Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

backport: Search correctly entities with user role (#766) #768

Conversation

mwperina
Copy link
Member

@mwperina mwperina commented Dec 5, 2022

When a user is asking for data via the API with some filter (name of the
required entity for example), we should call implicitly the search
engine from one hand to implement the filter and from the other hand we
are getting all the entities that the user can access according to the
permissions via a pre-defined query.
Given the search and the query results, both are intersected to given a
result that matches the given filter with the user authorization.

In AbstractBackendCollectionResource we have two signatures for getBackendCollection method:

protected List getBackendCollection(QueryType query, QueryParametersBase queryParams)
protected List getBackendCollection(QueryType query, QueryParametersBase queryParams, SearchType searchType)

The 1st just brings the query results, teh 2nd brings query and search
results and intersect them.

When a user tries to search for a specific entity and the 1st signature
is used instead of the 2nd, the result is that the first item is picked
from the resulted collection and mismatch the requested entity, this may
cause an error where an operation is attempted to be excuted with the
wrong information (for example, creating a template and giving the wrong
template cluster)

This patch fixes a wrong call to the 1st signature when the 2nd
signature should be used in the following entities:

Data Centers
Clusters
VNIC Profiles

Signed-Off-By: Eli Mesika [email protected]
Bug-Url: https://bugzilla.redhat.com/2144346

Signed-off-by: Eli Mesika [email protected]

When a user is asking for data via the API with some filter (name of the
required entity for example), we should call implicitly the search
engine from one hand to implement the filter and from the other hand we
are getting all the entities that the user can access according to the
permissions via a pre-defined query.
Given the search and the query results, both are intersected to given a
result that matches the given filter with the user authorization.

In AbstractBackendCollectionResource we have two signatures for getBackendCollection method:

protected List<Q> getBackendCollection(QueryType query, QueryParametersBase queryParams)
protected List<Q> getBackendCollection(QueryType query, QueryParametersBase queryParams, SearchType searchType)

The 1st just brings the query results, teh 2nd brings query and search
results and intersect them.

When a user tries to search for a specific entity and the 1st signature
is used instead of the 2nd, the result is that the first item is picked
from the resulted collection and mismatch the requested entity, this may
cause an error where an operation is attempted to be excuted with the
wrong information (for example, creating a template and giving the wrong
template cluster)

This patch fixes a wrong call to the 1st signature when the 2nd
signature should be used in the following entities:

Data Centers
Clusters
VNIC Profiles

Signed-Off-By: Eli Mesika <[email protected]>
Bug-Url: https://bugzilla.redhat.com/2144346

Signed-off-by: Eli Mesika <[email protected]>
@mwperina mwperina requested a review from oliel as a code owner December 5, 2022 12:13
@mwperina mwperina changed the title Search correctly entities with user role (#766) backport: Search correctly entities with user role (#766) Dec 5, 2022
@mwperina mwperina requested review from ahadas, michalskrivanek and sandrobonazzola and removed request for oliel December 5, 2022 12:13
@mwperina mwperina merged commit c883510 into oVirt:ovirt-engine-4.5.3.z Dec 5, 2022
@mwperina mwperina deleted the backport-search-entities-with-user-role branch December 5, 2022 12:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants