server: Handle listProjects API to list projects with user as members when listAll=true (#4316)

* added defensive checks for avoiding NPE and list projects API fix

* list projects with account name provided to not include users in the account in response

Co-authored-by: Pearl Dsilva <pearl.dsilva@shapeblue.com>

server/src/main/java/com/cloud/acl/AffinityGroupAccessChecker.java

@@ -80,8 +80,8 @@ public class AffinityGroupAccessChecker extends DomainChecker {
                   //check if the group belongs to a project
                     User user = CallContext.current().getCallingUser();
                     ProjectVO project = _projectDao.findByProjectAccountId(group.getAccountId());
-                    ProjectAccount userProjectAccount = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId());
                     if (project != null) {
+                        ProjectAccount userProjectAccount = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId());
                         if (userProjectAccount != null) {
                             if (AccessType.ModifyProject.equals(accessType) && _projectAccountDao.canUserModifyProject(project.getId(), user.getAccountId(), user.getId())) {
                                 return true;

server/src/main/java/com/cloud/acl/DomainChecker.java

@@ -61,6 +61,7 @@ import com.cloud.user.AccountService;
 import com.cloud.user.User;
 import com.cloud.user.dao.AccountDao;
 import com.cloud.utils.component.AdapterBase;
+import com.cloud.utils.exception.CloudRuntimeException;
 
 @Component
 public class DomainChecker extends AdapterBase implements SecurityChecker {
@@ -199,6 +200,9 @@ public class DomainChecker extends AdapterBase implements SecurityChecker {
     private boolean checkOperationPermitted(Account caller, ControlledEntity entity) {
         User user = CallContext.current().getCallingUser();
         Project project = projectDao.findByProjectAccountId(entity.getAccountId());
+        if (project == null) {
+            throw new CloudRuntimeException("Unable to find project to which the entity belongs to");
+        }
         ProjectAccount projectUser = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId());
         String apiCommandName = CallContext.current().getApiName();
 

server/src/main/java/com/cloud/api/query/QueryManagerImpl.java

@@ -1484,15 +1484,19 @@ public class QueryManagerImpl extends MutualExclusiveIdsManagerBase implements Q
         }
 
         if (accountId != null) {
-            sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ);
+            if (userId == null) {
+                sb.and().op("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ);
+                sb.and("userIdNull", sb.entity().getUserId(), Op.NULL);
+                sb.cp();
+            } else {
+                sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ);
+            }
         }
 
         if (userId != null) {
             sb.and().op("userId", sb.entity().getUserId(), Op.EQ);
             sb.or("userIdNull", sb.entity().getUserId(), Op.NULL);
             sb.cp();
-        } else {
-            sb.and("userIdNull", sb.entity().getUserId(), Op.NULL);
         }
 
         SearchCriteria<ProjectJoinVO> sc = sb.create();

server/src/main/java/com/cloud/network/NetworkModelImpl.java

@@ -1658,6 +1658,9 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel, Confi
             if (owner.getType() != Account.ACCOUNT_TYPE_PROJECT && networkOwner.getType() == Account.ACCOUNT_TYPE_PROJECT) {
                 User user = CallContext.current().getCallingUser();
                 Project project = projectDao.findByProjectAccountId(network.getAccountId());
+                if (project == null) {
+                    throw new CloudRuntimeException("Unable to find project to which the network belongs to");
+                }
                 ProjectAccount projectAccountUser = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId());
                 if (projectAccountUser != null) {
                     if (!_projectAccountDao.canUserAccessProjectAccount(user.getAccountId(), user.getId(), network.getAccountId())) {

server/src/main/java/com/cloud/projects/ProjectManagerImpl.java

@@ -239,6 +239,9 @@ public class ProjectManagerImpl extends ManagerBase implements ProjectManager {
         }
 
         User user = validateUser(userId, accountId, domainId);
+        if (user != null) {
+            owner = _accountDao.findById(user.getAccountId());
+        }
 
         //do resource limit check
         _resourceLimitMgr.checkResourceLimit(owner, ResourceType.project);
@@ -559,9 +562,11 @@ public class ProjectManagerImpl extends ManagerBase implements ProjectManager {
         }
         User user = CallContext.current().getCallingUser();
         ProjectVO project = _projectDao.findByProjectAccountId(accountId);
-        ProjectAccount userProjectAccount = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId());
-        if (userProjectAccount != null) {
-            return _projectAccountDao.canUserAccessProjectAccount(user.getAccountId(), user.getId(), accountId);
+        if (project != null) {
+            ProjectAccount userProjectAccount = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId());
+            if (userProjectAccount != null) {
+                return _projectAccountDao.canUserAccessProjectAccount(user.getAccountId(), user.getId(), accountId);
+            }
         }
         return _projectAccountDao.canAccessProjectAccount(caller.getId(), accountId);
     }