You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Nitin Mehta (JIRA)" <ji...@apache.org> on 2013/07/17 10:58:48 UTC

[jira] [Commented] (CLOUDSTACK-3364) normal users are not allowed to edit their own iso

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-3364?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13710883#comment-13710883 ] 

Nitin Mehta commented on CLOUDSTACK-3364:
-----------------------------------------

Please read this @
http://intranet.lab.vmops.com/engineering/release-2.2-features/extract-functionality-templates-isos-volumes?searchterm=extract
Basically, the attribute is carried forward for all the derivatives of the template and that is what is tricky. Say user A has created Template t1
and non extractable and then user B creates A template t2, then the attribute is carried forward. Now though he is the owner of the template he shouldn't be allowed to download the template since it actually belongs to user A.
I think this by design

When one registers the template we are "sure" that he is indeed the owner
of the template and that’s why we give him the freedom to set the
attribute so that he can take the call.
Changing the permission during update template is tricky and that’s why is
allowed only to the ROOT admin.
                
> normal users are not allowed to edit their own iso
> --------------------------------------------------
>
>                 Key: CLOUDSTACK-3364
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-3364
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: API, ISO, UI
>    Affects Versions: 4.2.0
>            Reporter: shweta agarwal
>            Assignee: Sanjay Tripathi
>             Fix For: 4.2.0
>
>
> Repro steps:
> 1.Create a domain
> 2.create a account under that domain
> 3.create a ISO as a account under the non root domain
> 4.Edit the ISO
> BUg :
> gets message: 
> Only ROOT admins are allowed to modify this attribute.
> API:
> http://10.147.38.141:8080/client/api?command=updateIsoPermissions&response=json&sessionkey=8rczMjm4sfljFOEi6dL2xT631sc%3D&id=2b8c87a0-4325-418d-80af-ce6f691edcd7&zoneid=bfdf7ac5-16c3-491e-aabd-f7ad696612b8&ispublic=false&isfeatured=false&isextractable=false&_=1372941865923
> response:
> { "updateisopermissionsresponse" : {"uuidList":[],"errorcode":431,"cserrorcode":4350,"errortext":"Only ROOT admins are allowed to modify this attribute."} }
> This may be because in case of edit ISO we show  extractable and featured field as editable to normal user , which normal user is not allowed to do  and api passes these as parameters
> In case of template these fields are shown as non editable hence API passed does not contain isfeatured and isextractable fields

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira