incubator-cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From alena1...@apache.org
Subject [7/50] [abbrv] git commit: CS-15300: Domain Admin accounts now respect the limits imposed on the domain just as a regular account. Signed-off-by: Nitin Mehta<nitin.mehta@citrix.com>
Date Wed, 04 Jul 2012 00:35:29 GMT
CS-15300: Domain Admin accounts now respect the limits imposed on the domain just as a regular
account.
Signed-off-by: Nitin Mehta<nitin.mehta@citrix.com>


Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/c8bbf04c
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/c8bbf04c
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/c8bbf04c

Branch: refs/heads/vpc
Commit: c8bbf04c81649919e3c128be42a9500ba47a8766
Parents: 0449ae3
Author: Deepti Dohare <deepti.dohare@citrix.com>
Authored: Tue Jul 3 04:33:02 2012 +0530
Committer: U-nitin-PC\nitin <nitin@nitin-PC.(none)>
Committed: Tue Jul 3 04:35:53 2012 +0530

----------------------------------------------------------------------
 .../resourcelimit/ResourceLimitManagerImpl.java    |   27 +++++++++-----
 1 files changed, 17 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/c8bbf04c/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java b/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
index a32bc80..b285d2c 100755
--- a/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
+++ b/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
@@ -210,12 +210,12 @@ public class ResourceLimitManagerImpl implements ResourceLimitService,
Manager {
     public long findCorrectResourceLimitForAccount(Account account, ResourceType type) {
 
         long max = Resource.RESOURCE_UNLIMITED; // if resource limit is not found, then we
treat it as unlimited
-        
-        //no limits for Admin accounts
-        if (_accountMgr.isAdmin(account.getType())) {
+
+        // No limits for Root Admin accounts
+        if (_accountMgr.isRootAdmin(account.getType())) {
             return max;
         }
-        
+
         ResourceLimitVO limit = _resourceLimitDao.findByOwnerIdAndType(account.getId(), ResourceOwnerType.Account,
type);
 
         // Check if limit is configured for account
@@ -277,8 +277,8 @@ public class ResourceLimitManagerImpl implements ResourceLimitService,
Manager {
         long numResources = ((count.length == 0) ? 1 : count[0]);
         Project project = null;
 
-        // Don't place any limits on system or admin accounts
-        if (_accountMgr.isAdmin(account.getType())) {
+        // Don't place any limits on system or root admin accounts
+        if (_accountMgr.isRootAdmin(account.getType())) {
             return;
         }
 
@@ -510,10 +510,17 @@ public class ResourceLimitManagerImpl implements ResourceLimitService,
Manager {
             if (account.getId() == Account.ACCOUNT_ID_SYSTEM) {
                 throw new InvalidParameterValueException("Can't update system account");
             }
-            
-            //only Unlimited value is accepted if account is Admin
-            if (_accountMgr.isAdmin(account.getType()) && max.shortValue() != ResourceLimit.RESOURCE_UNLIMITED)
{
-                throw new InvalidParameterValueException("Only " + ResourceLimit.RESOURCE_UNLIMITED
+ " limit is supported for Admin accounts");
+
+            //only Unlimited value is accepted if account is  Root Admin
+            if (_accountMgr.isRootAdmin(account.getType()) && max.shortValue() !=
ResourceLimit.RESOURCE_UNLIMITED) {
+                throw new InvalidParameterValueException("Only " + ResourceLimit.RESOURCE_UNLIMITED
+ " limit is supported for Root Admin accounts");
+            }
+
+            if ((caller.getAccountId() == accountId.longValue()) &&
+                (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN ||
+                caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN)) {
+                // If the admin is trying to update his own account, disallow.
+                throw new PermissionDeniedException("Unable to update resource limit for
his own account " + accountId + ", permission denied");
             }
 
             if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) {


Mime
View raw message