apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-12-15 10:02:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixed a bug for listTemplates with TemplateFilter=shared.

Browse Source
This commit is contained in:
Min Chen 2014-02-13 16:47:41 -08:00
parent 5bfc75cac9
commit 8072e50845
4 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
api/src/org/apache/cloudstack/api/command/user/template/UpdateTemplatePermissionsCmd.java
View File

@ -18,6 +18,7 @@ package org.apache.cloudstack.api.command.user.template;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.AclEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.BaseUpdateTemplateOrIsoPermissionsCmd;
import org.apache.cloudstack.api.response.SuccessResponse;
@ -27,7 +28,7 @@ import com.cloud.user.Account;
@APICommand(name = "updateTemplatePermissions", responseObject = SuccessResponse.class, description = "Updates a template visibility permissions. "
+ "A public template is visible to all accounts within the same domain. " + "A private template is visible only to the owner of the template. "
+ "A priviledged template is a private template with account permissions added. " + "Only accounts specified under the template permissions are visible to them.")
+ "A priviledged template is a private template with account permissions added. " + "Only accounts specified under the template permissions are visible to them.", entityType = {AclEntityType.VirtualMachineTemplate})
public class UpdateTemplatePermissionsCmd extends BaseUpdateTemplateOrIsoPermissionsCmd {
@Override
protected String getResponseName() {

7
server/src/com/cloud/api/query/QueryManagerImpl.java
View File

@ -2902,6 +2902,13 @@ public class QueryManagerImpl extends ManagerBase implements QueryService {
// exclude the caller, only include those granted and not owned by self
permittedDomains.remove(caller.getDomainId());
permittedAccounts.remove(caller.getAccountId());
for (Long tid : permittedResources) {
// remove it if it is owned by the caller
VMTemplateVO tmpl = _templateDao.findById(tid);
if (tmpl != null && tmpl.getAccountId() == caller.getAccountId()) {
permittedResources.remove(tid);
}
}
// building ACL search criteria
SearchCriteria<TemplateJoinVO> aclSc = _templateJoinDao.createSearchCriteria();
_accountMgr.buildACLViewSearchCriteria(sc, aclSc, isRecursive, permittedDomains, permittedAccounts, permittedResources, listProjectResourcesCriteria);

3
server/src/com/cloud/template/TemplateManagerImpl.java
View File

@ -1174,7 +1174,8 @@ public class TemplateManagerImpl extends ManagerBase implements TemplateManager,
}
}
_accountMgr.checkAccess(caller, AccessType.ModifyEntry, true, template);
//_accountMgr.checkAccess(caller, AccessType.ModifyEntry, true, template);
_accountMgr.checkAccess(caller, AccessType.OperateEntry, true, template); //TODO: should we replace all ModifyEntry as OperateEntry?
// If the template is removed throw an error.
if (template.getRemoved() != null) {

11
server/src/com/cloud/user/AccountManagerImpl.java
View File

@ -38,6 +38,9 @@ import javax.ejb.Local;
import javax.inject.Inject;
import javax.naming.ConfigurationException;
import org.apache.commons.codec.binary.Base64;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.acl.QuerySelector;
import org.apache.cloudstack.acl.RoleType;
@ -57,8 +60,6 @@ import org.apache.cloudstack.framework.messagebus.MessageBus;
import org.apache.cloudstack.framework.messagebus.PublishScope;
import org.apache.cloudstack.managed.context.ManagedContextRunnable;
import org.apache.cloudstack.region.gslb.GlobalLoadBalancerRuleDao;
import org.apache.commons.codec.binary.Base64;
import org.apache.log4j.Logger;
import com.cloud.api.ApiDBUtils;
import com.cloud.configuration.Config;
@ -2228,12 +2229,6 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
checkAccess(caller, domain);
}
if (id != null) {
// look for an individual entity, no other permission criteria are needed
permittedResources.add(id);
return;
}
if (accountName != null) {
if (projectId != null) {
throw new InvalidParameterValueException("Account and projectId can't be specified together");