From 606802b5825bb61db5efccfff46ef3efe3f0fc12 Mon Sep 17 00:00:00 2001 From: Qiu Jian Date: Wed, 9 Jan 2019 20:49:26 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=EF=BC=9A1.=20attach=E6=9D=83?= =?UTF-8?q?=E9=99=90=E6=A0=A1=E9=AA=8C=E6=80=BB=E6=98=AFfalse=202.=20?= =?UTF-8?q?=E5=A2=9E=E5=8A=A0climc=20user=20default=5Fproject=5Fid?= =?UTF-8?q?=E7=9B=B8=E5=85=B3=E6=96=B9=E6=B3=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cmd/climc/shell/users.go | 30 +++++++++++++++++++---- pkg/cloudcommon/db/db_joint_dispatcher.go | 3 ++- pkg/cloudcommon/db/interface.go | 3 ++- pkg/cloudcommon/db/jointbase.go | 4 +-- pkg/cloudcommon/db/modelbase.go | 4 +++ pkg/cloudcommon/db/rbac.go | 2 +- pkg/cloudcommon/db/sharablevirtual.go | 2 +- pkg/mcclient/modules/mod_users.go | 2 +- 8 files changed, 38 insertions(+), 12 deletions(-) diff --git a/cmd/climc/shell/users.go b/cmd/climc/shell/users.go index c5adb8766c..b6b977e307 100644 --- a/cmd/climc/shell/users.go +++ b/cmd/climc/shell/users.go @@ -8,11 +8,13 @@ import ( func init() { type UserListOptions struct { - Domain string `help:"Filter by domain"` - Name string `help:"Filter by name"` - Limit int64 `help:"Limit, default 0, i.e. no limit"` - Offset int64 `help:"Offset, default 0, i.e. no offset"` - Search string `help:"Search by name"` + Domain string `help:"Filter by domain"` + Name string `help:"Filter by name"` + Limit int64 `help:"Limit, default 0, i.e. no limit"` + Offset int64 `help:"Offset, default 0, i.e. no offset"` + Search string `help:"Search by name"` + DefaultProject string `help:"Filter by default_project_id"` + NoDefaultProject bool `help:"Filter users without valid default_project_id"` } R(&UserListOptions{}, "user-list", "List users", func(s *mcclient.ClientSession, args *UserListOptions) error { mod, err := modules.GetModule(s, "users") @@ -39,6 +41,15 @@ func init() { if args.Offset > 0 { params.Add(jsonutils.NewInt(args.Offset), "offset") } + if len(args.DefaultProject) > 0 { + projId, err := modules.Projects.GetId(s, args.DefaultProject, nil) + if err != nil { + return err + } + params.Add(jsonutils.NewString(projId), "default_project_id") + } else if args.NoDefaultProject { + params.Add(jsonutils.NewString(""), "default_project_id__iempty") + } result, err := mod.List(s, params) if err != nil { return err @@ -219,6 +230,8 @@ func init() { Mobile string `help:"Mobile"` Enabled bool `help:"Enabled"` Disabled bool `help:"Disabled"` + + DefaultProject string `help:"Default project"` // Option []string `help:"User options"` } R(&UserUpdateOptions{}, "user-update", "Update a user", func(s *mcclient.ClientSession, args *UserUpdateOptions) error { @@ -258,6 +271,13 @@ func init() { } else if !args.Enabled && args.Disabled { params.Add(jsonutils.JSONFalse, "enabled") } + if len(args.DefaultProject) > 0 { + projId, err := modules.Projects.GetId(s, args.DefaultProject, nil) + if err != nil { + return err + } + params.Add(jsonutils.NewString(projId), "default_project_id") + } /* if len(args.Option) > 0 { uoptions := jsonutils.NewDict() diff --git a/pkg/cloudcommon/db/db_joint_dispatcher.go b/pkg/cloudcommon/db/db_joint_dispatcher.go index 99db307868..01b5a41344 100644 --- a/pkg/cloudcommon/db/db_joint_dispatcher.go +++ b/pkg/cloudcommon/db/db_joint_dispatcher.go @@ -156,7 +156,8 @@ func (dispatcher *DBJointModelDispatcher) Get(ctx context.Context, id1 string, i func attachItems(dispatcher *DBJointModelDispatcher, master IStandaloneModel, slave IStandaloneModel, ctx context.Context, userCred mcclient.TokenCredential, query jsonutils.JSONObject, data jsonutils.JSONObject) (jsonutils.JSONObject, error) { var isAllow bool if consts.IsRbacEnabled() { - isAllow = isObjectRbacAllowed(master.GetModelManager(), master, userCred, policy.PolicyActionPerform, "attach") + isAllow = isObjectRbacAllowed(master.GetModelManager(), master, userCred, policy.PolicyActionPerform, "attach") && + isObjectRbacAllowed(slave.GetModelManager(), slave, userCred, policy.PolicyActionPerform, "attach") } else { isAllow = dispatcher.JointModelManager().AllowAttach(ctx, userCred, master, slave) } diff --git a/pkg/cloudcommon/db/interface.go b/pkg/cloudcommon/db/interface.go index 841ee1f18b..aca43f4d0f 100644 --- a/pkg/cloudcommon/db/interface.go +++ b/pkg/cloudcommon/db/interface.go @@ -118,6 +118,7 @@ type IModel interface { PostDelete(ctx context.Context, userCred mcclient.TokenCredential) GetOwnerProjectId() string + IsSharable() bool CustomizedGetDetailsBody(ctx context.Context, userCred mcclient.TokenCredential, query jsonutils.JSONObject) (jsonutils.JSONObject, error) } @@ -186,7 +187,7 @@ type ISharableVirtualModelManager interface { type ISharableVirtualModel interface { IVirtualModel - IsSharable() bool + // IsSharable() bool } type IAdminSharableVirtualModelManager interface { diff --git a/pkg/cloudcommon/db/jointbase.go b/pkg/cloudcommon/db/jointbase.go index 17a3276b1d..844c87d41d 100644 --- a/pkg/cloudcommon/db/jointbase.go +++ b/pkg/cloudcommon/db/jointbase.go @@ -103,11 +103,11 @@ func (manager *SJointResourceBaseManager) FetchByIds(masterId string, slaveId st } func (manager *SJointResourceBaseManager) AllowListDescendent(ctx context.Context, userCred mcclient.TokenCredential, model IStandaloneModel, query jsonutils.JSONObject) bool { - return false + return IsAdminAllowList(userCred, manager) } func (manager *SJointResourceBaseManager) AllowAttach(ctx context.Context, userCred mcclient.TokenCredential, master IStandaloneModel, slave IStandaloneModel) bool { - return false + return IsAdminAllowCreate(userCred, manager) } func JointModelExtra(jointModel IJointModel, extra *jsonutils.JSONDict) *jsonutils.JSONDict { diff --git a/pkg/cloudcommon/db/modelbase.go b/pkg/cloudcommon/db/modelbase.go index 1adfd7f702..7c5501d40a 100644 --- a/pkg/cloudcommon/db/modelbase.go +++ b/pkg/cloudcommon/db/modelbase.go @@ -311,6 +311,10 @@ func (model *SModelBase) GetOwnerProjectId() string { return "" } +func (model *SModelBase) IsSharable() bool { + return false +} + func (model *SModelBase) CustomizedGetDetailsBody(ctx context.Context, userCred mcclient.TokenCredential, query jsonutils.JSONObject) (jsonutils.JSONObject, error) { return nil, nil } diff --git a/pkg/cloudcommon/db/rbac.go b/pkg/cloudcommon/db/rbac.go index 894429f9a1..439af73377 100644 --- a/pkg/cloudcommon/db/rbac.go +++ b/pkg/cloudcommon/db/rbac.go @@ -92,7 +92,7 @@ func isObjectRbacAllowed(manager IModelManager, model IModel, userCred mcclient. if len(ownerId) > 0 { objOwnerId := model.GetOwnerProjectId() - if ownerId == objOwnerId { + if ownerId == objOwnerId || model.IsSharable() { isOwner = true requireAdmin = false } else { diff --git a/pkg/cloudcommon/db/sharablevirtual.go b/pkg/cloudcommon/db/sharablevirtual.go index 4082fef522..994099c7e6 100644 --- a/pkg/cloudcommon/db/sharablevirtual.go +++ b/pkg/cloudcommon/db/sharablevirtual.go @@ -65,4 +65,4 @@ func (model *SSharableVirtualResourceBase) PerformPrivate(ctx context.Context, u return nil, err } return nil, nil -} +} \ No newline at end of file diff --git a/pkg/mcclient/modules/mod_users.go b/pkg/mcclient/modules/mod_users.go index a42c58cc08..727f3d1908 100644 --- a/pkg/mcclient/modules/mod_users.go +++ b/pkg/mcclient/modules/mod_users.go @@ -160,7 +160,7 @@ func init() { UsersV3 = UserManagerV3{NewIdentityV3Manager("user", "users", []string{}, - []string{"ID", "Name", "Domain_Id", + []string{"ID", "Name", "Domain_Id", "default_project_id", "Enabled", "Email", "Mobile"})} register(&UsersV3)