Updated Branches: refs/heads/rbac aba54356d -> 429400514
Check if an Account belongs to RootAdmin group Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/42940051 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/42940051 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/42940051 Branch: refs/heads/rbac Commit: 42940051424abe96eb2f1fe7bd94b547b377e00d Parents: aba5435 Author: Prachi Damle <[email protected]> Authored: Tue Sep 24 17:01:43 2013 -0700 Committer: Prachi Damle <[email protected]> Committed: Tue Sep 24 17:01:43 2013 -0700 ---------------------------------------------------------------------- .../cloudstack/acl/dao/AclGroupAccountMapDao.java | 2 ++ .../acl/dao/AclGroupAccountMapDaoImpl.java | 16 ++++++++++++++++ server/src/com/cloud/user/AccountManagerImpl.java | 11 +++++++++++ server/test/com/cloud/vm/UserVmManagerTest.java | 3 +++ .../com/cloud/vpc/MockResourceLimitManagerImpl.java | 2 +- 5 files changed, 33 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/42940051/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDao.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDao.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDao.java index b60dcb4..1102047 100644 --- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDao.java +++ b/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDao.java @@ -28,4 +28,6 @@ public interface AclGroupAccountMapDao extends GenericDao<AclGroupAccountMapVO, List<AclGroupAccountMapVO> listByAccountId(long accountId); + AclGroupAccountMapVO findAccountInAdminGroup(long accountId); + } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/42940051/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDaoImpl.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDaoImpl.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDaoImpl.java index ecccf85..d0c8a5b 100644 --- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDaoImpl.java +++ b/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDaoImpl.java @@ -33,6 +33,7 @@ import com.cloud.utils.db.SearchCriteria; public class AclGroupAccountMapDaoImpl extends GenericDaoBase<AclGroupAccountMapVO, Long> implements AclGroupAccountMapDao { private SearchBuilder<AclGroupAccountMapVO> ListByGroupId; private SearchBuilder<AclGroupAccountMapVO> ListByAccountId; + private SearchBuilder<AclGroupAccountMapVO> _findByAccountAndGroupId; @Override public boolean configure(String name, Map<String, Object> params) throws ConfigurationException { @@ -46,6 +47,13 @@ public class AclGroupAccountMapDaoImpl extends GenericDaoBase<AclGroupAccountMap ListByAccountId.and("accountId", ListByAccountId.entity().getAccountId(), SearchCriteria.Op.EQ); ListByAccountId.done(); + _findByAccountAndGroupId = createSearchBuilder(); + _findByAccountAndGroupId + .and("groupId", _findByAccountAndGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ); + _findByAccountAndGroupId.and("accountId", _findByAccountAndGroupId.entity().getAccountId(), + SearchCriteria.Op.EQ); + _findByAccountAndGroupId.done(); + return true; } @@ -63,4 +71,12 @@ public class AclGroupAccountMapDaoImpl extends GenericDaoBase<AclGroupAccountMap return listBy(sc); } + @Override + public AclGroupAccountMapVO findAccountInAdminGroup(long accountId) { + SearchCriteria<AclGroupAccountMapVO> sc = _findByAccountAndGroupId.create(); + sc.setParameters("accountId", accountId); + sc.setParameters("groupId", 2); + return findOneBy(sc); + } + } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/42940051/server/src/com/cloud/user/AccountManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java index e78620e..3b0e87c 100755 --- a/server/src/com/cloud/user/AccountManagerImpl.java +++ b/server/src/com/cloud/user/AccountManagerImpl.java @@ -39,10 +39,12 @@ import javax.naming.ConfigurationException; import org.apache.commons.codec.binary.Base64; import org.apache.log4j.Logger; +import org.apache.cloudstack.acl.AclGroupAccountMapVO; import org.apache.cloudstack.acl.ControlledEntity; import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.acl.SecurityChecker; import org.apache.cloudstack.acl.SecurityChecker.AccessType; +import org.apache.cloudstack.acl.dao.AclGroupAccountMapDao; import org.apache.cloudstack.affinity.AffinityGroup; import org.apache.cloudstack.affinity.dao.AffinityGroupDao; import org.apache.cloudstack.api.command.admin.account.UpdateAccountCmd; @@ -244,6 +246,10 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M private DedicatedResourceDao _dedicatedDao; @Inject private GlobalLoadBalancerRuleDao _gslbRuleDao; + + @Inject + private AclGroupAccountMapDao _aclGroupAccountDao; + @Inject public com.cloud.region.ha.GlobalLoadBalancingRulesService _gslbService; @@ -347,6 +353,11 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M public boolean isRootAdmin(long accountId) { // refer to account_group_map and check if account is in Root 'Admin' // group + + AclGroupAccountMapVO adminGroupMember = _aclGroupAccountDao.findAccountInAdminGroup(accountId); + if (adminGroupMember != null) { + return true; + } return false; } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/42940051/server/test/com/cloud/vm/UserVmManagerTest.java ---------------------------------------------------------------------- diff --git a/server/test/com/cloud/vm/UserVmManagerTest.java b/server/test/com/cloud/vm/UserVmManagerTest.java index df676d3..8e5032f 100755 --- a/server/test/com/cloud/vm/UserVmManagerTest.java +++ b/server/test/com/cloud/vm/UserVmManagerTest.java @@ -564,6 +564,9 @@ public class UserVmManagerTest { any(Boolean.class), any(ControlledEntity.class)); CallContext.register(user, caller); + + when(_accountMgr.isRootAdmin(anyLong())).thenReturn(true); + try { _userVmMgr.moveVMToUser(cmd); } finally { http://git-wip-us.apache.org/repos/asf/cloudstack/blob/42940051/server/test/com/cloud/vpc/MockResourceLimitManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/test/com/cloud/vpc/MockResourceLimitManagerImpl.java b/server/test/com/cloud/vpc/MockResourceLimitManagerImpl.java index 367ca45..172d6b3 100644 --- a/server/test/com/cloud/vpc/MockResourceLimitManagerImpl.java +++ b/server/test/com/cloud/vpc/MockResourceLimitManagerImpl.java @@ -75,7 +75,7 @@ public class MockResourceLimitManagerImpl extends ManagerBase implements Resourc @Override - public long findCorrectResourceLimitForAccount(short accountType, Long limit, ResourceType type) { + public long findCorrectResourceLimitForAccount(long accountId, Long limit, ResourceType type) { // TODO Auto-generated method stub return 0; }
