access: Allow 'node-device.read' permission for anonymous users

For all other objects we allow the 'read' permission for anonymous
users. In fact the idea is to allow all permissions users using the
readonly connection would have.

This impacts the following APIs (in terms of RPC procedure names):

  $ git grep -A 3 node_device:read | grep REMOTE
  src/remote/remote_protocol.x-    REMOTE_PROC_NODE_DEVICE_GET_XML_DESC = 114,
  src/remote/remote_protocol.x-    REMOTE_PROC_NODE_DEVICE_GET_PARENT = 115,
  src/remote/remote_protocol.x-    REMOTE_PROC_NODE_DEVICE_NUM_OF_CAPS = 116,
  src/remote/remote_protocol.x-    REMOTE_PROC_NODE_DEVICE_LIST_CAPS = 117,
  src/remote/remote_protocol.x-    REMOTE_PROC_NODE_DEVICE_GET_AUTOSTART = 433,
  src/remote/remote_protocol.x-    REMOTE_PROC_NODE_DEVICE_IS_PERSISTENT = 435,
  src/remote/remote_protocol.x-    REMOTE_PROC_NODE_DEVICE_IS_ACTIVE = 436,

Fixes: a93cd08f
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

diff --git a/src/access/viraccessperm.h b/src/access/viraccessperm.h
index 051246a7b62d0065dd64a4173fb0c2e37614d485..2f04459ed96f60202e9a8fc97ad6c240b0a9a437 100644 (file)
--- a/src/access/viraccessperm.h
+++ b/src/access/viraccessperm.h
@@ -473,6 +473,7 @@ typedef enum {
     /**
      * @desc: Read node device
      * @message: Reading node device configuration requires authorization
+     * @anonymous: 1
      */
     VIR_ACCESS_PERM_NODE_DEVICE_READ,