Commit c7d84ca1 authored by Leigh B Stoller's avatar Leigh B Stoller

Fix some image permission tests. We have some confusion about who owns

images on the geni path, when we enable PROTOGENI_LOCALUSER on a system
that already has geni created images.
parent 91f50217
......@@ -2152,7 +2152,7 @@ sub DeleteNodes($)
if ($PID == $mypid) {
$slice->UnLock();
}
return GeniResponse->Create(GENIRESPONSE_SUCCESS, $sliver_manifest);
return 0;
}
#
......@@ -3081,7 +3081,8 @@ sub CreateImage($)
my $image = Image->Lookup($experiment->pid(), $imagename);
if (defined($image)) {
if (!((defined($image->creator_urn()) &&
$image->creator_urn() eq $user->urn()) ||
($image->creator_urn() eq $user->urn() ||
$image->creator_urn() eq $ENV{'REALGENIURN'})) ||
($user->IsLocal() &&
$image->AccessCheck($user->emulab_user(),
EmulabConstants::TB_IMAGEID_ACCESS())))) {
......@@ -3377,7 +3378,9 @@ sub DeleteImage($)
# accidental removal of images not belonging to current user.
# Note that not all images have the creator_urn set (yet).
#
if (defined($creator_urn) && $creator_urn ne $user->urn()) {
if (defined($creator_urn) &&
!($creator_urn eq $user->urn() ||
$creator_urn eq $ENV{'REALGENIURN'})) {
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
"Not your image; please specify original creator urn")
if (!defined($overide_urn) || $overide_urn ne $creator_urn);
......@@ -3460,7 +3463,9 @@ sub ImageInfo($)
}
if (! ($image->global() ||
(defined($creator_urn) && $creator_urn eq $user->urn()) ||
(defined($creator_urn) &&
($creator_urn eq $user->urn() ||
$creator_urn eq $ENV{'REALGENIURN'})) ||
GeniHRN::SameDomain($project->nonlocal_id(), $authority->urn()))) {
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN, undef,
"Not enough permission to access image");
......@@ -4367,7 +4372,9 @@ sub DeleteDataset($)
#
my $lease_owner = $lease->GetAttribute("creator_urn");
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN)
if (! (defined($lease_owner) && $lease_owner eq $user->urn()));
if (! (defined($lease_owner) &&
!($lease_owner eq $user->urn() ||
$lease_owner eq $ENV{'REALGENIURN'})));
$cmd = "$DELETEDATASET -b -f " .
$group->pid() . "/" . $group->gid() . "/" . $dataset;
......@@ -4380,7 +4387,8 @@ sub DeleteDataset($)
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN)
if (!$image->isdataset() ||
!defined($image->creator_urn()) ||
$image->creator_urn() ne $user->urn());
($image->creator_urn() ne $user->urn() &&
$image->creator_urn() ne $ENV{'REALGENIURN'}));
$cmd = "$DELETEIMAGE -p ". $image->imageid();
}
......@@ -4442,8 +4450,9 @@ sub ModifyDataset($)
#
my $lease_owner = $lease->GetAttribute("creator_urn");
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN)
if (! (defined($lease_owner) && $lease_owner eq $user->urn()));
if (! (defined($lease_owner) &&
($lease_owner eq $user->urn() ||
$lease_owner eq $ENV{'REALGENIURN'})));
$islease = 1;
}
else {
......@@ -4454,7 +4463,8 @@ sub ModifyDataset($)
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN)
if (!$image->isdataset() ||
!defined($image->creator_urn()) ||
$image->creator_urn() ne $user->urn());
($image->creator_urn() ne $user->urn() &&
$image->creator_urn() ne $ENV{'REALGENIURN'}));
$islease = 0;
}
......@@ -4562,8 +4572,9 @@ sub DescribeDataset($)
#
my $lease_owner = $lease->GetAttribute("creator_urn");
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN)
if (! (defined($lease_owner) && $lease_owner eq $user->urn()));
if (! (defined($lease_owner) &&
($lease_owner eq $user->urn() ||
$lease_owner eq $ENV{'REALGENIURN'})));
$blob->{'state'} = $lease->state();
$blob->{'type'} = $lease->type();
$blob->{"busy"} = $lease->locked() ? 1 : 0;
......@@ -4584,7 +4595,8 @@ sub DescribeDataset($)
return GeniResponse->Create(GENIRESPONSE_FORBIDDEN)
if (!$image->isdataset() ||
!defined($image->creator_urn()) ||
$image->creator_urn() ne $user->urn());
($image->creator_urn() ne $user->urn() &&
$image->creator_urn() ne $ENV{'REALGENIURN'}));
$blob->{'state'} = "valid";
$blob->{'type'} = "imdataset";
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment