cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mc...@apache.org
Subject [1/2] git commit: updated refs/heads/4.4-forward to 4f2a20f
Date Fri, 25 Apr 2014 01:22:05 GMT
Repository: cloudstack
Updated Branches:
  refs/heads/4.4-forward b8a1cbe81 -> 4f2a20f7b


CLOUDSTACK-6501:IAM - DomainAdmin - When listVirtualMachines is used
with listall=true and account and domainId , Vms owned by the account
account is not listed.


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/5728ed33
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/5728ed33
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/5728ed33

Branch: refs/heads/4.4-forward
Commit: 5728ed33e9dd09d0d3ac42b5d82da42b37641519
Parents: b8a1cbe
Author: Min Chen <min.chen@citrix.com>
Authored: Thu Apr 24 18:13:59 2014 -0700
Committer: Min Chen <min.chen@citrix.com>
Committed: Thu Apr 24 18:14:25 2014 -0700

----------------------------------------------------------------------
 server/src/com/cloud/user/AccountManagerImpl.java              | 6 +++++-
 .../apache/cloudstack/iam/RoleBasedEntityQuerySelector.java    | 4 ++--
 2 files changed, 7 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5728ed33/server/src/com/cloud/user/AccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
index 37e4b43..227c611 100755
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -2283,7 +2283,11 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager,
M
 
                 if (accountId != null) {
                     // specific account filter is specified
-                    if (grantedAccounts.contains(accountId)) {
+                    if (grantedDomains.contains(domainId)) {
+                        // the account domain is granted to the caller
+                        permittedAccounts.add(accountId);
+                    }
+                    else if (grantedAccounts.contains(accountId)) {
                         permittedAccounts.add(accountId);
                     } else {
                         //TODO: we should also filter granted resources based on accountId
passed.

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5728ed33/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
index 40c8549..b7c3d35 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
@@ -73,8 +73,8 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements
QuerySe
                             domainId = p.getScopeId();
                             //domainIds.add(p.getScopeId());
                         }
-                        domainIds.add(domainId);
-                        // add all the domain children from this domain. Like RoleBasedEntityAccessChecker,
we made an assumption, if DOMAIN scope is granted, it means that
+                        //domainIds.add(domainId);
+                        // add all the domain children from this domain (including this domain
itself). Like RoleBasedEntityAccessChecker, we made an assumption, if DOMAIN scope is granted,
it means that
                         // the whole domain tree is granted access.
                         DomainVO domain = _domainDao.findById(domainId);
                         List<Long> childDomains = _domainDao.getDomainChildrenIds(domain.getPath());


Mime
View raw message