CA-375942: Corrected RBAC check for create/destroy vTPM (rely on the actions' RBAC check instead of replicating it on the dialog).

Signed-off-by: Konstantina Chremmou <Konstantina.Chremmou@cloud.com>
This commit is contained in:
Konstantina Chremmou 2023-03-19 01:59:35 +00:00 committed by Danilo Del Busso
parent ef4ceaac3c
commit 8ede70ff99
3 changed files with 0 additions and 78 deletions

View File

@ -155,21 +155,6 @@ namespace XenAdmin.Dialogs
private void AddVtpm() private void AddVtpm()
{ {
if (!_vm.Connection.Session.IsLocalSuperuser && !Registry.DontSudo &&
_vm.Connection.Session.Roles.All(r => r.name_label != Role.MR_ROLE_VM_ADMIN))
{
var currentRoles = _vm.Connection.Session.Roles;
currentRoles.Sort();
var msg = string.Format(Messages.VTPM_RBAC_RESTRICTION_CREATE, currentRoles[0].FriendlyName(),
Role.FriendlyName(Role.MR_ROLE_VM_ADMIN));
using (var dlg = new ErrorDialog(msg))
dlg.ShowDialog(Parent);
return;
}
var action = new NewVtpmAction(_vm.Connection, _vm); var action = new NewVtpmAction(_vm.Connection, _vm);
using (var dlg = new ActionProgressDialog(action, ProgressBarStyle.Marquee)) using (var dlg = new ActionProgressDialog(action, ProgressBarStyle.Marquee))
dlg.ShowDialog(this); dlg.ShowDialog(this);
@ -185,21 +170,6 @@ namespace XenAdmin.Dialogs
return; return;
} }
if (!_vm.Connection.Session.IsLocalSuperuser && !Registry.DontSudo &&
_vm.Connection.Session.Roles.All(r => r.name_label != Role.MR_ROLE_VM_ADMIN))
{
var currentRoles = _vm.Connection.Session.Roles;
currentRoles.Sort();
var msg = string.Format(Messages.VTPM_RBAC_RESTRICTION_REMOVE, currentRoles[0].FriendlyName(),
Role.FriendlyName(Role.MR_ROLE_VM_ADMIN));
using (var dlg = new ErrorDialog(msg))
dlg.ShowDialog(Parent);
return;
}
var action = new RemoveVtpmAction(vtpm.Connection, vtpm, _vm); var action = new RemoveVtpmAction(vtpm.Connection, vtpm, _vm);
using (var dlg = new ActionProgressDialog(action, ProgressBarStyle.Marquee)) using (var dlg = new ActionProgressDialog(action, ProgressBarStyle.Marquee))
dlg.ShowDialog(this); dlg.ShowDialog(this);

View File

@ -40448,39 +40448,6 @@ namespace XenAdmin {
} }
} }
/// <summary>
/// Looks up a localized string similar to A {0} user does not have sufficient permissions to attach a vTPM to a VM. Please login using an account with one of the following roles:
///
///{1}.
/// </summary>
public static string VTPM_RBAC_RESTRICTION_CREATE {
get {
return ResourceManager.GetString("VTPM_RBAC_RESTRICTION_CREATE", resourceCulture);
}
}
/// <summary>
/// Looks up a localized string similar to A {0} user does not have sufficient permissions to remove a vTPM from a VM. Please login using an account with one of the following roles:
///
///{1}.
/// </summary>
public static string VTPM_RBAC_RESTRICTION_REMOVE {
get {
return ResourceManager.GetString("VTPM_RBAC_RESTRICTION_REMOVE", resourceCulture);
}
}
/// <summary>
/// Looks up a localized string similar to A {0} user does not have sufficient permissions to reset the vTPM that is attached to a VM to its original state. Please login using an account with one of the following roles:
///
///{1}.
/// </summary>
public static string VTPM_RBAC_RESTRICTION_RESET {
get {
return ResourceManager.GetString("VTPM_RBAC_RESTRICTION_RESET", resourceCulture);
}
}
/// <summary> /// <summary>
/// Looks up a localized string similar to Remove vTPM. /// Looks up a localized string similar to Remove vTPM.
/// </summary> /// </summary>

View File

@ -13970,21 +13970,6 @@ Schedule:
<data name="VTPM_POWER_STATE_WRONG_REMOVE" xml:space="preserve"> <data name="VTPM_POWER_STATE_WRONG_REMOVE" xml:space="preserve">
<value>You need to shut down the VM before you can remove this vTPM.</value> <value>You need to shut down the VM before you can remove this vTPM.</value>
</data> </data>
<data name="VTPM_RBAC_RESTRICTION_CREATE" xml:space="preserve">
<value>A {0} user does not have sufficient permissions to attach a vTPM to a VM. Please login using an account with one of the following roles:
{1}</value>
</data>
<data name="VTPM_RBAC_RESTRICTION_REMOVE" xml:space="preserve">
<value>A {0} user does not have sufficient permissions to remove a vTPM from a VM. Please login using an account with one of the following roles:
{1}</value>
</data>
<data name="VTPM_RBAC_RESTRICTION_RESET" xml:space="preserve">
<value>A {0} user does not have sufficient permissions to reset the vTPM that is attached to a VM to its original state. Please login using an account with one of the following roles:
{1}</value>
</data>
<data name="VTPM_REMOVE" xml:space="preserve"> <data name="VTPM_REMOVE" xml:space="preserve">
<value>Remove vTPM</value> <value>Remove vTPM</value>
</data> </data>