• D
    Add ACL annotations to all RPC messages · e341435e
    Daniel P. Berrange 提交于
    Introduce annotations to all RPC messages to declare what
    access control checks are required. There are two new
    annotations defined:
    
     @acl: <object>:<permission>
     @acl: <object>:<permission>:<flagname>
    
      Declare the access control requirements for the API. May be repeated
      multiple times, if multiple rules are required.
    
        <object> is one of 'connect', 'domain', 'network', 'storagepool',
                 'interface', 'nodedev', 'secret'.
        <permission> is one of the permissions in access/viraccessperm.h
        <flagname> indicates the rule only applies if the named flag
        is set in the API call
    
     @aclfilter: <object>:<permission>
    
      Declare an access control filter that will be applied to a list
      of objects being returned by an API. This allows the returned
      list to be filtered to only show those the user has permissions
      against
    Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
    e341435e
gendispatch.pl 66.7 KB