CLOUDSTACK-2350: Anti-Affinity - As admin user, when tryinto update the affinity group for a Vm that is deployed by a regular user , he is presented with admin's affinity groups.
Changes: - listAffinityGroups API takes in accountname and domainId parameter - For admin, listall=true should return all affinity groups of all users Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/8c9f681f Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/8c9f681f Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/8c9f681f Branch: refs/heads/vmsync Commit: 8c9f681f9eba377d1eee279329090fbbdc46c5ab Parents: ce17f85 Author: Prachi Damle <pra...@cloud.com> Authored: Fri Jun 7 15:27:39 2013 -0700 Committer: Prachi Damle <pra...@cloud.com> Committed: Fri Jun 7 15:28:28 2013 -0700 ---------------------------------------------------------------------- .../affinitygroup/ListAffinityGroupsCmd.java | 7 +++-- .../apache/cloudstack/query/QueryService.java | 3 +- .../com/cloud/api/query/QueryManagerImpl.java | 33 +++++++++++--------- .../src/com/cloud/user/AccountManagerImpl.java | 4 +++ 4 files changed, 29 insertions(+), 18 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8c9f681f/api/src/org/apache/cloudstack/api/command/user/affinitygroup/ListAffinityGroupsCmd.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/command/user/affinitygroup/ListAffinityGroupsCmd.java b/api/src/org/apache/cloudstack/api/command/user/affinitygroup/ListAffinityGroupsCmd.java index 9310fb9..d966a4c 100644 --- a/api/src/org/apache/cloudstack/api/command/user/affinitygroup/ListAffinityGroupsCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/affinitygroup/ListAffinityGroupsCmd.java @@ -19,7 +19,7 @@ package org.apache.cloudstack.api.command.user.affinitygroup; import org.apache.cloudstack.affinity.AffinityGroupResponse; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; -import org.apache.cloudstack.api.BaseListCmd; +import org.apache.cloudstack.api.BaseListAccountResourcesCmd; import org.apache.cloudstack.api.Parameter; import org.apache.cloudstack.api.response.ListResponse; import org.apache.cloudstack.api.response.UserVmResponse; @@ -28,7 +28,7 @@ import org.apache.log4j.Logger; import com.cloud.async.AsyncJob; @APICommand(name = "listAffinityGroups", description = "Lists affinity groups", responseObject = AffinityGroupResponse.class) -public class ListAffinityGroupsCmd extends BaseListCmd { +public class ListAffinityGroupsCmd extends BaseListAccountResourcesCmd { public static final Logger s_logger = Logger.getLogger(ListAffinityGroupsCmd.class.getName()); private static final String s_name = "listaffinitygroupsresponse"; @@ -77,7 +77,8 @@ public class ListAffinityGroupsCmd extends BaseListCmd { public void execute(){ ListResponse<AffinityGroupResponse> response = _queryService.listAffinityGroups(id, affinityGroupName, - affinityGroupType, virtualMachineId, this.getStartIndex(), this.getPageSizeVal()); + affinityGroupType, virtualMachineId, this.getAccountName(), this.getDomainId(), this.isRecursive(), + this.listAll(), this.getStartIndex(), this.getPageSizeVal()); response.setResponseName(getCommandName()); this.setResponseObject(response); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8c9f681f/api/src/org/apache/cloudstack/query/QueryService.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/query/QueryService.java b/api/src/org/apache/cloudstack/query/QueryService.java index 2dfd97c..73e393b 100644 --- a/api/src/org/apache/cloudstack/query/QueryService.java +++ b/api/src/org/apache/cloudstack/query/QueryService.java @@ -86,7 +86,8 @@ public interface QueryService { public ListResponse<ZoneResponse> listDataCenters(ListZonesByCmd cmd); public ListResponse<AffinityGroupResponse> listAffinityGroups(Long affinityGroupId, String affinityGroupName, - String affinityGroupType, Long vmId, Long startIndex, Long pageSize); + String affinityGroupType, Long vmId, String accountName, Long domainId, boolean isRecursive, + boolean listAll, Long startIndex, Long pageSize); public List<ResourceDetailResponse> listResource(ListResourceDetailsCmd cmd); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8c9f681f/server/src/com/cloud/api/query/QueryManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/api/query/QueryManagerImpl.java b/server/src/com/cloud/api/query/QueryManagerImpl.java