Commit fd75a209 authored by Leigh B Stoller's avatar Leigh B Stoller

Since there is currently no way to set/clear the global bit on an

image, I added it to grantimage:

	boss> grantimage -a pid,osname

and to revoke:

	boss> grantimage -r -a pid,osname
parent 5d115d2c
......@@ -596,7 +596,6 @@ sub AccessCheck($$$)
if ($access_type == TB_IMAGEID_EXPORT && $isadmin) {
return 1;
}
return 0;
}
my $project = $self->GetProject();
......
......@@ -13,20 +13,25 @@ use Getopt::Std;
#
sub usage()
{
print STDERR "Usage: grantimage [-r] [-w] [-g <gid> | -u <uid>] <imageid>\n";
print STDERR "Usage: grantimage [-r] [-w] ";
print STDERR "[-g <gid> | -u <uid> | -a] <imageid>\n";
print STDERR " grantimage -l <imageid>\n";
print STDERR " -h This message\n";
print STDERR " -l List permissions\n";
print STDERR " -w Grant write permission; defaults to read only\n";
print STDERR " -r Revoke access instead of grant\n";
print STDERR " -u Grant access to a specific user\n";
print STDERR " -g Grant access to a specific group (project)\n";
print STDERR " -a Grant global read-only access\n";
exit(-1);
}
my $optlist = "hg:dnru:wl";
my $optlist = "hg:dnru:wla";
my $impotent = 0;
my $debug = 0;
my $revoke = 0;
my $writable = 0;
my $listonly = 0;
my $global = 0;
my $gid;
my $uid;
my $target;
......@@ -59,6 +64,7 @@ use Project;
use Group;
use User;
use Image;
use OSinfo;
#
# Turn off line buffering on output
......@@ -87,6 +93,9 @@ if (defined($options{l})) {
if (defined($options{n})) {
$impotent = 1;
}
if (defined($options{a})) {
$global = 1;
}
if (defined($options{r})) {
$revoke = 1;
}
......@@ -105,7 +114,7 @@ if (defined($options{u})) {
usage()
if (@ARGV != 1);
usage()
if (! ($listonly || defined($gid) || defined($uid)));
if (! ($listonly || $global || defined($gid) || defined($uid)));
my $imageid = $ARGV[0];
......@@ -157,6 +166,22 @@ if ($listonly) {
}
exit(0);
}
elsif ($global) {
my $val = ($revoke ? 0 : 1);
$image->Update({"global" => $val}) == 0
or fatal("Could not update global flag");
if ($image->ezid()) {
my $osinfo = OSinfo->Lookup($image->imageid());
if (defined($osinfo)) {
$osinfo->Update({"shared" => $val}) == 0
or fatal("Could not update shared flag");
}
else {
fatal("Could not lookup OSinfo for $image");
}
}
}
elsif ($revoke) {
$image->RevokeAccess($target) == 0
or fatal("Could not revoke permission for $target");
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment