Fix getEntityOwnerId for CreateAclGroupCmd and CreateAclRoleCmd.

2025-11-03 04:12:31 +01:00 · 2013-10-11 20:56:46 -07:00 · 2013-10-11 20:56:46 -07:00 · 21dc2bef2a
commit 21dc2bef2a
parent 00ad19601b
3 changed files with 14 additions and 12 deletions
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java
@ -28,10 +28,10 @@ import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.ServerApiException;
 import org.apache.cloudstack.api.response.AclGroupResponse;
 import org.apache.cloudstack.api.response.DomainResponse;
+import org.apache.cloudstack.context.CallContext;

 import com.cloud.event.EventTypes;
 import com.cloud.exception.ResourceAllocationException;
-import com.cloud.user.Account;

@APICommand(name = "createAclGroup", responseObject = AclGroupResponse.class, description = "Creates an acl group")
 public class CreateAclGroupCmd extends BaseAsyncCreateCmd {
@ -82,7 +82,7 @@ public class CreateAclGroupCmd extends BaseAsyncCreateCmd {

    @Override
    public long getEntityOwnerId() {
-        return Account.ACCOUNT_ID_SYSTEM;
+        return CallContext.current().getCallingAccount().getId();
    }

    @Override
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java
@ -29,10 +29,10 @@ import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.ServerApiException;
 import org.apache.cloudstack.api.response.AclRoleResponse;
 import org.apache.cloudstack.api.response.DomainResponse;
+import org.apache.cloudstack.context.CallContext;

 import com.cloud.event.EventTypes;
 import com.cloud.exception.ResourceAllocationException;
-import com.cloud.user.Account;

@APICommand(name = "createAclRole", responseObject = AclRoleResponse.class, description = "Creates an acl role")
 public class CreateAclRoleCmd extends BaseAsyncCreateCmd {
@ -90,7 +90,7 @@ public class CreateAclRoleCmd extends BaseAsyncCreateCmd {

    @Override
    public long getEntityOwnerId() {
-        return Account.ACCOUNT_ID_SYSTEM;
+        return CallContext.current().getCallingAccount().getId();
    }

    @Override
--- a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
+++ b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
@ -113,9 +113,12 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
    @ActionEvent(eventType = EventTypes.EVENT_ACL_ROLE_CREATE, eventDescription = "Creating Acl Role", create = true)
    public AclRole createAclRole(Long domainId, String aclRoleName, String description, Long parentRoleId) {
        Account caller = CallContext.current().getCallingAccount();
+        if (domainId == null) {
+            domainId = caller.getDomainId();
+        }
        if (!_accountMgr.isRootAdmin(caller.getAccountId())) {
            // domain admin can only create role for his domain
-            if (domainId != null && caller.getDomainId() != domainId.longValue()) {
+            if (caller.getDomainId() != domainId.longValue()) {
                throw new PermissionDeniedException("Can't create acl role in domain " + domainId + ", permission denied");
            }
        }
@ -130,9 +133,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
        Transaction txn = Transaction.currentTxn();
        txn.start();
        AclRoleVO rvo = new AclRoleVO(aclRoleName, description);
-        if (domainId != null) {
-            rvo.setDomainId(domainId);
-        }
+        rvo.setDomainId(domainId);
        AclRole role = _aclRoleDao.persist(rvo);
        if (parentRoleId != null) {
            // copy parent role permissions
@ -472,9 +473,12 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
    @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_CREATE, eventDescription = "Creating Acl Group", create = true)
    public AclGroup createAclGroup(Long domainId, String aclGroupName, String description) {
        Account caller = CallContext.current().getCallingAccount();
+        if (domainId == null) {
+            domainId = caller.getDomainId(); // use caller's domain id
+        }
        if (!_accountMgr.isRootAdmin(caller.getAccountId())) {
            // domain admin can only create role for his domain
-            if (domainId != null && caller.getDomainId() != domainId.longValue()) {
+            if (caller.getDomainId() != domainId.longValue()) {
                throw new PermissionDeniedException("Can't create acl group in domain " + domainId + ", permission denied");
            }
        }
@ -486,9 +490,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
                            + " already exisits for domain " + domainId);
        }
        AclGroupVO rvo = new AclGroupVO(aclGroupName, description);
-        if (domainId != null) {
-            rvo.setDomainId(domainId);
-        }
+        rvo.setDomainId(domainId);

        return _aclGroupDao.persist(rvo);
    }