Commit 5c854955 authored by Leigh Stoller's avatar Leigh Stoller

Fix ssh shell handling to that project members that can view the status

page can use the Shell button to log in as themselves.
parent c6ce035f
......@@ -408,6 +408,27 @@ class Instance
}
return 0;
}
function CanDoSSH($user) {
if ($this->creator_idx() == $user->uid_idx()) {
return 1;
}
#
# IsNonLocal() is not the correct test, since we now allow geni users
# to start/join real projects. Need to think about this.
#
if (!$user->IsNonLocal()) {
# Otherwise a project membership test.
$project = Project::Lookup($this->pid_idx());
if (!$project) {
return 0;
}
$isapproved = 0;
if ($project->IsMember($user, $isapproved) && $isapproved) {
return 1;
}
}
return 0;
}
#
# Determine user current usage.
......
......@@ -1080,10 +1080,12 @@ function (_, sup, moment, marked, UriTemplate, ShowImagingModal,
// Ask the server for an authentication object that allows
// to start an ssh shell.
var callback = function(json) {
// console.info(json.value);
console.info(json.value);
if (json.code) {
alert("Failed to gain authentication for ssh.");
sup.SpitOops("oops", "Failed to get ssh auth object: " +
json.value);
return;
}
else {
StartSSH(tabname, json.value);
......@@ -1298,7 +1300,7 @@ function (_, sup, moment, marked, UriTemplate, ShowImagingModal,
}
if (login.length && dossh) {
var user = login.attr("username");
var user = window.APT_OPTIONS.thisUid;
var host = login.attr("hostname");
var port = login.attr("port");
var url = "ssh://" + user + "@" + host + ":" + port +"/";
......
......@@ -299,21 +299,19 @@ function Do_GetSSHAuthObject()
}
$hostport = $ajax_args["hostport"];
if (StatusSetupAjax(1)) {
if (StatusSetupAjax(0)) {
return;
}
#
# XXX Need to deal with multiple members of an experiment.
#
if (! ((isset($this_user) && $this_user->SameUser($creator)) ||
if (! ((isset($this_user) && $instance->CanDoSSH($this_user)) ||
(isset($_COOKIE['quickvm_user']) &&
$_COOKIE['quickvm_user'] == $creator->uuid()))) {
SPITAJAX_ERROR(1, "Not allowed to ssh; only the creator");
SPITAJAX_ERROR(1, "Not allowed to ssh; ".
"only the creator or a project member");
return;
}
$nodeid = $ajax_args["nodeid"];
$auth = SSHAuthObject($creator->uid(), $hostport);
$auth = SSHAuthObject($this_user->uid(), $hostport);
if (!$auth) {
SPITAJAX_ERROR(1, "Could not create authentication object");
return;
......
......@@ -185,7 +185,7 @@ $paniced = $instance->paniced();
# We give ssh to the creator (real user or guest user).
#
$dossh =
(((isset($this_user) && $this_user->SameUser($creator)) ||
(((isset($this_user) && $instance->CanDoSSH($this_user)) ||
(isset($_COOKIE['quickvm_user']) &&
$_COOKIE['quickvm_user'] == $creator->uuid())) ? 1 : 0);
......@@ -224,6 +224,7 @@ echo " window.APT_OPTIONS.sliceExpiresText = '" . $slice_expires_text . "';\n";
echo " window.APT_OPTIONS.sliceCreated = '" . $slice_created . "';\n";
echo " window.APT_OPTIONS.creatorUid = '" . $creator_uid . "';\n";
echo " window.APT_OPTIONS.creatorEmail = '" . $creator_email . "';\n";
echo " window.APT_OPTIONS.thisUid = '" . $this_user->uid() . "';\n";
echo " window.APT_OPTIONS.registered = $registered;\n";
echo " window.APT_OPTIONS.isadmin = $isadmin;\n";
echo " window.APT_OPTIONS.isfadmin = $isfadmin;\n";
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment