CS-15300: Domain Admin accounts now respect the limits imposed on the domain just as a regular account. Signed-off-by: Nitin Mehta<[email protected]>
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/c8bbf04c Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/c8bbf04c Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/c8bbf04c Branch: refs/heads/regions Commit: c8bbf04c81649919e3c128be42a9500ba47a8766 Parents: 0449ae3 Author: Deepti Dohare <[email protected]> Authored: Tue Jul 3 04:33:02 2012 +0530 Committer: U-nitin-PC\nitin <nitin@nitin-PC.(none)> Committed: Tue Jul 3 04:35:53 2012 +0530 ---------------------------------------------------------------------- .../resourcelimit/ResourceLimitManagerImpl.java | 27 +++++++++----- 1 files changed, 17 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/c8bbf04c/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java b/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java index a32bc80..b285d2c 100755 --- a/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java +++ b/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java @@ -210,12 +210,12 @@ public class ResourceLimitManagerImpl implements ResourceLimitService, Manager { public long findCorrectResourceLimitForAccount(Account account, ResourceType type) { long max = Resource.RESOURCE_UNLIMITED; // if resource limit is not found, then we treat it as unlimited - - //no limits for Admin accounts - if (_accountMgr.isAdmin(account.getType())) { + + // No limits for Root Admin accounts + if (_accountMgr.isRootAdmin(account.getType())) { return max; } - + ResourceLimitVO limit = _resourceLimitDao.findByOwnerIdAndType(account.getId(), ResourceOwnerType.Account, type); // Check if limit is configured for account @@ -277,8 +277,8 @@ public class ResourceLimitManagerImpl implements ResourceLimitService, Manager { long numResources = ((count.length == 0) ? 1 : count[0]); Project project = null; - // Don't place any limits on system or admin accounts - if (_accountMgr.isAdmin(account.getType())) { + // Don't place any limits on system or root admin accounts + if (_accountMgr.isRootAdmin(account.getType())) { return; } @@ -510,10 +510,17 @@ public class ResourceLimitManagerImpl implements ResourceLimitService, Manager { if (account.getId() == Account.ACCOUNT_ID_SYSTEM) { throw new InvalidParameterValueException("Can't update system account"); } - - //only Unlimited value is accepted if account is Admin - if (_accountMgr.isAdmin(account.getType()) && max.shortValue() != ResourceLimit.RESOURCE_UNLIMITED) { - throw new InvalidParameterValueException("Only " + ResourceLimit.RESOURCE_UNLIMITED + " limit is supported for Admin accounts"); + + //only Unlimited value is accepted if account is Root Admin + if (_accountMgr.isRootAdmin(account.getType()) && max.shortValue() != ResourceLimit.RESOURCE_UNLIMITED) { + throw new InvalidParameterValueException("Only " + ResourceLimit.RESOURCE_UNLIMITED + " limit is supported for Root Admin accounts"); + } + + if ((caller.getAccountId() == accountId.longValue()) && + (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN || + caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN)) { + // If the admin is trying to update his own account, disallow. + throw new PermissionDeniedException("Unable to update resource limit for his own account " + accountId + ", permission denied"); } if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
