apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

[4.19] server, api, ui: access improvements and assorted fixes (#22)

Browse Source 
* server, api, ui: access improvements and assorted fixes

Fixes domain-admin access check to prevent unauthorized access.

Co-authored-by: Fabricio Duarte <fabricio.duarte.jr@gmail.com>
Co-authored-by: nvazquez <nicovazquez90@gmail.com>
Co-authored-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* Revert "server: refactor listNetworks api database retrievals (#9184)"

This reverts commit c7f1ba5b8eec03d51bfe0f1432e46c9101b0f940.

* Fix snapshot chain being deleted on XenServer (#9447)

Using XenServer as the hypervisor, when deleting a snapshot that has a parent, that parent will also get erased on storage, causing data loss. This behavior was introduced with #7873, where the list of snapshot states that can be deleted was changed to add BackedUp snapshots.

This PR changes the states list back to the original list, and swaps the while loop for a do while loop to account for the changes in #7873.

Fixes #9446

* UI: Display Firewall, LB and Port Forwading rules tab for CKS clusters deployed on isolated networks (#9458)

---------

Co-authored-by: nvazquez <nicovazquez90@gmail.com>
Co-authored-by: Fabricio Duarte <fabricio.duarte.jr@gmail.com>
Co-authored-by: João Jandre <48719461+JoaoJandre@users.noreply.github.com>
Co-authored-by: Pearl Dsilva <pearl1594@gmail.com>
This commit is contained in:
Abhishek Kumar 2024-08-03 02:00:04 +05:30 committed by nvazquez
parent d541e9014d
commit 6fbdda951a
No known key found for this signature in database
GPG Key ID: 656E1BCC8CB54F84
2 changed files with 97 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

209
server/src/main/java/com/cloud/network/NetworkServiceImpl.java
View File

@ -36,6 +36,7 @@ import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
import java.util.UUID; import java.util.UUID;
import java.util.stream.Collectors;
import javax.inject.Inject; import javax.inject.Inject;
import javax.naming.ConfigurationException; import javax.naming.ConfigurationException;
@ -2196,9 +2197,6 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C
Long associatedNetworkId = cmd.getAssociatedNetworkId(); Long associatedNetworkId = cmd.getAssociatedNetworkId();
String networkFilterStr = cmd.getNetworkFilter(); String networkFilterStr = cmd.getNetworkFilter();
boolean applyManualPagination = CollectionUtils.isNotEmpty(supportedServicesStr) ||
Boolean.TRUE.equals(canUseForDeploy);
String vlanId = null; String vlanId = null;
if (cmd instanceof ListNetworksCmdByAdmin) { if (cmd instanceof ListNetworksCmdByAdmin) {
vlanId = ((ListNetworksCmdByAdmin)cmd).getVlan(); vlanId = ((ListNetworksCmdByAdmin)cmd).getVlan();
@ -2284,13 +2282,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C
isRecursive = true; isRecursive = true;
} }
Long offset = cmd.getStartIndex(); Filter searchFilter = new Filter(NetworkVO.class, "id", false, null, null);
Long limit = cmd.getPageSizeVal();
if (applyManualPagination) {
offset = null;
limit = null;
}
Filter searchFilter = new Filter(NetworkVO.class, "id", false, offset, limit);
SearchBuilder<NetworkVO> sb = _networksDao.createSearchBuilder(); SearchBuilder<NetworkVO> sb = _networksDao.createSearchBuilder();
if (forVpc != null) { if (forVpc != null) {
@ -2345,123 +2337,113 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C
sb.join("associatedNetworkSearch", associatedNetworkSearch, sb.entity().getId(), associatedNetworkSearch.entity().getResourceId(), JoinBuilder.JoinType.INNER); sb.join("associatedNetworkSearch", associatedNetworkSearch, sb.entity().getId(), associatedNetworkSearch.entity().getResourceId(), JoinBuilder.JoinType.INNER);
} }
SearchCriteria<NetworkVO> mainSearchCriteria = createNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, List<NetworkVO> networksToReturn = new ArrayList<NetworkVO>();
guestIpType, trafficType, physicalNetworkId, networkOfferingId, aclType, restartRequired,
specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId);
SearchCriteria<NetworkVO> additionalSearchCriteria = _networksDao.createSearchCriteria();
if (isSystem == null || !isSystem) { if (isSystem == null || !isSystem) {
if (!permittedAccounts.isEmpty()) { if (!permittedAccounts.isEmpty()) {
if (Arrays.asList(Network.NetworkFilter.Account, Network.NetworkFilter.AccountDomain, Network.NetworkFilter.All).contains(networkFilter)) { if (Arrays.asList(Network.NetworkFilter.Account, Network.NetworkFilter.AccountDomain, Network.NetworkFilter.All).contains(networkFilter)) {
//get account level networks //get account level networks
additionalSearchCriteria.addOr("id", SearchCriteria.Op.SC, networksToReturn.addAll(listAccountSpecificNetworks(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, networkOfferingId,
getAccountSpecificNetworksSearchCriteria(sb, permittedAccounts, skipProjectNetworks)); aclType, skipProjectNetworks, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, permittedAccounts));
} }
if (domainId != null && Arrays.asList(Network.NetworkFilter.Domain, Network.NetworkFilter.AccountDomain, Network.NetworkFilter.All).contains(networkFilter)) { if (domainId != null && Arrays.asList(Network.NetworkFilter.Domain, Network.NetworkFilter.AccountDomain, Network.NetworkFilter.All).contains(networkFilter)) {
//get domain level networks //get domain level networks
SearchCriteria<NetworkVO> domainLevelSC = getDomainLevelNetworksSearchCriteria(sb, domainId, false); networksToReturn.addAll(listDomainLevelNetworks(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, networkOfferingId,
if (domainLevelSC != null) { aclType, true, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, domainId, false));
additionalSearchCriteria.addOr("id", SearchCriteria.Op.SC, domainLevelSC);
}
} }
if (Arrays.asList(Network.NetworkFilter.Shared, Network.NetworkFilter.All).contains(networkFilter)) { if (Arrays.asList(Network.NetworkFilter.Shared, Network.NetworkFilter.All).contains(networkFilter)) {
// get shared networks // get shared networks
SearchCriteria<NetworkVO> sharedNetworksSC = getSharedNetworksSearchCriteria(sb, permittedAccounts); List<NetworkVO> sharedNetworks = listSharedNetworks(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, networkOfferingId,
if (sharedNetworksSC != null) { aclType, true, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, permittedAccounts);
additionalSearchCriteria.addOr("id", SearchCriteria.Op.SC, sharedNetworksSC); addNetworksToReturnIfNotExist(networksToReturn, sharedNetworks);
}
} }
} else { } else {
if (Arrays.asList(Network.NetworkFilter.Account, Network.NetworkFilter.AccountDomain, Network.NetworkFilter.All).contains(networkFilter)) { if (Arrays.asList(Network.NetworkFilter.Account, Network.NetworkFilter.AccountDomain, Network.NetworkFilter.All).contains(networkFilter)) {
//add account specific networks //add account specific networks
additionalSearchCriteria.addOr("id", SearchCriteria.Op.SC, networksToReturn.addAll(listAccountSpecificNetworksByDomainPath(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, networkOfferingId,
getAccountSpecificNetworksByDomainPathSearchCriteria(sb, path, isRecursive, aclType, skipProjectNetworks, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, path, isRecursive));
skipProjectNetworks));
} }
if (Arrays.asList(Network.NetworkFilter.Domain, Network.NetworkFilter.AccountDomain, Network.NetworkFilter.All).contains(networkFilter)) { if (Arrays.asList(Network.NetworkFilter.Domain, Network.NetworkFilter.AccountDomain, Network.NetworkFilter.All).contains(networkFilter)) {
//add domain specific networks of domain + parent domains //add domain specific networks of domain + parent domains
SearchCriteria<NetworkVO> domainSpecificNetworksByDomainPathSC = networksToReturn.addAll(listDomainSpecificNetworksByDomainPath(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, networkOfferingId,
getDomainSpecificNetworksByDomainPathSearchCriteria(sb, path, isRecursive); aclType, true, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, path, isRecursive));
if (domainSpecificNetworksByDomainPathSC != null) {
additionalSearchCriteria.addOr("id", SearchCriteria.Op.SC, domainSpecificNetworksByDomainPathSC);
}
//add networks of subdomains //add networks of subdomains
if (domainId == null) { if (domainId == null) {
SearchCriteria<NetworkVO> domainLevelSC = getDomainLevelNetworksSearchCriteria(sb, caller.getDomainId(), true); networksToReturn.addAll(listDomainLevelNetworks(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, networkOfferingId,
if (domainLevelSC != null) { aclType, true, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, caller.getDomainId(), true));
additionalSearchCriteria.addOr("id", SearchCriteria.Op.SC, domainLevelSC);
}
} }
} }
if (Arrays.asList(Network.NetworkFilter.Shared, Network.NetworkFilter.All).contains(networkFilter)) { if (Arrays.asList(Network.NetworkFilter.Shared, Network.NetworkFilter.All).contains(networkFilter)) {
// get shared networks // get shared networks
SearchCriteria<NetworkVO> sharedNetworksSC = getSharedNetworksByDomainPathSearchCriteria(sb, path, isRecursive); List<NetworkVO> sharedNetworks = listSharedNetworksByDomainPath(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, networkOfferingId,
if (sharedNetworksSC != null) { aclType, true, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, path, isRecursive);
additionalSearchCriteria.addOr("id", SearchCriteria.Op.SC, sharedNetworksSC); addNetworksToReturnIfNotExist(networksToReturn, sharedNetworks);
}
} }
} }
if (CollectionUtils.isNotEmpty(additionalSearchCriteria.getValues())) {
mainSearchCriteria.addAnd("id", SearchCriteria.Op.SC, additionalSearchCriteria);
}
} else { } else {
if (skipProjectNetworks) { networksToReturn = _networksDao.search(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, networkOfferingId,
mainSearchCriteria.setJoinParameters("accountSearch", "typeNEQ", Account.Type.PROJECT); null, true, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter);
} else {
mainSearchCriteria.setJoinParameters("accountSearch", "typeEQ", Account.Type.PROJECT);
}
} }
Pair<List<NetworkVO>, Integer> result = _networksDao.searchAndCount(mainSearchCriteria, searchFilter);
List<NetworkVO> networksToReturn = result.first();
if (supportedServicesStr != null && !supportedServicesStr.isEmpty() && !networksToReturn.isEmpty()) { if (supportedServicesStr != null && !supportedServicesStr.isEmpty() && !networksToReturn.isEmpty()) {
List<NetworkVO> supportedNetworks = new ArrayList<>(); List<NetworkVO> supportedNetworks = new ArrayList<NetworkVO>();
Service[] supportedServices = new Service[supportedServicesStr.size()]; Service[] suppportedServices = new Service[supportedServicesStr.size()];
int i = 0; int i = 0;
for (String supportedServiceStr : supportedServicesStr) { for (String supportedServiceStr : supportedServicesStr) {
Service service = Service.getService(supportedServiceStr); Service service = Service.getService(supportedServiceStr);
if (service == null) { if (service == null) {
throw new InvalidParameterValueException("Invalid service specified " + supportedServiceStr); throw new InvalidParameterValueException("Invalid service specified " + supportedServiceStr);
} else { } else {
supportedServices[i] = service; suppportedServices[i] = service;
} }
i++; i++;
} }
for (NetworkVO network : networksToReturn) { for (NetworkVO network : networksToReturn) {
if (areServicesSupportedInNetwork(network.getId(), supportedServices)) { if (areServicesSupportedInNetwork(network.getId(), suppportedServices)) {
supportedNetworks.add(network); supportedNetworks.add(network);
} }
} }
networksToReturn = supportedNetworks; networksToReturn = supportedNetworks;
} }
if (canUseForDeploy != null) { if (canUseForDeploy != null) {
List<NetworkVO> networksForDeploy = new ArrayList<>(); List<NetworkVO> networksForDeploy = new ArrayList<NetworkVO>();
for (NetworkVO network : networksToReturn) { for (NetworkVO network : networksToReturn) {
if (_networkModel.canUseForDeploy(network) == canUseForDeploy) { if (_networkModel.canUseForDeploy(network) == canUseForDeploy) {
networksForDeploy.add(network); networksForDeploy.add(network);
} }
} }
networksToReturn = networksForDeploy; networksToReturn = networksForDeploy;
} }
if (applyManualPagination) { //Now apply pagination
//Now apply pagination List<? extends Network> wPagination = com.cloud.utils.StringUtils.applyPagination(networksToReturn, cmd.getStartIndex(), cmd.getPageSizeVal());
List<? extends Network> wPagination = com.cloud.utils.StringUtils.applyPagination(networksToReturn, cmd.getStartIndex(), cmd.getPageSizeVal()); if (wPagination != null) {
if (wPagination != null) { Pair<List<? extends Network>, Integer> listWPagination = new Pair<List<? extends Network>, Integer>(wPagination, networksToReturn.size());
Pair<List<? extends Network>, Integer> listWPagination = new Pair<>(wPagination, networksToReturn.size()); return listWPagination;
return listWPagination;
}
return new Pair<>(networksToReturn, networksToReturn.size());
} }
return new Pair<>(result.first(), result.second()); return new Pair<List<? extends Network>, Integer>(networksToReturn, networksToReturn.size());
} }
private SearchCriteria<NetworkVO> createNetworkSearchCriteria(SearchBuilder<NetworkVO> sb, String keyword, Long id, private void addNetworksToReturnIfNotExist(final List<NetworkVO> networksToReturn, final List<NetworkVO> sharedNetworks) {
Boolean isSystem, Long zoneId, String guestIpType, String trafficType, Long physicalNetworkId, Set<Long> networkIds = networksToReturn.stream()
Long networkOfferingId, String aclType, Boolean restartRequired, .map(NetworkVO::getId)
Boolean specifyIpRanges, Long vpcId, Map<String, String> tags, Boolean display, String vlanId, Long associatedNetworkId) { .collect(Collectors.toSet());
List<NetworkVO> sharedNetworksToReturn = sharedNetworks.stream()
.filter(network -> ! networkIds.contains(network.getId()))
.collect(Collectors.toList());
networksToReturn.addAll(sharedNetworksToReturn);
}
private SearchCriteria<NetworkVO> buildNetworkSearchCriteria(SearchBuilder<NetworkVO> sb, String keyword, Long id,
Boolean isSystem, Long zoneId, String guestIpType, String trafficType, Long physicalNetworkId,
Long networkOfferingId, String aclType, boolean skipProjectNetworks, Boolean restartRequired,
Boolean specifyIpRanges, Long vpcId, Map<String, String> tags, Boolean display, String vlanId, Long associatedNetworkId) {
SearchCriteria<NetworkVO> sc = sb.create(); SearchCriteria<NetworkVO> sc = sb.create();
@ -2503,6 +2485,12 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C
sc.addAnd("physicalNetworkId", SearchCriteria.Op.EQ, physicalNetworkId); sc.addAnd("physicalNetworkId", SearchCriteria.Op.EQ, physicalNetworkId);
} }
if (skipProjectNetworks) {
sc.setJoinParameters("accountSearch", "typeNEQ", Account.Type.PROJECT);
} else {
sc.setJoinParameters("accountSearch", "typeEQ", Account.Type.PROJECT);
}
if (restartRequired != null) { if (restartRequired != null) {
sc.addAnd("restartRequired", SearchCriteria.Op.EQ, restartRequired); sc.addAnd("restartRequired", SearchCriteria.Op.EQ, restartRequired);
} }
@ -2543,8 +2531,8 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C
return sc; return sc;
} }
private SearchCriteria<NetworkVO> getDomainLevelNetworksSearchCriteria(SearchBuilder<NetworkVO> sb, long domainId, boolean parentDomainsOnly) { private List<NetworkVO> listDomainLevelNetworks(SearchCriteria<NetworkVO> sc, Filter searchFilter, long domainId, boolean parentDomainsOnly) {
List<Long> networkIds = new ArrayList<>(); List<Long> networkIds = new ArrayList<Long>();
Set<Long> allowedDomains = _domainMgr.getDomainParentIds(domainId); Set<Long> allowedDomains = _domainMgr.getDomainParentIds(domainId);
List<NetworkDomainVO> maps = _networkDomainDao.listDomainNetworkMapByDomain(allowedDomains.toArray()); List<NetworkDomainVO> maps = _networkDomainDao.listDomainNetworkMapByDomain(allowedDomains.toArray());
@ -2559,55 +2547,48 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C
} }
if (!networkIds.isEmpty()) { if (!networkIds.isEmpty()) {
SearchCriteria<NetworkVO> domainSC = sb.create(); SearchCriteria<NetworkVO> domainSC = _networksDao.createSearchCriteria();
domainSC.setJoinParameters("accountSearch", "typeNEQ", Account.Type.PROJECT);
domainSC.addAnd("id", SearchCriteria.Op.IN, networkIds.toArray()); domainSC.addAnd("id", SearchCriteria.Op.IN, networkIds.toArray());
domainSC.addAnd("aclType", SearchCriteria.Op.EQ, ACLType.Domain.toString()); domainSC.addAnd("aclType", SearchCriteria.Op.EQ, ACLType.Domain.toString());
return domainSC;
sc.addAnd("id", SearchCriteria.Op.SC, domainSC);
return _networksDao.search(sc, searchFilter);
} else {
return new ArrayList<NetworkVO>();
} }
return null;
} }
private SearchCriteria<NetworkVO> getAccountSpecificNetworksSearchCriteria(SearchBuilder<NetworkVO> sb, private List<NetworkVO> listAccountSpecificNetworks(SearchCriteria<NetworkVO> sc, Filter searchFilter, List<Long> permittedAccounts) {
List<Long> permittedAccounts, boolean skipProjectNetworks) { SearchCriteria<NetworkVO> accountSC = _networksDao.createSearchCriteria();
SearchCriteria<NetworkVO> accountSC = sb.create();
if (skipProjectNetworks) {
accountSC.setJoinParameters("accountSearch", "typeNEQ", Account.Type.PROJECT);
} else {
accountSC.setJoinParameters("accountSearch", "typeEQ", Account.Type.PROJECT);
}
if (!permittedAccounts.isEmpty()) { if (!permittedAccounts.isEmpty()) {
accountSC.addAnd("accountId", SearchCriteria.Op.IN, permittedAccounts.toArray()); accountSC.addAnd("accountId", SearchCriteria.Op.IN, permittedAccounts.toArray());
} }
accountSC.addAnd("aclType", SearchCriteria.Op.EQ, ACLType.Account.toString()); accountSC.addAnd("aclType", SearchCriteria.Op.EQ, ACLType.Account.toString());
return accountSC;
sc.addAnd("id", SearchCriteria.Op.SC, accountSC);
return _networksDao.search(sc, searchFilter);
} }
private SearchCriteria<NetworkVO> getAccountSpecificNetworksByDomainPathSearchCriteria(SearchBuilder<NetworkVO> sb, private List<NetworkVO> listAccountSpecificNetworksByDomainPath(SearchCriteria<NetworkVO> sc, Filter searchFilter, String path, boolean isRecursive) {
String path, boolean isRecursive, boolean skipProjectNetworks) { SearchCriteria<NetworkVO> accountSC = _networksDao.createSearchCriteria();
SearchCriteria<NetworkVO> accountSC = sb.create();
if (skipProjectNetworks) {
accountSC.setJoinParameters("accountSearch", "typeNEQ", Account.Type.PROJECT);
} else {
accountSC.setJoinParameters("accountSearch", "typeEQ", Account.Type.PROJECT);
}
accountSC.addAnd("aclType", SearchCriteria.Op.EQ, ACLType.Account.toString()); accountSC.addAnd("aclType", SearchCriteria.Op.EQ, ACLType.Account.toString());
if (path != null) { if (path != null) {
if (isRecursive) { if (isRecursive) {
accountSC.setJoinParameters("domainSearch", "path", path + "%"); sc.setJoinParameters("domainSearch", "path", path + "%");
} else { } else {
accountSC.setJoinParameters("domainSearch", "path", path); sc.setJoinParameters("domainSearch", "path", path);
} }
} }
return accountSC; sc.addAnd("id", SearchCriteria.Op.SC, accountSC);
return _networksDao.search(sc, searchFilter);
} }
private SearchCriteria<NetworkVO> getDomainSpecificNetworksByDomainPathSearchCriteria(SearchBuilder<NetworkVO> sb, private List<NetworkVO> listDomainSpecificNetworksByDomainPath(SearchCriteria<NetworkVO> sc, Filter searchFilter, String path, boolean isRecursive) {
String path, boolean isRecursive) {
Set<Long> allowedDomains = new HashSet<>(); Set<Long> allowedDomains = new HashSet<Long>();
if (path != null) { if (path != null) {
if (isRecursive) { if (isRecursive) {
allowedDomains = _domainMgr.getDomainChildrenIds(path); allowedDomains = _domainMgr.getDomainChildrenIds(path);
@ -2617,7 +2598,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C
} }
} }
List<Long> networkIds = new ArrayList<>(); List<Long> networkIds = new ArrayList<Long>();
List<NetworkDomainVO> maps = _networkDomainDao.listDomainNetworkMapByDomain(allowedDomains.toArray()); List<NetworkDomainVO> maps = _networkDomainDao.listDomainNetworkMapByDomain(allowedDomains.toArray());
@ -2626,28 +2607,30 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C
} }
if (!networkIds.isEmpty()) { if (!networkIds.isEmpty()) {
SearchCriteria<NetworkVO> domainSC = sb.create(); SearchCriteria<NetworkVO> domainSC = _networksDao.createSearchCriteria();
domainSC.setJoinParameters("accountSearch", "typeNEQ", Account.Type.PROJECT);
domainSC.addAnd("id", SearchCriteria.Op.IN, networkIds.toArray()); domainSC.addAnd("id", SearchCriteria.Op.IN, networkIds.toArray());
domainSC.addAnd("aclType", SearchCriteria.Op.EQ, ACLType.Domain.toString()); domainSC.addAnd("aclType", SearchCriteria.Op.EQ, ACLType.Domain.toString());
return domainSC;
sc.addAnd("id", SearchCriteria.Op.SC, domainSC);
return _networksDao.search(sc, searchFilter);
} else {
return new ArrayList<NetworkVO>();
} }
return null;
} }
private SearchCriteria<NetworkVO> getSharedNetworksSearchCriteria(SearchBuilder<NetworkVO> sb, List<Long> permittedAccounts) { private List<NetworkVO> listSharedNetworks(SearchCriteria<NetworkVO> sc, Filter searchFilter, List<Long> permittedAccounts) {
List<Long> sharedNetworkIds = _networkPermissionDao.listPermittedNetworkIdsByAccounts(permittedAccounts); List<Long> sharedNetworkIds = _networkPermissionDao.listPermittedNetworkIdsByAccounts(permittedAccounts);
if (!sharedNetworkIds.isEmpty()) { if (!sharedNetworkIds.isEmpty()) {
SearchCriteria<NetworkVO> ssc = sb.create(); SearchCriteria<NetworkVO> ssc = _networksDao.createSearchCriteria();
ssc.setJoinParameters("accountSearch", "typeNEQ", Account.Type.PROJECT);
ssc.addAnd("id", SearchCriteria.Op.IN, sharedNetworkIds.toArray()); ssc.addAnd("id", SearchCriteria.Op.IN, sharedNetworkIds.toArray());
return ssc; sc.addAnd("id", SearchCriteria.Op.SC, ssc);
return _networksDao.search(sc, searchFilter);
} }
return null; return new ArrayList<NetworkVO>();
} }
private SearchCriteria<NetworkVO> getSharedNetworksByDomainPathSearchCriteria(SearchBuilder<NetworkVO> sb, String path, boolean isRecursive) { private List<NetworkVO> listSharedNetworksByDomainPath(SearchCriteria<NetworkVO> sc, Filter searchFilter, String path, boolean isRecursive) {
Set<Long> allowedDomains = new HashSet<>(); Set<Long> allowedDomains = new HashSet<Long>();
if (path != null) { if (path != null) {
if (isRecursive) { if (isRecursive) {
allowedDomains = _domainMgr.getDomainChildrenIds(path); allowedDomains = _domainMgr.getDomainChildrenIds(path);
@ -2669,13 +2652,13 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C
List<Long> sharedNetworkIds = _networkPermissionDao.listPermittedNetworkIdsByAccounts(allowedAccountsList); List<Long> sharedNetworkIds = _networkPermissionDao.listPermittedNetworkIdsByAccounts(allowedAccountsList);
if (!sharedNetworkIds.isEmpty()) { if (!sharedNetworkIds.isEmpty()) {
SearchCriteria<NetworkVO> ssc = sb.create(); SearchCriteria<NetworkVO> ssc = _networksDao.createSearchCriteria();
ssc.setJoinParameters("accountSearch", "typeNEQ", Account.Type.PROJECT);
ssc.addAnd("id", SearchCriteria.Op.IN, sharedNetworkIds.toArray()); ssc.addAnd("id", SearchCriteria.Op.IN, sharedNetworkIds.toArray());
return ssc; sc.addAnd("id", SearchCriteria.Op.SC, ssc);
return _networksDao.search(sc, searchFilter);
} }
} }
return null; return new ArrayList<NetworkVO>();
} }
@Override @Override

1
server/src/test/java/com/cloud/user/AccountManagerImplTest.java
View File

@ -61,6 +61,7 @@ import com.cloud.vm.UserVmManagerImpl;
import com.cloud.vm.UserVmVO; import com.cloud.vm.UserVmVO;
import com.cloud.vm.VMInstanceVO; import com.cloud.vm.VMInstanceVO;
import com.cloud.vm.snapshot.VMSnapshotVO; import com.cloud.vm.snapshot.VMSnapshotVO;
import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.acl.SecurityChecker.AccessType; import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.command.admin.user.GetUserKeysCmd; import org.apache.cloudstack.api.command.admin.user.GetUserKeysCmd;
import org.apache.cloudstack.api.command.admin.user.UpdateUserCmd; import org.apache.cloudstack.api.command.admin.user.UpdateUserCmd;