Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
emulab
emulab-devel
Commits
f858cf7b
Commit
f858cf7b
authored
Feb 28, 2014
by
Leigh B Stoller
Browse files
Fix permission checks. Note that red dot can do anything, including
ssh in as the user. Maybe change that?
parent
efc655dc
Changes
1
Hide whitespace changes
Inline
Side-by-side
www/aptui/status.php
View file @
f858cf7b
...
...
@@ -100,12 +100,16 @@ if (!$creator) {
return
;
}
#
# We do not enforce strict permissions on a guest created instance,
# but we do if it was created by a real user.
# Only logged in admins can access an experiment created by someone else.
#
if
(
get_class
(
$creator
)
==
"User"
)
{
if
(
!
(
isset
(
$this_user
)
&&
(
$creator
->
uuid
()
==
$this_user
->
uuid
()
||
ISADMIN
())))
{
if
(
!
(
isset
(
$this_user
)
&&
ISADMIN
()))
{
# An experiment created by a real user, can be accessed by that user only.
# Ditto a guest user; must be the same guest.
if
(
!
((
get_class
(
$creator
)
==
"User"
&&
isset
(
$this_user
)
&&
$creator
->
uuid
()
==
$this_user
->
uuid
())
||
(
get_class
(
$creator
)
==
"GeniUser"
&&
isset
(
$_COOKIE
[
'quickvm_user'
])
&&
$_COOKIE
[
'quickvm_user'
]
==
$creator
->
uuid
())))
{
if
(
$ajax_request
)
{
SPITAJAX_ERROR
(
1
,
"You do not have permission!"
);
exit
();
...
...
@@ -131,6 +135,9 @@ if (isset($ajax_request)) {
SPITAJAX_RESPONSE
(
$instance
->
manifest
());
}
elseif
(
$ajax_method
==
"ssh_authobject"
)
{
#
#
#
SPITAJAX_RESPONSE
(
SSHAuthObject
(
$creator
->
uid
(),
$ajax_argument
));
}
elseif
(
$ajax_method
==
"request_extension"
)
{
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment