Пример #1
0
        /// <summary>
        /// Retrieves all the server RBAC roles which are able to complete the api method supplied. If on George or less this will return an empty list.
        /// </summary>
        /// <param name="ApiMethodToRoleCheck">RbacMethod to check</param>
        /// <param name="Connection">server connection to retrieve roles from</param>
        /// <returns></returns>
        public static List <Role> ValidRoleList(RbacMethod ApiMethodToRoleCheck, IXenConnection Connection)
        {
            List <Role> rolesAbleToCompleteApiCall = new List <Role>();

            foreach (Role role in Connection.Cache.Roles)
            {
                List <Role> subroles = (List <Role>)Connection.ResolveAll <Role>(role.subroles);
                if (subroles.Find(
                        delegate(Role r)
                {
                    return(r.CanPerform(ApiMethodToRoleCheck));
                })
                    != null)
                {
                    rolesAbleToCompleteApiCall.Add(role);
                }
            }

            // don't do this assert with simulator connections. These will always have no roles.
            if (!Connection.HostnameWithPort.EndsWith(".xml", StringComparison.InvariantCultureIgnoreCase))
            {
                // No roles able to perform API call is a bug, because Pool Admins should be able to do everything.
                // Usually caused by a typo, or by running a new action against an old server without checking.
                System.Diagnostics.Trace.Assert(rolesAbleToCompleteApiCall.Count > 0, String.Format("No roles able to perform API call {0}", ApiMethodToRoleCheck));
            }
            return(rolesAbleToCompleteApiCall);
        }
Пример #2
0
        /// <summary>
        /// Can this subrole perform this API call?
        /// </summary>
        /// <param name="rbacMethod">The API call which we want to perform</param>
        /// <returns></returns>
        private bool CanPerform(RbacMethod rbacMethod)
        {
            // Does the method name match?
            if (name_label == rbacMethod.Method)
            {
                return(true);
            }

            // Is the call a hash table modification, and if so, does the
            // more specific name match?
            if (!String.IsNullOrEmpty(rbacMethod.Key))
            {
                string whole = rbacMethod.ToString();
                if (name_label.EndsWith("*"))  // e.g. vm.add_to_other_config/key:Foo*
                {
                    string stripped_name = name_label.TrimEnd('*');
                    if (whole.StartsWith(stripped_name))
                    {
                        return(true);
                    }
                }
                else  // e.g. vm.add_to_other_config/key:Foo
                {
                    if (name_label == whole)
                    {
                        return(true);
                    }
                }
            }

            return(false);
        }
Пример #3
0
 public void AddApiCheck(RbacMethod method)
 {
     ApiCallsToCheck.Add(method);
 }
Пример #4
0
 public void AddApiCheck(RbacMethod method)
 {
     ApiCallsToCheck.Add(method);
 }