cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mc...@apache.org
Subject git commit: updated refs/heads/4.4-forward to 356f612
Date Wed, 21 May 2014 23:26:42 GMT
Repository: cloudstack
Updated Branches:
  refs/heads/4.4-forward e3bb8b98b -> 356f6121a


CLOUDSTACK-6742: listVolumes - As regularuser , able to list Vms and
volumes of other users.


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/356f6121
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/356f6121
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/356f6121

Branch: refs/heads/4.4-forward
Commit: 356f6121a78d147d72136044c90472234f667730
Parents: e3bb8b9
Author: Min Chen <min.chen@citrix.com>
Authored: Wed May 21 16:25:27 2014 -0700
Committer: Min Chen <min.chen@citrix.com>
Committed: Wed May 21 16:26:20 2014 -0700

----------------------------------------------------------------------
 .../contrail/management/MockAccountManager.java |  31 ---
 .../com/cloud/api/query/QueryManagerImpl.java   |  36 ++-
 server/src/com/cloud/user/AccountManager.java   |  17 --
 .../src/com/cloud/user/AccountManagerImpl.java  | 267 -------------------
 .../com/cloud/user/MockAccountManagerImpl.java  |  30 ---
 5 files changed, 17 insertions(+), 364 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/356f6121/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java
b/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java
index 1a29f9c..4136b5c 100644
--- a/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java
+++ b/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java
@@ -199,24 +199,6 @@ public class MockAccountManager extends ManagerBase implements AccountManager
{
         return false;
     }
 
-
-    @Override
-    public void buildACLSearchParameters(Account caller, Long id, String accountName, Long
projectId, List<Long> permittedDomains, List<Long> permittedAccounts,
-            List<Long> permittedResources, Ternary<Long, Boolean, ListProjectResourcesCriteria>
domainIdRecursiveListProject, boolean listAll, boolean forProjectInvitation,
-            String action) {
-        // TODO Auto-generated method stub
-
-    }
-
-
-
-    @Override
-    public void buildACLViewSearchCriteria(SearchCriteria<? extends ControlledEntity>
sc, SearchCriteria<? extends ControlledEntity> aclSc, boolean isRecursive,
-            List<Long> permittedDomains, List<Long> permittedAccounts, List<Long>
permittedResources, ListProjectResourcesCriteria listProjectResourcesCriteria) {
-        // TODO Auto-generated method stub
-
-    }
-
     @Override
     public List<String> listAclGroupsByAccount(Long accountId) {
         // TODO Auto-generated method stub
@@ -274,12 +256,6 @@ public class MockAccountManager extends ManagerBase implements AccountManager
{
     }
 
     @Override
-    public void buildACLViewSearchBuilder(SearchBuilder<? extends ControlledViewEntity>
sb, Long domainId, boolean isRecursive, List<Long> permittedAccounts,
-            ListProjectResourcesCriteria listProjectResourcesCriteria, List<Long> grantedIds,
List<Long> revokedIds) {
-        // TODO Auto-generated method stub
-    }
-
-    @Override
     public void buildACLViewSearchCriteria(SearchCriteria<? extends ControlledViewEntity>
sc, Long domainId, boolean isRecursive, List<Long> permittedAccounts,
             ListProjectResourcesCriteria listProjectResourcesCriteria) {
         // TODO Auto-generated method stub
@@ -287,13 +263,6 @@ public class MockAccountManager extends ManagerBase implements AccountManager
{
     }
 
     @Override
-    public void buildACLViewSearchCriteria(SearchCriteria<? extends ControlledEntity>
sc, Long domainId, boolean isRecursive, List<Long> permittedAccounts,
-            ListProjectResourcesCriteria listProjectResourcesCriteria, List<Long> grantedIds,
List<Long> revokedIds) {
-        // TODO Auto-generated method stub
-
-    }
-
-    @Override
     public Long checkAccessAndSpecifyAuthority(Account arg0, Long arg1) {
         // TODO Auto-generated method stub
         return null;

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/356f6121/server/src/com/cloud/api/query/QueryManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/QueryManagerImpl.java b/server/src/com/cloud/api/query/QueryManagerImpl.java
index e675e83..3ce2b66 100644
--- a/server/src/com/cloud/api/query/QueryManagerImpl.java
+++ b/server/src/com/cloud/api/query/QueryManagerImpl.java
@@ -734,9 +734,7 @@ public class QueryManagerImpl extends ManagerBase implements QueryService
{
 
     private Pair<List<UserVmJoinVO>, Integer> searchForUserVMsInternal(ListVMsCmd
cmd) {
         Account caller = CallContext.current().getCallingAccount();
-        List<Long> permittedDomains = new ArrayList<Long>();
         List<Long> permittedAccounts = new ArrayList<Long>();
-        List<Long> permittedResources = new ArrayList<Long>();
 
         boolean listAll = cmd.listAll();
         Long id = cmd.getId();
@@ -744,9 +742,9 @@ public class QueryManagerImpl extends ManagerBase implements QueryService
{
         Boolean display = cmd.getDisplay();
         Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject
= new Ternary<Long, Boolean, ListProjectResourcesCriteria>(
                 cmd.getDomainId(), cmd.isRecursive(), null);
-        _accountMgr.buildACLSearchParameters(caller, id, cmd.getAccountName(), cmd.getProjectId(),
permittedDomains, permittedAccounts, permittedResources,
-                domainIdRecursiveListProject, listAll, false, "listVirtualMachines");
-        //Long domainId = domainIdRecursiveListProject.first();
+        _accountMgr.buildACLSearchParameters(caller, id, cmd.getAccountName(), cmd.getProjectId(),
permittedAccounts,
+                domainIdRecursiveListProject, listAll, false);
+        Long domainId = domainIdRecursiveListProject.first();
         Boolean isRecursive = domainIdRecursiveListProject.second();
         ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third();
 
@@ -768,6 +766,9 @@ public class QueryManagerImpl extends ManagerBase implements QueryService
{
         SearchBuilder<UserVmJoinVO> sb = _userVmJoinDao.createSearchBuilder();
         sb.select(null, Func.DISTINCT, sb.entity().getId()); // select distinct ids
 
+        _accountMgr.buildACLViewSearchBuilder(sb, domainId, isRecursive, permittedAccounts,
+                listProjectResourcesCriteria);
+
         String hypervisor = cmd.getHypervisor();
         Object name = cmd.getName();
         Object state = cmd.getState();
@@ -849,11 +850,10 @@ public class QueryManagerImpl extends ManagerBase implements QueryService
{
 
         // populate the search criteria with the values passed in
         SearchCriteria<UserVmJoinVO> sc = sb.create();
-        SearchCriteria<UserVmJoinVO> aclSc = _userVmJoinDao.createSearchCriteria();
-
-        // building ACL search criteria
-        _accountMgr.buildACLViewSearchCriteria(sc, aclSc, isRecursive, permittedDomains,
permittedAccounts, permittedResources, listProjectResourcesCriteria);
 
+        // building ACL condition
+        _accountMgr.buildACLViewSearchCriteria(sc, domainId, isRecursive, permittedAccounts,
+                listProjectResourcesCriteria);
 
         if (tags != null && !tags.isEmpty()) {
             SearchCriteria<UserVmJoinVO> tagSc = _userVmJoinDao.createSearchCriteria();
@@ -1663,9 +1663,7 @@ public class QueryManagerImpl extends ManagerBase implements QueryService
{
     private Pair<List<VolumeJoinVO>, Integer> searchForVolumesInternal(ListVolumesCmd
cmd) {
 
         Account caller = CallContext.current().getCallingAccount();
-        List<Long> permittedDomains = new ArrayList<Long>();
         List<Long> permittedAccounts = new ArrayList<Long>();
-        List<Long> permittedResources = new ArrayList<Long>();
 
         Long id = cmd.getId();
         Long vmInstanceId = cmd.getVirtualMachineId();
@@ -1682,9 +1680,9 @@ public class QueryManagerImpl extends ManagerBase implements QueryService
{
 
         Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject
= new Ternary<Long, Boolean, ListProjectResourcesCriteria>(
                 cmd.getDomainId(), cmd.isRecursive(), null);
-        _accountMgr.buildACLSearchParameters(caller, id, cmd.getAccountName(), cmd.getProjectId(),
permittedDomains, permittedAccounts, permittedResources,
-                domainIdRecursiveListProject, cmd.listAll(), false, "listVolumes");
-//        Long domainId = domainIdRecursiveListProject.first();
+        _accountMgr.buildACLSearchParameters(caller, id, cmd.getAccountName(), cmd.getProjectId(),
permittedAccounts,
+                domainIdRecursiveListProject, cmd.listAll(), false);
+        Long domainId = domainIdRecursiveListProject.first();
         Boolean isRecursive = domainIdRecursiveListProject.second();
         ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third();
         Filter searchFilter = new Filter(VolumeJoinVO.class, "created", false, cmd.getStartIndex(),
cmd.getPageSizeVal());
@@ -1698,6 +1696,8 @@ public class QueryManagerImpl extends ManagerBase implements QueryService
{
         // number of
         // records with
         // pagination
+        _accountMgr.buildACLViewSearchBuilder(sb, domainId, isRecursive, permittedAccounts,
+                listProjectResourcesCriteria);
 
         sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ);
         sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
@@ -1721,10 +1721,8 @@ public class QueryManagerImpl extends ManagerBase implements QueryService
{
 
         // now set the SC criteria...
         SearchCriteria<VolumeJoinVO> sc = sb.create();
-        SearchCriteria<VolumeJoinVO> aclSc = _volumeJoinDao.createSearchCriteria();
-
-        // building ACL search criteria
-        _accountMgr.buildACLViewSearchCriteria(sc, aclSc, isRecursive, permittedDomains,
permittedAccounts, permittedResources, listProjectResourcesCriteria);
+        _accountMgr.buildACLViewSearchCriteria(sc, domainId, isRecursive, permittedAccounts,
+                listProjectResourcesCriteria);
 
         if (keyword != null) {
             SearchCriteria<VolumeJoinVO> ssc = _volumeJoinDao.createSearchCriteria();
@@ -1739,7 +1737,7 @@ public class QueryManagerImpl extends ManagerBase implements QueryService
{
         }
 
         if (display != null) {
-            sc.setParameters("display", display);
+            sc.setParameters("displayVolume", display);
         }
 
         sc.setParameters("systemUse", 1);

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/356f6121/server/src/com/cloud/user/AccountManager.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/user/AccountManager.java b/server/src/com/cloud/user/AccountManager.java
index bee7029..194c5d2 100755
--- a/server/src/com/cloud/user/AccountManager.java
+++ b/server/src/com/cloud/user/AccountManager.java
@@ -91,9 +91,6 @@ public interface AccountManager extends AccountService {
     void buildACLViewSearchBuilder(SearchBuilder<? extends ControlledViewEntity> sb,
Long domainId,
             boolean isRecursive, List<Long> permittedAccounts, ListProjectResourcesCriteria
listProjectResourcesCriteria);
 
-    void buildACLViewSearchBuilder(SearchBuilder<? extends ControlledViewEntity> sb,
Long domainId,
-            boolean isRecursive, List<Long> permittedAccounts, ListProjectResourcesCriteria
listProjectResourcesCriteria, List<Long> grantedIds, List<Long> revokedIds);
-
     void buildACLSearchCriteria(SearchCriteria<? extends ControlledEntity> sc,
             Long domainId, boolean isRecursive, List<Long> permittedAccounts, ListProjectResourcesCriteria
listProjectResourcesCriteria);
 
@@ -104,20 +101,6 @@ public interface AccountManager extends AccountService {
     void buildACLViewSearchCriteria(SearchCriteria<? extends ControlledViewEntity>
sc,
             Long domainId, boolean isRecursive, List<Long> permittedAccounts, ListProjectResourcesCriteria
listProjectResourcesCriteria);
 
-    void buildACLViewSearchCriteria(SearchCriteria<? extends ControlledEntity> sc,
-            Long domainId, boolean isRecursive, List<Long> permittedAccounts, ListProjectResourcesCriteria
listProjectResourcesCriteria, List<Long> grantedIds,
-            List<Long> revokedIds);
-
-
-    // new ACL model routine for query api based on db views
-    void buildACLSearchParameters(Account caller, Long id,
-            String accountName, Long projectId, List<Long> permittedDomains, List<Long>
permittedAccounts, List<Long> permittedResources,
-            Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject,
boolean listAll, boolean forProjectInvitation, String action);
-
-    void buildACLViewSearchCriteria(SearchCriteria<? extends ControlledEntity> sc,
SearchCriteria<? extends ControlledEntity> aclSc, boolean isRecursive,
-            List<Long> permittedDomains, List<Long> permittedAccounts,
-            List<Long> permittedResources, ListProjectResourcesCriteria listProjectResourcesCriteria);
-
 
     /**
      * Deletes a user by userId

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/356f6121/server/src/com/cloud/user/AccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
index b6be648..decbedf 100755
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -2546,57 +2546,6 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager,
M
 
     }
 
-    @Override
-    public void buildACLViewSearchBuilder(SearchBuilder<? extends ControlledViewEntity>
sb, Long domainId, boolean isRecursive, List<Long> permittedAccounts,
-            ListProjectResourcesCriteria listProjectResourcesCriteria, List<Long> grantedIds,
List<Long> revokedIds) {
-
-        if (!revokedIds.isEmpty()) {
-            sb.and("idNIN", sb.entity().getId(), SearchCriteria.Op.NIN);
-        }
-        if (permittedAccounts.isEmpty() && domainId == null && listProjectResourcesCriteria
== null) {
-            // caller role authorize him to access everything matching query criteria
-            return;
-
-        }
-        boolean hasOp = true;
-        if (!permittedAccounts.isEmpty()) {
-            sb.and().op("accountIdIN", sb.entity().getAccountId(), SearchCriteria.Op.IN);
-        } else if (domainId != null) {
-            if (isRecursive) {
-                // if accountId isn't specified, we can do a domain match for the
-                // admin case if isRecursive is true
-                sb.and().op("domainPath", sb.entity().getDomainPath(), SearchCriteria.Op.LIKE);
-            } else {
-                sb.and().op("domainId", sb.entity().getDomainId(), SearchCriteria.Op.EQ);
-            }
-        } else {
-            hasOp = false;
-        }
-
-
-        if (listProjectResourcesCriteria != null) {
-            if (hasOp) {
-                if (listProjectResourcesCriteria == Project.ListProjectResourcesCriteria.ListProjectResourcesOnly)
{
-                    sb.and("accountType", sb.entity().getAccountType(), SearchCriteria.Op.EQ);
-                } else if (listProjectResourcesCriteria == Project.ListProjectResourcesCriteria.SkipProjectResources)
{
-                    sb.and("accountType", sb.entity().getAccountType(), SearchCriteria.Op.NEQ);
-                }
-            } else {
-                if (listProjectResourcesCriteria == Project.ListProjectResourcesCriteria.ListProjectResourcesOnly)
{
-                    sb.and().op("accountType", sb.entity().getAccountType(), SearchCriteria.Op.EQ);
-                } else if (listProjectResourcesCriteria == Project.ListProjectResourcesCriteria.SkipProjectResources)
{
-                    sb.and().op("accountType", sb.entity().getAccountType(), SearchCriteria.Op.NEQ);
-                }
-            }
-        }
-
-        if (!grantedIds.isEmpty()) {
-            sb.or("idIN", sb.entity().getId(), SearchCriteria.Op.IN);
-        }
-        sb.cp();
-
-
-    }
 
     @Override
     public void buildACLViewSearchCriteria(SearchCriteria<? extends ControlledViewEntity>
sc,
@@ -2618,32 +2567,6 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager,
M
 
     }
 
-    @Override
-    public void buildACLViewSearchCriteria(SearchCriteria<? extends ControlledEntity>
sc, Long domainId, boolean isRecursive, List<Long> permittedAccounts,
-            ListProjectResourcesCriteria listProjectResourcesCriteria, List<Long> grantedIds,
List<Long> revokedIds) {
-        if (!revokedIds.isEmpty()) {
-            sc.setParameters("idNIN", revokedIds.toArray());
-        }
-
-        if (listProjectResourcesCriteria != null) {
-            sc.setParameters("accountType", Account.ACCOUNT_TYPE_PROJECT);
-        }
-
-        if (!permittedAccounts.isEmpty()) {
-            sc.setParameters("accountIdIN", permittedAccounts.toArray());
-        } else if (domainId != null) {
-            DomainVO domain = _domainDao.findById(domainId);
-            if (isRecursive) {
-                sc.setParameters("domainPath", domain.getPath() + "%");
-            } else {
-                sc.setParameters("domainId", domainId);
-            }
-        }
-
-        if (!grantedIds.isEmpty()) {
-            sc.setParameters("idIN", grantedIds.toArray());
-        }
-    }
 
     @Override
     public UserAccount getUserByApiKey(String apiKey) {
@@ -2652,196 +2575,6 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager,
M
 
 
     @Override
-    public void buildACLSearchParameters(Account caller, Long id, String accountName, Long
projectId, List<Long> permittedDomains, List<Long> permittedAccounts,
-            List<Long> permittedResources, Ternary<Long, Boolean, ListProjectResourcesCriteria>
domainIdRecursiveListProject, boolean listAll, boolean forProjectInvitation,
-            String action) {
-
-        Long domainId = domainIdRecursiveListProject.first();
-        Long accountId = null;
-        if (id == null) {
-            // if id is specified, it will ignore all other parameters
-            if (domainId != null) {
-                // look for entity in the given domain
-                Domain domain = _domainDao.findById(domainId);
-                if (domain == null) {
-                    throw new InvalidParameterValueException("Unable to find domain by id
" + domainId);
-                }
-                // check permissions
-                checkAccess(caller, domain);
-            }
-
-            // specific account is specified, we need to filter contents to only show contents
owned by that account.
-            if (accountName != null) {
-                if (projectId != null) {
-                    throw new InvalidParameterValueException("Account and projectId can't
be specified together");
-                }
-
-                Account userAccount = null;
-                Domain domain = null;
-                if (domainId != null) {
-                    userAccount = _accountDao.findActiveAccount(accountName, domainId);
-                    domain = _domainDao.findById(domainId);
-                } else {
-                    userAccount = _accountDao.findActiveAccount(accountName, caller.getDomainId());
-                    domain = _domainDao.findById(caller.getDomainId());
-                }
-
-                if (userAccount != null) {
-                    //check permissions
-                    checkAccess(caller, null, false, userAccount);
-                    permittedAccounts.add(userAccount.getId());
-                } else {
-                    throw new InvalidParameterValueException("could not find account " +
accountName + " in domain " + domain.getUuid());
-                }
-            }
-        }
-
-        // set project information
-        if (projectId != null) {
-            if (!forProjectInvitation) {
-                if (projectId.longValue() == -1) {
-                    if (isNormalUser(caller.getId())) {
-                        permittedAccounts.addAll(_projectMgr.listPermittedProjectAccounts(caller.getId()));
-                    } else {
-                        domainIdRecursiveListProject.third(Project.ListProjectResourcesCriteria.ListProjectResourcesOnly);
-                    }
-                } else {
-                    Project project = _projectMgr.getProject(projectId);
-                    if (project == null) {
-                        throw new InvalidParameterValueException("Unable to find project
by id " + projectId);
-                    }
-                    if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId()))
{
-                        throw new PermissionDeniedException("Account " + caller + " can't
access project id=" + projectId);
-                    }
-                    permittedAccounts.add(project.getProjectAccountId());
-                }
-            }
-        } else {
-            AccessType accessType = AccessType.UseEntry;
-            if (listAll || id != null) {
-                // listAll = true or id given should show all resources that owner has ListEntry
access type.
-                accessType = AccessType.ListEntry;
-            }
-            domainIdRecursiveListProject.third(Project.ListProjectResourcesCriteria.SkipProjectResources);
-
-            // search for policy permissions associated with caller to get all his authorized
domains, accounts, and resources
-            // Assumption: if a domain is in grantedDomains, then all the accounts under
this domain will not be returned in "grantedAccounts". Similarly, if an account
-            // is in grantedAccounts, then all the resources owned by this account will not
be returned in "grantedResources".
-            // assume that there is only one query selector adapter
-            if (_querySelectors == null || _querySelectors.size() == 0)
-                return; // no futher filtering
-
-            QuerySelector qs = _querySelectors.get(0);
-            boolean grantedAll = qs.isGrantedAll(caller, action, accessType);
-
-            if ( grantedAll ){
-                if (accountId != null) {
-                    permittedAccounts.add(accountId);
-                    domainIdRecursiveListProject.second(false);  // isRecursive is only valid
if only domainId is passed.
-                } else if (domainId != null) {
-                    permittedDomains.add(domainId);
-                } else {
-                    domainIdRecursiveListProject.second(false);  // isRecursive is only valid
if only domainId is passed.
-                }
-            }
-            else {
-                List<Long> grantedDomains = qs.getAuthorizedDomains(caller, action,
accessType);
-                List<Long> grantedAccounts = qs.getAuthorizedAccounts(caller, action,
accessType);
-                List<Long> grantedResources = qs.getAuthorizedResources(caller, action,
accessType);
-
-                if (accountId != null) {
-                    // specific account filter is specified
-                    if (grantedDomains.contains(domainId)) {
-                        // the account domain is granted to the caller
-                        permittedAccounts.add(accountId);
-                    }
-                    else if (grantedAccounts.contains(accountId)) {
-                        permittedAccounts.add(accountId);
-                    } else {
-                        //TODO: we should also filter granted resources based on accountId
passed.
-                        // potential bug, if accountId is passed, it may show some granted
resources that may not be owned by that account.
-                        // to fix this, we need to change the interface to also pass ControlledEntity
class to use EntityManager to find
-                        // ControlledEntity instance to check accountId. But this has some
issues for those non controlled entities,
-                        // like NetworkACLItem
-                        permittedResources.addAll(grantedResources);
-                    }
-                    domainIdRecursiveListProject.second(false);  // isRecursive is only valid
if only domainId is passed.
-                } else if (domainId != null) {
-                    // specific domain and no account is specified
-                    if (grantedDomains.contains(domainId)) {
-                        permittedDomains.add(domainId);
-                    } else {
-                        for (Long acctId : grantedAccounts) {
-                            Account acct = _accountDao.findById(acctId);
-                            if (acct != null && acct.getDomainId() == domainId) {
-                                permittedAccounts.add(acctId);
-                            }
-                        }
-                        //TODO: we should also filter granted resources based on domainId
passed.
-                        // potential bug, if domainId is passed, it may show some granted
resources that may not be in that domain.
-                        // to fix this, we need to change the interface to also pass ControlledEntity
class to use EntityManager to find
-                        // ControlledEntity instance to check domainId. But this has some
issues for those non controlled entities,
-                        // like NetworkACLItem
-                        permittedResources.addAll(grantedResources);
-                    }
-                } else {
-                    // neither domain nor account is not specified
-                    permittedDomains.addAll(grantedDomains);
-                    permittedAccounts.addAll(grantedAccounts);
-                    permittedResources.addAll(grantedResources);
-                    domainIdRecursiveListProject.second(false);  // isRecursive is only valid
if only domainId is passed.
-                }
-
-                if (permittedDomains.isEmpty() && permittedAccounts.isEmpty() &&
permittedResources.isEmpty()) {
-                    // if at this point, all permitted arrays are empty, that means that
caller cannot see anything, we put -1 in permittedAccounts
-                    // to distinguish this case from the case that caller can see everything
-                    permittedAccounts.add(-1L);
-
-                }
-            }
-        }
-    }
-
-    @Override
-    public void buildACLViewSearchCriteria(SearchCriteria<? extends ControlledEntity>
sc, SearchCriteria<? extends ControlledEntity> aclSc, boolean isRecursive,
-            List<Long> permittedDomains,
-            List<Long> permittedAccounts, List<Long> permittedResources, ListProjectResourcesCriteria
listProjectResourcesCriteria) {
-
-        if (listProjectResourcesCriteria != null) {
-            // add criteria for project or not
-            if (listProjectResourcesCriteria == ListProjectResourcesCriteria.SkipProjectResources)
{
-                sc.addAnd("accountType", SearchCriteria.Op.NEQ, Account.ACCOUNT_TYPE_PROJECT);
-            } else if (listProjectResourcesCriteria == ListProjectResourcesCriteria.ListProjectResourcesOnly)
{
-                sc.addAnd("accountType", SearchCriteria.Op.EQ, Account.ACCOUNT_TYPE_PROJECT);
-            }
-        }
-
-        if (permittedDomains.isEmpty() && permittedAccounts.isEmpty() &&
permittedResources.isEmpty())
-            // can access everything
-            return;
-
-        // Note that this may have limitations on number of permitted domains, accounts,
or resource ids are allowed due to sql package size limitation
-        if (!permittedDomains.isEmpty()) {
-            if (isRecursive) {
-                for (int i = 0; i < permittedDomains.size(); i++) {
-                    Domain domain = _domainDao.findById(permittedDomains.get(i));
-                    aclSc.addOr("domainPath", SearchCriteria.Op.LIKE, domain.getPath() +
"%");
-                }
-            } else {
-                aclSc.addOr("domainId", SearchCriteria.Op.IN, permittedDomains.toArray());
-            }
-        }
-        if (!permittedAccounts.isEmpty()) {
-            aclSc.addOr("accountId", SearchCriteria.Op.IN, permittedAccounts.toArray());
-        }
-        if (!permittedResources.isEmpty()) {
-            aclSc.addOr("id", SearchCriteria.Op.IN, permittedResources.toArray());
-        }
-
-        sc.addAnd("accountId", SearchCriteria.Op.SC, aclSc);
-    }
-
-    @Override
     public List<String> listAclGroupsByAccount(Long accountId) {
         if (_querySelectors == null || _querySelectors.size() == 0)
             return new ArrayList<String>();

