cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mc...@apache.org
Subject git commit: updated refs/heads/4.4 to c3a4a01
Date Sat, 19 Apr 2014 00:04:44 GMT
Repository: cloudstack
Updated Branches:
  refs/heads/4.4 4a518908a -> c3a4a0178


Fix listAccountsCmd logic to be consistent with new interpretation of
listAll, isRecursive and domainId parameters.


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/c3a4a017
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/c3a4a017
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/c3a4a017

Branch: refs/heads/4.4
Commit: c3a4a017817cd66fdd1ff63b02fc4cafe39cfae4
Parents: 4a51890
Author: Min Chen <min.chen@citrix.com>
Authored: Fri Apr 18 16:57:22 2014 -0700
Committer: Min Chen <min.chen@citrix.com>
Committed: Fri Apr 18 16:58:03 2014 -0700

----------------------------------------------------------------------
 .../com/cloud/api/query/QueryManagerImpl.java   | 101 +++++++------------
 1 file changed, 39 insertions(+), 62 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c3a4a017/server/src/com/cloud/api/query/QueryManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/QueryManagerImpl.java b/server/src/com/cloud/api/query/QueryManagerImpl.java
index 375bca0..4450be8 100644
--- a/server/src/com/cloud/api/query/QueryManagerImpl.java
+++ b/server/src/com/cloud/api/query/QueryManagerImpl.java
@@ -1834,52 +1834,19 @@ public class QueryManagerImpl extends ManagerBase implements QueryService
{
 
     private Pair<List<AccountJoinVO>, Integer> searchForAccountsInternal(ListAccountsCmd
cmd) {
         Account caller = CallContext.current().getCallingAccount();
-        Long domainId = cmd.getDomainId();
-        Long accountId = cmd.getId();
-        String accountName = cmd.getSearchName();
-        boolean isRecursive = cmd.isRecursive();
-        boolean listAll = cmd.listAll();
-        Boolean listForDomain = false;
-
-        if (accountId != null) {
-            Account account = _accountDao.findById(accountId);
-            if (account == null || account.getId() == Account.ACCOUNT_ID_SYSTEM) {
-                throw new InvalidParameterValueException("Unable to find account by id "
+ accountId);
-            }
-
-            _accountMgr.checkAccess(caller, null, account);
-        }
-
-        if (domainId != null) {
-            Domain domain = _domainDao.findById(domainId);
-            if (domain == null) {
-                throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't
exist");
-            }
-
-            _accountMgr.checkAccess(caller, domain);
-
-            if (accountName != null) {
-                Account account = _accountDao.findActiveAccount(accountName, domainId);
-                if (account == null || account.getId() == Account.ACCOUNT_ID_SYSTEM) {
-                    throw new InvalidParameterValueException("Unable to find account by name
" + accountName + " in domain " + domainId);
-                }
-                _accountMgr.checkAccess(caller, null, account);
-            }
-        }
+        List<Long> permittedDomains = new ArrayList<Long>();
+        List<Long> permittedAccounts = new ArrayList<Long>();
+        List<Long> permittedResources = new ArrayList<Long>();
 
-        if (accountId == null) {
-            if (_accountMgr.isAdmin(caller.getId()) && listAll && domainId
== null) {
-                listForDomain = true;
-                isRecursive = true;
-                if (domainId == null) {
-                    domainId = caller.getDomainId();
-                }
-            } else if (_accountMgr.isAdmin(caller.getId()) && domainId != null) {
-                listForDomain = true;
-            } else {
-                accountId = caller.getAccountId();
-            }
-        }
+        boolean listAll = cmd.listAll();
+        Long id = cmd.getId();
+        String accountName = cmd.getSearchName();
+        Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject
= new Ternary<Long, Boolean, ListProjectResourcesCriteria>(
+                cmd.getDomainId(), cmd.isRecursive(), null);
+        // ListAccountsCmd is not BaseListAccountResourcesCmd, so no (domainId, accountName)
combination
+        _accountMgr.buildACLSearchParameters(caller, id, null, null, permittedDomains, permittedAccounts,
permittedResources,
+                domainIdRecursiveListProject, listAll, false, "listAccounts");
+        Boolean isRecursive = domainIdRecursiveListProject.second();
 
         Filter searchFilter = new Filter(AccountJoinVO.class, "id", true, cmd.getStartIndex(),
cmd.getPageSizeVal());
 
@@ -1890,7 +1857,6 @@ public class QueryManagerImpl extends ManagerBase implements QueryService
{
 
         SearchBuilder<AccountJoinVO> sb = _accountJoinDao.createSearchBuilder();
         sb.and("accountName", sb.entity().getAccountName(), SearchCriteria.Op.EQ);
-        sb.and("domainId", sb.entity().getDomainId(), SearchCriteria.Op.EQ);
         sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
         sb.and("type", sb.entity().getType(), SearchCriteria.Op.EQ);
         sb.and("state", sb.entity().getState(), SearchCriteria.Op.EQ);
@@ -1898,11 +1864,31 @@ public class QueryManagerImpl extends ManagerBase implements QueryService
{
         sb.and("typeNEQ", sb.entity().getType(), SearchCriteria.Op.NEQ);
         sb.and("idNEQ", sb.entity().getId(), SearchCriteria.Op.NEQ);
 
-        if (listForDomain && isRecursive) {
-            sb.and("path", sb.entity().getDomainPath(), SearchCriteria.Op.LIKE);
-        }
-
         SearchCriteria<AccountJoinVO> sc = sb.create();
+        SearchCriteria<AccountJoinVO> aclSc = _accountJoinDao.createSearchCriteria();
+        // building ACL search criteria. Here we cannot use the common accountMgr.buildACLViewSearchCriteria
because
+        // 1) AccountJoinVO does not have accountId field, permittedAccounts correspond to
list of resource ids.
+        // 2) AccountJoinVO use type not accountType field to indicate its type
+        if (!permittedDomains.isEmpty() || !permittedAccounts.isEmpty() || !permittedResources.isEmpty())
{
+            if (!permittedDomains.isEmpty()) {
+                if (isRecursive) {
+                    for (int i = 0; i < permittedDomains.size(); i++) {
+                        Domain domain = _domainDao.findById(permittedDomains.get(i));
+                        aclSc.addOr("domainPath", SearchCriteria.Op.LIKE, domain.getPath()
+ "%");
+                    }
+                } else {
+                    aclSc.addOr("domainId", SearchCriteria.Op.IN, permittedDomains.toArray());
+                }
+            }
+            if (!permittedAccounts.isEmpty()) {
+                aclSc.addOr("id", SearchCriteria.Op.IN, permittedAccounts.toArray());
+            }
+            if (!permittedResources.isEmpty()) {
+                aclSc.addOr("id", SearchCriteria.Op.IN, permittedResources.toArray());
+            }
+
+            sc.addAnd("id", SearchCriteria.Op.SC, aclSc);
+        }
 
         sc.setParameters("idNEQ", Account.ACCOUNT_ID_SYSTEM);
 
@@ -1930,19 +1916,10 @@ public class QueryManagerImpl extends ManagerBase implements QueryService
{
         }
 
         // don't return account of type project to the end user
-        sc.setParameters("typeNEQ", 5);
+        sc.setParameters("typeNEQ", Account.ACCOUNT_TYPE_PROJECT);
 
-        if (accountId != null) {
-            sc.setParameters("id", accountId);
-        }
-
-        if (listForDomain) {
-            if (isRecursive) {
-                Domain domain = _domainDao.findById(domainId);
-                sc.setParameters("path", domain.getPath() + "%");
-            } else {
-                sc.setParameters("domainId", domainId);
-            }
+        if (id != null) {
+            sc.setParameters("id", id);
         }
 
         return _accountJoinDao.searchAndCount(sc, searchFilter);


Mime
View raw message