Return-Path: 
 <commits-return-40964-apmail-cloudstack-commits-archive=cloudstack.apache.org@cloudstack.apache.org>
X-Original-To: apmail-cloudstack-commits-archive@www.apache.org
Delivered-To: apmail-cloudstack-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 719EFFCA9
	for <apmail-cloudstack-commits-archive@www.apache.org>;
 Fri, 25 Apr 2014 20:27:09 +0000 (UTC)
Received: (qmail 42000 invoked by uid 500); 25 Apr 2014 20:26:55 -0000
Delivered-To: apmail-cloudstack-commits-archive@cloudstack.apache.org
Received: (qmail 41828 invoked by uid 500); 25 Apr 2014 20:26:50 -0000
Mailing-List: contact commits-help@cloudstack.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cloudstack.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cloudstack.apache.org>
List-Post: <mailto:commits@cloudstack.apache.org>
List-Id: <commits.cloudstack.apache.org>
Reply-To: dev@cloudstack.apache.org
Delivered-To: mailing list commits@cloudstack.apache.org
Received: (qmail 41572 invoked by uid 99); 25 Apr 2014 20:26:41 -0000
Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org)
 (140.211.11.114)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 25 Apr 2014 20:26:41 +0000
Received: by tyr.zones.apache.org (Postfix, from userid 65534)
	id 7284F95240A; Fri, 25 Apr 2014 20:26:41 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: dahn@apache.org
To: commits@cloudstack.apache.org
Date: Fri, 25 Apr 2014 20:26:43 -0000
Message-Id: <c0cf4b9856fb40eca87cdf4150b2a183@git.apache.org>
In-Reply-To: <8f801e1450644e408a6d04f1d7ba539a@git.apache.org>
References: <8f801e1450644e408a6d04f1d7ba539a@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [03/16] git commit: updated refs/heads/4.4 to 6b342ff

CLOUDSTACK-6501:IAM - DomainAdmin - When listVirtualMachines is used
with listall=true and account and domainId , Vms owned by the account
account is not listed.


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/2bba381a
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/2bba381a
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/2bba381a

Branch: refs/heads/4.4
Commit: 2bba381a631347cc53a3ce106dfd10a2eb137519
Parents: e811e61
Author: Min Chen <min.chen@citrix.com>
Authored: Thu Apr 24 18:13:59 2014 -0700
Committer: Daan Hoogland <daan@onecht.net>
Committed: Fri Apr 25 21:27:13 2014 +0200

----------------------------------------------------------------------
 server/src/com/cloud/user/AccountManagerImpl.java              | 6 +++++-
 .../apache/cloudstack/iam/RoleBasedEntityQuerySelector.java    | 4 ++--
 2 files changed, 7 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/2bba381a/server/src/com/cloud/user/AccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
index 37e4b43..227c611 100755
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -2283,7 +2283,11 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
 
                 if (accountId != null) {
                     // specific account filter is specified
-                    if (grantedAccounts.contains(accountId)) {
+                    if (grantedDomains.contains(domainId)) {
+                        // the account domain is granted to the caller
+                        permittedAccounts.add(accountId);
+                    }
+                    else if (grantedAccounts.contains(accountId)) {
                         permittedAccounts.add(accountId);
                     } else {
                         //TODO: we should also filter granted resources based on accountId passed.

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/2bba381a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
index 40c8549..b7c3d35 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
@@ -73,8 +73,8 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
                             domainId = p.getScopeId();
                             //domainIds.add(p.getScopeId());
                         }
-                        domainIds.add(domainId);
-                        // add all the domain children from this domain. Like RoleBasedEntityAccessChecker, we made an assumption, if DOMAIN scope is granted, it means that
+                        //domainIds.add(domainId);
+                        // add all the domain children from this domain (including this domain itself). Like RoleBasedEntityAccessChecker, we made an assumption, if DOMAIN scope is granted, it means that
                         // the whole domain tree is granted access.
                         DomainVO domain = _domainDao.findById(domainId);
                         List<Long> childDomains = _domainDao.getDomainChildrenIds(domain.getPath());