[Ovirt-devel] [PATCH 4/6] hardware_pool: search by path
Perry N. Myers
pmyers at redhat.com
Wed Aug 27 19:03:38 UTC 2008
David Lutterkort wrote:
> On Tue, 2008-08-26 at 10:11 -0400, Scott Seago wrote:
>> I'm assuming the path-based pool lookup is just an alternate method of
>> getting this from your API, as the id-based ones will all still work. I
>> just realized that full path-based lookup will only work for users that
>> have read permissions on the whole hierarchy. A user with lower-level
>> permissions only (i.e. only read permissions for pools under
>> '/default/engineering/qa' and write permissions for subpools below that)
>> won't even see the top level pool.
>
> I think that permissioning scheme is fundamentally flawed; at the very
> least, any user that has permission on some pool should at least be
> allowed to know about the existence of pools above "their" pools - they
> may not be able to view any info about them, but at the very least, they
> should know that they are there.
Not necessarily. Consider the cloud computing model... The admins might
know about the fact that there are hardware pools, but should a user of a
VM even know that there is such a thing as a hardware pool? To them the
hardware pools should be completely hidden in the UI, including the tree view.
Perry
More information about the ovirt-devel
mailing list