From 82b6971258a2f63360dbd0cb404fcf87669a5327 Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Thu, 17 Sep 2020 10:20:34 +0530
Subject: [PATCH] server: Handle listProjects API to list projects with user as
 members when listAll=true (#4316)

* added defensive checks for avoiding NPE and list projects API fix

* list projects with account name provided to not include users in the account in response

Co-authored-by: Pearl Dsilva <pearl.dsilva@shapeblue.com>
---
 .../com/cloud/acl/AffinityGroupAccessChecker.java     |  2 +-
 server/src/main/java/com/cloud/acl/DomainChecker.java |  4 ++++
 .../java/com/cloud/api/query/QueryManagerImpl.java    | 10 +++++++---
 .../main/java/com/cloud/network/NetworkModelImpl.java |  3 +++
 .../java/com/cloud/projects/ProjectManagerImpl.java   | 11 ++++++++---
 5 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/server/src/main/java/com/cloud/acl/AffinityGroupAccessChecker.java b/server/src/main/java/com/cloud/acl/AffinityGroupAccessChecker.java
index 6106c7268e1..3a648cdcbf0 100644
--- a/server/src/main/java/com/cloud/acl/AffinityGroupAccessChecker.java
+++ b/server/src/main/java/com/cloud/acl/AffinityGroupAccessChecker.java
@@ -80,8 +80,8 @@ public class AffinityGroupAccessChecker extends DomainChecker {
                   //check if the group belongs to a project
                     User user = CallContext.current().getCallingUser();
                     ProjectVO project = _projectDao.findByProjectAccountId(group.getAccountId());
-                    ProjectAccount userProjectAccount = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId());
                     if (project != null) {
+                        ProjectAccount userProjectAccount = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId());
                         if (userProjectAccount != null) {
                             if (AccessType.ModifyProject.equals(accessType) && _projectAccountDao.canUserModifyProject(project.getId(), user.getAccountId(), user.getId())) {
                                 return true;
diff --git a/server/src/main/java/com/cloud/acl/DomainChecker.java b/server/src/main/java/com/cloud/acl/DomainChecker.java
index 5fc2b343be9..24b6b2a42b4 100644
--- a/server/src/main/java/com/cloud/acl/DomainChecker.java
+++ b/server/src/main/java/com/cloud/acl/DomainChecker.java
@@ -61,6 +61,7 @@ import com.cloud.user.AccountService;
 import com.cloud.user.User;
 import com.cloud.user.dao.AccountDao;
 import com.cloud.utils.component.AdapterBase;
+import com.cloud.utils.exception.CloudRuntimeException;
 
 @Component
 public class DomainChecker extends AdapterBase implements SecurityChecker {
@@ -199,6 +200,9 @@ public class DomainChecker extends AdapterBase implements SecurityChecker {
     private boolean checkOperationPermitted(Account caller, ControlledEntity entity) {
         User user = CallContext.current().getCallingUser();
         Project project = projectDao.findByProjectAccountId(entity.getAccountId());
+        if (project == null) {
+            throw new CloudRuntimeException("Unable to find project to which the entity belongs to");
+        }
         ProjectAccount projectUser = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId());
         String apiCommandName = CallContext.current().getApiName();
 
diff --git a/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java b/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java
index 154a2930859..b920f475cbf 100644
--- a/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java
+++ b/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java
@@ -1484,15 +1484,19 @@ public class QueryManagerImpl extends MutualExclusiveIdsManagerBase implements Q
         }
 
         if (accountId != null) {
-            sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ);
+            if (userId == null) {
+                sb.and().op("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ);
+                sb.and("userIdNull", sb.entity().getUserId(), Op.NULL);
+                sb.cp();
+            } else {
+                sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ);
+            }
         }
 
         if (userId != null) {
             sb.and().op("userId", sb.entity().getUserId(), Op.EQ);
             sb.or("userIdNull", sb.entity().getUserId(), Op.NULL);
             sb.cp();
-        } else {
-            sb.and("userIdNull", sb.entity().getUserId(), Op.NULL);
         }
 
         SearchCriteria<ProjectJoinVO> sc = sb.create();
diff --git a/server/src/main/java/com/cloud/network/NetworkModelImpl.java b/server/src/main/java/com/cloud/network/NetworkModelImpl.java
index aabcf2b10bf..b6eab90a98c 100644
--- a/server/src/main/java/com/cloud/network/NetworkModelImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkModelImpl.java
@@ -1658,6 +1658,9 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel, Confi
             if (owner.getType() != Account.ACCOUNT_TYPE_PROJECT && networkOwner.getType() == Account.ACCOUNT_TYPE_PROJECT) {
                 User user = CallContext.current().getCallingUser();
                 Project project = projectDao.findByProjectAccountId(network.getAccountId());
+                if (project == null) {
+                    throw new CloudRuntimeException("Unable to find project to which the network belongs to");
+                }
                 ProjectAccount projectAccountUser = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId());
                 if (projectAccountUser != null) {
                     if (!_projectAccountDao.canUserAccessProjectAccount(user.getAccountId(), user.getId(), network.getAccountId())) {
diff --git a/server/src/main/java/com/cloud/projects/ProjectManagerImpl.java b/server/src/main/java/com/cloud/projects/ProjectManagerImpl.java
index 90a27fcafd0..88ad0c2ffc9 100644
--- a/server/src/main/java/com/cloud/projects/ProjectManagerImpl.java
+++ b/server/src/main/java/com/cloud/projects/ProjectManagerImpl.java
@@ -239,6 +239,9 @@ public class ProjectManagerImpl extends ManagerBase implements ProjectManager {
         }
 
         User user = validateUser(userId, accountId, domainId);
+        if (user != null) {
+            owner = _accountDao.findById(user.getAccountId());
+        }
 
         //do resource limit check
         _resourceLimitMgr.checkResourceLimit(owner, ResourceType.project);
@@ -559,9 +562,11 @@ public class ProjectManagerImpl extends ManagerBase implements ProjectManager {
         }
         User user = CallContext.current().getCallingUser();
         ProjectVO project = _projectDao.findByProjectAccountId(accountId);
-        ProjectAccount userProjectAccount = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId());
-        if (userProjectAccount != null) {
-            return _projectAccountDao.canUserAccessProjectAccount(user.getAccountId(), user.getId(), accountId);
+        if (project != null) {
+            ProjectAccount userProjectAccount = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId());
+            if (userProjectAccount != null) {
+                return _projectAccountDao.canUserAccessProjectAccount(user.getAccountId(), user.getId(), accountId);
+            }
         }
         return _projectAccountDao.canAccessProjectAccount(caller.getId(), accountId);
     }