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/356f6121/server/test/com/cloud/user/MockAccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/test/com/cloud/user/MockAccountManagerImpl.java b/server/test/com/cloud/user/MockAccountManagerImpl.java
index cc8fbac..746fa1b 100644
--- a/server/test/com/cloud/user/MockAccountManagerImpl.java
+++ b/server/test/com/cloud/user/MockAccountManagerImpl.java
@@ -283,25 +283,11 @@ public class MockAccountManagerImpl extends ManagerBase implements Manager,
Acco
     }
 
     @Override
-    public void buildACLViewSearchBuilder(SearchBuilder<? extends ControlledViewEntity>
sb, Long domainId, boolean isRecursive, List<Long> permittedAccounts,
-            ListProjectResourcesCriteria listProjectResourcesCriteria, List<Long> grantedIds,
List<Long> revokedIds) {
-        // TODO Auto-generated method stub
-
-    }
-
-    @Override
     public void buildACLViewSearchCriteria(SearchCriteria<? extends ControlledViewEntity>
sc, Long domainId,
             boolean isRecursive, List<Long> permittedAccounts, ListProjectResourcesCriteria
listProjectResourcesCriteria) {
         // TODO Auto-generated method stub
     }
 
-    @Override
-    public void buildACLViewSearchCriteria(SearchCriteria<? extends ControlledEntity>
sc, Long domainId, boolean isRecursive, List<Long> permittedAccounts,
-            ListProjectResourcesCriteria listProjectResourcesCriteria, List<Long> grantedIds,
List<Long> revokedIds) {
-        // TODO Auto-generated method stub
-
-    }
-
     /* (non-Javadoc)
      * @see com.cloud.user.AccountService#getUserByApiKey(java.lang.String)
      */
@@ -355,22 +341,6 @@ public class MockAccountManagerImpl extends ManagerBase implements Manager,
Acco
     }
 
     @Override
-    public void buildACLSearchParameters(Account caller, Long id, String accountName, Long
projectId, List<Long> permittedDomains, List<Long> permittedAccounts,
-            List<Long> permittedResources, Ternary<Long, Boolean, ListProjectResourcesCriteria>
domainIdRecursiveListProject, boolean listAll, boolean forProjectInvitation,
-            String action) {
-        // TODO Auto-generated method stub
-
-    }
-
-    @Override
-    public void buildACLViewSearchCriteria(SearchCriteria<? extends ControlledEntity>
sc, SearchCriteria<? extends ControlledEntity> aclSc, boolean isRecursive,
-            List<Long> permittedDomains, List<Long> permittedAccounts, List<Long>
permittedResources, ListProjectResourcesCriteria listProjectResourcesCriteria) {
-        // TODO Auto-generated method stub
-
-    }
-
-
-    @Override
     public List<String> listAclGroupsByAccount(Long accountId) {
         // TODO Auto-generated method stub
         return null;


Mime
View raw message