GutoVeronezi commented on a change in pull request #5103:
URL: https://github.com/apache/cloudstack/pull/5103#discussion_r660912115
##########
File path:
server/src/main/java/org/apache/cloudstack/annotation/AnnotationManagerImpl.java
##########
@@ -70,43 +88,103 @@ public AnnotationResponse addAnnotation(String text,
EntityType type, String uui
@ActionEvent(eventType = EventTypes.EVENT_ANNOTATION_REMOVE,
eventDescription = "removing an annotation on an entity")
public AnnotationResponse removeAnnotation(RemoveAnnotationCmd
removeAnnotationCmd) {
String uuid = removeAnnotationCmd.getUuid();
- if(LOGGER.isDebugEnabled()) {
- LOGGER.debug("marking annotation removed: " + uuid);
- }
AnnotationVO annotation = annotationDao.findByUuid(uuid);
- annotationDao.remove(annotation.getId());
+ if (isCallingUserAllowedToRemoveAnnotation(annotation)) {
+ if(LOGGER.isDebugEnabled()) {
+ LOGGER.debug("marking annotation removed: " + uuid);
+ }
+ annotationDao.remove(annotation.getId());
+ } else {
+ throw new CloudRuntimeException("Only administrators or entity
owner users can delete annotations, cannot remove annotation: " + uuid);
+ }
+
return createAnnotationResponse(annotation);
}
+ private boolean isCallingUserAllowedToRemoveAnnotation(AnnotationVO
annotation) {
+ if (annotation == null) {
+ return false;
+ }
+ if (isCallingUserAdmin()) {
+ return true;
+ }
+ UserVO callingUser = getCallingUserFromContext();
+ String annotationOwnerUuid = annotation.getUserUuid();
+ return annotationOwnerUuid != null &&
annotationOwnerUuid.equals(callingUser.getUuid());
+ }
+
+ private UserVO getCallingUserFromContext() {
+ CallContext ctx = CallContext.current();
+ long userId = ctx.getCallingUserId();
+ UserVO userVO = userDao.findById(userId);
+ if (userVO == null) {
+ throw new CloudRuntimeException("Cannot find a user with ID " +
userId);
+ }
+ return userVO;
+ }
+
+ private boolean isCallingUserAdmin() {
+ UserVO userVO = getCallingUserFromContext();
+ long accountId = userVO.getAccountId();
+ AccountVO accountVO = accountDao.findById(accountId);
+ if (accountVO == null) {
+ throw new CloudRuntimeException("Cannot find account with ID + " +
accountId);
+ }
+ Long roleId = accountVO.getRoleId();
+ Role role = roleService.findRole(roleId);
+ if (role == null) {
+ throw new CloudRuntimeException("Cannot find role with ID " +
roleId);
+ }
+ return RoleType.Admin.equals(role.getRoleType()) ||
RoleType.DomainAdmin.equals(role.getRoleType()) ||
+ RoleType.ResourceAdmin.equals(role.getRoleType());
Review comment:
We could extract these roles to a list (constant) and verify if it
contains the specified role.
##########
File path:
api/src/main/java/org/apache/cloudstack/api/command/admin/annotation/AddAnnotationCmd.java
##########
@@ -63,6 +69,10 @@ public String getEntityUuid() {
return entityUuid;
}
+ public boolean isAdminsOnly() {
+ return adminsOnly != null && adminsOnly;
Review comment:
We could use `org.apache.commons.lang3.BooleanUtils` here:
```java
...
return BooleanUtils.toBoolean(adminsOnly);
...
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
