Commit d5031f81 authored by Leigh B Stoller's avatar Leigh B Stoller
Browse files

Do not allow images with noclone/nosnapshot to be cloned or snapped.

parent 967407da
......@@ -269,6 +269,15 @@ if (defined($image)) {
fatal("Only EZ images or datasets on this path.");
}
#
# Only project members or an admin can snapshot a noclone image.
#
if ($image->noclone() &&
!$image->AccessCheck($this_user, TB_IMAGEID_CREATE) &&
!$this_user->IsAdmin()) {
fatal("You are not allowed to snapshot this image");
}
#
# The access check above determines if the caller has permission
# to overwrite the image file.
......@@ -438,6 +447,15 @@ if (!$base_image->ezid()) {
fatal("Cannot clone a non-ez image");
}
#
# Only project members or an admin can clone a noclone image.
#
if ($base_image->noclone() &&
!$base_image->AccessCheck($this_user, TB_IMAGEID_CREATE) &&
!$this_user->IsAdmin()) {
fatal("You are not allowed to clone $base_image");
}
#
# Not allowed to derive an image from one that has not been released.
# Maybe relax this in the future, but this is a good simplification for
......@@ -503,6 +521,7 @@ if (defined($base_image)) {
$xmlfields{"mbr_version"} = $base_image->mbr_version();
$xmlfields{"loadpart"} = $base_image->loadpart();
$xmlfields{"noexport"} = $base_image->noexport();
$xmlfields{"noclone"} = $base_image->noclone();
# Short form uses wholedisk instead. Should fix this.
if ($base_image->loadpart() == 0 && $base_image->loadlength() == 4) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment