apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Allow domain admin to change domain and account settings (#4339)

Browse Source 
* Allow domain admin to change domain and account settings

* Cleanup

* Remove useless global setting

* Restrict regular users with listConfig access

* Address comments

* Moving upgrade path
This commit is contained in:
davidjumani 2022-02-21 20:55:45 +05:30 committed by GitHub
parent e7082d9384
commit 2a1a012a4d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 51 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
engine/schema/src/main/resources/META-INF/db/schema-41610to41700.sql
View File

@ -643,3 +643,6 @@ CREATE VIEW `cloud`.`domain_router_view` AS
`cloud`.`async_job` ON async_job.instance_id = vm_instance.id `cloud`.`async_job` ON async_job.instance_id = vm_instance.id
and async_job.instance_type = 'DomainRouter' and async_job.instance_type = 'DomainRouter'
and async_job.job_status = 0; and async_job.job_status = 0;
INSERT INTO `cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`, `sort_order`) SELECT UUID(), 3, 'listConfigurations', 'ALLOW', (SELECT MAX(`sort_order`)+1 FROM `cloud`.`role_permissions`) ON DUPLICATE KEY UPDATE rule=rule;
INSERT INTO `cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`, `sort_order`) SELECT UUID(), 3, 'updateConfiguration', 'ALLOW', (SELECT MAX(`sort_order`)+1 FROM `cloud`.`role_permissions`) ON DUPLICATE KEY UPDATE rule=rule;

18
server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
View File

@ -810,14 +810,25 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati
final Long zoneId = cmd.getZoneId(); final Long zoneId = cmd.getZoneId();
final Long clusterId = cmd.getClusterId(); final Long clusterId = cmd.getClusterId();
final Long storagepoolId = cmd.getStoragepoolId(); final Long storagepoolId = cmd.getStoragepoolId();
final Long accountId = cmd.getAccountId();
final Long imageStoreId = cmd.getImageStoreId(); final Long imageStoreId = cmd.getImageStoreId();
final Long domainId = cmd.getDomainId(); Long accountId = cmd.getAccountId();
Long domainId = cmd.getDomainId();
CallContext.current().setEventDetails(" Name: " + name + " New Value: " + (name.toLowerCase().contains("password") ? "*****" : value == null ? "" : value)); CallContext.current().setEventDetails(" Name: " + name + " New Value: " + (name.toLowerCase().contains("password") ? "*****" : value == null ? "" : value));
// check if config value exists // check if config value exists
final ConfigurationVO config = _configDao.findByName(name); final ConfigurationVO config = _configDao.findByName(name);
String catergory = null; String catergory = null;
final Account caller = CallContext.current().getCallingAccount();
if (_accountMgr.isDomainAdmin(caller.getId())) {
if (accountId == null && domainId == null) {
domainId = caller.getDomainId();
}
} else if (_accountMgr.isNormalUser(caller.getId())) {
if (accountId == null) {
accountId = caller.getAccountId();
}
}
// FIX ME - All configuration parameters are not moved from config.java to configKey // FIX ME - All configuration parameters are not moved from config.java to configKey
if (config == null) { if (config == null) {
if (_configDepot.get(name) == null) { if (_configDepot.get(name) == null) {
@ -848,11 +859,14 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati
paramCountCheck++; paramCountCheck++;
} }
if (accountId != null) { if (accountId != null) {
Account account = _accountMgr.getAccount(accountId);
_accountMgr.checkAccess(caller, null, false, account);
scope = ConfigKey.Scope.Account.toString(); scope = ConfigKey.Scope.Account.toString();
id = accountId; id = accountId;
paramCountCheck++; paramCountCheck++;
} }
if (domainId != null) { if (domainId != null) {
_accountMgr.checkAccess(caller, _domainDao.findById(domainId));
scope = ConfigKey.Scope.Domain.toString(); scope = ConfigKey.Scope.Domain.toString();
id = domainId; id = domainId;
paramCountCheck++; paramCountCheck++;

