Kiu/xenadmin
1
0
Fork 0
mirror of https://github.com/xcp-ng/xenadmin.git synced 2024-11-25 06:16:37 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

CA-187698: When restoring dismissed updates, only do it on the connections with sufficient privileges

Browse Source 
- This fixes the uncaught exception raised when an unauthorized user tries to restore dismissed updates.
- Also added the roles check when dismissing updates.

Signed-off-by: Mihaela Stoica <mihaela.stoica@citrix.com>
This commit is contained in:
Mihaela Stoica 2015-11-05 15:49:38 +00:00
parent 15f46c0537
commit 817d42fb18
1 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
XenAdmin/Core/Updates.cs
View File

@ -110,8 +110,14 @@ namespace XenAdmin.Core
/// <param name="toBeDismissed"></param>
public static void DismissUpdates(List<Alert> toBeDismissed)
{
if (toBeDismissed.Count == 0)
return;
foreach(IXenConnection connection in ConnectionsManager.XenConnectionsCopy)
{
if (!Alert.AllowedToDismiss(connection))
continue;
XenAPI.Pool pool = Helpers.GetPoolOfOne(connection);
if (pool == null)
continue;
@ -468,6 +474,9 @@ namespace XenAdmin.Core
{
foreach (IXenConnection _connection in ConnectionsManager.XenConnectionsCopy)
{
if (!AllowedToRestoreDismissedUpdates(_connection))
continue;
XenAPI.Pool pool = Helpers.GetPoolOfOne(_connection);
if (pool == null)
continue;
@ -491,5 +500,25 @@ namespace XenAdmin.Core
Updates.CheckForUpdates(true);
}
/// <summary>
/// Checks the user has sufficient RBAC privileges to restore dismissed alerts on a given connection
/// </summary>
public static bool AllowedToRestoreDismissedUpdates(IXenConnection c)
{
if (c == null || c.Session == null)
return false;
if (c.Session.IsLocalSuperuser)
return true;
List<Role> rolesAbleToCompleteAction = Role.ValidRoleList("Pool.set_other_config", c);
foreach (Role possibleRole in rolesAbleToCompleteAction)
{
if (c.Session.Roles.Contains(possibleRole))
return true;
}
return false;
}
}
}