Index: trunk/packages/sipb-xen-database/debian/changelog =================================================================== --- trunk/packages/sipb-xen-database/debian/changelog (revision 873) +++ trunk/packages/sipb-xen-database/debian/changelog (revision 874) @@ -1,2 +1,9 @@ +sipb-xen-database (10.18) unstable; urgency=low + + * add 'adminable' column to machines; for selectively, temporarily, + enabling admin mode on a machine + + -- Greg Price Wed, 6 Aug 2008 01:02:59 -0400 + sipb-xen-database (10.17) unstable; urgency=low Index: trunk/packages/sipb-xen-database/python/database/models.py =================================================================== --- trunk/packages/sipb-xen-database/python/database/models.py (revision 873) +++ trunk/packages/sipb-xen-database/python/database/models.py (revision 874) @@ -21,4 +21,5 @@ 'CDROM', 'Autoinstall', + 'or_', ] @@ -37,5 +38,6 @@ Column('type_id', String, ForeignKey('types.type_id'), nullable=False), Column('autorestart', Boolean, nullable=False, default=False), - Column('cpus', Integer, nullable=False, default=1)) + Column('cpus', Integer, nullable=False, default=1), + Column('adminable', Boolean, nullable=False, default=False)) nic_table = Table('nics', meta, Index: trunk/packages/sipb-xen-www/code/validation.py =================================================================== --- trunk/packages/sipb-xen-www/code/validation.py (revision 873) +++ trunk/packages/sipb-xen-www/code/validation.py (revision 874) @@ -126,5 +126,6 @@ def haveAccess(user, state, machine): """Return whether a user has administrative access to a machine""" - return state.isadmin or user in cache_acls.accessList(machine) + return (user in cache_acls.accessList(machine) + or (machine.adminable and state.isadmin)) def owns(user, machine): Index: trunk/packages/sipb-xen-www/code/webcommon.py =================================================================== --- trunk/packages/sipb-xen-www/code/webcommon.py (revision 873) +++ trunk/packages/sipb-xen-www/code/webcommon.py (revision 874) @@ -2,4 +2,5 @@ import time +from invirt import database from invirt.database import Machine, MachineAccess @@ -45,5 +46,7 @@ def getMachines(self): if self.isadmin: - return Machine.select() + return Machine.query().join('acl').select_by( + database.or_(MachineAccess.c.user == self.username, + Machine.c.adminable == True)) else: return Machine.query().join('acl').select_by(user=self.username)