Return-Path: X-Original-To: apmail-cloudstack-commits-archive@www.apache.org Delivered-To: apmail-cloudstack-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id EB74F10BF1 for ; Tue, 14 Jan 2014 06:37:40 +0000 (UTC) Received: (qmail 68206 invoked by uid 500); 14 Jan 2014 06:04:17 -0000 Delivered-To: apmail-cloudstack-commits-archive@cloudstack.apache.org Received: (qmail 67347 invoked by uid 500); 14 Jan 2014 06:02:21 -0000 Mailing-List: contact commits-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list commits@cloudstack.apache.org Received: (qmail 66309 invoked by uid 99); 14 Jan 2014 05:59:24 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 14 Jan 2014 05:59:24 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id ECFB68BC104; Tue, 14 Jan 2014 05:59:23 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: mchen@apache.org To: commits@cloudstack.apache.org Date: Tue, 14 Jan 2014 05:59:23 -0000 Message-Id: <9b696a44c03f40fd87879721375a9983@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [1/2] Handle search of those entities without db view created using new ACL model. Updated Branches: refs/heads/rbac f1ecd9ed3 -> bae498c89 http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bae498c8/server/src/com/cloud/user/AccountManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java index 1701464..183353c 100755 --- a/server/src/com/cloud/user/AccountManagerImpl.java +++ b/server/src/com/cloud/user/AccountManagerImpl.java @@ -48,6 +48,7 @@ import org.apache.cloudstack.acl.SecurityChecker; import org.apache.cloudstack.acl.SecurityChecker.AccessType; import org.apache.cloudstack.affinity.AffinityGroup; import org.apache.cloudstack.affinity.dao.AffinityGroupDao; +import org.apache.cloudstack.api.InternalIdentity; import org.apache.cloudstack.api.command.admin.account.UpdateAccountCmd; import org.apache.cloudstack.api.command.admin.user.DeleteUserCmd; import org.apache.cloudstack.api.command.admin.user.RegisterCmd; @@ -107,7 +108,6 @@ import com.cloud.network.vpn.RemoteAccessVpnService; import com.cloud.network.vpn.Site2SiteVpnManager; import com.cloud.projects.Project; import com.cloud.projects.Project.ListProjectResourcesCriteria; -import com.cloud.projects.ProjectInvitationVO; import com.cloud.projects.ProjectManager; import com.cloud.projects.ProjectVO; import com.cloud.projects.dao.ProjectAccountDao; @@ -2169,251 +2169,6 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M } - - @Override - public void buildACLSearchBuilder(SearchBuilder sb, - Long domainId, boolean isRecursive, List permittedAccounts, ListProjectResourcesCriteria listProjectResourcesCriteria) { - - if (sb.entity() instanceof IPAddressVO) { - sb.and("accountIdIN", ((IPAddressVO) sb.entity()).getAllocatedToAccountId(), SearchCriteria.Op.IN); - sb.and("domainId", ((IPAddressVO) sb.entity()).getAllocatedInDomainId(), SearchCriteria.Op.EQ); - } else if (sb.entity() instanceof ProjectInvitationVO) { - sb.and("accountIdIN", ((ProjectInvitationVO) sb.entity()).getForAccountId(), SearchCriteria.Op.IN); - sb.and("domainId", ((ProjectInvitationVO) sb.entity()).getInDomainId(), SearchCriteria.Op.EQ); - } else { - sb.and("accountIdIN", sb.entity().getAccountId(), SearchCriteria.Op.IN); - sb.and("domainId", sb.entity().getDomainId(), SearchCriteria.Op.EQ); - } - - if (((permittedAccounts.isEmpty()) && (domainId != null) && isRecursive)) { - // if accountId isn't specified, we can do a domain match for the admin case if isRecursive is true - SearchBuilder domainSearch = _domainDao.createSearchBuilder(); - domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE); - - if (sb.entity() instanceof IPAddressVO) { - sb.join("domainSearch", domainSearch, ((IPAddressVO) sb.entity()).getAllocatedInDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER); - } else if (sb.entity() instanceof ProjectInvitationVO) { - sb.join("domainSearch", domainSearch, ((ProjectInvitationVO) sb.entity()).getInDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER); - } else { - sb.join("domainSearch", domainSearch, sb.entity().getDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER); - } - - } - if (listProjectResourcesCriteria != null) { - SearchBuilder accountSearch = _accountDao.createSearchBuilder(); - if (listProjectResourcesCriteria == Project.ListProjectResourcesCriteria.ListProjectResourcesOnly) { - accountSearch.and("type", accountSearch.entity().getType(), SearchCriteria.Op.EQ); - } else if (listProjectResourcesCriteria == Project.ListProjectResourcesCriteria.SkipProjectResources) { - accountSearch.and("type", accountSearch.entity().getType(), SearchCriteria.Op.NEQ); - } - - if (sb.entity() instanceof IPAddressVO) { - sb.join("accountSearch", accountSearch, ((IPAddressVO) sb.entity()).getAllocatedToAccountId(), accountSearch.entity().getId(), JoinBuilder.JoinType.INNER); - } else if (sb.entity() instanceof ProjectInvitationVO) { - sb.join("accountSearch", accountSearch, ((ProjectInvitationVO) sb.entity()).getForAccountId(), accountSearch.entity().getId(), JoinBuilder.JoinType.INNER); - } else { - sb.join("accountSearch", accountSearch, sb.entity().getAccountId(), accountSearch.entity().getId(), JoinBuilder.JoinType.INNER); - } - } - } - - @Override - public void buildACLSearchCriteria(SearchCriteria sc, - Long domainId, boolean isRecursive, List permittedAccounts, ListProjectResourcesCriteria listProjectResourcesCriteria) { - - if (listProjectResourcesCriteria != null) { - sc.setJoinParameters("accountSearch", "type", Account.ACCOUNT_TYPE_PROJECT); - } - - if (!permittedAccounts.isEmpty()) { - sc.setParameters("accountIdIN", permittedAccounts.toArray()); - } else if (domainId != null) { - DomainVO domain = _domainDao.findById(domainId); - if (isRecursive) { - sc.setJoinParameters("domainSearch", "path", domain.getPath() + "%"); - } else { - sc.setParameters("domainId", domainId); - } - } - } - -// @Override -// public void buildACLSearchParameters(Account caller, Long id, String accountName, Long projectId, List -// permittedAccounts, Ternary domainIdRecursiveListProject, -// boolean listAll, boolean forProjectInvitation) { -// Long domainId = domainIdRecursiveListProject.first(); -// if (domainId != null) { -// Domain domain = _domainDao.findById(domainId); -// if (domain == null) { -// throw new InvalidParameterValueException("Unable to find domain by id " + domainId); -// } -// // check permissions -// checkAccess(caller, domain); -// } -// -// if (accountName != null) { -// if (projectId != null) { -// throw new InvalidParameterValueException("Account and projectId can't be specified together"); -// } -// -// Account userAccount = null; -// Domain domain = null; -// if (domainId != null) { -// userAccount = _accountDao.findActiveAccount(accountName, domainId); -// domain = _domainDao.findById(domainId); -// } else { -// userAccount = _accountDao.findActiveAccount(accountName, caller.getDomainId()); -// domain = _domainDao.findById(caller.getDomainId()); -// } -// -// if (userAccount != null) { -// checkAccess(caller, null, false, userAccount); -// //check permissions -// permittedAccounts.add(userAccount.getId()); -// } else { -// throw new InvalidParameterValueException("could not find account " + accountName + " in domain " + domain.getUuid()); -// } -// } -// -// // set project information -// if (projectId != null) { -// if (!forProjectInvitation) { -// if (projectId.longValue() == -1) { -// if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) { -// permittedAccounts.addAll(_projectMgr.listPermittedProjectAccounts(caller.getId())); -// } else { -// domainIdRecursiveListProject.third(Project.ListProjectResourcesCriteria.ListProjectResourcesOnly); -// } -// } else { -// Project project = _projectMgr.getProject(projectId); -// if (project == null) { -// throw new InvalidParameterValueException("Unable to find project by id " + projectId); -// } -// if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { -// throw new PermissionDeniedException("Account " + caller + " can't access project id=" + projectId); -// } -// permittedAccounts.add(project.getProjectAccountId()); -// } -// } -// } else { -// if (id == null) { -// domainIdRecursiveListProject.third(Project.ListProjectResourcesCriteria.SkipProjectResources); -// } -// if (permittedAccounts.isEmpty() && domainId == null) { -// if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) { -// permittedAccounts.add(caller.getId()); -// } else if (!listAll) { -// if (id == null) { -// permittedAccounts.add(caller.getId()); -// } else if (!isRootAdmin(caller.getId())) { -// domainIdRecursiveListProject.first(caller.getDomainId()); -// domainIdRecursiveListProject.second(true); -// } -// } else if (domainId == null) { -// if (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) { -// domainIdRecursiveListProject.first(caller.getDomainId()); -// domainIdRecursiveListProject.second(true); -// } -// } -// } else if (domainId != null) { -// if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) { -// permittedAccounts.add(caller.getId()); -// } -// } -// -// } -// } - - //TODO: deprecate this to use the new buildACLSearchParameters with permittedDomains, permittedAccounts, and permittedResources as return - @Override - public void buildACLSearchParameters(Account caller, Long id, String accountName, Long projectId, List - permittedAccounts, Ternary domainIdRecursiveListProject, - boolean listAll, boolean forProjectInvitation) { - Long domainId = domainIdRecursiveListProject.first(); - if (domainId != null) { - Domain domain = _domainDao.findById(domainId); - if (domain == null) { - throw new InvalidParameterValueException("Unable to find domain by id " + domainId); - } - // check permissions - checkAccess(caller, domain); - } - - if (accountName != null) { - if (projectId != null) { - throw new InvalidParameterValueException("Account and projectId can't be specified together"); - } - - Account userAccount = null; - Domain domain = null; - if (domainId != null) { - userAccount = _accountDao.findActiveAccount(accountName, domainId); - domain = _domainDao.findById(domainId); - } else { - userAccount = _accountDao.findActiveAccount(accountName, caller.getDomainId()); - domain = _domainDao.findById(caller.getDomainId()); - } - - if (userAccount != null) { - checkAccess(caller, null, false, userAccount); - // check permissions - permittedAccounts.add(userAccount.getId()); - } else { - throw new InvalidParameterValueException("could not find account " + accountName + " in domain " + domain.getUuid()); - } - } - - // set project information - if (projectId != null) { - if (!forProjectInvitation) { - if (projectId.longValue() == -1) { - if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) { - permittedAccounts.addAll(_projectMgr.listPermittedProjectAccounts(caller.getId())); - } else { - domainIdRecursiveListProject.third(Project.ListProjectResourcesCriteria.ListProjectResourcesOnly); - } - } else { - Project project = _projectMgr.getProject(projectId); - if (project == null) { - throw new InvalidParameterValueException("Unable to find project by id " + projectId); - } - if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { - throw new PermissionDeniedException("Account " + caller + " can't access project id=" + projectId); - } - permittedAccounts.add(project.getProjectAccountId()); - } - } - } else { - if (id == null) { - domainIdRecursiveListProject.third(Project.ListProjectResourcesCriteria.SkipProjectResources); - } - if (permittedAccounts.isEmpty() && domainId == null) { - if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) { - permittedAccounts.add(caller.getId()); - } else if (!listAll) { - if (id == null) { - permittedAccounts.add(caller.getId()); - } else if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN) { - domainIdRecursiveListProject.first(caller.getDomainId()); - domainIdRecursiveListProject.second(true); - } - } else if (domainId == null) { - if (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) { - domainIdRecursiveListProject.first(caller.getDomainId()); - domainIdRecursiveListProject.second(true); - } - } - } else if (domainId != null) { - if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) { - permittedAccounts.add(caller.getId()); - } - } - - } - - } - - @Override public UserAccount getUserByApiKey(String apiKey) { return _userAccountDao.getUserByApiKey(apiKey); @@ -2526,6 +2281,119 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M } + @Override + public void buildACLSearchBuilder(SearchBuilder sb, boolean isRecursive, + List permittedDomains, + List permittedAccounts, List permittedResources, ListProjectResourcesCriteria listProjectResourcesCriteria) { + + if (listProjectResourcesCriteria != null) { + // add criteria for project or not + SearchBuilder accountSearch = _accountDao.createSearchBuilder(); + if (listProjectResourcesCriteria == Project.ListProjectResourcesCriteria.ListProjectResourcesOnly) { + accountSearch.and("type", accountSearch.entity().getType(), SearchCriteria.Op.EQ); + } else if (listProjectResourcesCriteria == Project.ListProjectResourcesCriteria.SkipProjectResources) { + accountSearch.and("type", accountSearch.entity().getType(), SearchCriteria.Op.NEQ); + } + + if (sb.entity() instanceof IPAddressVO) { + sb.join("accountSearch", accountSearch, ((IPAddressVO)sb.entity()).getAllocatedToAccountId(), accountSearch.entity().getId(), JoinBuilder.JoinType.INNER); + } else { + sb.join("accountSearch", accountSearch, sb.entity().getAccountId(), accountSearch.entity().getId(), JoinBuilder.JoinType.INNER); + } + } + if (permittedDomains.isEmpty() && permittedAccounts.isEmpty() && permittedResources.isEmpty()) + // can access everything + return; + + if (!permittedAccounts.isEmpty() || !permittedResources.isEmpty()) { + if (!permittedAccounts.isEmpty()) { + if (sb.entity() instanceof IPAddressVO) { + sb.and().op("accountIdIn", ((IPAddressVO)sb.entity()).getAllocatedToAccountId(), SearchCriteria.Op.IN); + } else { + sb.and().op("accountIdIn", sb.entity().getAccountId(), SearchCriteria.Op.IN); + } + if (!permittedResources.isEmpty()) { + sb.or("idIn", ((InternalIdentity)sb.entity()).getId(), SearchCriteria.Op.IN); + } + } else { + // permittedResources is not empty + sb.and().op("idIn", ((InternalIdentity)sb.entity()).getId(), SearchCriteria.Op.IN); + } + if (!permittedDomains.isEmpty()) { + if (isRecursive) { + SearchBuilder domainSearch = _domainDao.createSearchBuilder(); + for (int i = 0; i < permittedDomains.size(); i++) { + domainSearch.or("path" + i, domainSearch.entity().getPath(), SearchCriteria.Op.LIKE); + } + if (sb.entity() instanceof IPAddressVO) { + sb.join("domainSearch", domainSearch, ((IPAddressVO)sb.entity()).getAllocatedInDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER); + } else { + sb.join("domainSearch", domainSearch, sb.entity().getDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER); + } + } else { + if (sb.entity() instanceof IPAddressVO) { + sb.or("domainIdIn", ((IPAddressVO)sb.entity()).getAllocatedInDomainId(), SearchCriteria.Op.IN); + } else { + sb.or("domainIdIn", sb.entity().getDomainId(), SearchCriteria.Op.IN); + } + } + } + sb.cp(); + } else { + // permittedDomains is not empty + if (isRecursive) { + SearchBuilder domainSearch = _domainDao.createSearchBuilder(); + domainSearch.and().op("path0", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE); + for (int i = 1; i < permittedDomains.size(); i++) { + domainSearch.or("path" + i, domainSearch.entity().getPath(), SearchCriteria.Op.LIKE); + } + domainSearch.cp(); + if (sb.entity() instanceof IPAddressVO) { + sb.join("domainSearch", domainSearch, ((IPAddressVO)sb.entity()).getAllocatedInDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER); + } else { + sb.join("domainSearch", domainSearch, sb.entity().getDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER); + } + } else { + if (sb.entity() instanceof IPAddressVO) { + sb.and().op("domainIdIn", ((IPAddressVO)sb.entity()).getAllocatedInDomainId(), SearchCriteria.Op.IN); + } else { + sb.and().op("domainIdIn", sb.entity().getDomainId(), SearchCriteria.Op.IN); + } + sb.cp(); + } + } + } + + @Override + public void buildACLSearchCriteria(SearchCriteria sc, boolean isRecursive, + List permittedDomains, + List permittedAccounts, List permittedResources, ListProjectResourcesCriteria listProjectResourcesCriteria) { + + if (listProjectResourcesCriteria != null) { + sc.setJoinParameters("accountSearch", "type", Account.ACCOUNT_TYPE_PROJECT); + } + + if (permittedDomains.isEmpty() && permittedAccounts.isEmpty() && permittedResources.isEmpty()) + // can access everything + return; + + if (!permittedAccounts.isEmpty()) { + sc.setParameters("accountIdIn", permittedAccounts.toArray()); + } + if (!permittedResources.isEmpty()) { + sc.setParameters("idIn", permittedResources.toArray()); + } + if (!permittedDomains.isEmpty()) { + if (isRecursive) { + for (int i = 0; i < permittedDomains.size(); i++) { + DomainVO domain = _domainDao.findById(permittedDomains.get(i)); + sc.setJoinParameters("domainSearch", "path" + i, domain.getPath() + "%"); + } + } else { + sc.setParameters("domainIdIn", permittedDomains.toArray()); + } + } + } @Override public void buildACLViewSearchCriteria(SearchCriteria sc, SearchCriteria aclSc, boolean isRecursive, http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bae498c8/server/src/com/cloud/vm/snapshot/VMSnapshotManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/vm/snapshot/VMSnapshotManagerImpl.java b/server/src/com/cloud/vm/snapshot/VMSnapshotManagerImpl.java index 3e6d7f9..ca9f69a 100644 --- a/server/src/com/cloud/vm/snapshot/VMSnapshotManagerImpl.java +++ b/server/src/com/cloud/vm/snapshot/VMSnapshotManagerImpl.java @@ -27,14 +27,15 @@ import javax.ejb.Local; import javax.inject.Inject; import javax.naming.ConfigurationException; +import org.apache.log4j.Logger; +import org.springframework.stereotype.Component; + import org.apache.cloudstack.api.command.user.vmsnapshot.ListVMSnapshotCmd; import org.apache.cloudstack.context.CallContext; import org.apache.cloudstack.engine.subsystem.api.storage.StorageStrategyFactory; import org.apache.cloudstack.engine.subsystem.api.storage.VMSnapshotOptions; import org.apache.cloudstack.engine.subsystem.api.storage.VMSnapshotStrategy; import org.apache.cloudstack.framework.config.dao.ConfigurationDao; -import org.apache.log4j.Logger; -import org.springframework.stereotype.Component; import com.cloud.event.ActionEvent; import com.cloud.event.EventTypes; @@ -124,7 +125,9 @@ public class VMSnapshotManagerImpl extends ManagerBase implements VMSnapshotMana @Override public List listVMSnapshots(ListVMSnapshotCmd cmd) { Account caller = getCaller(); + List permittedDomains = new ArrayList(); List permittedAccounts = new ArrayList(); + List permittedResources = new ArrayList(); boolean listAll = cmd.listAll(); Long id = cmd.getId(); @@ -137,15 +140,14 @@ public class VMSnapshotManagerImpl extends ManagerBase implements VMSnapshotMana Ternary domainIdRecursiveListProject = new Ternary( cmd.getDomainId(), cmd.isRecursive(), null); - _accountMgr.buildACLSearchParameters(caller, id, cmd.getAccountName(), cmd.getProjectId(), permittedAccounts, domainIdRecursiveListProject, listAll, - false); - Long domainId = domainIdRecursiveListProject.first(); + _accountMgr.buildACLSearchParameters(caller, id, cmd.getAccountName(), cmd.getProjectId(), permittedDomains, permittedAccounts, permittedResources, + domainIdRecursiveListProject, listAll, false, "listVMSnapshot"); Boolean isRecursive = domainIdRecursiveListProject.second(); ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third(); Filter searchFilter = new Filter(VMSnapshotVO.class, "created", false, cmd.getStartIndex(), cmd.getPageSizeVal()); SearchBuilder sb = _vmSnapshotDao.createSearchBuilder(); - _accountMgr.buildACLSearchBuilder(sb, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria); + _accountMgr.buildACLSearchBuilder(sb, isRecursive, permittedDomains, permittedAccounts, permittedResources, listProjectResourcesCriteria); sb.and("vm_id", sb.entity().getVmId(), SearchCriteria.Op.EQ); sb.and("domain_id", sb.entity().getDomainId(), SearchCriteria.Op.EQ); @@ -157,7 +159,7 @@ public class VMSnapshotManagerImpl extends ManagerBase implements VMSnapshotMana sb.done(); SearchCriteria sc = sb.create(); - _accountMgr.buildACLSearchCriteria(sc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria); + _accountMgr.buildACLSearchCriteria(sc, isRecursive, permittedDomains, permittedAccounts, permittedResources, listProjectResourcesCriteria); if (accountName != null && cmd.getDomainId() != null) { Account account = _accountMgr.getActiveAccountByName(accountName, cmd.getDomainId()); @@ -168,8 +170,8 @@ public class VMSnapshotManagerImpl extends ManagerBase implements VMSnapshotMana sc.setParameters("vm_id", vmId); } - if (domainId != null) { - sc.setParameters("domain_id", domainId); + if (cmd.getDomainId() != null) { + sc.setParameters("domain_id", cmd.getDomainId()); } if (state == null) { http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bae498c8/server/src/org/apache/cloudstack/network/lb/ApplicationLoadBalancerManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/org/apache/cloudstack/network/lb/ApplicationLoadBalancerManagerImpl.java b/server/src/org/apache/cloudstack/network/lb/ApplicationLoadBalancerManagerImpl.java index b7cd231..49187b3 100644 --- a/server/src/org/apache/cloudstack/network/lb/ApplicationLoadBalancerManagerImpl.java +++ b/server/src/org/apache/cloudstack/network/lb/ApplicationLoadBalancerManagerImpl.java @@ -26,6 +26,7 @@ import javax.inject.Inject; import org.apache.log4j.Logger; import org.springframework.stereotype.Component; + import org.apache.cloudstack.acl.SecurityChecker.AccessType; import org.apache.cloudstack.api.command.user.loadbalancer.ListApplicationLoadBalancersCmd; import org.apache.cloudstack.context.CallContext; @@ -385,19 +386,20 @@ public class ApplicationLoadBalancerManagerImpl extends ManagerBase implements A Map tags = cmd.getTags(); Account caller = CallContext.current().getCallingAccount(); + List permittedDomains = new ArrayList(); List permittedAccounts = new ArrayList(); + List permittedResources = new ArrayList(); Ternary domainIdRecursiveListProject = new Ternary( cmd.getDomainId(), cmd.isRecursive(), null); - _accountMgr.buildACLSearchParameters(caller, id, cmd.getAccountName(), cmd.getProjectId(), permittedAccounts, - domainIdRecursiveListProject, cmd.listAll(), false); - Long domainId = domainIdRecursiveListProject.first(); + _accountMgr.buildACLSearchParameters(caller, id, cmd.getAccountName(), cmd.getProjectId(), permittedDomains, permittedAccounts, permittedResources, + domainIdRecursiveListProject, cmd.listAll(), false, "listLoadBalancers"); Boolean isRecursive = domainIdRecursiveListProject.second(); ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third(); Filter searchFilter = new Filter(ApplicationLoadBalancerRuleVO.class, "id", true, cmd.getStartIndex(), cmd.getPageSizeVal()); SearchBuilder sb = _lbDao.createSearchBuilder(); - _accountMgr.buildACLSearchBuilder(sb, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria); + _accountMgr.buildACLSearchBuilder(sb, isRecursive, permittedDomains, permittedAccounts, permittedResources, listProjectResourcesCriteria); sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ); sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ); @@ -424,7 +426,7 @@ public class ApplicationLoadBalancerManagerImpl extends ManagerBase implements A } SearchCriteria sc = sb.create(); - _accountMgr.buildACLSearchCriteria(sc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria); + _accountMgr.buildACLSearchCriteria(sc, isRecursive, permittedDomains, permittedAccounts, permittedResources, listProjectResourcesCriteria); if (keyword != null) { SearchCriteria ssc = _lbDao.createSearchCriteria(); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bae498c8/server/test/com/cloud/user/MockAccountManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/test/com/cloud/user/MockAccountManagerImpl.java b/server/test/com/cloud/user/MockAccountManagerImpl.java index 588ae74..271d9ae 100644 --- a/server/test/com/cloud/user/MockAccountManagerImpl.java +++ b/server/test/com/cloud/user/MockAccountManagerImpl.java @@ -260,24 +260,6 @@ public class MockAccountManagerImpl extends ManagerBase implements Manager, Acco return false; } - @Override - public void buildACLSearchBuilder(SearchBuilder sb, Long domainId, boolean isRecursive, List permittedAccounts, - ListProjectResourcesCriteria listProjectResourcesCriteria) { - // TODO Auto-generated method stub - - } - - @Override - public void buildACLSearchCriteria(SearchCriteria sc, Long domainId, boolean isRecursive, List permittedAccounts, - ListProjectResourcesCriteria listProjectResourcesCriteria) { - // TODO Auto-generated method stub - - } - - @Override - public void buildACLSearchParameters(Account caller, Long id, String accountName, Long projectId, List permittedAccounts, Ternary domainIdRecursiveListProject, boolean listAll, boolean forProjectInvitation) { - // TODO Auto-generated method stub - } /* (non-Javadoc) @@ -351,5 +333,18 @@ public class MockAccountManagerImpl extends ManagerBase implements Manager, Acco } + @Override + public void buildACLSearchBuilder(SearchBuilder sb, boolean isRecursive, List permittedDomains, List permittedAccounts, + List permittedResources, ListProjectResourcesCriteria listProjectResourcesCriteria) { + // TODO Auto-generated method stub + + } + + @Override + public void buildACLSearchCriteria(SearchCriteria sc, boolean isRecursive, List permittedDomains, List permittedAccounts, + List permittedResources, ListProjectResourcesCriteria listProjectResourcesCriteria) { + // TODO Auto-generated method stub + + } }