Commit 61a2e65a authored by Leigh B Stoller's avatar Leigh B Stoller

Fixes to ImageInfo and DeleteInfo wrt PROTOGENI_LOCALUSERS; images

are a pain since access is not by credential or user.
parent 405d165e
......@@ -2540,6 +2540,8 @@ sub CreateImage($)
if ($WITHPROVENANCE) {
$image = $image->LookupMostRecent();
}
# Set the creator_urn, which might come from the speaksfor.
#
# Form an image URN so the user knows how to request the new image.
#
......@@ -2687,7 +2689,7 @@ sub DeleteImage($)
}
if (! ((defined($creator_urn) && $creator_urn eq $user->urn()) ||
$project->nonlocal_id() eq $authority->urn())) {
GeniHRN::SameDomain($project->nonlocal_id(), $authority->urn()))) {
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
"Not enough permission to delete image; wrong SA or user");
}
......@@ -2780,7 +2782,7 @@ sub ImageInfo($)
if (! ($image->global() ||
(defined($creator_urn) && $creator_urn eq $user->urn()) ||
$project->nonlocal_id() eq $authority->urn())) {
GeniHRN::SameDomain($project->nonlocal_id(), $authority->urn()))) {
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
"Not enough permission to access image");
}
......@@ -3493,6 +3495,7 @@ sub ModifyDataset($)
my $blob = {};
$blob->{'expires'} = emutil::TBDateStringGMT($lease->lease_end());
$blob->{'state'} = $lease->state();
return GeniResponse->Create(GENIRESPONSE_SUCCESS, $blob);
}
......
#!/usr/bin/perl -wT
#
# Copyright (c) 2009-2010 University of Utah and the Flux Group.
# Copyright (c) 2009-2015 University of Utah and the Flux Group.
#
# {{{GENIPUBLIC-LICENSE
#
......@@ -253,6 +253,19 @@ sub Authoritative($$)
return $hrn[ 0 ] eq $authority;
}
sub SameDomain($$)
{
my ($a, $b) = @_;
my ($auth_a) = Parse($a);
my ($auth_b) = Parse($b);
my ($dom_a) = split(":", $auth_a);
my ($dom_b) = split(":", $auth_b);
$dom_a =~ tr/A-Z/a-z/;
$dom_b =~ tr/A-Z/a-z/;
return $dom_a eq $dom_b;
}
# Helper functions to make special cases slightly less messy:
# Generate an interface URN given a node and an interface ID on that node.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment