diff --git a/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java b/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java index 3517cc9c697..e12a4bf8263 100644 --- a/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java +++ b/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java @@ -388,11 +388,5 @@ public class MockAccountManager extends ManagerBase implements AccountManager { } - @Override - public void buildACLSearchParameters(Account caller, Long id, String accountName, Long projectId, List permittedAccounts, - Ternary domainIdRecursiveListProject, boolean listAll, boolean forProjectInvitation) { - // TODO Auto-generated method stub - - } } diff --git a/server/src/com/cloud/api/query/QueryManagerImpl.java b/server/src/com/cloud/api/query/QueryManagerImpl.java index 16c68b16324..9c31f4762a1 100644 --- a/server/src/com/cloud/api/query/QueryManagerImpl.java +++ b/server/src/com/cloud/api/query/QueryManagerImpl.java @@ -3081,6 +3081,92 @@ public class QueryManagerImpl extends ManagerBase implements QueryService { } + // This method should only be used for keeping old listTemplates and listAffinityGroups behavior, PLEASE DON'T USE IT FOR USE LIST APIs + private void buildTemplateAffinityGroupSearchParameters(Account caller, Long id, String accountName, Long projectId, List + permittedAccounts, Ternary domainIdRecursiveListProject, + boolean listAll, boolean forProjectInvitation) { + Long domainId = domainIdRecursiveListProject.first(); + if (domainId != null) { + Domain domain = _domainDao.findById(domainId); + if (domain == null) { + throw new InvalidParameterValueException("Unable to find domain by id " + domainId); + } + // check permissions + _accountMgr.checkAccess(caller, domain); + } + + if (accountName != null) { + if (projectId != null) { + throw new InvalidParameterValueException("Account and projectId can't be specified together"); + } + + Account userAccount = null; + Domain domain = null; + if (domainId != null) { + userAccount = _accountDao.findActiveAccount(accountName, domainId); + domain = _domainDao.findById(domainId); + } else { + userAccount = _accountDao.findActiveAccount(accountName, caller.getDomainId()); + domain = _domainDao.findById(caller.getDomainId()); + } + + if (userAccount != null) { + _accountMgr.checkAccess(caller, null, false, userAccount); + // check permissions + permittedAccounts.add(userAccount.getId()); + } else { + throw new InvalidParameterValueException("could not find account " + accountName + " in domain " + domain.getUuid()); + } + } + + // set project information + if (projectId != null) { + if (!forProjectInvitation) { + if (projectId.longValue() == -1) { + if (_accountMgr.isNormalUser(caller.getId())) { + permittedAccounts.addAll(_projectMgr.listPermittedProjectAccounts(caller.getId())); + } else { + domainIdRecursiveListProject.third(Project.ListProjectResourcesCriteria.ListProjectResourcesOnly); + } + } else { + Project project = _projectMgr.getProject(projectId); + if (project == null) { + throw new InvalidParameterValueException("Unable to find project by id " + projectId); + } + if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { + throw new PermissionDeniedException("Account " + caller + " can't access project id=" + projectId); + } + permittedAccounts.add(project.getProjectAccountId()); + } + } + } else { + if (id == null) { + domainIdRecursiveListProject.third(Project.ListProjectResourcesCriteria.SkipProjectResources); + } + if (permittedAccounts.isEmpty() && domainId == null) { + if (_accountMgr.isNormalUser(caller.getId())) { + permittedAccounts.add(caller.getId()); + } else if (!listAll) { + if (id == null) { + permittedAccounts.add(caller.getId()); + } else if (!_accountMgr.isRootAdmin(caller.getId())) { + domainIdRecursiveListProject.first(caller.getDomainId()); + domainIdRecursiveListProject.second(true); + } + } else if (domainId == null) { + if (_accountMgr.isDomainAdmin(caller.getId())) { + domainIdRecursiveListProject.first(caller.getDomainId()); + domainIdRecursiveListProject.second(true); + } + } + } else if (domainId != null) { + if (_accountMgr.isNormalUser(caller.getId())) { + permittedAccounts.add(caller.getId()); + } + } + } + } + private Pair, Integer> searchForTemplatesInternal(ListTemplatesCmd cmd) { TemplateFilter templateFilter = TemplateFilter.valueOf(cmd.getTemplateFilter()); Long id = cmd.getId(); @@ -3100,7 +3186,7 @@ public class QueryManagerImpl extends ManagerBase implements QueryService { List permittedAccountIds = new ArrayList(); Ternary domainIdRecursiveListProject = new Ternary( cmd.getDomainId(), cmd.isRecursive(), null); - _accountMgr.buildACLSearchParameters(caller, id, cmd.getAccountName(), cmd.getProjectId(), permittedAccountIds, + buildTemplateAffinityGroupSearchParameters(caller, id, cmd.getAccountName(), cmd.getProjectId(), permittedAccountIds, domainIdRecursiveListProject, listAll, false); ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third(); List permittedAccounts = new ArrayList(); @@ -3412,7 +3498,7 @@ public class QueryManagerImpl extends ManagerBase implements QueryService { List permittedAccountIds = new ArrayList(); Ternary domainIdRecursiveListProject = new Ternary( cmd.getDomainId(), cmd.isRecursive(), null); - _accountMgr.buildACLSearchParameters(caller, id, cmd.getAccountName(), cmd.getProjectId(), permittedAccountIds, + buildTemplateAffinityGroupSearchParameters(caller, id, cmd.getAccountName(), cmd.getProjectId(), permittedAccountIds, domainIdRecursiveListProject, listAll, false); ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third(); List permittedAccounts = new ArrayList(); @@ -3499,7 +3585,7 @@ public class QueryManagerImpl extends ManagerBase implements QueryService { List permittedAccounts = new ArrayList(); Ternary domainIdRecursiveListProject = new Ternary( domainId, isRecursive, null); - _accountMgr.buildACLSearchParameters(caller, affinityGroupId, accountName, null, permittedAccounts, + buildTemplateAffinityGroupSearchParameters(caller, affinityGroupId, accountName, null, permittedAccounts, domainIdRecursiveListProject, listAll, true); domainId = domainIdRecursiveListProject.first(); isRecursive = domainIdRecursiveListProject.second(); diff --git a/server/src/com/cloud/user/AccountManager.java b/server/src/com/cloud/user/AccountManager.java index 748be2b2c70..03bf8421a30 100755 --- a/server/src/com/cloud/user/AccountManager.java +++ b/server/src/com/cloud/user/AccountManager.java @@ -102,11 +102,6 @@ public interface AccountManager extends AccountService { List permittedResources, ListProjectResourcesCriteria listProjectResourcesCriteria); - // deprecated methods that should only be used in listTemplates due to backwards compatibility of templateFilter. - void buildACLSearchParameters(Account caller, Long id, - String accountName, Long projectId, List permittedAccounts, Ternary domainIdRecursiveListProject, boolean listAll, - boolean forProjectInvitation); - /** * Deletes a user by userId * diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java index 32e28f73dec..266a9ec459b 100755 --- a/server/src/com/cloud/user/AccountManagerImpl.java +++ b/server/src/com/cloud/user/AccountManagerImpl.java @@ -2176,93 +2176,6 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M return _userAccountDao.getUserByApiKey(apiKey); } - // NOTE: This method should only be used in listTemplates call, all other list calls should use the new buildACLSearchParameters which takes - // "action" as extra parameter and uses new IAM model. - @Override - public void buildACLSearchParameters(Account caller, Long id, String accountName, Long projectId, List - permittedAccounts, Ternary domainIdRecursiveListProject, - boolean listAll, boolean forProjectInvitation) { - Long domainId = domainIdRecursiveListProject.first(); - if (domainId != null) { - Domain domain = _domainDao.findById(domainId); - if (domain == null) { - throw new InvalidParameterValueException("Unable to find domain by id " + domainId); - } - // check permissions - checkAccess(caller, domain); - } - - if (accountName != null) { - if (projectId != null) { - throw new InvalidParameterValueException("Account and projectId can't be specified together"); - } - - Account userAccount = null; - Domain domain = null; - if (domainId != null) { - userAccount = _accountDao.findActiveAccount(accountName, domainId); - domain = _domainDao.findById(domainId); - } else { - userAccount = _accountDao.findActiveAccount(accountName, caller.getDomainId()); - domain = _domainDao.findById(caller.getDomainId()); - } - - if (userAccount != null) { - checkAccess(caller, null, false, userAccount); - // check permissions - permittedAccounts.add(userAccount.getId()); - } else { - throw new InvalidParameterValueException("could not find account " + accountName + " in domain " + domain.getUuid()); - } - } - - // set project information - if (projectId != null) { - if (!forProjectInvitation) { - if (projectId.longValue() == -1) { - if (isNormalUser(caller.getId())) { - permittedAccounts.addAll(_projectMgr.listPermittedProjectAccounts(caller.getId())); - } else { - domainIdRecursiveListProject.third(Project.ListProjectResourcesCriteria.ListProjectResourcesOnly); - } - } else { - Project project = _projectMgr.getProject(projectId); - if (project == null) { - throw new InvalidParameterValueException("Unable to find project by id " + projectId); - } - if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { - throw new PermissionDeniedException("Account " + caller + " can't access project id=" + projectId); - } - permittedAccounts.add(project.getProjectAccountId()); - } - } - } else { - if (id == null) { - domainIdRecursiveListProject.third(Project.ListProjectResourcesCriteria.SkipProjectResources); - } - if (permittedAccounts.isEmpty() && domainId == null) { - if (isNormalUser(caller.getId())) { - permittedAccounts.add(caller.getId()); - } else if (!listAll) { - if (id == null) { - permittedAccounts.add(caller.getId()); - } else if (!isRootAdmin(caller.getId())) { - domainIdRecursiveListProject.first(caller.getDomainId()); - domainIdRecursiveListProject.second(true); - } - } else if (domainId == null) { - if (isDomainAdmin(caller.getId())) { - domainIdRecursiveListProject.first(caller.getDomainId()); - domainIdRecursiveListProject.second(true); - } - } - } else if (domainId != null) { - if (isNormalUser(caller.getId())) { - permittedAccounts.add(caller.getId()); - } - } - } - } @Override public void buildACLSearchParameters(Account caller, Long id, String accountName, Long projectId, List permittedDomains, List permittedAccounts, diff --git a/server/test/com/cloud/user/MockAccountManagerImpl.java b/server/test/com/cloud/user/MockAccountManagerImpl.java index 81ee1a4e056..4a7d4eb6515 100644 --- a/server/test/com/cloud/user/MockAccountManagerImpl.java +++ b/server/test/com/cloud/user/MockAccountManagerImpl.java @@ -364,11 +364,4 @@ public class MockAccountManagerImpl extends ManagerBase implements Manager, Acco } - @Override - public void buildACLSearchParameters(Account caller, Long id, String accountName, Long projectId, List permittedAccounts, - Ternary domainIdRecursiveListProject, boolean listAll, boolean forProjectInvitation) { - // TODO Auto-generated method stub - - } - }