search

ArchipelProject / Archipel

XMPP Based Orchestrator
http://archipelproject.org
GNU Affero General Public License v3.0
800 stars 126 forks source link

Screenshot permission #1123

Closed arreitsa closed 9 years ago

arreitsa commented 9 years ago

Hi,

I discover recently Archipel, and it is really excellent. Thanks for this great job.

Just a little issue I have found:

When a user, which is not admin, try to see the screenshot of a VM (thumbnail or full), on the control tab of the VM, the screenshot stay black. The error in archipel.log (the agent) is :

ERROR ::12-03-2015 11:34:11::utils.py:168::<archipel.archipelVirtualMachine.TNArchipelVirtualMachine object at 0x1e33c90>.check_perm: exception raised is: 'Cannot use 'screenshot': permission denied' triggered by stanza : iq xmlns="jabber:client" to="8f217f58-0cf3-11e4-ad94-e0db55149a77@yyyy.xxxx.com/kvm1" from="omp@yyyy.xxxx.com/ArchipelController" id="4686" type="get" query xmlns="archipel:vm:control"><archipel action="screenshot" size="thumbnail" //query/iq.

A quick look in "ArchipelAgent/archipel-agent/archipel/archipelVirtualMachine.py" shows in: __process_iq_archipel_control(self, conn, iq) a list of actions which depends of: self.check_perm(conn, iq, action, -1) But check_perm in archipel-core/archipelcore/archipelPermissionCenter.py shows perms used are in permissions.sqlite3, and there is no "screenshot" permission.

For the moment, I have just added the line: if not action == "screenshot": before self.check_perm(conn, iq, action, -1) in VirtualMachine.py to circumvent the issue.

But I think there something better to do (either in archipelPermissionCenter.py, or in permissions.sqlite3).

Regards

CyrilPeponnet commented 9 years ago

You're right good catch.

You can try to add the permission here.

https://github.com/ArchipelProject/Archipel/blob/a2df5a98e6c3918bb01831d31ab54aec5db50495/ArchipelAgent/archipel-agent/archipel/archipelVirtualMachine.py#L269

This should work out :)

Please report or make a PR.

Thanks.

On Mar 12, 2015, at 6:36 AM, arreitsa notifications@github.com wrote:

Hi,

I discover recently Archipel, and it is really excellent. Thanks for this great job.

Just a little issue I have found:

When a user, which is not admin, try to see the screenshot of a VM (thumbnail or full), on the control tab of the VM, the screenshot stay black. The error in archipel.log (the agent) is :

ERROR ::12-03-2015 11:34:11::utils.py:168::.check_perm: exception raised is: 'Cannot use 'screenshot': permission denied' triggered by stanza : .

A quick look in "ArchipelAgent/archipel-agent/archipel/archipelVirtualMachine.py" shows in: __process_iq_archipel_control(self, conn, iq) a list of actions which depends of: self.check_perm(conn, iq, action, -1) But check_perm in archipel-core/archipelcore/archipelPermissionCenter.py shows perms used are in permissions.sqlite3, and there is no "screenshot" permission.

For the moment, I have just added the line: if not action == "screenshot": before self.check_perm(conn, iq, action, -1) in VirtualMachine.py to circumvent the issue.

But I think there something better to do (either in archipelPermissionCenter.py, or in permissions.sqlite3).

Regards

— Reply to this email directly or view it on GitHub.