[Ovirt-devel] [PATCH 4/6] hardware_pool: search by path
David Lutterkort
lutter at redhat.com
Wed Aug 27 18:28:42 UTC 2008
On Tue, 2008-08-26 at 10:11 -0400, Scott Seago wrote:
> I'm assuming the path-based pool lookup is just an alternate method of
> getting this from your API, as the id-based ones will all still work. I
> just realized that full path-based lookup will only work for users that
> have read permissions on the whole hierarchy. A user with lower-level
> permissions only (i.e. only read permissions for pools under
> '/default/engineering/qa' and write permissions for subpools below that)
> won't even see the top level pool.
I think that permissioning scheme is fundamentally flawed; at the very
least, any user that has permission on some pool should at least be
allowed to know about the existence of pools above "their" pools - they
may not be able to view any info about them, but at the very least, they
should know that they are there.
David
More information about the ovirt-devel
mailing list