cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mc...@apache.org
Subject git commit: updated refs/heads/rbac to 21dc2be
Date Sat, 12 Oct 2013 03:57:15 GMT
Updated Branches:
  refs/heads/rbac 00ad19601 -> 21dc2bef2


Fix getEntityOwnerId for CreateAclGroupCmd and CreateAclRoleCmd.

Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/21dc2bef
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/21dc2bef
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/21dc2bef

Branch: refs/heads/rbac
Commit: 21dc2bef2a2dcf9d0a27c328acbb1d9391922780
Parents: 00ad196
Author: Min Chen <min.chen@citrix.com>
Authored: Fri Oct 11 20:56:46 2013 -0700
Committer: Min Chen <min.chen@citrix.com>
Committed: Fri Oct 11 20:56:46 2013 -0700

----------------------------------------------------------------------
 .../api/command/admin/acl/CreateAclGroupCmd.java  |  4 ++--
 .../api/command/admin/acl/CreateAclRoleCmd.java   |  4 ++--
 .../org/apache/cloudstack/acl/AclServiceImpl.java | 18 ++++++++++--------
 3 files changed, 14 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/21dc2bef/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java
index a4bf4b3..11f6c39 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java
@@ -28,10 +28,10 @@ import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.ServerApiException;
 import org.apache.cloudstack.api.response.AclGroupResponse;
 import org.apache.cloudstack.api.response.DomainResponse;
+import org.apache.cloudstack.context.CallContext;
 
 import com.cloud.event.EventTypes;
 import com.cloud.exception.ResourceAllocationException;
-import com.cloud.user.Account;
 
 @APICommand(name = "createAclGroup", responseObject = AclGroupResponse.class, description
= "Creates an acl group")
 public class CreateAclGroupCmd extends BaseAsyncCreateCmd {
@@ -82,7 +82,7 @@ public class CreateAclGroupCmd extends BaseAsyncCreateCmd {
 
     @Override
     public long getEntityOwnerId() {
-        return Account.ACCOUNT_ID_SYSTEM;
+        return CallContext.current().getCallingAccount().getId();
     }
 
     @Override

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/21dc2bef/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java
index 05afbca..5663ac5 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java
@@ -29,10 +29,10 @@ import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.ServerApiException;
 import org.apache.cloudstack.api.response.AclRoleResponse;
 import org.apache.cloudstack.api.response.DomainResponse;
+import org.apache.cloudstack.context.CallContext;
 
 import com.cloud.event.EventTypes;
 import com.cloud.exception.ResourceAllocationException;
-import com.cloud.user.Account;
 
 @APICommand(name = "createAclRole", responseObject = AclRoleResponse.class, description =
"Creates an acl role")
 public class CreateAclRoleCmd extends BaseAsyncCreateCmd {
@@ -90,7 +90,7 @@ public class CreateAclRoleCmd extends BaseAsyncCreateCmd {
 
     @Override
     public long getEntityOwnerId() {
-        return Account.ACCOUNT_ID_SYSTEM;
+        return CallContext.current().getCallingAccount().getId();
     }
 
     @Override

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/21dc2bef/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
index f879d2b..ccd3bf0 100644
--- a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
+++ b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
@@ -113,9 +113,12 @@ public class AclServiceImpl extends ManagerBase implements AclService,
Manager {
     @ActionEvent(eventType = EventTypes.EVENT_ACL_ROLE_CREATE, eventDescription = "Creating
Acl Role", create = true)
     public AclRole createAclRole(Long domainId, String aclRoleName, String description, Long
parentRoleId) {
         Account caller = CallContext.current().getCallingAccount();
+        if (domainId == null) {
+            domainId = caller.getDomainId();
+        }
         if (!_accountMgr.isRootAdmin(caller.getAccountId())) {
             // domain admin can only create role for his domain
-            if (domainId != null && caller.getDomainId() != domainId.longValue())
{
+            if (caller.getDomainId() != domainId.longValue()) {
                 throw new PermissionDeniedException("Can't create acl role in domain " +
domainId + ", permission denied");
             }
         }
@@ -130,9 +133,7 @@ public class AclServiceImpl extends ManagerBase implements AclService,
Manager {
         Transaction txn = Transaction.currentTxn();
         txn.start();
         AclRoleVO rvo = new AclRoleVO(aclRoleName, description);
-        if (domainId != null) {
-            rvo.setDomainId(domainId);
-        }
+        rvo.setDomainId(domainId);
         AclRole role = _aclRoleDao.persist(rvo);
         if (parentRoleId != null) {
             // copy parent role permissions
@@ -472,9 +473,12 @@ public class AclServiceImpl extends ManagerBase implements AclService,
Manager {
     @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_CREATE, eventDescription = "Creating
Acl Group", create = true)
     public AclGroup createAclGroup(Long domainId, String aclGroupName, String description)
{
         Account caller = CallContext.current().getCallingAccount();
+        if (domainId == null) {
+            domainId = caller.getDomainId(); // use caller's domain id
+        }
         if (!_accountMgr.isRootAdmin(caller.getAccountId())) {
             // domain admin can only create role for his domain
-            if (domainId != null && caller.getDomainId() != domainId.longValue())
{
+            if (caller.getDomainId() != domainId.longValue()) {
                 throw new PermissionDeniedException("Can't create acl group in domain " +
domainId + ", permission denied");
             }
         }
@@ -486,9 +490,7 @@ public class AclServiceImpl extends ManagerBase implements AclService,
Manager {
                             + " already exisits for domain " + domainId);
         }
         AclGroupVO rvo = new AclGroupVO(aclGroupName, description);
-        if (domainId != null) {
-            rvo.setDomainId(domainId);
-        }
+        rvo.setDomainId(domainId);
 
         return _aclGroupDao.persist(rvo);
     }


Mime
View raw message