list only own zones for resource admin (#11087)

Co-authored-by: Suresh Kumar Anaparti <sureshkumar.anaparti@gmail.com>
2025-10-26 08:42:29 +01:00 · 2025-07-24 09:26:57 +02:00 · 2025-07-24 09:26:57 +02:00 · 4111061d29
commit 4111061d29
parent 1b74c2dd3f
9 changed files with 254 additions and 279 deletions
--- a/api/src/main/java/com/cloud/user/AccountService.java
+++ b/api/src/main/java/com/cloud/user/AccountService.java
@ -87,6 +87,8 @@ public interface AccountService {
    boolean isDomainAdmin(Long accountId);
    boolean isResourceDomainAdmin(Long accountId);
    boolean isNormalUser(long accountId);
    User getActiveUserByRegistrationToken(String registrationToken);
--- a/api/src/main/java/org/apache/cloudstack/api/command/admin/cluster/ListClustersCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/admin/cluster/ListClustersCmd.java
@ -128,19 +128,19 @@ public class ListClustersCmd extends BaseListCmd {
    protected Pair<List<ClusterResponse>, Integer> getClusterResponses() {
        Pair<List<? extends Cluster>, Integer> result = _mgr.searchForClusters(this);
-        List<ClusterResponse> clusterResponses = new ArrayList<ClusterResponse>();
+        List<ClusterResponse> clusterResponses = new ArrayList<>();
        for (Cluster cluster : result.first()) {
            ClusterResponse clusterResponse = _responseGenerator.createClusterResponse(cluster, showCapacities);
            clusterResponse.setObjectName("cluster");
            clusterResponses.add(clusterResponse);
        }
-        return new Pair<List<ClusterResponse>, Integer>(clusterResponses, result.second());
+        return new Pair<>(clusterResponses, result.second());
    }
    @Override
    public void execute() {
        Pair<List<ClusterResponse>, Integer> clusterResponses = getClusterResponses();
-        ListResponse<ClusterResponse> response = new ListResponse<ClusterResponse>();
+        ListResponse<ClusterResponse> response = new ListResponse<>();
        response.setResponses(clusterResponses.first(), clusterResponses.second());
        response.setResponseName(getCommandName());
        this.setResponseObject(response);
--- a/api/src/main/java/org/apache/cloudstack/api/command/admin/pod/ListPodsByCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/admin/pod/ListPodsByCmd.java
@ -86,8 +86,8 @@ public class ListPodsByCmd extends BaseListCmd {
    @Override
    public void execute() {
        Pair<List<? extends Pod>, Integer> result = _mgr.searchForPods(this);
-        ListResponse<PodResponse> response = new ListResponse<PodResponse>();
+        ListResponse<PodResponse> response = new ListResponse<>();
-        List<PodResponse> podResponses = new ArrayList<PodResponse>();
+        List<PodResponse> podResponses = new ArrayList<>();
        for (Pod pod : result.first()) {
            PodResponse podResponse = _responseGenerator.createPodResponse(pod, showCapacities);
            podResponse.setObjectName("pod");
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/zone/ListZonesCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/zone/ListZonesCmd.java
@ -34,8 +34,6 @@ import org.apache.cloudstack.api.response.ZoneResponse;
        requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
 public class ListZonesCmd extends BaseListCmd implements UserCmd {
    private static final String s_name = "listzonesresponse";
    /////////////////////////////////////////////////////
    //////////////// API parameters /////////////////////
    /////////////////////////////////////////////////////
@ -113,11 +111,6 @@ public class ListZonesCmd extends BaseListCmd implements UserCmd {
    /////////////// API Implementation///////////////////
    /////////////////////////////////////////////////////
    @Override
    public String getCommandName() {
        return s_name;
    }
    @Override
    public void execute() {
        ListResponse<ZoneResponse> response = _queryService.listDataCenters(this);
--- a/api/src/main/java/org/apache/cloudstack/query/QueryService.java
+++ b/api/src/main/java/org/apache/cloudstack/query/QueryService.java
@ -112,11 +112,11 @@ public interface QueryService {
    ConfigKey<Boolean> AllowUserViewDestroyedVM = new ConfigKey<>("Advanced", Boolean.class, "allow.user.view.destroyed.vm", "false",
            "Determines whether users can view their destroyed or expunging vm ", true, ConfigKey.Scope.Account);
-    static final ConfigKey<String> UserVMDeniedDetails = new ConfigKey<>(String.class,
+    ConfigKey<String> UserVMDeniedDetails = new ConfigKey<>(String.class,
    "user.vm.denied.details", "Advanced", "rootdisksize, cpuOvercommitRatio, memoryOvercommitRatio, Message.ReservedCapacityFreed.Flag",
            "Determines whether users can view certain VM settings. When set to empty, default value used is: rootdisksize, cpuOvercommitRatio, memoryOvercommitRatio, Message.ReservedCapacityFreed.Flag.", true, ConfigKey.Scope.Global, null, null, null, null, null, ConfigKey.Kind.CSV, null);
-    static final ConfigKey<String> UserVMReadOnlyDetails = new ConfigKey<>(String.class,
+    ConfigKey<String> UserVMReadOnlyDetails = new ConfigKey<>(String.class,
    "user.vm.readonly.details", "Advanced", "dataDiskController, rootDiskController",
            "List of read-only VM settings/details as comma separated string", true, ConfigKey.Scope.Global, null, null, null, null, null, ConfigKey.Kind.CSV, null);
@ -125,16 +125,20 @@ public interface QueryService {
                    "network offering, zones), we use the flag to determine if the entities should be sorted ascending (when flag is true) " +
                    "or descending (when flag is false). Within the scope of the config all users see the same result.", true, ConfigKey.Scope.Global);
-    public static final ConfigKey<Boolean> AllowUserViewAllDomainAccounts = new ConfigKey<>("Advanced", Boolean.class,
+    ConfigKey<Boolean> AllowUserViewAllDomainAccounts = new ConfigKey<>("Advanced", Boolean.class,
            "allow.user.view.all.domain.accounts", "false",
            "Determines whether users can view all user accounts within the same domain", true, ConfigKey.Scope.Domain);
-    static final ConfigKey<Boolean> SharePublicTemplatesWithOtherDomains = new ConfigKey<>("Advanced", Boolean.class, "share.public.templates.with.other.domains", "true",
+    ConfigKey<Boolean> AllowUserViewAllDataCenters = new ConfigKey<>("Advanced", Boolean.class, "allow.user.view.all.zones", "true",
            "Determines whether for instance a Resource Admin can view zones that are not dedicated to them.", true, ConfigKey.Scope.Domain);
    ConfigKey<Boolean> SharePublicTemplatesWithOtherDomains = new ConfigKey<>("Advanced", Boolean.class, "share.public.templates.with.other.domains", "true",
            "If false, templates of this domain will not show up in the list templates of other domains.", true, ConfigKey.Scope.Domain);
    ConfigKey<Boolean> ReturnVmStatsOnVmList = new ConfigKey<>("Advanced", Boolean.class, "list.vm.default.details.stats", "true",
            "Determines whether VM stats should be returned when details are not explicitly specified in listVirtualMachines API request. When false, details default to [group, nics, secgrp, tmpl, servoff, diskoff, backoff, iso, volume, min, affgrp]. When true, all details are returned including 'stats'.", true, ConfigKey.Scope.Global);
    ListResponse<UserResponse> searchForUsers(ResponseObject.ResponseView responseView, ListUsersCmd cmd) throws PermissionDeniedException;
    ListResponse<UserResponse> searchForUsers(Long domainId, boolean recursive) throws PermissionDeniedException;
--- a/plugins/network-elements/juniper-contrail/src/test/java/org/apache/cloudstack/network/contrail/management/MockAccountManager.java
+++ b/plugins/network-elements/juniper-contrail/src/test/java/org/apache/cloudstack/network/contrail/management/MockAccountManager.java
@ -236,6 +236,12 @@ public class MockAccountManager extends ManagerBase implements AccountManager {
        return false;
    }
    @Override
    public boolean isResourceDomainAdmin(Long accountId) {
        // TODO Auto-generated method stub
        return false;
    }
    @Override
    public boolean isNormalUser(long accountId) {
        // TODO Auto-generated method stub
--- a/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java
+++ b/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java
--- a/server/src/main/java/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/main/java/com/cloud/user/AccountManagerImpl.java
@ -650,6 +650,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
        return false;
    }
    @Override
    public boolean isResourceDomainAdmin(Long accountId) {
        if (accountId != null) {
            AccountVO acct = _accountDao.findById(accountId);
--- a/server/src/test/java/com/cloud/user/MockAccountManagerImpl.java
+++ b/server/src/test/java/com/cloud/user/MockAccountManagerImpl.java
@ -422,6 +422,11 @@ public class MockAccountManagerImpl extends ManagerBase implements Manager, Acco
        return false;
    }
    @Override
    public boolean isResourceDomainAdmin(Long accountId) {
        return false;
    }
    @Override
    public boolean isNormalUser(long accountId) {
        // TODO Auto-generated method stub