Fixed list networks in projects after setting network permissions (#6546)

This PR fixes #6544 where it could not list networks in a project even after network permissions are set. * Added test cases to existing component tests to test network permissions * Moved test_network_permissions.py from component to smoke tests * Added test_network_permissions to travis.yml under smoke tests
2025-10-26 08:42:29 +01:00 · 2022-07-31 16:45:36 +05:30 · 2022-07-31 16:45:36 +05:30 · b62f59ac95
commit b62f59ac95
parent 2a37897055
3 changed files with 35 additions and 6 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -78,6 +78,7 @@ env:
             smoke/test_nested_virtualization
             smoke/test_network
             smoke/test_network_acl
+             smoke/test_network_permissions
             smoke/test_nic
             smoke/test_nic_adapter_type
             smoke/test_non_contigiousvlan
@ -131,7 +132,6 @@ env:

    - TESTS="component/test_acl_sharednetwork
             component/test_acl_sharednetwork_deployVM-impersonation
-             component/test_network_permissions
             component/test_user_private_gateway
             component/test_user_shared_network"

--- a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
@ -2022,7 +2022,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C
                if (Arrays.asList(Network.NetworkFilter.Shared, Network.NetworkFilter.All).contains(networkFilter)) {
                    // get shared networks
                    List<NetworkVO> sharedNetworks = listSharedNetworks(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, networkOfferingId,
-                            aclType, skipProjectNetworks, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, permittedAccounts);
+                            aclType, true, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, permittedAccounts);
                    addNetworksToReturnIfNotExist(networksToReturn, sharedNetworks);

                }
@ -2035,23 +2035,23 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C
                if (Arrays.asList(Network.NetworkFilter.Domain, Network.NetworkFilter.AccountDomain, Network.NetworkFilter.All).contains(networkFilter)) {
                    //add domain specific networks of domain + parent domains
                    networksToReturn.addAll(listDomainSpecificNetworksByDomainPath(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, networkOfferingId,
-                            aclType, skipProjectNetworks, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, path, isRecursive));
+                            aclType, true, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, path, isRecursive));
                    //add networks of subdomains
                    if (domainId == null) {
                        networksToReturn.addAll(listDomainLevelNetworks(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, networkOfferingId,
-                                aclType, true, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, caller.getDomainId(), true));
+                            aclType, true, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, caller.getDomainId(), true));
                    }
                }
                if (Arrays.asList(Network.NetworkFilter.Shared, Network.NetworkFilter.All).contains(networkFilter)) {
                    // get shared networks
                    List<NetworkVO> sharedNetworks = listSharedNetworksByDomainPath(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, networkOfferingId,
-                            aclType, skipProjectNetworks, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, path, isRecursive);
+                            aclType, true, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, path, isRecursive);
                    addNetworksToReturnIfNotExist(networksToReturn, sharedNetworks);
                }
            }
        } else {
            networksToReturn = _networksDao.search(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, networkOfferingId,
-                    null, skipProjectNetworks, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter);
+                    null, true, restartRequired, specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), searchFilter);
        }

        if (supportedServicesStr != null && !supportedServicesStr.isEmpty() && !networksToReturn.isEmpty()) {
--- a/test/integration/component/test_network_permissions.py
+++ b/test/integration/component/test_network_permissions.py
@ -758,3 +758,32 @@ class TestNetworkPermissions(cloudstackTestCase):
        command = """self.reset_network_permission({apiclient}, self.user_network, expected=True)"""
        self.exec_command("self.otheruser_apiclient", command, expected=False)
        self.exec_command("self.user_apiclient", command, expected=True)
+
+    @attr(tags=["advanced"], required_hardware="false")
+    def test_05_list_networks_under_project(self):
+        """ Testing list networks under a project """
+        self.create_network_permission(self.apiclient, self.user_network, self.domain_admin, self.project, expected=True)
+        self.list_network(self.apiclient, self.domain_admin, self.user_network, self.project, None, expected=True)
+
+        self.remove_network_permission(self.apiclient, self.user_network, self.domain_admin, self.project, expected=True)
+        self.list_network(self.apiclient, self.domain_admin, self.user_network, self.project, None, expected=False)
+
+    @attr(tags=["advanced"], required_hardware="false")
+    def test_06_list_networks_under_account(self):
+        """ Testing list networks under a domain admin account and user account """
+        self.create_network_permission(self.apiclient, self.user_network, self.domain_admin, None, expected=True)
+        self.list_network(self.apiclient, self.domain_admin, self.user_network, None, None, expected=True)
+        self.list_network(self.domainadmin_apiclient, self.domain_admin, self.user_network, None, None, expected=True)
+        self.list_network(self.user_apiclient, self.domain_admin, self.user_network, None, None, expected=False)
+
+        self.remove_network_permission(self.apiclient, self.user_network, self.domain_admin, None, expected=True)
+        self.list_network(self.apiclient, self.domain_admin, self.user_network, None, None, expected=False)
+        self.list_network(self.domainadmin_apiclient, self.domain_admin, self.user_network, None, None, expected=False)
+
+        self.create_network_permission(self.apiclient, self.user_network, self.other_user, None, expected=True)
+        self.list_network(self.apiclient, self.other_user, self.user_network, None, None, expected=True)
+        self.list_network(self.otheruser_apiclient, self.other_user, self.user_network, None, None, expected=True)
+
+        self.remove_network_permission(self.apiclient, self.user_network, self.other_user, None, expected=True)
+        self.list_network(self.apiclient, self.other_user, self.user_network, None, None, expected=False)
+        self.list_network(self.otheruser_apiclient, self.other_user, self.user_network, None, None, expected=False)