Commit 5c854955 authored by Leigh B Stoller's avatar Leigh B Stoller

Fix ssh shell handling to that project members that can view the status

page can use the Shell button to log in as themselves.
parent c6ce035f
......@@ -408,6 +408,27 @@ class Instance
}
return 0;
}
function CanDoSSH($user) {
if ($this->creator_idx() == $user->uid_idx()) {
return 1;
}
#
# IsNonLocal() is not the correct test, since we now allow geni users
# to start/join real projects. Need to think about this.
#
if (!$user->IsNonLocal()) {
# Otherwise a project membership test.
$project = Project::Lookup($this->pid_idx());
if (!$project) {
return 0;
}
$isapproved = 0;
if ($project->IsMember($user, $isapproved) && $isapproved) {
return 1;
}
}
return 0;
}
#
# Determine user current usage.
......
......@@ -1080,10 +1080,12 @@ function (_, sup, moment, marked, UriTemplate, ShowImagingModal,
// Ask the server for an authentication object that allows
// to start an ssh shell.
var callback = function(json) {
// console.info(json.value);
console.info(json.value);
if (json.code) {
alert("Failed to gain authentication for ssh.");
sup.SpitOops("oops", "Failed to get ssh auth object: " +
json.value);
return;
}
else {
StartSSH(tabname, json.value);
......@@ -1298,7 +1300,7 @@ function (_, sup, moment, marked, UriTemplate, ShowImagingModal,
}
if (login.length && dossh) {
var user = login.attr("username");
var user = window.APT_OPTIONS.thisUid;
var host = login.attr("hostname");
var port = login.attr("port");
var url = "ssh://" + user + "@" + host + ":" + port +"/";
......
......@@ -299,21 +299,19 @@ function Do_GetSSHAuthObject()
}
$hostport = $ajax_args["hostport"];
if (StatusSetupAjax(1)) {
if (StatusSetupAjax(0)) {
return;
}
#
# XXX Need to deal with multiple members of an experiment.
#
if (! ((isset($this_user) && $this_user->SameUser($creator)) ||
if (! ((isset($this_user) && $instance->CanDoSSH($this_user)) ||
(isset($_COOKIE['quickvm_user']) &&
$_COOKIE['quickvm_user'] == $creator->uuid()))) {
SPITAJAX_ERROR(1, "Not allowed to ssh; only the creator");
SPITAJAX_ERROR(1, "Not allowed to ssh; ".
"only the creator or a project member");
return;
}
$nodeid = $ajax_args["nodeid"];
$auth = SSHAuthObject($creator->uid(), $hostport);
$auth = SSHAuthObject($this_user->uid(), $hostport);
if (!$auth) {
SPITAJAX_ERROR(1, "Could not create authentication object");
return;
......
......@@ -185,7 +185,7 @@ $paniced = $instance->paniced();
# We give ssh to the creator (real user or guest user).
#
$dossh =
(((isset($this_user) && $this_user->SameUser($creator)) ||
(((isset($this_user) && $instance->CanDoSSH($this_user)) ||
(isset($_COOKIE['quickvm_user']) &&
$_COOKIE['quickvm_user'] == $creator->uuid())) ? 1 : 0);
......@@ -224,6 +224,7 @@ echo " window.APT_OPTIONS.sliceExpiresText = '" . $slice_expires_text . "';\n";
echo " window.APT_OPTIONS.sliceCreated = '" . $slice_created . "';\n";
echo " window.APT_OPTIONS.creatorUid = '" . $creator_uid . "';\n";
echo " window.APT_OPTIONS.creatorEmail = '" . $creator_email . "';\n";
echo " window.APT_OPTIONS.thisUid = '" . $this_user->uid() . "';\n";
echo " window.APT_OPTIONS.registered = $registered;\n";
echo " window.APT_OPTIONS.isadmin = $isadmin;\n";
echo " window.APT_OPTIONS.isfadmin = $isfadmin;\n";
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment