mirror of
https://github.com/apache/cloudstack.git
synced 2025-10-26 08:42:29 +01:00
Merge branch '4.19' into 4.20
This commit is contained in:
Daan Hoogland
commit
9f594c9699
@ -40,6 +40,13 @@ public interface NetworkPermissionDao extends GenericDao<NetworkPermissionVO, Lo
|
|||||||
*/
|
*/
|
||||||
void removeAllPermissions(long networkId);
|
void removeAllPermissions(long networkId);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Removes all network permissions associated with a given account.
|
||||||
|
*
|
||||||
|
* @param accountId The ID of the account from which all network permissions will be removed.
|
||||||
|
*/
|
||||||
|
void removeAccountPermissions(long accountId);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Find a Network permission by networkId, accountName, and domainId
|
* Find a Network permission by networkId, accountName, and domainId
|
||||||
*
|
*
|
||||||
|
|||||||
@ -33,6 +33,7 @@ public class NetworkPermissionDaoImpl extends GenericDaoBase<NetworkPermissionVO
|
|||||||
|
|
||||||
private SearchBuilder<NetworkPermissionVO> NetworkAndAccountSearch;
|
private SearchBuilder<NetworkPermissionVO> NetworkAndAccountSearch;
|
||||||
private SearchBuilder<NetworkPermissionVO> NetworkIdSearch;
|
private SearchBuilder<NetworkPermissionVO> NetworkIdSearch;
|
||||||
|
private SearchBuilder<NetworkPermissionVO> accountSearch;
|
||||||
private GenericSearchBuilder<NetworkPermissionVO, Long> FindNetworkIdsByAccount;
|
private GenericSearchBuilder<NetworkPermissionVO, Long> FindNetworkIdsByAccount;
|
||||||
|
|
||||||
protected NetworkPermissionDaoImpl() {
|
protected NetworkPermissionDaoImpl() {
|
||||||
@ -45,6 +46,10 @@ public class NetworkPermissionDaoImpl extends GenericDaoBase<NetworkPermissionVO
|
|||||||
NetworkIdSearch.and("networkId", NetworkIdSearch.entity().getNetworkId(), SearchCriteria.Op.EQ);
|
NetworkIdSearch.and("networkId", NetworkIdSearch.entity().getNetworkId(), SearchCriteria.Op.EQ);
|
||||||
NetworkIdSearch.done();
|
NetworkIdSearch.done();
|
||||||
|
|
||||||
|
accountSearch = createSearchBuilder();
|
||||||
|
accountSearch.and("accountId", accountSearch.entity().getAccountId(), SearchCriteria.Op.EQ);
|
||||||
|
accountSearch.done();
|
||||||
|
|
||||||
FindNetworkIdsByAccount = createSearchBuilder(Long.class);
|
FindNetworkIdsByAccount = createSearchBuilder(Long.class);
|
||||||
FindNetworkIdsByAccount.select(null, SearchCriteria.Func.DISTINCT, FindNetworkIdsByAccount.entity().getNetworkId());
|
FindNetworkIdsByAccount.select(null, SearchCriteria.Func.DISTINCT, FindNetworkIdsByAccount.entity().getNetworkId());
|
||||||
FindNetworkIdsByAccount.and("account", FindNetworkIdsByAccount.entity().getAccountId(), SearchCriteria.Op.IN);
|
FindNetworkIdsByAccount.and("account", FindNetworkIdsByAccount.entity().getAccountId(), SearchCriteria.Op.IN);
|
||||||
@ -69,6 +74,16 @@ public class NetworkPermissionDaoImpl extends GenericDaoBase<NetworkPermissionVO
|
|||||||
expunge(sc);
|
expunge(sc);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void removeAccountPermissions(long accountId) {
|
||||||
|
SearchCriteria<NetworkPermissionVO> sc = accountSearch.create();
|
||||||
|
sc.setParameters("accountId", accountId);
|
||||||
|
int networkPermissionRemoved = expunge(sc);
|
||||||
|
if (networkPermissionRemoved > 0) {
|
||||||
|
logger.debug(String.format("Removed [%s] network permission(s) for the account with Id [%s]", networkPermissionRemoved, accountId));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public NetworkPermissionVO findByNetworkAndAccount(long networkId, long accountId) {
|
public NetworkPermissionVO findByNetworkAndAccount(long networkId, long accountId) {
|
||||||
SearchCriteria<NetworkPermissionVO> sc = NetworkAndAccountSearch.create();
|
SearchCriteria<NetworkPermissionVO> sc = NetworkAndAccountSearch.create();
|
||||||
|
|||||||
@ -76,6 +76,7 @@ import org.apache.cloudstack.framework.messagebus.MessageBus;
|
|||||||
