apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Allow domain admin to change domain and account settings (#4339)

Browse Source 
* Allow domain admin to change domain and account settings

* Cleanup

* Remove useless global setting

* Restrict regular users with listConfig access

* Address comments

* Moving upgrade path
This commit is contained in:
davidjumani 2022-02-21 20:55:45 +05:30 committed by GitHub
parent e7082d9384
commit 2a1a012a4d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 51 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
engine/schema/src/main/resources/META-INF/db/schema-41520to41600.sql
View File

@ -741,26 +741,26 @@ CREATE PROCEDURE `cloud`.`ADD_GUEST_OS_AND_HYPERVISOR_MAPPING` (
IN guest_os_hypervisor_hypervisor_version VARCHAR(32),
IN guest_os_hypervisor_guest_os_name VARCHAR(255)
)
BEGIN
INSERT INTO cloud.guest_os (uuid, category_id, display_name, created)
BEGIN
INSERT INTO cloud.guest_os (uuid, category_id, display_name, created)
SELECT UUID(), guest_os_category_id, guest_os_display_name, now()
FROM DUAL
WHERE not exists( SELECT 1
WHERE not exists( SELECT 1
FROM cloud.guest_os
WHERE cloud.guest_os.category_id = guest_os_category_id
AND cloud.guest_os.display_name = guest_os_display_name)
; INSERT INTO cloud.guest_os_hypervisor (uuid, hypervisor_type, hypervisor_version, guest_os_name, guest_os_id, created)
AND cloud.guest_os.display_name = guest_os_display_name)
; INSERT INTO cloud.guest_os_hypervisor (uuid, hypervisor_type, hypervisor_version, guest_os_name, guest_os_id, created)
SELECT UUID(), guest_os_hypervisor_hypervisor_type, guest_os_hypervisor_hypervisor_version, guest_os_hypervisor_guest_os_name, guest_os.id, now()
FROM cloud.guest_os
WHERE guest_os.category_id = guest_os_category_id
AND guest_os.display_name = guest_os_display_name
AND NOT EXISTS (SELECT 1
AND NOT EXISTS (SELECT 1
FROM cloud.guest_os_hypervisor as hypervisor
WHERE hypervisor_type = guest_os_hypervisor_hypervisor_type
WHERE hypervisor_type = guest_os_hypervisor_hypervisor_type
AND hypervisor_version = guest_os_hypervisor_hypervisor_version
AND hypervisor.guest_os_id = guest_os.id
AND hypervisor.guest_os_name = guest_os_hypervisor_guest_os_name)
AND hypervisor.guest_os_name = guest_os_hypervisor_guest_os_name)
;END;
-- PR#4699 Call procedure `ADD_GUEST_OS_AND_HYPERVISOR_MAPPING` to add new data to guest_os and guest_os_hypervisor.

3
engine/schema/src/main/resources/META-INF/db/schema-41610to41700.sql
View File

@ -643,3 +643,6 @@ CREATE VIEW `cloud`.`domain_router_view` AS
`cloud`.`async_job` ON async_job.instance_id = vm_instance.id
and async_job.instance_type = 'DomainRouter'
and async_job.job_status = 0;
INSERT INTO `cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`, `sort_order`) SELECT UUID(), 3, 'listConfigurations', 'ALLOW', (SELECT MAX(`sort_order`)+1 FROM `cloud`.`role_permissions`) ON DUPLICATE KEY UPDATE rule=rule;
INSERT INTO `cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`, `sort_order`) SELECT UUID(), 3, 'updateConfiguration', 'ALLOW', (SELECT MAX(`sort_order`)+1 FROM `cloud`.`role_permissions`) ON DUPLICATE KEY UPDATE rule=rule;

