From 8ede70ff996190e708195b933cf5d321716de13d Mon Sep 17 00:00:00 2001
From: Konstantina Chremmou <Konstantina.Chremmou@cloud.com>
Date: Sun, 19 Mar 2023 01:59:35 +0000
Subject: [PATCH] CA-375942: Corrected RBAC check for create/destroy vTPM (rely
 on the actions' RBAC check instead of replicating it on the dialog).

Signed-off-by: Konstantina Chremmou <Konstantina.Chremmou@cloud.com>
---
 XenAdmin/Dialogs/VtmpManagementDialog.cs | 30 ---------------------
 XenModel/Messages.Designer.cs            | 33 ------------------------
 XenModel/Messages.resx                   | 15 -----------
 3 files changed, 78 deletions(-)

diff --git a/XenAdmin/Dialogs/VtmpManagementDialog.cs b/XenAdmin/Dialogs/VtmpManagementDialog.cs
index 16b011b8f..34fc60314 100644
--- a/XenAdmin/Dialogs/VtmpManagementDialog.cs
+++ b/XenAdmin/Dialogs/VtmpManagementDialog.cs
@@ -155,21 +155,6 @@ namespace XenAdmin.Dialogs
 
         private void AddVtpm()
         {
-            if (!_vm.Connection.Session.IsLocalSuperuser && !Registry.DontSudo &&
-                _vm.Connection.Session.Roles.All(r => r.name_label != Role.MR_ROLE_VM_ADMIN))
-            {
-                var currentRoles = _vm.Connection.Session.Roles;
-                currentRoles.Sort();
-
-                var msg = string.Format(Messages.VTPM_RBAC_RESTRICTION_CREATE, currentRoles[0].FriendlyName(),
-                    Role.FriendlyName(Role.MR_ROLE_VM_ADMIN));
-
-                using (var dlg = new ErrorDialog(msg))
-                    dlg.ShowDialog(Parent);
-
-                return;
-            }
-
             var action = new NewVtpmAction(_vm.Connection, _vm);
             using (var dlg = new ActionProgressDialog(action, ProgressBarStyle.Marquee))
                 dlg.ShowDialog(this);
@@ -185,21 +170,6 @@ namespace XenAdmin.Dialogs
                     return;
             }
 
-            if (!_vm.Connection.Session.IsLocalSuperuser && !Registry.DontSudo &&
-                _vm.Connection.Session.Roles.All(r => r.name_label != Role.MR_ROLE_VM_ADMIN))
-            {
-                var currentRoles = _vm.Connection.Session.Roles;
-                currentRoles.Sort();
-
-                var msg = string.Format(Messages.VTPM_RBAC_RESTRICTION_REMOVE, currentRoles[0].FriendlyName(),
-                    Role.FriendlyName(Role.MR_ROLE_VM_ADMIN));
-
-                using (var dlg = new ErrorDialog(msg))
-                    dlg.ShowDialog(Parent);
-
-                return;
-            }
-
             var action = new RemoveVtpmAction(vtpm.Connection, vtpm, _vm);
             using (var dlg = new ActionProgressDialog(action, ProgressBarStyle.Marquee))
                 dlg.ShowDialog(this);
diff --git a/XenModel/Messages.Designer.cs b/XenModel/Messages.Designer.cs
index 1353109a7..2f7193d57 100755
--- a/XenModel/Messages.Designer.cs
+++ b/XenModel/Messages.Designer.cs
@@ -40448,39 +40448,6 @@ namespace XenAdmin {
             }
         }
         
-        /// <summary>
-        ///   Looks up a localized string similar to A {0} user does not have sufficient permissions to attach a vTPM to a VM. Please login using an account with one of the following roles:
-        ///
-        ///{1}.
-        /// </summary>
-        public static string VTPM_RBAC_RESTRICTION_CREATE {
-            get {
-                return ResourceManager.GetString("VTPM_RBAC_RESTRICTION_CREATE", resourceCulture);
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to A {0} user does not have sufficient permissions to remove a vTPM from a VM. Please login using an account with one of the following roles:
-        ///
-        ///{1}.
-        /// </summary>
-        public static string VTPM_RBAC_RESTRICTION_REMOVE {
-            get {
-                return ResourceManager.GetString("VTPM_RBAC_RESTRICTION_REMOVE", resourceCulture);
-            }
-        }
-        
-        /// <summary>
-        ///   Looks up a localized string similar to A {0} user does not have sufficient permissions to reset the vTPM that is attached to a VM to its original state. Please login using an account with one of the following roles:
-        ///
-        ///{1}.
-        /// </summary>
-        public static string VTPM_RBAC_RESTRICTION_RESET {
-            get {
-                return ResourceManager.GetString("VTPM_RBAC_RESTRICTION_RESET", resourceCulture);
-            }
-        }
-        
         /// <summary>
         ///   Looks up a localized string similar to Remove vTPM.
         /// </summary>
diff --git a/XenModel/Messages.resx b/XenModel/Messages.resx
index 0f3c947f1..b3e3837b9 100755
--- a/XenModel/Messages.resx
+++ b/XenModel/Messages.resx
@@ -13970,21 +13970,6 @@ Schedule:
   <data name="VTPM_POWER_STATE_WRONG_REMOVE" xml:space="preserve">
     <value>You need to shut down the VM before you can remove this vTPM.</value>
   </data>
-  <data name="VTPM_RBAC_RESTRICTION_CREATE" xml:space="preserve">
-    <value>A {0} user does not have sufficient permissions to attach a vTPM to a VM. Please login using an account with one of the following roles:
-
-{1}</value>
-  </data>
-  <data name="VTPM_RBAC_RESTRICTION_REMOVE" xml:space="preserve">
-    <value>A {0} user does not have sufficient permissions to remove a vTPM from a VM. Please login using an account with one of the following roles:
-
-{1}</value>
-  </data>
-  <data name="VTPM_RBAC_RESTRICTION_RESET" xml:space="preserve">
-    <value>A {0} user does not have sufficient permissions to reset the vTPM that is attached to a VM to its original state. Please login using an account with one of the following roles:
-
-{1}</value>
-  </data>
   <data name="VTPM_REMOVE" xml:space="preserve">
     <value>Remove vTPM</value>
   </data>