[Ovirt-devel] [PATCH 4/6] hardware_pool: search by path

David Lutterkort lutter at redhat.com
Wed Aug 27 18:28:42 UTC 2008

On Tue, 2008-08-26 at 10:11 -0400, Scott Seago wrote:
> I'm assuming the path-based pool lookup is just an alternate method of 
> getting this from your API, as the id-based ones will all still work. I 
> just realized that full path-based lookup will only work for users that 
> have read permissions on the whole hierarchy. A user with lower-level 
> permissions only (i.e. only read permissions for pools under 
> '/default/engineering/qa' and write permissions for subpools below that) 
> won't even see the top level pool.

I think that permissioning scheme is fundamentally flawed; at the very
least, any user that has permission on some pool should at least be
allowed to know about the existence of pools above "their" pools - they
may not be able to view any info about them, but at the very least, they
should know that they are there.


More information about the ovirt-devel mailing list