[Ovirt-devel] [PATCH] add permissions checks to search results.

Jason Guiditta jguiditt at redhat.com
Wed Aug 13 16:37:57 UTC 2008


On Wed, 2008-08-06 at 13:45 -0400, Scott Seago wrote:
> To do so, I've enabled term-based parameters to each of the searchable types. At the query level, appending search_users:foo limits results to items viewable by user foo. This involved:
> 
> 1) added :terms parameter to acts_as_xapian declaration for the method search_users
> 2) added search_users method to searchable models which return an array of usernames that have 'monitor' access
> 3) modified the acts_as_xapian plugin to handle prefix searches for which the object provides multiple values (since we have multiple users with access to each object) -- this is a change which may be suitable for upstream inclusion
> 4) When performing the search, search for "(#{terms}) AND search_users:#{user}" instead of simply searching for terms.
> 
> This patch is dependant on the prior search denormalization patch.
> 
> Signed-off-by: Scott Seago <sseago at redhat.com>
 After much trouble of my own making, finally got this tested properly.
Search works as desired, so ACK with one caveat.  

I noticed when I try to add a user (under any 'user access'), clicking
'create user permission' gives me a 401, and subsequent attempts give me
a 401 followed by a 500.  I looked at the log
in /var/log/ovirt-wui/mongrel.log, but did not see anything go by, not
even an attempt at running the requested action.  Perhaps this is
related to the freeipa perm issues I saw being discussed in irc, but I
thought it should be mentioned.  This may not be at all related to this
patch, and if not, then definitely ACK.

-j




More information about the ovirt-devel mailing list