You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@trafficcontrol.apache.org by mi...@apache.org on 2017/06/07 16:41:22 UTC

[1/3] incubator-trafficcontrol git commit: Add TO seeds.sql ORT role

Repository: incubator-trafficcontrol
Updated Branches:
  refs/heads/master a8c50fbc5 -> 854761664


Add TO seeds.sql ORT role


Project: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/commit/cd1fe075
Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/tree/cd1fe075
Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/diff/cd1fe075

Branch: refs/heads/master
Commit: cd1fe07507e388d21cc43d6d34e1c59372354986
Parents: feb7c8b
Author: Robert Butts <ro...@gmail.com>
Authored: Tue Jun 6 14:23:13 2017 -0600
Committer: Jeremy Mitchell <mi...@gmail.com>
Committed: Wed Jun 7 10:40:39 2017 -0600

----------------------------------------------------------------------
 traffic_ops/app/db/seeds.sql | 1 +
 1 file changed, 1 insertion(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/cd1fe075/traffic_ops/app/db/seeds.sql
----------------------------------------------------------------------
diff --git a/traffic_ops/app/db/seeds.sql b/traffic_ops/app/db/seeds.sql
index b5fa70a..ebf1f33 100644
--- a/traffic_ops/app/db/seeds.sql
+++ b/traffic_ops/app/db/seeds.sql
@@ -69,6 +69,7 @@ insert into role (name, description, priv_level) values ('steering', 'Role for S
 insert into role (name, description, priv_level) values ('read-only user', 'Read-Only user', 10) ON CONFLICT (name) DO NOTHING;
 insert into role (name, description, priv_level) values ('portal', 'Portal User', 2) ON CONFLICT (name) DO NOTHING;
 insert into role (name, description, priv_level) values ('disallowed', 'Block all access', 0) ON CONFLICT (name) DO NOTHING;
+insert into role (name, description, priv_level) values ('ort', 'ORT User', 11) ON CONFLICT (name) DO NOTHING;
 
 -- tenants
 insert into tenant (name, active, parent_id) values ('root', true, null) ON CONFLICT DO NOTHING;

[3/3] incubator-trafficcontrol git commit: This closes #645

Posted by mi...@apache.org.

This closes #645


Project: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/commit/85476166
Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/tree/85476166
Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/diff/85476166

Branch: refs/heads/master
Commit: 854761664d732f1a8328025cf6a68ef5ff7c284b
Parents: cd1fe07
Author: Jeremy Mitchell <mi...@gmail.com>
Authored: Wed Jun 7 10:41:08 2017 -0600
Committer: Jeremy Mitchell <mi...@gmail.com>
Committed: Wed Jun 7 10:41:08 2017 -0600

----------------------------------------------------------------------

----------------------------------------------------------------------

[2/3] incubator-trafficcontrol git commit: Change TO /update to allow priv_level > 10

Posted by mi...@apache.org.

Change TO /update to allow priv_level > 10

This specifically allows creating a role with privilege level between
10 and 20 (e.g. 11), for ORT/syncds, which can only access GET routes
plus POST /update in order to minimize access privileges.


Project: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/commit/feb7c8bf
Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/tree/feb7c8bf
Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/diff/feb7c8bf

Branch: refs/heads/master
Commit: feb7c8bf8f77732804d1cefe85dfed82dc2d8242
Parents: a8c50fb
Author: Robert Butts <ro...@gmail.com>
Authored: Mon Jun 5 16:07:23 2017 -0600
Committer: Jeremy Mitchell <mi...@gmail.com>
Committed: Wed Jun 7 10:40:39 2017 -0600

----------------------------------------------------------------------
 traffic_ops/app/lib/UI/Server.pm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/feb7c8bf/traffic_ops/app/lib/UI/Server.pm
----------------------------------------------------------------------
diff --git a/traffic_ops/app/lib/UI/Server.pm b/traffic_ops/app/lib/UI/Server.pm
index c8da0da..878f9a6 100644
--- a/traffic_ops/app/lib/UI/Server.pm
+++ b/traffic_ops/app/lib/UI/Server.pm
@@ -958,7 +958,9 @@ sub postupdate {
 	my $reval_updated = $self->param("reval_updated");
 	my $host_name = $self->param("host_name");
 
-	if ( !&is_admin($self) ) {
+	&stash_role($self);
+	# Intentionally <= 10 rather than < 20 to allow an ORT role with level 11 to post to this, but not other admin routes.
+	if ( $self->stash('priv_level') <= 10 ) {
 		$self->render( text => "Forbidden", status => 403, layout => undef );
 		return;
 	}