apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

server: Handle listProjects API to list projects with user as members when listAll=true (#4316)

Browse Source 
* added defensive checks for avoiding NPE and list projects API fix

* list projects with account name provided to not include users in the account in response

Co-authored-by: Pearl Dsilva <pearl.dsilva@shapeblue.com>
This commit is contained in:
Pearl Dsilva 2020-09-17 10:20:34 +05:30 committed by GitHub
parent 87e08f8224
commit 82b6971258
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 23 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/src/main/java/com/cloud/acl/AffinityGroupAccessChecker.java
View File

@ -80,8 +80,8 @@ public class AffinityGroupAccessChecker extends DomainChecker {
//check if the group belongs to a project //check if the group belongs to a project
User user = CallContext.current().getCallingUser(); User user = CallContext.current().getCallingUser();
ProjectVO project = _projectDao.findByProjectAccountId(group.getAccountId()); ProjectVO project = _projectDao.findByProjectAccountId(group.getAccountId());
ProjectAccount userProjectAccount = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId());
if (project != null) { if (project != null) {
ProjectAccount userProjectAccount = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId());
if (userProjectAccount != null) { if (userProjectAccount != null) {
if (AccessType.ModifyProject.equals(accessType) && _projectAccountDao.canUserModifyProject(project.getId(), user.getAccountId(), user.getId())) { if (AccessType.ModifyProject.equals(accessType) && _projectAccountDao.canUserModifyProject(project.getId(), user.getAccountId(), user.getId())) {
return true; return true;

4
server/src/main/java/com/cloud/acl/DomainChecker.java
View File

@ -61,6 +61,7 @@ import com.cloud.user.AccountService;
import com.cloud.user.User; import com.cloud.user.User;
import com.cloud.user.dao.AccountDao; import com.cloud.user.dao.AccountDao;
import com.cloud.utils.component.AdapterBase; import com.cloud.utils.component.AdapterBase;
import com.cloud.utils.exception.CloudRuntimeException;
@Component @Component
public class DomainChecker extends AdapterBase implements SecurityChecker { public class DomainChecker extends AdapterBase implements SecurityChecker {
@ -199,6 +200,9 @@ public class DomainChecker extends AdapterBase implements SecurityChecker {
private boolean checkOperationPermitted(Account caller, ControlledEntity entity) { private boolean checkOperationPermitted(Account caller, ControlledEntity entity) {
User user = CallContext.current().getCallingUser(); User user = CallContext.current().getCallingUser();
Project project = projectDao.findByProjectAccountId(entity.getAccountId()); Project project = projectDao.findByProjectAccountId(entity.getAccountId());
if (project == null) {
throw new CloudRuntimeException("Unable to find project to which the entity belongs to");
}
ProjectAccount projectUser = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId()); ProjectAccount projectUser = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId());
String apiCommandName = CallContext.current().getApiName(); String apiCommandName = CallContext.current().getApiName();

8
server/src/main/java/com/cloud/api/query/QueryManagerImpl.java
View File

@ -1484,15 +1484,19 @@ public class QueryManagerImpl extends MutualExclusiveIdsManagerBase implements Q
} }
if (accountId != null) { if (accountId != null) {
if (userId == null) {
sb.and().op("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ);
sb.and("userIdNull", sb.entity().getUserId(), Op.NULL);
sb.cp();
} else {
sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ); sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ);
} }
}
if (userId != null) { if (userId != null) {
sb.and().op("userId", sb.entity().getUserId(), Op.EQ); sb.and().op("userId", sb.entity().getUserId(), Op.EQ);
sb.or("userIdNull", sb.entity().getUserId(), Op.NULL); sb.or("userIdNull", sb.entity().getUserId(), Op.NULL);
sb.cp(); sb.cp();
} else {
sb.and("userIdNull", sb.entity().getUserId(), Op.NULL);
} }
SearchCriteria<ProjectJoinVO> sc = sb.create(); SearchCriteria<ProjectJoinVO> sc = sb.create();

3
server/src/main/java/com/cloud/network/NetworkModelImpl.java
View File

@ -1658,6 +1658,9 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel, Confi
if (owner.getType() != Account.ACCOUNT_TYPE_PROJECT && networkOwner.getType() == Account.ACCOUNT_TYPE_PROJECT) { if (owner.getType() != Account.ACCOUNT_TYPE_PROJECT && networkOwner.getType() == Account.ACCOUNT_TYPE_PROJECT) {
User user = CallContext.current().getCallingUser(); User user = CallContext.current().getCallingUser();
Project project = projectDao.findByProjectAccountId(network.getAccountId()); Project project = projectDao.findByProjectAccountId(network.getAccountId());
if (project == null) {
throw new CloudRuntimeException("Unable to find project to which the network belongs to");
}
ProjectAccount projectAccountUser = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId()); ProjectAccount projectAccountUser = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId());
if (projectAccountUser != null) { if (projectAccountUser != null) {
if (!_projectAccountDao.canUserAccessProjectAccount(user.getAccountId(), user.getId(), network.getAccountId())) { if (!_projectAccountDao.canUserAccessProjectAccount(user.getAccountId(), user.getId(), network.getAccountId())) {

5
server/src/main/java/com/cloud/projects/ProjectManagerImpl.java
View File

@ -239,6 +239,9 @@ public class ProjectManagerImpl extends ManagerBase implements ProjectManager {
} }
User user = validateUser(userId, accountId, domainId); User user = validateUser(userId, accountId, domainId);
if (user != null) {
owner = _accountDao.findById(user.getAccountId());
}
//do resource limit check //do resource limit check
_resourceLimitMgr.checkResourceLimit(owner, ResourceType.project); _resourceLimitMgr.checkResourceLimit(owner, ResourceType.project);
@ -559,10 +562,12 @@ public class ProjectManagerImpl extends ManagerBase implements ProjectManager {
} }
User user = CallContext.current().getCallingUser(); User user = CallContext.current().getCallingUser();
ProjectVO project = _projectDao.findByProjectAccountId(accountId); ProjectVO project = _projectDao.findByProjectAccountId(accountId);
if (project != null) {
ProjectAccount userProjectAccount = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId()); ProjectAccount userProjectAccount = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId());
if (userProjectAccount != null) { if (userProjectAccount != null) {
return _projectAccountDao.canUserAccessProjectAccount(user.getAccountId(), user.getId(), accountId); return _projectAccountDao.canUserAccessProjectAccount(user.getAccountId(), user.getId(), accountId);
} }
}
return _projectAccountDao.canAccessProjectAccount(caller.getId(), accountId); return _projectAccountDao.canAccessProjectAccount(caller.getId(), accountId);
} }