[Ovirt-devel] [PATCH] add permissions checks to search results.
Jason Guiditta
jguiditt at redhat.com
Wed Aug 13 16:37:57 UTC 2008
On Wed, 2008-08-06 at 13:45 -0400, Scott Seago wrote:
> To do so, I've enabled term-based parameters to each of the searchable types. At the query level, appending search_users:foo limits results to items viewable by user foo. This involved:
>
> 1) added :terms parameter to acts_as_xapian declaration for the method search_users
> 2) added search_users method to searchable models which return an array of usernames that have 'monitor' access
> 3) modified the acts_as_xapian plugin to handle prefix searches for which the object provides multiple values (since we have multiple users with access to each object) -- this is a change which may be suitable for upstream inclusion
> 4) When performing the search, search for "(#{terms}) AND search_users:#{user}" instead of simply searching for terms.
>
> This patch is dependant on the prior search denormalization patch.
>
> Signed-off-by: Scott Seago <sseago at redhat.com>
After much trouble of my own making, finally got this tested properly.
Search works as desired, so ACK with one caveat.
I noticed when I try to add a user (under any 'user access'), clicking
'create user permission' gives me a 401, and subsequent attempts give me
a 401 followed by a 500. I looked at the log
in /var/log/ovirt-wui/mongrel.log, but did not see anything go by, not
even an attempt at running the requested action. Perhaps this is
related to the freeipa perm issues I saw being discussed in irc, but I
thought it should be mentioned. This may not be at all related to this
patch, and if not, then definitely ACK.
-j
More information about the ovirt-devel
mailing list