Prevent unauthorized console take over.
This commit is contained in:
parent
3ca632c8da
commit
1b5ad5b73e
5 changed files with 21 additions and 4 deletions
|
|
@ -994,6 +994,10 @@ spec:
|
|||
type: array
|
||||
description: >-
|
||||
Defines permissions for accessing and manipulating the VM.
|
||||
The meaning of most permissions should be obvious. The
|
||||
difference between "accessConsole" and "takeConsole" is
|
||||
that "takeConsole" allows the user to take control of
|
||||
the console even if it is already in use by another user.
|
||||
items:
|
||||
type: object
|
||||
description: >-
|
||||
|
|
@ -1017,6 +1021,7 @@ spec:
|
|||
- stop
|
||||
- reset
|
||||
- accessConsole
|
||||
- takeConsole
|
||||
- "*"
|
||||
default: []
|
||||
pools:
|
||||
|
|
|
|||
|
|
@ -65,7 +65,7 @@ public class VmDefinition {
|
|||
*/
|
||||
public enum Permission {
|
||||
START("start"), STOP("stop"), RESET("reset"),
|
||||
ACCESS_CONSOLE("accessConsole");
|
||||
ACCESS_CONSOLE("accessConsole"), TAKE_CONSOLE("takeConsole");
|
||||
|
||||
@SuppressWarnings("PMD.UseConcurrentHashMap")
|
||||
private static Map<String, Permission> reprs = new HashMap<>();
|
||||
|
|
|
|||
|
|
@ -5,4 +5,5 @@ okayLabel = Apply and Close
|
|||
confirmResetTitle = Confirm reset
|
||||
confirmResetMsg = Resetting the VM may cause loss of data. \
|
||||
Please confirm to continue.
|
||||
consoleTakenNotification = Console access is locked by another user.
|
||||
poolEmptyNotification = No VM available. Please consult your administrator.
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ Open\ console = Konsole anzeigen
|
|||
confirmResetTitle = Zurücksetzen bestätigen
|
||||
confirmResetMsg = Zurücksetzen der VM kann zu Datenverlust führen. \
|
||||
Bitte bestätigen um fortzufahren.
|
||||
consoleTakenNotification = Die Konsole wird von einem anderen Benutzer verwendet.
|
||||
poolEmptyNotification = Keine VM verfügbar. Wenden Sie sich bitte an den \
|
||||
Systemadministrator.
|
||||
|
||||
|
|
@ -779,9 +779,19 @@ public class VmAccess extends FreeMarkerConlet<VmAccess.ResourceModel> {
|
|||
}
|
||||
break;
|
||||
case "openConsole":
|
||||
if (perms.contains(VmDefinition.Permission.ACCESS_CONSOLE)) {
|
||||
var user = WebConsoleUtils.userFromSession(channel.session())
|
||||
.map(ConsoleUser::getName).orElse("");
|
||||
var user = WebConsoleUtils.userFromSession(channel.session())
|
||||
.map(ConsoleUser::getName).orElse("");
|
||||
if (vmDef.conditionStatus("ConsoleConnected").orElse(false)
|
||||
&& vmDef.consoleUser().map(cu -> !cu.equals(user)
|
||||
&& !perms.contains(VmDefinition.Permission.TAKE_CONSOLE))
|
||||
.orElse(false)) {
|
||||
channel.respond(new DisplayNotification(
|
||||
resourceBundle.getString("consoleTakenNotification"),
|
||||
Map.of("autoClose", 5_000, "type", "Warning")));
|
||||
return;
|
||||
}
|
||||
if (perms.contains(VmDefinition.Permission.ACCESS_CONSOLE)
|
||||
|| perms.contains(VmDefinition.Permission.TAKE_CONSOLE)) {
|
||||
var pwQuery
|
||||
= Event.onCompletion(new GetDisplayPassword(vmDef, user),
|
||||
e -> openConsole(vmDef, channel, model,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue