mirror of
				https://github.com/apache/cloudstack.git
				synced 2025-10-26 08:42:29 +01:00 
			
		
		
		
	list only own zones for resource admin (#11087)
Co-authored-by: Suresh Kumar Anaparti <sureshkumar.anaparti@gmail.com>
This commit is contained in:
		
							parent
							
								
									1b74c2dd3f
								
							
						
					
					
						commit
						4111061d29
					
				| @ -87,6 +87,8 @@ public interface AccountService { | ||||
| 
 | ||||
|     boolean isDomainAdmin(Long accountId); | ||||
| 
 | ||||
|     boolean isResourceDomainAdmin(Long accountId); | ||||
| 
 | ||||
|     boolean isNormalUser(long accountId); | ||||
| 
 | ||||
|     User getActiveUserByRegistrationToken(String registrationToken); | ||||
|  | ||||
| @ -128,19 +128,19 @@ public class ListClustersCmd extends BaseListCmd { | ||||
| 
 | ||||
|     protected Pair<List<ClusterResponse>, Integer> getClusterResponses() { | ||||
|         Pair<List<? extends Cluster>, Integer> result = _mgr.searchForClusters(this); | ||||
|         List<ClusterResponse> clusterResponses = new ArrayList<ClusterResponse>(); | ||||
|         List<ClusterResponse> clusterResponses = new ArrayList<>(); | ||||
|         for (Cluster cluster : result.first()) { | ||||
|             ClusterResponse clusterResponse = _responseGenerator.createClusterResponse(cluster, showCapacities); | ||||
|             clusterResponse.setObjectName("cluster"); | ||||
|             clusterResponses.add(clusterResponse); | ||||
|         } | ||||
|         return new Pair<List<ClusterResponse>, Integer>(clusterResponses, result.second()); | ||||
|         return new Pair<>(clusterResponses, result.second()); | ||||
|     } | ||||
| 
 | ||||
|     @Override | ||||
|     public void execute() { | ||||
|         Pair<List<ClusterResponse>, Integer> clusterResponses = getClusterResponses(); | ||||
|         ListResponse<ClusterResponse> response = new ListResponse<ClusterResponse>(); | ||||
|         ListResponse<ClusterResponse> response = new ListResponse<>(); | ||||
|         response.setResponses(clusterResponses.first(), clusterResponses.second()); | ||||
|         response.setResponseName(getCommandName()); | ||||
|         this.setResponseObject(response); | ||||
|  | ||||
| @ -86,8 +86,8 @@ public class ListPodsByCmd extends BaseListCmd { | ||||
|     @Override | ||||
|     public void execute() { | ||||
|         Pair<List<? extends Pod>, Integer> result = _mgr.searchForPods(this); | ||||
|         ListResponse<PodResponse> response = new ListResponse<PodResponse>(); | ||||
|         List<PodResponse> podResponses = new ArrayList<PodResponse>(); | ||||
|         ListResponse<PodResponse> response = new ListResponse<>(); | ||||
|         List<PodResponse> podResponses = new ArrayList<>(); | ||||
|         for (Pod pod : result.first()) { | ||||
|             PodResponse podResponse = _responseGenerator.createPodResponse(pod, showCapacities); | ||||
|             podResponse.setObjectName("pod"); | ||||
|  | ||||
| @ -34,8 +34,6 @@ import org.apache.cloudstack.api.response.ZoneResponse; | ||||
|         requestHasSensitiveInfo = false, responseHasSensitiveInfo = false) | ||||
| public class ListZonesCmd extends BaseListCmd implements UserCmd { | ||||
| 
 | ||||
|     private static final String s_name = "listzonesresponse"; | ||||
| 
 | ||||
|     ///////////////////////////////////////////////////// | ||||
|     //////////////// API parameters ///////////////////// | ||||
|     ///////////////////////////////////////////////////// | ||||
| @ -113,11 +111,6 @@ public class ListZonesCmd extends BaseListCmd implements UserCmd { | ||||
|     /////////////// API Implementation/////////////////// | ||||
|     ///////////////////////////////////////////////////// | ||||
| 
 | ||||
|     @Override | ||||
|     public String getCommandName() { | ||||
|         return s_name; | ||||
|     } | ||||
| 
 | ||||
|     @Override | ||||
|     public void execute() { | ||||
|         ListResponse<ZoneResponse> response = _queryService.listDataCenters(this); | ||||
|  | ||||
| @ -112,11 +112,11 @@ public interface QueryService { | ||||
|     ConfigKey<Boolean> AllowUserViewDestroyedVM = new ConfigKey<>("Advanced", Boolean.class, "allow.user.view.destroyed.vm", "false", | ||||
|             "Determines whether users can view their destroyed or expunging vm ", true, ConfigKey.Scope.Account); | ||||
| 
 | ||||
|     static final ConfigKey<String> UserVMDeniedDetails = new ConfigKey<>(String.class, | ||||
|     ConfigKey<String> UserVMDeniedDetails = new ConfigKey<>(String.class, | ||||
|     "user.vm.denied.details", "Advanced", "rootdisksize, cpuOvercommitRatio, memoryOvercommitRatio, Message.ReservedCapacityFreed.Flag", | ||||
|             "Determines whether users can view certain VM settings. When set to empty, default value used is: rootdisksize, cpuOvercommitRatio, memoryOvercommitRatio, Message.ReservedCapacityFreed.Flag.", true, ConfigKey.Scope.Global, null, null, null, null, null, ConfigKey.Kind.CSV, null); | ||||
| 
 | ||||
|     static final ConfigKey<String> UserVMReadOnlyDetails = new ConfigKey<>(String.class, | ||||
|     ConfigKey<String> UserVMReadOnlyDetails = new ConfigKey<>(String.class, | ||||
|     "user.vm.readonly.details", "Advanced", "dataDiskController, rootDiskController", | ||||
|             "List of read-only VM settings/details as comma separated string", true, ConfigKey.Scope.Global, null, null, null, null, null, ConfigKey.Kind.CSV, null); | ||||
| 
 | ||||
| @ -125,16 +125,20 @@ public interface QueryService { | ||||
|                     "network offering, zones), we use the flag to determine if the entities should be sorted ascending (when flag is true) " + | ||||
|                     "or descending (when flag is false). Within the scope of the config all users see the same result.", true, ConfigKey.Scope.Global); | ||||
| 
 | ||||
|     public static final ConfigKey<Boolean> AllowUserViewAllDomainAccounts = new ConfigKey<>("Advanced", Boolean.class, | ||||
|     ConfigKey<Boolean> AllowUserViewAllDomainAccounts = new ConfigKey<>("Advanced", Boolean.class, | ||||
|             "allow.user.view.all.domain.accounts", "false", | ||||
|             "Determines whether users can view all user accounts within the same domain", true, ConfigKey.Scope.Domain); | ||||
| 
 | ||||
|     static final ConfigKey<Boolean> SharePublicTemplatesWithOtherDomains = new ConfigKey<>("Advanced", Boolean.class, "share.public.templates.with.other.domains", "true", | ||||
|     ConfigKey<Boolean> AllowUserViewAllDataCenters = new ConfigKey<>("Advanced", Boolean.class, "allow.user.view.all.zones", "true", | ||||
|             "Determines whether for instance a Resource Admin can view zones that are not dedicated to them.", true, ConfigKey.Scope.Domain); | ||||
| 
 | ||||
|     ConfigKey<Boolean> SharePublicTemplatesWithOtherDomains = new ConfigKey<>("Advanced", Boolean.class, "share.public.templates.with.other.domains", "true", | ||||
|             "If false, templates of this domain will not show up in the list templates of other domains.", true, ConfigKey.Scope.Domain); | ||||
| 
 | ||||
|     ConfigKey<Boolean> ReturnVmStatsOnVmList = new ConfigKey<>("Advanced", Boolean.class, "list.vm.default.details.stats", "true", | ||||
|             "Determines whether VM stats should be returned when details are not explicitly specified in listVirtualMachines API request. When false, details default to [group, nics, secgrp, tmpl, servoff, diskoff, backoff, iso, volume, min, affgrp]. When true, all details are returned including 'stats'.", true, ConfigKey.Scope.Global); | ||||
| 
 | ||||
| 
 | ||||
|     ListResponse<UserResponse> searchForUsers(ResponseObject.ResponseView responseView, ListUsersCmd cmd) throws PermissionDeniedException; | ||||
| 
 | ||||
|     ListResponse<UserResponse> searchForUsers(Long domainId, boolean recursive) throws PermissionDeniedException; | ||||
|  | ||||
| @ -236,6 +236,12 @@ public class MockAccountManager extends ManagerBase implements AccountManager { | ||||
|         return false; | ||||
|     } | ||||
| 
 | ||||
|     @Override | ||||
|     public boolean isResourceDomainAdmin(Long accountId) { | ||||
|         // TODO Auto-generated method stub | ||||
|         return false; | ||||
|     } | ||||
| 
 | ||||
|     @Override | ||||
|     public boolean isNormalUser(long accountId) { | ||||
|         // TODO Auto-generated method stub | ||||
|  | ||||
										
											
												File diff suppressed because it is too large
												Load Diff
											
										
									
								
							| @ -650,6 +650,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M | ||||
|         return false; | ||||
|     } | ||||
| 
 | ||||
|     @Override | ||||
|     public boolean isResourceDomainAdmin(Long accountId) { | ||||
|         if (accountId != null) { | ||||
|             AccountVO acct = _accountDao.findById(accountId); | ||||
|  | ||||
| @ -422,6 +422,11 @@ public class MockAccountManagerImpl extends ManagerBase implements Manager, Acco | ||||
|         return false; | ||||
|     } | ||||
| 
 | ||||
|     @Override | ||||
|     public boolean isResourceDomainAdmin(Long accountId) { | ||||
|         return false; | ||||
|     } | ||||
| 
 | ||||
|     @Override | ||||
|     public boolean isNormalUser(long accountId) { | ||||
|         // TODO Auto-generated method stub | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user