index 28aecfc..beda75e 100644 --- a/server/src/com/cloud/api/query/QueryManagerImpl.java +++ b/server/src/com/cloud/api/query/QueryManagerImpl.java @@ -2401,9 +2401,10 @@ public class QueryManagerImpl extends ManagerBase implements QueryService { @Override public ListResponse<AffinityGroupResponse> listAffinityGroups(Long affinityGroupId, String affinityGroupName, - String affinityGroupType, Long vmId, Long startIndex, Long pageSize) { + String affinityGroupType, Long vmId, String accountName, Long domainId, boolean isRecursive, + boolean listAll, Long startIndex, Long pageSize) { Pair<List<AffinityGroupJoinVO>, Integer> result = listAffinityGroupsInternal(affinityGroupId, - affinityGroupName, affinityGroupType, vmId, startIndex, pageSize); + affinityGroupName, affinityGroupType, vmId, accountName, domainId, isRecursive, listAll, startIndex, pageSize); ListResponse<AffinityGroupResponse> response = new ListResponse<AffinityGroupResponse>(); List<AffinityGroupResponse> agResponses = ViewResponseHelper.createAffinityGroupResponses(result.first()); response.setResponses(agResponses, result.second()); @@ -2412,12 +2413,12 @@ public class QueryManagerImpl extends ManagerBase implements QueryService { public Pair<List<AffinityGroupJoinVO>, Integer> listAffinityGroupsInternal(Long affinityGroupId, - String affinityGroupName, String affinityGroupType, Long vmId, Long startIndex, Long pageSize) { + String affinityGroupName, String affinityGroupType, Long vmId, String accountName, Long domainId, + boolean isRecursive, boolean listAll, Long startIndex, Long pageSize) { Account caller = UserContext.current().getCaller(); Long accountId = caller.getAccountId(); - Long domainId = caller.getDomainId(); if (vmId != null) { UserVmVO userVM = _userVmDao.findById(vmId); @@ -2429,20 +2430,25 @@ public class QueryManagerImpl extends ManagerBase implements QueryService { return listAffinityGroupsByVM(vmId.longValue(), startIndex, pageSize); } + List<Long> permittedAccounts = new ArrayList<Long>(); + Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject = new Ternary<Long, Boolean, ListProjectResourcesCriteria>( + domainId, isRecursive, null); + _accountMgr.buildACLSearchParameters(caller, affinityGroupId, accountName, null, permittedAccounts, + domainIdRecursiveListProject, listAll, true); + domainId = domainIdRecursiveListProject.first(); + isRecursive = domainIdRecursiveListProject.second(); + ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third(); + Filter searchFilter = new Filter(AffinityGroupJoinVO.class, "id", true, startIndex, pageSize); SearchBuilder<AffinityGroupJoinVO> groupSearch = _affinityGroupJoinDao.createSearchBuilder(); + _accountMgr.buildACLViewSearchBuilder(groupSearch, domainId, isRecursive, permittedAccounts, + listProjectResourcesCriteria); + groupSearch.select(null, Func.DISTINCT, groupSearch.entity().getId()); // select // distinct SearchCriteria<AffinityGroupJoinVO> sc = groupSearch.create(); - - if (accountId != null) { - sc.addAnd("accountId", SearchCriteria.Op.EQ, accountId); - } - - if (domainId != null) { - sc.addAnd("domainId", SearchCriteria.Op.EQ, domainId); - } + _accountMgr.buildACLViewSearchCriteria(sc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria); if (affinityGroupId != null) { sc.addAnd("id", SearchCriteria.Op.EQ, affinityGroupId); @@ -2457,8 +2463,7 @@ public class QueryManagerImpl extends ManagerBase implements QueryService { } - Pair<List<AffinityGroupJoinVO>, Integer> uniqueGroupsPair = _affinityGroupJoinDao.searchAndCount(sc, - searchFilter); + Pair<List<AffinityGroupJoinVO>, Integer> uniqueGroupsPair = _affinityGroupJoinDao.searchAndCount(sc, searchFilter); // search group details by ids Integer count = uniqueGroupsPair.second(); if (count.intValue() == 0) { http://git-wip-us.apache.org/repos/asf/cloudstack/blob/8c9f681f/server/src/com/cloud/user/AccountManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java index 0d89639..6b4bf0e 100755 --- a/server/src/com/cloud/user/AccountManagerImpl.java +++ b/server/src/com/cloud/user/AccountManagerImpl.java @@ -2208,6 +2208,10 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M domainIdRecursiveListProject.second(true); } } + } else if (domainId != null) { + if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) { + permittedAccounts.add(caller.getId()); + } } }