18
server/src/main/java/com/cloud/server/ManagementServerImpl.java
View File

@ -2013,13 +2013,24 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
final Long zoneId = cmd.getZoneId(); final Long zoneId = cmd.getZoneId();
final Long clusterId = cmd.getClusterId(); final Long clusterId = cmd.getClusterId();
final Long storagepoolId = cmd.getStoragepoolId(); final Long storagepoolId = cmd.getStoragepoolId();
final Long accountId = cmd.getAccountId();
final Long domainId = cmd.getDomainId();
final Long imageStoreId = cmd.getImageStoreId(); final Long imageStoreId = cmd.getImageStoreId();
Long accountId = cmd.getAccountId();
Long domainId = cmd.getDomainId();
String scope = null; String scope = null;
Long id = null; Long id = null;
int paramCountCheck = 0; int paramCountCheck = 0;
final Account caller = CallContext.current().getCallingAccount();
if (_accountMgr.isDomainAdmin(caller.getId())) {
if (accountId == null && domainId == null) {
domainId = caller.getDomainId();
}
} else if (_accountMgr.isNormalUser(caller.getId())) {
if (accountId == null) {
accountId = caller.getAccountId();
}
}
if (zoneId != null) { if (zoneId != null) {
scope = ConfigKey.Scope.Zone.toString(); scope = ConfigKey.Scope.Zone.toString();
id = zoneId; id = zoneId;
@ -2031,11 +2042,14 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
paramCountCheck++; paramCountCheck++;
} }
if (accountId != null) { if (accountId != null) {
Account account = _accountMgr.getAccount(accountId);
_accountMgr.checkAccess(caller, null, false, account);
scope = ConfigKey.Scope.Account.toString(); scope = ConfigKey.Scope.Account.toString();
id = accountId; id = accountId;
paramCountCheck++; paramCountCheck++;
} }
if (domainId != null) { if (domainId != null) {
_accountMgr.checkAccess(caller, _domainDao.findById(domainId));
scope = ConfigKey.Scope.Domain.toString(); scope = ConfigKey.Scope.Domain.toString();
id = domainId; id = domainId;
paramCountCheck++; paramCountCheck++;

4
ui/src/config/section/account.js
View File

@ -15,6 +15,8 @@
// specific language governing permissions and limitations // specific language governing permissions and limitations
// under the License. // under the License.
import store from '@/store'
export default { export default {
name: 'account', name: 'account',
title: 'label.accounts', title: 'label.accounts',
@ -49,7 +51,7 @@ export default {
{ {
name: 'settings', name: 'settings',
component: () => import('@/components/view/SettingsTab.vue'), component: () => import('@/components/view/SettingsTab.vue'),
show: (record, route, user) => { return ['Admin'].includes(user.roletype) } show: () => { return 'listConfigurations' in store.getters.apis }
} }
], ],
actions: [ actions: [

2
ui/src/config/section/config.js
View File

@ -19,7 +19,7 @@ export default {
name: 'config', name: 'config',
title: 'label.configuration', title: 'label.configuration',
icon: 'setting', icon: 'setting',
permission: ['listConfigurations'], permission: ['listConfigurations', 'listInfrastructure'],
children: [ children: [
{ {
name: 'globalsetting', name: 'globalsetting',

4
ui/src/config/section/domain.js
View File

@ -15,6 +15,8 @@
// specific language governing permissions and limitations // specific language governing permissions and limitations
// under the License. // under the License.
import store from '@/store'
export default { export default {
name: 'domain', name: 'domain',
title: 'label.domains', title: 'label.domains',
@ -53,7 +55,7 @@ export default {
{ {
name: 'settings', name: 'settings',
component: () => import('@/components/view/SettingsTab.vue'), component: () => import('@/components/view/SettingsTab.vue'),
show: (record, route, user) => { return ['Admin'].includes(user.roletype) } show: () => { return 'listConfigurations' in store.getters.apis }
}, { }, {
name: 'comments', name: 'comments',
component: () => import('@/components/view/AnnotationsTab.vue') component: () => import('@/components/view/AnnotationsTab.vue')