[GitHub] [cloudstack] weizhouapache commented on a diff in pull request #6546: Fixed list networks in projects after setting network permissions

GitBox Tue, 12 Jul 2022 23:36:10 -0700


weizhouapache commented on code in PR #6546:
URL: https://github.com/apache/cloudstack/pull/6546#discussion_r918827935



##########
server/src/main/java/com/cloud/network/NetworkServiceImpl.java:
##########
@@ -2035,23 +2035,23 @@ public Pair<List<? extends Network>, Integer> 
searchForNetworks(ListNetworksCmd
                 if (Arrays.asList(Network.NetworkFilter.Domain, 
Network.NetworkFilter.AccountDomain, 
Network.NetworkFilter.All).contains(networkFilter)) {
                     //add domain specific networks of domain + parent domains
                     
networksToReturn.addAll(listDomainSpecificNetworksByDomainPath(buildNetworkSearchCriteria(sb,
 keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, 
networkOfferingId,
-                            aclType, skipProjectNetworks, restartRequired, 
specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), 
searchFilter, path, isRecursive));
+                            aclType, true, restartRequired, specifyIpRanges, 
vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, path, 
isRecursive));
                     //add networks of subdomains
                     if (domainId == null) {
                         
networksToReturn.addAll(listDomainLevelNetworks(buildNetworkSearchCriteria(sb, 
keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, 
networkOfferingId,
-                                aclType, true, restartRequired, 
specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), 
searchFilter, caller.getDomainId(), true));
+                            aclType, true, restartRequired, specifyIpRanges, 
vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, 
caller.getDomainId(), true));

Review Comment:
   it looks no changes with this line ?



##########
server/src/main/java/com/cloud/network/NetworkServiceImpl.java:
##########
@@ -2035,23 +2035,23 @@ public Pair<List<? extends Network>, Integer> 
searchForNetworks(ListNetworksCmd
                 if (Arrays.asList(Network.NetworkFilter.Domain, 
Network.NetworkFilter.AccountDomain, 
Network.NetworkFilter.All).contains(networkFilter)) {
                     //add domain specific networks of domain + parent domains
                     
networksToReturn.addAll(listDomainSpecificNetworksByDomainPath(buildNetworkSearchCriteria(sb,
 keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, 
networkOfferingId,
-                            aclType, skipProjectNetworks, restartRequired, 
specifyIpRanges, vpcId, tags, display, vlanId, associatedNetworkId), 
searchFilter, path, isRecursive));
+                            aclType, true, restartRequired, specifyIpRanges, 
vpcId, tags, display, vlanId, associatedNetworkId), searchFilter, path, 
isRecursive));

Review Comment:
   @sureshanaparti 
   `skipProjectNetworks` should be considered only when list account-level 
networks.
   
   for domain and shared network (by network permission), `skipProjectNetworks` 
parameter should be always `true` , because networks in return always belong to 
accounts (`system` account or other accounts).
   
   this pr looks good to me.



##########
test/integration/component/test_network_permissions.py:
##########
@@ -758,3 +758,24 @@ def 
test_04_deploy_vm_for_other_user_and_test_vm_operations(self):
         command = """self.reset_network_permission({apiclient}, 
self.user_network, expected=True)"""
         self.exec_command("self.otheruser_apiclient", command, expected=False)
         self.exec_command("self.user_apiclient", command, expected=True)
+
+    @attr(tags=["advanced"], required_hardware="false")
+    def test_05_list_networks_under_project(self):
+        """ Testing list networks under a project """
+        self.create_network_permission(self.apiclient, self.user_network, 
self.domain_admin, self.project, expected=True)
+        self.list_network(self.apiclient, self.domain_admin, 
self.user_network, self.project, None, expected=True)
+
+        self.remove_network_permission(self.apiclient, self.user_network, 
self.domain_admin, self.project, expected=True)
+        self.list_network(self.apiclient, self.domain_admin, 
self.user_network, self.project, None, expected=False)
+
+    @attr(tags=["advanced"], required_hardware="false")
+    def test_06_list_networks_under_account(self):
+        """ Testing list networks under an account """
+        self.create_network_permission(self.apiclient, self.user_network, 
self.domain_admin, None, expected=True)

Review Comment:
   @harikrishna-patnala 
   would it be good to create network permission to `otheruser` (not 
`domain_admin`) as well ?
   
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

[GitHub] [cloudstack] weizhouapache commented on a diff in pull request #6546: Fixed list networks in projects after setting network permissions

Reply via email to