apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Skip verification of privileges on project accounts

Browse Source
This commit is contained in:
Harikrishna Patnala 2025-05-28 13:40:19 +05:30 committed by Pearl Dsilva
parent a0080a04fe
commit 864327b836
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
server/src/main/java/com/cloud/user/AccountManagerImpl.java
View File

@ -1539,16 +1539,20 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
public void verifyCallerPrivilegeForUserOrAccountOperations(Account userAccount) { public void verifyCallerPrivilegeForUserOrAccountOperations(Account userAccount) {
s_logger.debug(String.format("Verifying whether the caller has the correct privileges based on the user's role type and API permissions: %s", userAccount)); s_logger.debug(String.format("Verifying whether the caller has the correct privileges based on the user's role type and API permissions: %s", userAccount));
checkCallerRoleTypeAllowedForUserOrAccountOperations(userAccount, null); if (!Account.Type.PROJECT.equals(userAccount.getType())) {
checkCallerApiPermissionsForUserOrAccountOperations(userAccount); checkCallerRoleTypeAllowedForUserOrAccountOperations(userAccount, null);
checkCallerApiPermissionsForUserOrAccountOperations(userAccount);
}
} }
protected void verifyCallerPrivilegeForUserOrAccountOperations(User user) { protected void verifyCallerPrivilegeForUserOrAccountOperations(User user) {
s_logger.debug(String.format("Verifying whether the caller has the correct privileges based on the user's role type and API permissions: %s", user)); s_logger.debug(String.format("Verifying whether the caller has the correct privileges based on the user's role type and API permissions: %s", user));
Account userAccount = getAccount(user.getAccountId()); Account userAccount = getAccount(user.getAccountId());
checkCallerRoleTypeAllowedForUserOrAccountOperations(userAccount, user); if (!Account.Type.PROJECT.equals(userAccount.getType())) {
checkCallerApiPermissionsForUserOrAccountOperations(userAccount); checkCallerRoleTypeAllowedForUserOrAccountOperations(userAccount, user);
checkCallerApiPermissionsForUserOrAccountOperations(userAccount);
}
} }
protected void checkCallerRoleTypeAllowedForUserOrAccountOperations(Account userAccount, User user) { protected void checkCallerRoleTypeAllowedForUserOrAccountOperations(Account userAccount, User user) {
@ -2626,10 +2630,8 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
} }
} }
if (!Account.Type.PROJECT.equals(accountType)) { AccountVO newAccount = new AccountVO(accountName, domainId, networkDomain, accountType, roleId, uuid);
AccountVO newAccount = new AccountVO(accountName, domainId, networkDomain, accountType, roleId, uuid); verifyCallerPrivilegeForUserOrAccountOperations(newAccount);
verifyCallerPrivilegeForUserOrAccountOperations(newAccount);
}
// Create the account // Create the account
return Transaction.execute(new TransactionCallback<AccountVO>() { return Transaction.execute(new TransactionCallback<AccountVO>() {