diff options
-rw-r--r-- | cobbler/modules/authz_configfile.py | 2 | ||||
-rw-r--r-- | cobbler/modules/authz_ownership.py | 6 | ||||
-rw-r--r-- | cobbler/remote.py | 9 |
3 files changed, 14 insertions, 3 deletions
diff --git a/cobbler/modules/authz_configfile.py b/cobbler/modules/authz_configfile.py index 84343e28..ddb02242 100644 --- a/cobbler/modules/authz_configfile.py +++ b/cobbler/modules/authz_configfile.py @@ -54,6 +54,8 @@ def authorize(api_handle,user,resource,arg1=None,arg2=None): All users in the file are permitted by this module. """ + # FIXME: this must be modified to use the new ACL engine + data = __parse_config() for g in data: if user in data[g]: diff --git a/cobbler/modules/authz_ownership.py b/cobbler/modules/authz_ownership.py index e9eace77..aed9cd66 100644 --- a/cobbler/modules/authz_ownership.py +++ b/cobbler/modules/authz_ownership.py @@ -106,6 +106,8 @@ def authorize(api_handle,user,resource,arg1=None,arg2=None): All users in the file are permitted by this module. """ + # FIXME: this must be modified to use the new ACL engine + # everybody can get read-only access to everything # if they pass authorization, they don't have to be in users.conf if resource is not None: @@ -150,8 +152,10 @@ def authorize(api_handle,user,resource,arg1=None,arg2=None): # kickstarts are even more special so we call those out to another # function, rather than going through the rest of the code here. - if resource.find("kickstart") != -1: + if resource.find("write_kickstart") != -1: return __authorize_kickstart(api_handle,user,user_groups,arg1) + elif resource.find("read_kickstart") != -1: + return True obj = None if resource.find("remove") != -1: diff --git a/cobbler/remote.py b/cobbler/remote.py index dcff604d..cb9e51f3 100644 --- a/cobbler/remote.py +++ b/cobbler/remote.py @@ -1223,8 +1223,13 @@ class CobblerReadWriteXMLRPCInterface(CobblerXMLRPCInterface): Also if living in /etc/cobbler the file must be a kickstart file. """ - self.log("read_or_write_kickstart_template",name=kickstart_file,token=token) - self.check_access(token,"read_or_write_kickstart_templates",kickstart_file,is_read) + if is_read: + what = "read_kickstart_template": + else: + what = "write_kickstart_template": + + self.log(what,name=kickstart_file,token=token) + self.check_access(token,what,kickstart_file,is_read) if kickstart_file.find("..") != -1 or not kickstart_file.startswith("/"): raise CX(_("tainted file location")) |