18
server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
View File

@ -810,14 +810,25 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati
final Long zoneId = cmd.getZoneId();
final Long clusterId = cmd.getClusterId();
final Long storagepoolId = cmd.getStoragepoolId();
final Long accountId = cmd.getAccountId();
final Long imageStoreId = cmd.getImageStoreId();
final Long domainId = cmd.getDomainId();
Long accountId = cmd.getAccountId();
Long domainId = cmd.getDomainId();
CallContext.current().setEventDetails(" Name: " + name + " New Value: " + (name.toLowerCase().contains("password") ? "*****" : value == null ? "" : value));
// check if config value exists
final ConfigurationVO config = _configDao.findByName(name);
String catergory = null;
final Account caller = CallContext.current().getCallingAccount();
if (_accountMgr.isDomainAdmin(caller.getId())) {
if (accountId == null && domainId == null) {
domainId = caller.getDomainId();
}
} else if (_accountMgr.isNormalUser(caller.getId())) {
if (accountId == null) {
accountId = caller.getAccountId();
}
}
// FIX ME - All configuration parameters are not moved from config.java to configKey
if (config == null) {
if (_configDepot.get(name) == null) {
@ -848,11 +859,14 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati
paramCountCheck++;
}
if (accountId != null) {
Account account = _accountMgr.getAccount(accountId);
_accountMgr.checkAccess(caller, null, false, account);
scope = ConfigKey.Scope.Account.toString();
id = accountId;
paramCountCheck++;
}
if (domainId != null) {
_accountMgr.checkAccess(caller, _domainDao.findById(domainId));
scope = ConfigKey.Scope.Domain.toString();
id = domainId;
paramCountCheck++;

18
server/src/main/java/com/cloud/server/ManagementServerImpl.java
View File

@ -2013,13 +2013,24 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
final Long zoneId = cmd.getZoneId();
final Long clusterId = cmd.getClusterId();
final Long storagepoolId = cmd.getStoragepoolId();
final Long accountId = cmd.getAccountId();
final Long domainId = cmd.getDomainId();
final Long imageStoreId = cmd.getImageStoreId();
Long accountId = cmd.getAccountId();
Long domainId = cmd.getDomainId();
String scope = null;
Long id = null;
int paramCountCheck = 0;
final Account caller = CallContext.current().getCallingAccount();
if (_accountMgr.isDomainAdmin(caller.getId())) {
if (accountId == null && domainId == null) {
domainId = caller.getDomainId();
}
} else if (_accountMgr.isNormalUser(caller.getId())) {
if (accountId == null) {
accountId = caller.getAccountId();
}
}
if (zoneId != null) {
scope = ConfigKey.Scope.Zone.toString();
id = zoneId;
@ -2031,11 +2042,14 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
paramCountCheck++;
}
if (accountId != null) {
Account account = _accountMgr.getAccount(accountId);
_accountMgr.checkAccess(caller, null, false, account);
scope = ConfigKey.Scope.Account.toString();
id = accountId;
paramCountCheck++;
}
if (domainId != null) {
_accountMgr.checkAccess(caller, _domainDao.findById(domainId));
scope = ConfigKey.Scope.Domain.toString();
id = domainId;
paramCountCheck++;

4
ui/src/config/section/account.js
View File

@ -15,6 +15,8 @@
// specific language governing permissions and limitations
// under the License.
import store from '@/store'
export default {
name: 'account',
title: 'label.accounts',
@ -49,7 +51,7 @@ export default {
{
name: 'settings',
component: () => import('@/components/view/SettingsTab.vue'),
show: (record, route, user) => { return ['Admin'].includes(user.roletype) }
show: () => { return 'listConfigurations' in store.getters.apis }
}
],
actions: [

2
ui/src/config/section/config.js
View File

@ -19,7 +19,7 @@ export default {
name: 'config',
title: 'label.configuration',
icon: 'setting',
permission: ['listConfigurations'],
permission: ['listConfigurations', 'listInfrastructure'],
children: [
{
name: 'globalsetting',

4
ui/src/config/section/domain.js
View File

@ -15,6 +15,8 @@
// specific language governing permissions and limitations
// under the License.
import store from '@/store'
export default {
name: 'domain',
title: 'label.domains',
@ -53,7 +55,7 @@ export default {
{
name: 'settings',
component: () => import('@/components/view/SettingsTab.vue'),
show: (record, route, user) => { return ['Admin'].includes(user.roletype) }
show: () => { return 'listConfigurations' in store.getters.apis }
}, {
name: 'comments',
component: () => import('@/components/view/AnnotationsTab.vue')