Since there is currently no way to set/clear the global bit on an

image, I added it to grantimage: boss> grantimage -a pid,osname and to revoke: boss> grantimage -r -a pid,osname

Since there is currently no way to set/clear the global bit on an
image, I added it to grantimage: boss> grantimage -a pid,osname and to revoke: boss> grantimage -r -a pid,osname
fd75a209 · Leigh B Stoller · 5d115d2c · fd75a209 · fd75a209
Commit fd75a209 authored Oct 11, 2011 by Leigh B Stoller
Hide whitespace changes
Inline Side-by-side

Showing with 28 additions and 4 deletions

db/Image.pm.in db/Image.pm.in +0 -1

utils/grantimage.in utils/grantimage.in +28 -3

No files found.
--- a/db/Image.pm.in
+++ b/db/Image.pm.in
@@ -596,7 +596,6 @@ sub AccessCheck($$$)
 	if ($access_type == TB_IMAGEID_EXPORT && $isadmin) {
 	    return 1;
 	}
-	return 0;
    }

    my $project = $self->GetProject();

--- a/utils/grantimage.in
+++ b/utils/grantimage.in
@@ -13,20 +13,25 @@ use Getopt::Std;
 #
 sub usage()
 {
-    print STDERR "Usage: grantimage [-r] [-w] [-g <gid> | -u <uid>] <imageid>\n";
+    print STDERR "Usage: grantimage [-r] [-w] ";
+    print STDERR "[-g <gid> | -u <uid> | -a] <imageid>\n";
    print STDERR "       grantimage -l <imageid>\n";
    print STDERR "	-h   This message\n";
    print STDERR "	-l   List permissions\n";
    print STDERR "	-w   Grant write permission; defaults to read only\n";
    print STDERR "	-r   Revoke access instead of grant\n";
+    print STDERR "	-u   Grant access to a specific user\n";
+    print STDERR "	-g   Grant access to a specific group (project)\n";
+    print STDERR "	-a   Grant global read-only access\n";
    exit(-1);
 }
-my $optlist  = "hg:dnru:wl";
+my $optlist  = "hg:dnru:wla";
 my $impotent = 0;
 my $debug    = 0;
 my $revoke   = 0;
 my $writable = 0;
 my $listonly = 0;
+my $global   = 0;
 my $gid;
 my $uid;
 my $target;
@@ -59,6 +64,7 @@ use Project;
 use Group;
 use User;
 use Image;
+use OSinfo;

 #
 # Turn off line buffering on output
@@ -87,6 +93,9 @@ if (defined($options{l})) {
 if (defined($options{n})) {
    $impotent = 1;
 }
+if (defined($options{a})) {
+    $global = 1;
+}
 if (defined($options{r})) {
    $revoke = 1;
 }
@@ -105,7 +114,7 @@ if (defined($options{u})) {
 usage()
    if (@ARGV != 1);
 usage()
-    if (! ($listonly || defined($gid) || defined($uid)));
+    if (! ($listonly || $global || defined($gid) || defined($uid)));

 my $imageid = $ARGV[0];

@@ -157,6 +166,22 @@ if ($listonly) {
    }
    exit(0);
 }
+elsif ($global) {
+    my $val = ($revoke ? 0 : 1);
+    $image->Update({"global" => $val}) == 0
+	or fatal("Could not update global flag");
+    
+    if ($image->ezid()) {
+	my $osinfo = OSinfo->Lookup($image->imageid());
+	if (defined($osinfo)) {
+	    $osinfo->Update({"shared" => $val}) == 0
+		or fatal("Could not update shared flag");
+	}
+	else {
+	    fatal("Could not lookup OSinfo for $image");
+	}
+    }
+}
 elsif ($revoke) {
    $image->RevokeAccess($target) == 0
 	or fatal("Could not revoke permission for $target");