wip: hide base when removing from group

UPC · Apr 18, 2024 · 4be3179 · 4be3179
1 parent d93f471
commit 4be3179
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 17 deletions.
diff --git a/lib/Ravada/Auth/User.pm b/lib/Ravada/Auth/User.pm
@@ -346,26 +346,30 @@ sub allowed_access($self,$id_domain) {
 =head2 allowed_access_group
 
 Return true if the user belongs to a group that can access the base
+Also it returns true when there are no group restrictions for that VM.
 
 =cut
 
 sub allowed_access_group($self,$id_domain) {
     return 1 if $self->is_admin;
 
     my $sth = $$CONNECTOR->dbh->prepare(
-        "SELECT name from group_access "
+        "SELECT id_group,name from group_access "
         ." WHERE id_domain=?"
         ."   AND type=?"
     );
-    $sth->execute($id_domain, 'group.sql');
+    $sth->execute($id_domain, 'local');
     my @groups;
-    while ( my ($name) = $sth->fetchrow ) {
-        push @groups,($name);
+    while ( my ($id_group,$name) = $sth->fetchrow ) {
+        if (!$id_group && $name) {
+            $id_group= $name;
+        }
+        push @groups,($id_group) if defined $id_group;
     }
-    return 0 if !@groups;
+    return 1 if !@groups;
 
-    for my $name ( @groups ) {
-        return 1 if $self->is_member($name);
+    for my $id_group ( @groups ) {
+        return 1 if $self->is_member($id_group);
     }
     return 0;
 }
@@ -529,7 +533,7 @@ Arguments: group name or object
 =cut
 
 sub is_member($self, $group) {
-
+    confess "Error: undefined group" if !defined $group;
     if (!ref($group)) {
         if ($group =~ /^\d+$/) {
             $group = Ravada::Auth::Group->open($group);

diff --git a/lib/Ravada/Front.pm b/lib/Ravada/Front.pm
@@ -156,7 +156,7 @@ sub list_machines_user($self, $user, $access_data={}) {
         my ($clone) = ($clones[0] or undef);
 
         next unless
-        $clone && $show_clones
+        $clone && $show_clones && $user->allowed_access_group($id)
         || $user->is_admin
         || ($is_public && $user->allowed_access($id))
         || ($id_owner == $user->id);

diff --git a/public/js/ravada.js b/public/js/ravada.js
@@ -803,7 +803,6 @@
                           ,'storage': $scope.sp_move.storage_pool
                       })
               ).then(function(response) {
-                  console.log(response.data);
               });
 
           }
@@ -1207,8 +1206,6 @@
             var list_access_groups = function(type) {
                 $http.get("/machine/list_access_groups/"+type+"/"+$scope.showmachine.id).then(function(response) {
                     $scope.access_groups[type]=response.data;
-                    console.log(response.data);
-                    console.log(type);
                 });
             };
             $scope.add_group_access = function(type,group) {

diff --git a/t/front/80_access.t b/t/front/80_access.t
@@ -139,6 +139,12 @@ sub test_access_by_group_sql($vm, $by_name=0) {
 
     $list_bases = rvd_front->list_machines_user($user_sql);
     is(scalar(@$list_bases),1);
+    Ravada::Request->create_domain(
+        id_owner => $user_sql->id
+        ,id_base => $list_bases->[0]->{id}
+        ,name => new_domain_name()
+    );
+    wait_request(debug => 0);
 
     $list_bases = rvd_front->list_machines_user(user_admin);
     is(scalar(@$list_bases),1);
@@ -157,15 +163,22 @@ sub test_access_by_group_sql($vm, $by_name=0) {
     $base->show_clones(1);
 
     $list_bases = rvd_front->list_machines_user($user_sql);
-    is(scalar(@$list_bases),0) or exit;
+    is(scalar(@$list_bases),1) or exit;
 
-    remove_domain($base);
 
     is($user_sql->is_member($group->id),1);
+    is($user_sql->allowed_access_group($base->id),1);
+
     $user_sql->remove_from_group($group->id);
+    $user_sql->_load_allowed(1);
+
     is($user_sql->is_member($g_name),0);
     is($user_sql->is_member($group->id),0);
 
+    is($user_sql->allowed_access_group($base->id),0) or die $base->id;
+
+    remove_domain($base);
+
     $group->remove() if $group;
 
     my $group2 = Ravada::Auth::Group->new(name => $g_name);

diff --git a/t/mojo/70_groups.t b/t/mojo/70_groups.t
@@ -106,7 +106,6 @@ sub test_group($type) {
     my $result = decode_json($t->tx->res->body);
     is($result->{error},'');
 
-    diag($url_list_members);
     $t->get_ok($url_list_members)->status_is(200);
     my $members = decode_json($t->tx->res->body);
     my ($found) = grep {$_->{name} eq $user_name } @$members;
@@ -146,12 +145,19 @@ sub test_group($type) {
 
 sub test_list_groups($type, $group_name) {
     $t->get_ok("/group/$type/list")->status_is(200);
-    return if $t->tx->res->code != 200; my $list = decode_json($t->tx->res->body);
-    return if ref($list) ne 'ARRAY';
+    return if $t->tx->res->code != 200;
 
+    my $list = decode_json($t->tx->res->body);
+    return if ref($list) ne 'ARRAY';
 
     ok(grep({$_ eq $group_name } @$list), "Missing $type $group_name in ".Dumper($list));
 
+    $t->get_ok("/group_${type}_list")->status_is(200);
+    return if $t->tx->res->code != 200;
+
+    my $list_book = decode_json($t->tx->res->body);
+    is_deeply($list_book, $list);
+
     my ($first) = $group_name =~ /^(.)/;
     $t->get_ok("/group/$type/list/$first")->status_is(200);
     $list = decode_json($t->tx->res->body);