Ovirt devel - Dec 2008 - [PATCH server] API: add a call to list VMs for a user

Going to the URL /vms will return a list of all the VM's for which the
current user has PRIV_VIEW permission. The VM info contains the host the VM
is running on (if any)
---
 src/app/controllers/vm_controller.rb |   14 ++++++++++++++
 src/config/routes.rb                 |    2 +-
 2 files changed, 15 insertions(+), 1 deletions(-)

diff --git a/src/app/controllers/vm_controller.rb
b/src/app/controllers/vm_controller.rb
index ff74a37..701dea8 100644
--- a/src/app/controllers/vm_controller.rb
+++ b/src/app/controllers/vm_controller.rb
@@ -25,6 +25,20 @@ class VmController < ApplicationController
 
   before_filter :pre_vm_action, :only => [:vm_action, :cancel_queued_tasks,
:console]
 
+  def index
+      roles = "('" +
+         
Permission::roles_for_privilege(Permission::PRIV_VIEW).join("',
'") +
+          "')"
+      user = get_login_user
+      @vms = Vm.find(:all,
+         :joins => "join permissions p on (vm_resource_pool_id =
p.pool_id)",
+         :conditions => [ "p.uid = :user and p.user_role in
#{roles}",
+                          { :user => user }])
+      respond_to do |format|
+          format.xml  { render :xml => @vms.to_xml(:include => :host) }
+      end
+  end
+
   def show
     set_perms(@perm_obj)
     @actions = @vm.get_action_hash(@user)
diff --git a/src/config/routes.rb b/src/config/routes.rb
index 0dbe0d6..135d68b 100644
--- a/src/config/routes.rb
+++ b/src/config/routes.rb
@@ -56,5 +56,5 @@ ActionController::Routing::Routes.draw do |map|
     hardware_pools.resources :hosts, :controller => 'host'
     hardware_pools.resources :storage_pools, :controller =>
'storage'
   end
-
+  map.resources :vms, :controller => 'vm'
 end
-- 
1.6.0.4

David Lutterkort wrote:
> Going to the URL /vms will return a list of all the VM's for which the
> current user has PRIV_VIEW permission. The VM info contains the host the VM
> is running on (if any)
I am not too happy with the way the permission check is done, because it 
hardcodes a whole lot of knowledge about permissions in the wrong place- 
if anybody knows a better way to do that, please let me know.

David

David Lutterkort wrote:
> Going to the URL /vms will return a list of all the VM's for which the
> current user has PRIV_VIEW permission. The VM info contains the host the VM
> is running on (if any)
> ---
>  src/app/controllers/vm_controller.rb |   14 ++++++++++++++
>  src/config/routes.rb                 |    2 +-
>  2 files changed, 15 insertions(+), 1 deletions(-)
>
> diff --git a/src/app/controllers/vm_controller.rb
b/src/app/controllers/vm_controller.rb
> index ff74a37..701dea8 100644
> --- a/src/app/controllers/vm_controller.rb
> +++ b/src/app/controllers/vm_controller.rb
> @@ -25,6 +25,20 @@ class VmController < ApplicationController
>  
>    before_filter :pre_vm_action, :only => [:vm_action,
:cancel_queued_tasks, :console]
>  
> +  def index
> +      roles = "('" +
> +         
Permission::roles_for_privilege(Permission::PRIV_VIEW).join("',
'") +
> +          "')"
> +      user = get_login_user
> +      @vms = Vm.find(:all,
> +         :joins => "join permissions p on (vm_resource_pool_id =
p.pool_id)",
> +         :conditions => [ "p.uid = :user and p.user_role in
#{roles}",
> +                          { :user => user }])
>   
Yeah we won't really be able to improve this much until we put the 
privilege-to-role mapping into the database...


Works for me...
ACK

David Lutterkort wrote:
> Going to the URL /vms will return a list of all the VM's for which the
> current user has PRIV_VIEW permission. The VM info contains the host the VM
> is running on (if any)
pushed

Perry