wip: allow also shutdown

UPC · frankiejol · Feb 6, 2024 · Jun 22, 2023 · Jun 22, 2023 · Jun 22, 2023
commit a99b0a17b6a8d1ed2a69898c4216d727be2e3b5f
diff --git a/lib/Ravada/Auth/SQL.pm b/lib/Ravada/Auth/SQL.pm
@@ -682,6 +682,8 @@ sub can_do_domain($self, $grant, $domain) {
     my %valid_grant = map { $_ => 1 } qw(change_settings shutdown reboot rename expose_ports);
     confess "Invalid grant here '$grant'"   if !$valid_grant{$grant};
 
+    return 1 if $grant eq 'shutdown' && $self->can_shutdown_machine($domain);
+
     return 0 if !$self->can_do($grant) && !$self->_domain_id_base($domain);
 
     return 1 if $self->can_do("${grant}_all");
@@ -1143,6 +1145,8 @@ sub can_shutdown_machine($self, $domain) {
 
     return 1 if $self->id == $domain->id_owner;
 
+    return 1 if $self->_machine_shared($domain->id);
+
     if ($domain->id_base && $self->can_shutdown_clone()) {
         my $base = Ravada::Front::Domain->open($domain->id_base);
         return 1 if $base->id_owner == $self->id;

diff --git a/lib/Ravada/Front.pm b/lib/Ravada/Front.pm
@@ -212,9 +212,9 @@ sub _get_clone_info($user, $base, $clone = Ravada::Front::Domain->open($base->{i
     $c->{is_locked} = $clone->is_locked;
     $c->{description} = ( $clone->_data('description')
             or $base->{description});
-    $c->{can_remove} = 0;
 
     $c->{can_remove} = ( $user->can_remove() && $user->id == $clone->_data('id_owner'));
+    $c->{can_remove} = 0 if !$c->{can_remove};
 
     if ($clone->is_active && !$clone->is_locked
         && $user->can_screenshot) {

diff --git a/script/rvd_front b/script/rvd_front
@@ -843,7 +843,9 @@ get '/machine/view/(:id).(:type)' => sub {
 
     return access_denied($c) unless $USER->is_admin
                               || $domain->id_owner == $USER->id
-                              || $USER->can_view_all;
+                              || $USER->can_view_all
+                              || $USER->can_start_machine($domain)
+                              ;
 
     return view_machine($c);
 };

diff --git a/t/mojo/10_login.t b/t/mojo/10_login.t
@@ -973,6 +973,55 @@ sub test_clone_same_name($t, $base) {
 
 }
 
+sub _create_clone($t, $base) {
+    mojo_check_login($t);
+    wait_request();
+
+    $base->is_public(1);
+
+    my ($name, $pass) = (new_domain_name(),"$$ $$");
+    my $user = _create_user($name, $pass);
+    login($name, $pass);
+
+    $t->get_ok("/machine/clone/".$base->id.".html")
+    ->status_is(200);
+    like($t->tx->res->code(),qr/^(200|302)$/)
+    or die $t->tx->res->body;
+
+    wait_request(debug => 1, check_error => 1, background => 1, timeout => 120);
+    mojo_check_login($t, $name, $pass);
+
+    my ($clone) = grep { $_->{id_owner} == $user->id } $base->clones;
+
+    return $clone;
+
+}
+
+sub _create_user($name, $pass) {
+    my $user = Ravada::Auth::SQL->new(name => $name);
+    $user->remove();
+    return create_user($name, $pass);
+}
+
+sub test_grant_access($t, $base) {
+    my $clone0 = _create_clone($t, $base);
+
+    my ($name, $pass) = (new_domain_name(),"$$ $$");
+    my $user2 = _create_user($name, $pass);
+
+    my $clone = Ravada::Front::Domain->open($clone0->{id});
+    $clone->share($user2);
+    login($name, $pass);
+
+    $t->get_ok("/machine/view/".$clone->id.".html")->status_is(200);
+
+    like($t->tx->res->code(),qr/^(200|302)$/)
+    or die $t->tx->res->body;
+
+    $t->get_ok("/machine/shutdown/".$clone->id.".json")->status_is(200);
+
+}
+
 ########################################################################################
 
 $ENV{MOJO_MODE} = 'development';
@@ -1028,6 +1077,8 @@ for my $vm_name (reverse @{rvd_front->list_vm_types} ) {
 
     test_clone_same_name($t, $base0);
 
+    test_grant_access($t, $base0);
+
     if ($vm_name eq 'KVM') {
         test_new_machine_default($t, $vm_name);
         test_new_machine_default($t, $vm_name, 1); # with empty iso file

diff --git a/t/user/35_share.t b/t/user/35_share.t
@@ -43,18 +43,35 @@ sub test_share($vm) {
 
     $clone->share($user2);
 
+    is($user2->can_shutdown($clone),1);
+
+    my $req2 = Ravada::Request->start_domain(
+        uid => $user2->id
+        ,id_domain => $clone->id
+    );
+    wait_request();
+    is($req2->status,'done');
+    is($req2->error,'');
+
+
     $list_bases_u2 = rvd_front->list_machines_user($user2);
     ($clone_user2) = grep { $_->{name } eq $base->name } @$list_bases_u2;
     is(scalar(@{$clone_user2->{list_clones}}),1);
+    is($clone_user2->{list_clones}->[0]->{can_remove},0);
+    is($clone_user2->{list_clones}->[0]->{can_shutdown},1);
 
     is($user2->can_view_all,undef);
     is($user2->can_start_machine($clone->id),1) or exit;
 
-    my $req2 = Ravada::Request->start_domain(
+    my $req3 = Ravada::Request->start_domain(
         uid => $user2->id
         ,id_domain => $clone->id
     );
     wait_request();
+    is($req3->status,'done');
+    is($req3->error,'');
+
+
 }
 
 ##############################################################