Commit 3340b812 authored by Leigh Stoller's avatar Leigh Stoller

Rest of the support for featurized permission to use aggregates.

parent 3f4ac33b
......@@ -36,6 +36,7 @@ use vars qw(@ISA @EXPORT $AUTOLOAD);
# Must come after package declaration!
use emdb;
use emutil;
use EmulabFeatures;
use GeniHRN;
use overload ('""' => 'Stringify');
......@@ -349,5 +350,37 @@ sub Update($$)
return Refresh($self);
}
#
# Permission check to see if user/project is allowed to use the aggregate.
#
sub CanInstantiate($$$$)
{
my ($self, $portal, $user, $project) = @_;
# Admins always allowed to use.
return 1
if ($user->IsAdmin());
# Admin only cluster
return 0
if ($self->adminonly() && !($user->IsAdmin() || $user->stud()));
if (defined($self->canuse_feature())) {
my $feature = $portal . "-" . $self->canuse_feature();
return 1
if (EmulabFeatures->FeatureEnabled($feature, $user));
my $membership = $project->LookupUser($user);
return 0
if (! (defined($membership) && $membership->IsApproved()));
return 1
if ($project->approved() && !$project->disabled() &&
EmulabFeatures->FeatureEnabled($feature, undef, $project));
}
return 0;
}
# _Always_ make sure that this 1 is at the end of the file...
1;
......@@ -884,12 +884,10 @@ foreach my $aggregate_urn (@aggregate_urns) {
}
}
}
if ($aptaggregate->adminonly() &&
!(defined($this_user) &&
($this_user->IsAdmin() || $this_user->stud()))) {
if (! $aptaggregate->CanInstantiate($portal, $this_user, $project)) {
$slice->Delete();
$instance->Delete();
UserError("Only administrators may use the $aggregate_name cluster.");
UserError("Not allowed to use the $aggregate_name cluster.");
}
my $authority = GeniAuthority->Lookup($aggregate_urn);
if (!defined($authority)) {
......
#!/usr/bin/perl -wT
#
# Copyright (c) 2005-2018 University of Utah and the Flux Group.
# Copyright (c) 2005-2019 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -1455,8 +1455,9 @@ sub trust($) { return field($_[0], "trust"); }
sub date_applied($) { return field($_[0], "date_applied"); }
sub date_approved($) { return field($_[0], "date_approved"); }
sub group($) { return $_[0]->{'GROUP'}; }
sub user($ ) { return $_[0]->{'USER'}; }
sub user($) { return $_[0]->{'USER'}; }
sub IsApproved($) { return $_[0]->trust() eq $TRUSTSTRING_NONE ? 0 : 1; }
#
# Is user trust in the group at least equal to the supplied trust
#
......
#!/usr/bin/perl -wT
#
# Copyright (c) 2005-2018 University of Utah and the Flux Group.
# Copyright (c) 2005-2019 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -151,6 +151,7 @@ sub linked_to_us($) { return field($_[0], "linked_to_us"); }
sub expt_count($) { return field($_[0], "expt_count"); }
sub expt_last($) { return field($_[0], "expt_last"); }
sub approved($) { return field($_[0], "approved"); }
sub disabled($) { return field($_[0], "disabled"); }
sub wikiname($) { return field($_[0], "wikiname"); }
sub mailman_password($) { return field($_[0], "mailman_password"); }
sub allow_workbench($) { return field($_[0], "allow_workbench"); }
......
......@@ -248,7 +248,7 @@ class Aggregate
# Must be approved in the project.
$project->IsMember($user, $approved) && $approved &&
FeatureEnabled($feature, null, $group, null)) {
$approved = 1;
$allowed = 1;
break;
}
}
......@@ -328,8 +328,9 @@ class Aggregate
# Must be approved in the project.
$project->IsMember($user, $approved) && $approved &&
FeatureEnabled($feature, null, $group, null)) {
$approved = 1;
$allowed = 1;
break;
}
}
}
......
......@@ -707,7 +707,7 @@ function CheckStep2()
}
}
}
elseif ($ISAPT || $ISPNET || $ISEMULAB || $ISPOWDER) {
elseif ($ISAPT || $ISPNET || $ISEMULAB) {
# No choice
;
}
......@@ -1042,7 +1042,7 @@ function Do_Submit()
}
}
}
elseif ($ISAPT || $ISPNET || $ISEMULAB | $ISPOWDER) {
elseif ($ISAPT || $ISPNET || $ISEMULAB) {
$aggregate_urn = $DEFAULT_AGGREGATE_URN;
}
elseif (isset($formfields["where"])) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment