CLOUDSTACK-3347: fixed project deletion for project's owned template
Conflicts:
server/src/com/cloud/template/TemplateAdapterBase.java
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/d8560281
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/d8560281
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/d8560281
Branch: refs/heads/vmsync
Commit: d8560281a4ffc2cf934b3f673bcd7b6f1a8b9429
Parents: 0a241b8
Author: Alena Prokharchyk <alena.prokharc...@citrix.com>
Authored: Wed Jul 3 13:40:32 2013 -0700
Committer: Alena Prokharchyk <alena.prokharc...@citrix.com>
Committed: Wed Jul 3 13:48:06 2013 -0700
----------------------------------------------------------------------
.../com/cloud/template/TemplateAdapterBase.java | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d8560281/server/src/com/cloud/template/TemplateAdapterBase.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/template/TemplateAdapterBase.java
b/server/src/com/cloud/template/TemplateAdapterBase.java
index c5d4a6b..fce2506 100755
--- a/server/src/com/cloud/template/TemplateAdapterBase.java
+++ b/server/src/com/cloud/template/TemplateAdapterBase.java
@@ -25,8 +25,8 @@ import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.command.user.iso.DeleteIsoCmd;
import org.apache.cloudstack.api.command.user.iso.RegisterIsoCmd;
import org.apache.cloudstack.api.command.user.template.DeleteTemplateCmd;
-import org.apache.cloudstack.api.command.user.template.RegisterTemplateCmd;
import org.apache.cloudstack.api.command.user.template.ExtractTemplateCmd;
+import org.apache.cloudstack.api.command.user.template.RegisterTemplateCmd;
import org.apache.cloudstack.engine.subsystem.api.storage.DataStore;
import org.apache.cloudstack.engine.subsystem.api.storage.DataStoreManager;
import org.apache.cloudstack.storage.datastore.db.TemplateDataStoreDao;
@@ -46,6 +46,7 @@ import com.cloud.exception.ResourceAllocationException;
import com.cloud.host.dao.HostDao;
import com.cloud.hypervisor.Hypervisor.HypervisorType;
import com.cloud.org.Grouping;
+import com.cloud.projects.ProjectManager;
import com.cloud.server.ConfigurationServer;
import com.cloud.storage.GuestOS;
import com.cloud.storage.Storage.ImageFormat;
@@ -86,8 +87,9 @@ public abstract class TemplateAdapterBase extends AdapterBase
implements Templat
protected @Inject ResourceLimitService _resourceLimitMgr;
protected @Inject DataStoreManager storeMgr;
@Inject TemplateManager templateMgr;
- @Inject ConfigurationServer _configServer;
-
+ @Inject ConfigurationServer _configServer;
+ @Inject ProjectManager _projectMgr;
+
@Override
public boolean stop() {
return true;
@@ -289,9 +291,16 @@ public abstract class TemplateAdapterBase extends
AdapterBase implements Templat
if ((template != null)
&&
(!template.isPublicTemplate() && (account.getId() != template.getAccountId())
&& (template.getTemplateType() != TemplateType.PERHOST))) {
- throw new PermissionDeniedException(msg
+ ". Permission denied.");
+ //special handling for the project case
+ Account owner =
_accountMgr.getAccount(template.getAccountId());
+ if (owner.getType() ==
Account.ACCOUNT_TYPE_PROJECT) {
+ if
(!_projectMgr.canAccessProjectAccount(account, owner.getId())) {
+ throw new PermissionDeniedException(msg + ".
Permission denied. The caller can't access project's template");
+ }
+ } else {
+ throw new PermissionDeniedException(msg + ".
Permission denied.");
+ }
}
-
} else {
if ((vmInstanceCheck != null) &&
!_domainDao.isChildDomain(account.getDomainId(),
vmInstanceCheck.getDomainId())) {
throw new PermissionDeniedException(msg
+ ". Permission denied.");
