Return-Path: X-Original-To: apmail-cloudstack-commits-archive@www.apache.org Delivered-To: apmail-cloudstack-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E6A3C18A37 for ; Sun, 26 Jul 2015 14:41:20 +0000 (UTC) Received: (qmail 87708 invoked by uid 500); 26 Jul 2015 14:41:20 -0000 Delivered-To: apmail-cloudstack-commits-archive@cloudstack.apache.org Received: (qmail 87594 invoked by uid 500); 26 Jul 2015 14:41:20 -0000 Mailing-List: contact commits-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list commits@cloudstack.apache.org Received: (qmail 87540 invoked by uid 99); 26 Jul 2015 14:41:20 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 26 Jul 2015 14:41:20 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id D356ADFBBB; Sun, 26 Jul 2015 14:41:19 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: pdion891@apache.org To: commits@cloudstack.apache.org Date: Sun, 26 Jul 2015 14:41:22 -0000 Message-Id: <343a61b795c3417f895dc5f55f3a12c0@git.apache.org> In-Reply-To: <164ec1352e0547a988dd38616ed0e5d0@git.apache.org> References: <164ec1352e0547a988dd38616ed0e5d0@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [4/6] git commit: updated refs/heads/master to 31b486d BUG-ID: CLOUDSTACK-8483 - Private template not visible in project added new 'projectId' parameter in createTemplate command and based current user, account and projectid decide the owner of the template. Signed-off-by: Pierre-Luc Dion Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/f8ef13c5 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/f8ef13c5 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/f8ef13c5 Branch: refs/heads/master Commit: f8ef13c5e6fe833c923dbcda9d0e61381ded3de5 Parents: 9dbc99c Author: Sudhansu Authored: Fri Mar 13 17:48:47 2015 +0530 Committer: Pierre-Luc Dion Committed: Sun Jul 26 10:27:48 2015 -0400 ---------------------------------------------------------------------- .../user/template/CreateTemplateCmd.java | 50 ++++++++++++-------- 1 file changed, 31 insertions(+), 19 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f8ef13c5/api/src/org/apache/cloudstack/api/command/user/template/CreateTemplateCmd.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/command/user/template/CreateTemplateCmd.java b/api/src/org/apache/cloudstack/api/command/user/template/CreateTemplateCmd.java index 7be7e62..ae9205f 100644 --- a/api/src/org/apache/cloudstack/api/command/user/template/CreateTemplateCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/template/CreateTemplateCmd.java @@ -20,6 +20,14 @@ import java.util.Collection; import java.util.List; import java.util.Map; +import org.apache.cloudstack.acl.SecurityChecker; +import org.apache.cloudstack.api.response.GuestOSResponse; +import org.apache.cloudstack.api.response.SnapshotResponse; +import org.apache.cloudstack.api.response.TemplateResponse; +import org.apache.cloudstack.api.response.UserVmResponse; +import org.apache.cloudstack.api.response.VolumeResponse; +import org.apache.cloudstack.api.response.ProjectResponse; + import org.apache.log4j.Logger; import org.apache.cloudstack.api.APICommand; @@ -30,11 +38,6 @@ import org.apache.cloudstack.api.BaseAsyncCreateCmd; import org.apache.cloudstack.api.Parameter; import org.apache.cloudstack.api.ResponseObject.ResponseView; import org.apache.cloudstack.api.ServerApiException; -import org.apache.cloudstack.api.response.GuestOSResponse; -import org.apache.cloudstack.api.response.SnapshotResponse; -import org.apache.cloudstack.api.response.TemplateResponse; -import org.apache.cloudstack.api.response.UserVmResponse; -import org.apache.cloudstack.api.response.VolumeResponse; import org.apache.cloudstack.context.CallContext; import com.cloud.event.EventTypes; @@ -124,6 +127,9 @@ public class CreateTemplateCmd extends BaseAsyncCreateCmd { description = "true if template contains XS/VMWare tools inorder to support dynamic scaling of VM cpu/memory") protected Boolean isDynamicallyScalable; + @Parameter(name = ApiConstants.PROJECT_ID, type = CommandType.UUID, entityType = ProjectResponse.class, description = "create template for the project") + private Long projectId; + // /////////////////////////////////////////////////// // ///////////////// Accessors /////////////////////// // /////////////////////////////////////////////////// @@ -215,33 +221,39 @@ public class CreateTemplateCmd extends BaseAsyncCreateCmd { if (volumeId != null) { Volume volume = _entityMgr.findById(Volume.class, volumeId); if (volume != null) { - accountId = volume.getAccountId(); + _accountService.checkAccess(CallContext.current().getCallingAccount(), SecurityChecker.AccessType.UseEntry, false, volume); } else { throw new InvalidParameterValueException("Unable to find volume by id=" + volumeId); } } else { Snapshot snapshot = _entityMgr.findById(Snapshot.class, snapshotId); if (snapshot != null) { - accountId = snapshot.getAccountId(); + _accountService.checkAccess(CallContext.current().getCallingAccount(), SecurityChecker.AccessType.UseEntry, false, snapshot); } else { throw new InvalidParameterValueException("Unable to find snapshot by id=" + snapshotId); } } - Account account = _accountService.getAccount(accountId); - //Can create templates for enabled projects/accounts only - if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) { - Project project = _projectService.findByProjectAccountId(accountId); - if (project.getState() != Project.State.Active) { - PermissionDeniedException ex = - new PermissionDeniedException("Can't add resources to the specified project id in state=" + project.getState() + " as it's no longer active"); - ex.addProxyObject(project.getUuid(), "projectId"); + if(projectId != null){ + final Project project = _projectService.getProject(projectId); + if (project != null) { + if (project.getState() == Project.State.Active) { + Account projectAccount= _accountService.getAccount(project.getProjectAccountId()); + _accountService.checkAccess(CallContext.current().getCallingAccount(), SecurityChecker.AccessType.UseEntry, false, projectAccount); + return project.getProjectAccountId(); + } else { + final PermissionDeniedException ex = + new PermissionDeniedException("Can't add resources to the project with specified projectId in state=" + project.getState() + + " as it's no longer active"); + ex.addProxyObject(project.getUuid(), "projectId"); + throw ex; + } + } else { + throw new InvalidParameterValueException("Unable to find project by id"); } - } else if (account.getState() == Account.State.disabled) { - throw new PermissionDeniedException("The owner of template is disabled: " + account); } - return accountId; + return CallContext.current().getCallingAccount().getId(); } @Override @@ -267,7 +279,7 @@ public class CreateTemplateCmd extends BaseAsyncCreateCmd { public void create() throws ResourceAllocationException { VirtualMachineTemplate template = null; //TemplateOwner should be the caller https://issues.citrite.net/browse/CS-17530 - template = _templateService.createPrivateTemplateRecord(this, CallContext.current().getCallingAccount()); + template = _templateService.createPrivateTemplateRecord(this, _accountService.getAccount(getEntityOwnerId())); if (template != null) { setEntityId(template.getId()); setEntityUuid(template.getUuid());