示例#1
0
        /// <summary>
        /// Applies only to API 1.7 (midnight-ride) and above.
        /// Older versions have no RBAC, only AD.
        /// </summary>
        private void SetRbacPermissions()
        {
            if (APIVersion < API_Version.API_1_7)
            {
                return;
            }

            // allRoles will contain every role on the server, permissions contains the subset of those that are available to this session.
            permissions = Session.get_rbac_permissions(this, opaque_ref);
            Dictionary <XenRef <Role>, Role> allRoles = Role.get_all_records(this);

            // every Role object is either a single api call (a permission) or has subroles and contains permissions through its descendants.
            // We take out the parent Roles (VM-Admin etc.) into the Session.Roles field
            foreach (string s in permissions)
            {
                foreach (XenRef <Role> xr in allRoles.Keys)
                {
                    Role r = allRoles[xr];
                    if (r.subroles.Count > 0 && r.name_label == s)
                    {
                        r.opaque_ref = xr.opaque_ref;
                        roles.Add(r);
                        break;
                    }
                }
            }
        }
        private static void Download_Role(Session session, List <ObjectChange> changes)
        {
            Dictionary <XenRef <Role>, Role> records = Role.get_all_records(session);

            foreach (KeyValuePair <XenRef <Role>, Role> entry in records)
            {
                changes.Add(new ObjectChange(typeof(Role), entry.Key.opaque_ref, entry.Value));
            }
        }
示例#3
0
        private void SetADDetails()
        {
            _isLocalSuperuser = get_is_local_superuser();
            if (IsLocalSuperuser)
            {
                return;
            }

            _subject = get_subject();
            _userSid = get_auth_user_sid();

            // Cache the details of this user to avoid making server calls later
            // For example, some users get access to the pool through a group subject and will not be in the main cache
            UserDetails.UpdateDetails(_userSid, this);

            if (APIVersion <= API_Version.API_1_6)  // Older versions have no RBAC, only AD
            {
                return;
            }

            // allRoles will contain every role on the server, permissions contains the subset of those that are available to this session.
            permissions = Session.get_rbac_permissions(this, uuid);
            Dictionary <XenRef <Role>, Role> allRoles = Role.get_all_records(this);

            // every Role object is either a single api call (a permission) or has subroles and contains permissions through its descendants.
            // We take out the parent Roles (VM-Admin etc.) into the Session.Roles field
            foreach (string s in permissions)
            {
                foreach (XenRef <Role> xr in allRoles.Keys)
                {
                    Role r = allRoles[xr];
                    if (r.subroles.Count > 0 && r.name_label == s)
                    {
                        r.opaque_ref = xr.opaque_ref;
                        roles.Add(r);
                        break;
                    }
                }
            }
        }