cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [cloudstack] anuragaw commented on a change in pull request #3241: [WIP DO NOT MERGE] Allow users to share templates with Accounts or Projects through the
Date Mon, 24 Jun 2019 05:36:27 GMT
anuragaw commented on a change in pull request #3241: [WIP DO NOT MERGE] Allow users to share
templates with Accounts or Projects through the
URL: https://github.com/apache/cloudstack/pull/3241#discussion_r296557632
 
 

 ##########
 File path: server/src/main/java/com/cloud/template/TemplateManagerImpl.java
 ##########
 @@ -1541,14 +1539,23 @@ public boolean updateTemplateOrIsoPermissions(BaseUpdateTemplateOrIsoPermissions
         //Derive the domain id from the template owner as updateTemplatePermissions is not
cross domain operation
         Account owner = _accountMgr.getAccount(ownerId);
         final Domain domain = _domainDao.findById(owner.getDomainId());
+        final boolean isCallerRootAdmin = _accountMgr.isRootAdmin(caller.getAccountId());
         if ("add".equalsIgnoreCase(operation)) {
             final List<String> accountNamesFinal = accountNames;
             final List<Long> accountIds = new ArrayList<Long>();
             Transaction.execute(new TransactionCallbackNoReturn() {
                 @Override
                 public void doInTransactionWithoutResult(TransactionStatus status) {
                     for (String accountName : accountNamesFinal) {
-                        Account permittedAccount = _accountDao.findActiveAccount(accountName,
domain.getId());
+                        Account permittedAccount = null;
+                        if (isCallerRootAdmin) {
+                            List<AccountVO> accountsWthName = _accountDao.findAccountsLike(accountName);
+                            if (accountsWthName.size() > 0) {
+                                permittedAccount = accountsWthName.get(0);
 
 Review comment:
   @rhtyd - good call. I looked at the implementation in more depth on Friday and observed
the following -
   1. Update template permissions uses account names (NOT uuids) to update permissions.
   2. This means that the above API call is meant for domain specific sharing and hence implies
a cross domain sharing restriction.
   3. Double checked and confirmed that sharing templates VIA UI should also have same restrictions
as updateTemplatePermissions API.
   
   Hence I've reverted some changes and updated UI code to reflect these restrictions.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message