cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sate...@apache.org
Subject [41/50] [abbrv] git commit: updated refs/heads/vmware-datamodel to d07f875
Date Sun, 19 May 2013 12:06:12 GMT
CLOUDSTACK-2365: Anti-Affinity - As admin , we are allowed to deploy a Vm in an affinity group
that belongs to different user.

CLOUDSTACK-2349: Anti-Affinity - As admin user , using updateVMAffinityGroup() , we are allowed
to update the affinity group of a Vm (that belongs to a regular user) to be set to admin's
affinity group.

Changes:
- Even for root-admin make sure that the affinity group and the VM belong to same account


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/1851f7f7
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/1851f7f7
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/1851f7f7

Branch: refs/heads/vmware-datamodel
Commit: 1851f7f7f6bb4bcf3521ea44c51e9506cb86a72d
Parents: 7cae8ca
Author: Prachi Damle <prachi@cloud.com>
Authored: Fri May 17 15:32:21 2013 -0700
Committer: Prachi Damle <prachi@cloud.com>
Committed: Fri May 17 15:33:01 2013 -0700

----------------------------------------------------------------------
 server/src/com/cloud/vm/UserVmManagerImpl.java     |    8 ++++++++
 .../affinity/AffinityGroupServiceImpl.java         |    9 +++++++++
 2 files changed, 17 insertions(+), 0 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1851f7f7/server/src/com/cloud/vm/UserVmManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java
index 860daaf..05ff6aa 100755
--- a/server/src/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/com/cloud/vm/UserVmManagerImpl.java
@@ -2366,6 +2366,14 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager,
Use
                 } else {
                     // verify permissions
                     _accountMgr.checkAccess(caller, null, true, owner, ag);
+                    // Root admin has access to both VM and AG by default, but
+                    // make sure the owner of these entities is same
+                    if (caller.getId() == Account.ACCOUNT_ID_SYSTEM || _accountMgr.isRootAdmin(caller.getType()))
{
+                        if (ag.getAccountId() != owner.getAccountId()) {
+                            throw new PermissionDeniedException("Affinity Group " + ag
+                                    + " does not belong to the VM's account");
+                        }
+                    }
                 }
             }
         }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1851f7f7/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java b/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java
index fc2cfcf..efe18c3 100644
--- a/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java
+++ b/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java
@@ -36,6 +36,7 @@ import com.cloud.deploy.DeploymentPlanner;
 import com.cloud.event.ActionEvent;
 import com.cloud.event.EventTypes;
 import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.PermissionDeniedException;
 import com.cloud.exception.ResourceInUseException;
 import com.cloud.network.security.SecurityGroup;
 import com.cloud.user.Account;
@@ -332,6 +333,14 @@ public class AffinityGroupServiceImpl extends ManagerBase implements
AffinityGro
             } else {
                 // verify permissions
                 _accountMgr.checkAccess(caller, null, true, owner, ag);
+                // Root admin has access to both VM and AG by default, but make sure the
+                // owner of these entities is same
+                if (caller.getId() == Account.ACCOUNT_ID_SYSTEM || _accountMgr.isRootAdmin(caller.getType()))
{
+                    if (ag.getAccountId() != owner.getAccountId()) {
+                        throw new PermissionDeniedException("Affinity Group " + ag
+                                + " does not belong to the VM's account");
+                    }
+                }
             }
         }
         _affinityGroupVMMapDao.updateMap(vmId, affinityGroupIds);


Mime
View raw message