From: Greg Price Date: Wed, 6 Aug 2008 05:07:22 +0000 (-0400) Subject: add and respect 'adminable' column to machines X-Git-Tag: sipb-xen-www/3.11~13 X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/commitdiff_plain/874a30391973642d3ff350f977c1ac705644fbb0 add and respect 'adminable' column to machines This is for selectively, temporarily, manually enabling admin mode for a VM. Where it's not set, admin mode now bypasses quotas and does nothing else. svn path=/trunk/packages/sipb-xen-www/; revision=874 --- diff --git a/code/validation.py b/code/validation.py index 79fa10c..2e6c7c3 100644 --- a/code/validation.py +++ b/code/validation.py @@ -125,7 +125,8 @@ def cantAddVm(owner, g): def haveAccess(user, state, machine): """Return whether a user has administrative access to a machine""" - return state.isadmin or user in cache_acls.accessList(machine) + return (user in cache_acls.accessList(machine) + or (machine.adminable and state.isadmin)) def owns(user, machine): """Return whether a user owns a machine""" diff --git a/code/webcommon.py b/code/webcommon.py index e82f790..eaf533c 100644 --- a/code/webcommon.py +++ b/code/webcommon.py @@ -1,6 +1,7 @@ """Exceptions for the web interface.""" import time +from invirt import database from invirt.database import Machine, MachineAccess class MyException(Exception): @@ -44,7 +45,9 @@ class State(object): def getMachines(self): if self.isadmin: - return Machine.select() + return Machine.query().join('acl').select_by( + database.or_(MachineAccess.c.user == self.username, + Machine.c.adminable == True)) else: return Machine.query().join('acl').select_by(user=self.username)