cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From prachida...@apache.org
Subject git commit: updated refs/heads/rbac to 4294005
Date Wed, 25 Sep 2013 00:02:13 GMT
Updated Branches:
  refs/heads/rbac aba54356d -> 429400514


Check if an Account belongs to RootAdmin group


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/42940051
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/42940051
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/42940051

Branch: refs/heads/rbac
Commit: 42940051424abe96eb2f1fe7bd94b547b377e00d
Parents: aba5435
Author: Prachi Damle <prachi@cloud.com>
Authored: Tue Sep 24 17:01:43 2013 -0700
Committer: Prachi Damle <prachi@cloud.com>
Committed: Tue Sep 24 17:01:43 2013 -0700

----------------------------------------------------------------------
 .../cloudstack/acl/dao/AclGroupAccountMapDao.java   |  2 ++
 .../acl/dao/AclGroupAccountMapDaoImpl.java          | 16 ++++++++++++++++
 server/src/com/cloud/user/AccountManagerImpl.java   | 11 +++++++++++
 server/test/com/cloud/vm/UserVmManagerTest.java     |  3 +++
 .../com/cloud/vpc/MockResourceLimitManagerImpl.java |  2 +-
 5 files changed, 33 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/42940051/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDao.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDao.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDao.java
index b60dcb4..1102047 100644
--- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDao.java
+++ b/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDao.java
@@ -28,4 +28,6 @@ public interface AclGroupAccountMapDao extends GenericDao<AclGroupAccountMapVO,
 
     List<AclGroupAccountMapVO> listByAccountId(long accountId);
 
+    AclGroupAccountMapVO findAccountInAdminGroup(long accountId);
+
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/42940051/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDaoImpl.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDaoImpl.java
b/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDaoImpl.java
index ecccf85..d0c8a5b 100644
--- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDaoImpl.java
+++ b/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDaoImpl.java
@@ -33,6 +33,7 @@ import com.cloud.utils.db.SearchCriteria;
 public class AclGroupAccountMapDaoImpl extends GenericDaoBase<AclGroupAccountMapVO, Long>
implements AclGroupAccountMapDao {
     private SearchBuilder<AclGroupAccountMapVO> ListByGroupId;
     private SearchBuilder<AclGroupAccountMapVO> ListByAccountId;
+    private SearchBuilder<AclGroupAccountMapVO> _findByAccountAndGroupId;
 
     @Override
     public boolean configure(String name, Map<String, Object> params) throws ConfigurationException
{
@@ -46,6 +47,13 @@ public class AclGroupAccountMapDaoImpl extends GenericDaoBase<AclGroupAccountMap
         ListByAccountId.and("accountId", ListByAccountId.entity().getAccountId(), SearchCriteria.Op.EQ);
         ListByAccountId.done();
 
+        _findByAccountAndGroupId = createSearchBuilder();
+        _findByAccountAndGroupId
+                .and("groupId", _findByAccountAndGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ);
+        _findByAccountAndGroupId.and("accountId", _findByAccountAndGroupId.entity().getAccountId(),
+                SearchCriteria.Op.EQ);
+        _findByAccountAndGroupId.done();
+
         return true;
     }
 
@@ -63,4 +71,12 @@ public class AclGroupAccountMapDaoImpl extends GenericDaoBase<AclGroupAccountMap
         return listBy(sc);
     }
 
+    @Override
+    public AclGroupAccountMapVO findAccountInAdminGroup(long accountId) {
+        SearchCriteria<AclGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
+        sc.setParameters("accountId", accountId);
+        sc.setParameters("groupId", 2);
+        return findOneBy(sc);
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/42940051/server/src/com/cloud/user/AccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
index e78620e..3b0e87c 100755
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -39,10 +39,12 @@ import javax.naming.ConfigurationException;
 
 import org.apache.commons.codec.binary.Base64;
 import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.AclGroupAccountMapVO;
 import org.apache.cloudstack.acl.ControlledEntity;
 import org.apache.cloudstack.acl.RoleType;
 import org.apache.cloudstack.acl.SecurityChecker;
 import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.acl.dao.AclGroupAccountMapDao;
 import org.apache.cloudstack.affinity.AffinityGroup;
 import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
 import org.apache.cloudstack.api.command.admin.account.UpdateAccountCmd;
@@ -244,6 +246,10 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager,
M
     private DedicatedResourceDao _dedicatedDao;
     @Inject
     private GlobalLoadBalancerRuleDao _gslbRuleDao;
+
+    @Inject
+    private AclGroupAccountMapDao _aclGroupAccountDao;
+
     @Inject
     public com.cloud.region.ha.GlobalLoadBalancingRulesService _gslbService;
 
@@ -347,6 +353,11 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager,
M
     public boolean isRootAdmin(long accountId) {
         // refer to account_group_map and check if account is in Root 'Admin'
         // group
+        
+        AclGroupAccountMapVO adminGroupMember = _aclGroupAccountDao.findAccountInAdminGroup(accountId);
+        if (adminGroupMember != null) {
+            return true;
+        }
         return false;
     }
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/42940051/server/test/com/cloud/vm/UserVmManagerTest.java
----------------------------------------------------------------------
diff --git a/server/test/com/cloud/vm/UserVmManagerTest.java b/server/test/com/cloud/vm/UserVmManagerTest.java
index df676d3..8e5032f 100755
--- a/server/test/com/cloud/vm/UserVmManagerTest.java
+++ b/server/test/com/cloud/vm/UserVmManagerTest.java
@@ -564,6 +564,9 @@ public class UserVmManagerTest {
                 any(Boolean.class), any(ControlledEntity.class));
 
         CallContext.register(user, caller);
+
+        when(_accountMgr.isRootAdmin(anyLong())).thenReturn(true);
+
         try {
             _userVmMgr.moveVMToUser(cmd);
         } finally {

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/42940051/server/test/com/cloud/vpc/MockResourceLimitManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/test/com/cloud/vpc/MockResourceLimitManagerImpl.java b/server/test/com/cloud/vpc/MockResourceLimitManagerImpl.java
index 367ca45..172d6b3 100644
--- a/server/test/com/cloud/vpc/MockResourceLimitManagerImpl.java
+++ b/server/test/com/cloud/vpc/MockResourceLimitManagerImpl.java
@@ -75,7 +75,7 @@ public class MockResourceLimitManagerImpl extends ManagerBase implements
Resourc
 
 
     @Override
-    public long findCorrectResourceLimitForAccount(short accountType, Long limit, ResourceType
type) {
+    public long findCorrectResourceLimitForAccount(long accountId, Long limit, ResourceType
type) {
         // TODO Auto-generated method stub
         return 0;
     }


Mime
View raw message