import org.apache.cloudstack.framework.messagebus.PublishScope;
|
import org.apache.cloudstack.framework.messagebus.PublishScope;
|
||||||
import org.apache.cloudstack.managed.context.ManagedContextRunnable;
|
import org.apache.cloudstack.managed.context.ManagedContextRunnable;
|
||||||
import org.apache.cloudstack.network.RoutedIpv4Manager;
|
import org.apache.cloudstack.network.RoutedIpv4Manager;
|
||||||
|
import org.apache.cloudstack.network.dao.NetworkPermissionDao;
|
||||||
import org.apache.cloudstack.region.gslb.GlobalLoadBalancerRuleDao;
|
import org.apache.cloudstack.region.gslb.GlobalLoadBalancerRuleDao;
|
||||||
import org.apache.cloudstack.resourcedetail.UserDetailVO;
|
import org.apache.cloudstack.resourcedetail.UserDetailVO;
|
||||||
import org.apache.cloudstack.resourcedetail.dao.UserDetailsDao;
|
import org.apache.cloudstack.resourcedetail.dao.UserDetailsDao;
|
||||||
@ -303,6 +304,8 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
|
|||||||
private SSHKeyPairDao _sshKeyPairDao;
|
private SSHKeyPairDao _sshKeyPairDao;
|
||||||
@Inject
|
@Inject
|
||||||
private UserDataDao userDataDao;
|
private UserDataDao userDataDao;
|
||||||
|
@Inject
|
||||||
|
private NetworkPermissionDao networkPermissionDao;
|
||||||
|
|
||||||
private List<QuerySelector> _querySelectors;
|
private List<QuerySelector> _querySelectors;
|
||||||
|
|
||||||
@ -898,6 +901,9 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
|
|||||||
// delete the account from project accounts
|
// delete the account from project accounts
|
||||||
_projectAccountDao.removeAccountFromProjects(accountId);
|
_projectAccountDao.removeAccountFromProjects(accountId);
|
||||||
|
|
||||||
|
// Delete account's network permissions
|
||||||
|
networkPermissionDao.removeAccountPermissions(accountId);
|
||||||
|
|
||||||
if (account.getType() != Account.Type.PROJECT) {
|
if (account.getType() != Account.Type.PROJECT) {
|
||||||
// delete the account from group
|
// delete the account from group
|
||||||
_messageBus.publish(_name, MESSAGE_REMOVE_ACCOUNT_EVENT, PublishScope.LOCAL, accountId);
|
_messageBus.publish(_name, MESSAGE_REMOVE_ACCOUNT_EVENT, PublishScope.LOCAL, accountId);
|
||||||
@ -1943,22 +1949,23 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Account that manages project(s) can't be removed
|
checkIfAccountManagesProjects(accountId);
|
||||||
List<Long> managedProjectIds = _projectAccountDao.listAdministratedProjectIds(accountId);
|
|
||||||
if (!managedProjectIds.isEmpty()) {
|
|
||||||
StringBuilder projectIds = new StringBuilder();
|
|
||||||
for (Long projectId : managedProjectIds) {
|
|
||||||
projectIds.append(projectId).append(", ");
|
|
||||||
}
|
|
||||||
|
|
||||||
throw new InvalidParameterValueException(String.format("The account %s with id %d manages project(s) with ids %s and can't be removed", account, accountId, projectIds));
|
|
||||||
}
|
|
||||||
|
|
||||||
CallContext.current().putContextParameter(Account.class, account.getUuid());
|
CallContext.current().putContextParameter(Account.class, account.getUuid());
|
||||||
|
|
||||||
return deleteAccount(account, callerUserId, caller);
|
return deleteAccount(account, callerUserId, caller);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected void checkIfAccountManagesProjects(long accountId) {
|
||||||
|
List<Long> managedProjectIds = _projectAccountDao.listAdministratedProjectIds(accountId);
|
||||||
|
if (!CollectionUtils.isEmpty(managedProjectIds)) {
|
||||||
|
throw new InvalidParameterValueException(String.format(
|
||||||
|
"Unable to delete account [%s], because it manages the following project(s): %s. Please, remove the account from these projects or demote it to a regular project role first.",
|
||||||
|
accountId, managedProjectIds
|
||||||
|
));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
protected boolean isDeleteNeeded(AccountVO account, long accountId, Account caller) {
|
protected boolean isDeleteNeeded(AccountVO account, long accountId, Account caller) {
|
||||||
if (account == null) {
|
if (account == null) {
|
||||||
logger.info(String.format("The account, identified by id %d, doesn't exist", accountId ));
|
logger.info(String.format("The account, identified by id %d, doesn't exist", accountId ));
|
||||||
|
|||||||
@ -1338,4 +1338,22 @@ public class AccountManagerImplTest extends AccountManagetImplTestBase {
|
|||||||
Mockito.when(roleService.findRole(2L)).thenReturn(callerRole);
|
Mockito.when(roleService.findRole(2L)).thenReturn(callerRole);
|
||||||
accountManagerImpl.validateRoleChange(account, newRole, caller);
|
accountManagerImpl.validateRoleChange(account, newRole, caller);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void checkIfAccountManagesProjectsTestNotThrowExceptionWhenTheAccountIsNotAProjectAdministrator() {
|
||||||
|
long accountId = 1L;
|
||||||
|
List<Long> managedProjectIds = new ArrayList<>();
|
||||||
|
|
||||||
|
Mockito.when(_projectAccountDao.listAdministratedProjectIds(accountId)).thenReturn(managedProjectIds);
|
||||||
|
accountManagerImpl.checkIfAccountManagesProjects(accountId);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test(expected = InvalidParameterValueException.class)
|
||||||
|
public void checkIfAccountManagesProjectsTestThrowExceptionWhenTheAccountIsAProjectAdministrator() {
|
||||||
|
long accountId = 1L;
|
||||||
|
List<Long> managedProjectIds = List.of(1L);
|
||||||
|
|
||||||
|
Mockito.when(_projectAccountDao.listAdministratedProjectIds(accountId)).thenReturn(managedProjectIds);
|
||||||
|
accountManagerImpl.checkIfAccountManagesProjects(accountId);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -66,6 +66,7 @@ import org.apache.cloudstack.engine.service.api.OrchestrationService;
|
|||||||
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
|
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
|
||||||
import org.apache.cloudstack.framework.messagebus.MessageBus;
|
import org.apache.cloudstack.framework.messagebus.MessageBus;
|
||||||
import org.apache.cloudstack.network.RoutedIpv4Manager;
|
import org.apache.cloudstack.network.RoutedIpv4Manager;
|
||||||
|
import org.apache.cloudstack.network.dao.NetworkPermissionDao;
|
||||||
import org.apache.cloudstack.region.gslb.GlobalLoadBalancerRuleDao;
|
import org.apache.cloudstack.region.gslb.GlobalLoadBalancerRuleDao;
|
||||||
import org.apache.cloudstack.resourcedetail.dao.UserDetailsDao;
|
import org.apache.cloudstack.resourcedetail.dao.UserDetailsDao;
|
||||||
import org.junit.After;
|
import org.junit.After;
|
||||||
@ -196,6 +197,8 @@ public class AccountManagetImplTestBase {
|
|||||||
SSHKeyPairDao _sshKeyPairDao;
|
SSHKeyPairDao _sshKeyPairDao;
|
||||||
@Mock
|
@Mock
|
||||||
UserDataDao userDataDao;
|
UserDataDao userDataDao;
|
||||||
|
@Mock
|
||||||
|
NetworkPermissionDao networkPermissionDaoMock;
|
||||||
|
|
||||||
@Spy
|
@Spy
|
||||||
@InjectMocks
|
@InjectMocks
|
||||||
|
|||||||
@ -55,9 +55,9 @@
|
|||||||
/>
|
/>
|
||||||
</a-tooltip>
|
</a-tooltip>
|
||||||
</span>
|
</span>
|
||||||
<span v-else-if="configrecord.type ==='Range'">
|
<span v-else-if="configrecord.type ==='Range'" style="width: 75%;">
|
||||||
<a-row>
|
<a-row type="flex">
|
||||||
<a-col>
|
<a-col flex="auto">
|
||||||
<a-tooltip :title="editableValue">
|
<a-tooltip :title="editableValue">
|
||||||
<a-slider
|
<a-slider
|
||||||
style="width: 13vw"
|
style="width: 13vw"
|
||||||
@ -73,10 +73,10 @@
|
|||||||
/>
|
/>
|
||||||
</a-tooltip>
|
</a-tooltip>
|
||||||
</a-col>
|
</a-col>
|
||||||
<a-col>
|
<a-col flex="30px">
|
||||||
<a-tooltip :title="editableValue">
|
<a-tooltip :title="editableValue">
|
||||||
<a-input-number
|
<a-input-number
|
||||||
style="width: 5vw; margin-left: 10px; float: right"
|
style="margin-left: 10px;"
|
||||||
class="config-slider-text"
|
class="config-slider-text"
|
||||||
:defaultValue="configrecord.value * 100"
|
:defaultValue="configrecord.value * 100"
|
||||||
:min="0"
|
:min="0"
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user