **must also be present** in the user's capabilities! |
-| VM_DESTROY    | User can destroy the (stopped) VM                                  |
+| VM_DESTROY    | User can delete the (stopped) VM                                   |
 | VM_EDIT       | User can edit the (running or stopped) VM                          |
 | VM_START      | User can start the (stopped) VM                                    |
 | VM_STOP       | User can kill/shutdown the (running) VM                            |
 | VM_REBOOT     | User can reboot the (running) VM                                   |
-| VM_LIST       | User can list the VM's meta-data                                   |
 | VM_ATTACH     | User can attach to the (running) VM                                |
 | VM_READFS     | User can export files from the (stopped) VM                        |
 | VM_WRITEFS    | User can import files into the (stopped) VM                        |

docs/client.md

@@ -125,7 +125,7 @@ Type: "help" for help on commands
 nexush> help
 ═════╡ GENERAL commands ╞═════════════════════════════════════════════════════════════════
 
-ls                  List files in the specified dir or in the current dir if no argument is specified.
+ls                  Lists files in the specified dir or in the current dir if no argument is specified.
 
 refresh             Obtains a new access token.
 
@@ -208,8 +208,7 @@ vmimportdir         Copies a local directory (or file) and all its content into
 vmkill              Kills one or more VMs.
                     If not the VM's owner: requires VM_STOP VM access capability or VM_STOP_ANY user capability.
 
-vmlist              Lists VMs.
-                    If not the VM's owner: requires VM_LIST VM access capability or VM_LIST_ANY user capability.
+vmlist              Lists VMs you own or on which you can perform an action.
 
 vmreboot            Gracefully reboots one or more VMs.
                     If not the VM's owner: requires VM_REBOOT VM access capability or VM_REBOOT_ANY user capability.
@@ -220,6 +219,10 @@ vmshutdown          Gracefully shutdowns one or more VMs.
 vmstart             Starts one or more VMs.
                     If not the VM's owner: requires VM_START VM access capability or VM_START_ANY user capability.
 
+vmstartattach       Starts and attaches to one or more VMs in order to use their desktop environment.
+                    If not the VM's owner: requires VM_START and VM_ATTACH VM access capabilities or
+                    VM_START_ANY and VM_ATTACH_ANY user capabilities.
+
 vmstartwithcreds    Starts one or more VMs with user-defined credentials.
                     If not the VM's owner: requires VM_START VM access capability or VM_START_ANY user capability.
 ```
@@ -577,9 +580,9 @@ Delete VMs matching the "exam ISC_433 PCO" pattern:
 vmdel "exam ISC_433 PCO"
 ```
 
-Set the VM access for VM `89649fe3-4940-4b77-929e-50903789cd87` with: `VM_LIST` and `VM_ATTACH` for user `student@nexus.org`:
+Set the VM access for VM `89649fe3-4940-4b77-929e-50903789cd87` with: `VM_READFS` and `VM_ATTACH` for user `student@nexus.org`:
 ```
-vmaddaccess 89649fe3-4940-4b77-929e-50903789cd87 student@nexus.org VM_LIST VM_ATTACH
+vmaddaccess 89649fe3-4940-4b77-929e-50903789cd87 student@nexus.org VM_READFS VM_ATTACH
 ```
 
 Set VM access for VMs matching the "alpine" pattern with: `VM_START` and `VM_STOP` for user `student@nexus.org`:

docs/rest_api.md

@@ -30,10 +30,10 @@
 
 | Route                  | Description                                                  | Method | Input | User capability  | Op. | VM access cap.  | Output                                                                |
 |---                     |---                                                           |---     |---    |---               |---  |---              |---                                                                    |
-| `/vms`                 | returns VMs you own or on which you can perform an action on | GET    | -     | any `VM_xxx_ANY` | OR  | any             | [\[\]common.vm.VMNetworkSerialized](../src/common/vm/vm.go)           |
-| `/vms/{id}`            | returns the specified VM                                     | GET    | -     | any `VM_xxx_ANY` | OR  | any             | [common.vm.VMNetworkSerialized](../src/common/vm/vm.go)               |
-| `/vms/attach`          | returns "attach creds" for attachable VMs                    | GET    | -     | `VM_ATTACH_ANY`  | OR  | `VM_ATTACH`     | [\[\]common.vm.VMAttachCredentialsSerialized](../src/common/vm/vm.go) |
-| `/vms/{id}/attach`     | returns "attach creds" for the specified VM                  | GET    | -     | `VM_ATTACH_ANY`  | OR  | `VM_ATTACH`     | [common.vm.VMAttachCredentialsSerialized](../src/common/vm/vm.go)     |
+| `/vms`                 | returns VMs you own or on which you can perform an action on | GET    | -     | any `VM_xxx_ANY` | OR  | at least 1 cap  | [\[\]common.vm.VMNetworkSerialized](../src/common/vm/vm.go)           |
+| `/vms/{id}`            | returns the VM                                               | GET    | -     | any `VM_xxx_ANY` | OR  | at least 1 cap  | [common.vm.VMNetworkSerialized](../src/common/vm/vm.go)               |
+| `/vms/attach`          | returns "attach credentials" for attachable VMs              | GET    | -     | `VM_ATTACH_ANY`  | OR  | `VM_ATTACH`     | [\[\]common.vm.VMAttachCredentialsSerialized](../src/common/vm/vm.go) |
+| `/vms/{id}/attach`     | returns "attach credentials" for the VM                      | GET    | -     | `VM_ATTACH_ANY`  | OR  | `VM_ATTACH`     | [common.vm.VMAttachCredentialsSerialized](../src/common/vm/vm.go)     |
 
 | Route                      | Description                         | Method | Input                                                         | User capability                | Op. | VM access cap.  | Output                                                           |
 |---                         |---                                  |---     |---                                                            |---                             |---  |---              |---                                                               |

server/router/routerTemplates.go

@@ -116,23 +116,6 @@ func (r *RouterTemplates) CreateTemplateFromVM(c echo.Context) error {
 		return echo.NewHTTPError(http.StatusNotFound, err.Error())
 	}
 
-	// If the user isn't the VM's owner, checks that the required capabilities are met:
-	// either VM_LIST_ANY or VM_LIST in the VM access
-	if !vm.IsOwner(user.Email) {
-		// Check the user has the required capabilities: either VM_LIST_ANY or VM_LIST in the VM access
-		if !user.HasCapability(caps.USERCAP_VM_LIST_ANY) {
-			userCaps, exists := vm.GetAccess()[user.Email]
-			if !exists {
-				return echo.NewHTTPError(http.StatusUnauthorized, msgInsufficientCaps)
-			}
-
-			_, hasAccess := userCaps[caps.VMCAP_LIST]
-			if !hasAccess {
-				return echo.NewHTTPError(http.StatusUnauthorized, msgInsufficientCaps)
-			}
-		}
-	}
-
 	// Creates a new template from the client's parameters.
 	template, err := vms.NewTemplateFromVM(p.Name, user.Email, p.Access, vm)
 	if err != nil {