Updated Branches: refs/heads/master c53d4e9e1 -> 382391f27
CLOUDSTACK-4830: allow create account and user by domain admin (cherry picked from commit 0d12e3eb9d4fb0166fc553da7366f4da786daa14) Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/51094987 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/51094987 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/51094987 Branch: refs/heads/master Commit: 51094987838ad4d76c289dcb71f5bfd430e86637 Parents: c53d4e9 Author: Wei Zhou <[email protected]> Authored: Wed Oct 30 15:11:59 2013 +0100 Committer: Wei Zhou <[email protected]> Committed: Thu Oct 31 11:36:54 2013 +0100 ---------------------------------------------------------------------- client/tomcatconf/commands.properties.in | 10 ++++----- server/src/com/cloud/api/ApiDBUtils.java | 10 ++++++++- .../com/cloud/api/query/QueryManagerImpl.java | 4 ++-- .../com/cloud/api/query/ViewResponseHelper.java | 6 +++++- ui/scripts/accounts.js | 22 ++++++++++++++++++-- ui/scripts/sharedFunctions.js | 2 +- 6 files changed, 42 insertions(+), 12 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/51094987/client/tomcatconf/commands.properties.in ---------------------------------------------------------------------- diff --git a/client/tomcatconf/commands.properties.in b/client/tomcatconf/commands.properties.in index b106b9f..e92596c 100644 --- a/client/tomcatconf/commands.properties.in +++ b/client/tomcatconf/commands.properties.in @@ -19,9 +19,9 @@ ### Please standardize naming conventions to camel-case (even for acronyms). ### Account commands -createAccount=3 -deleteAccount=3 -updateAccount=3 +createAccount=7 +deleteAccount=7 +updateAccount=7 disableAccount=7 enableAccount=7 lockAccount=7 @@ -29,8 +29,8 @@ listAccounts=15 markDefaultZoneForAccount=1 #### User commands -createUser=3 -deleteUser=3 +createUser=7 +deleteUser=7 updateUser=15 listUsers=7 lockUser=7 http://git-wip-us.apache.org/repos/asf/cloudstack/blob/51094987/server/src/com/cloud/api/ApiDBUtils.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/api/ApiDBUtils.java b/server/src/com/cloud/api/ApiDBUtils.java index d36604c..b56ada7 100755 --- a/server/src/com/cloud/api/ApiDBUtils.java +++ b/server/src/com/cloud/api/ApiDBUtils.java @@ -1474,7 +1474,15 @@ public class ApiDBUtils { } public static UserResponse newUserResponse(UserAccountJoinVO usr) { - return _userAccountJoinDao.newUserResponse(usr); + return newUserResponse(usr, null); + } + public static UserResponse newUserResponse(UserAccountJoinVO usr, Long domainId) { + UserResponse response = _userAccountJoinDao.newUserResponse(usr); + if (domainId != null && usr.getDomainId() != domainId) + response.setIsCallerChildDomain(true); + else + response.setIsCallerChildDomain(false); + return response; } public static UserAccountJoinVO newUserView(User usr){ http://git-wip-us.apache.org/repos/asf/cloudstack/blob/51094987/server/src/com/cloud/api/query/QueryManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/api/query/QueryManagerImpl.java b/server/src/com/cloud/api/query/QueryManagerImpl.java index 51ee249..97aee99 100644 --- a/server/src/com/cloud/api/query/QueryManagerImpl.java +++ b/server/src/com/cloud/api/query/QueryManagerImpl.java @@ -352,8 +352,8 @@ public class QueryManagerImpl extends ManagerBase implements QueryService { public ListResponse<UserResponse> searchForUsers(ListUsersCmd cmd) throws PermissionDeniedException { Pair<List<UserAccountJoinVO>, Integer> result = searchForUsersInternal(cmd); ListResponse<UserResponse> response = new ListResponse<UserResponse>(); - List<UserResponse> userResponses = ViewResponseHelper.createUserResponse(result.first().toArray( - new UserAccountJoinVO[result.first().size()])); + List<UserResponse> userResponses = ViewResponseHelper.createUserResponse(UserContext.current().getCaller().getDomainId(), + result.first().toArray(new UserAccountJoinVO[result.first().size()])); response.setResponses(userResponses, result.second()); return response; } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/51094987/server/src/com/cloud/api/query/ViewResponseHelper.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/api/query/ViewResponseHelper.java b/server/src/com/cloud/api/query/ViewResponseHelper.java index d97b033..4051f09 100644 --- a/server/src/com/cloud/api/query/ViewResponseHelper.java +++ b/server/src/com/cloud/api/query/ViewResponseHelper.java @@ -83,9 +83,13 @@ public class ViewResponseHelper { public static final Logger s_logger = Logger.getLogger(ViewResponseHelper.class); public static List<UserResponse> createUserResponse(UserAccountJoinVO... users) { + return createUserResponse(null, users); + } + + public static List<UserResponse> createUserResponse(Long domainId, UserAccountJoinVO... users) { List<UserResponse> respList = new ArrayList<UserResponse>(); for (UserAccountJoinVO vt : users){ - respList.add(ApiDBUtils.newUserResponse(vt)); + respList.add(ApiDBUtils.newUserResponse(vt, domainId)); } return respList; } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/51094987/ui/scripts/accounts.js ---------------------------------------------------------------------- diff --git a/ui/scripts/accounts.js b/ui/scripts/accounts.js index a754d31..7267252 100644 --- a/ui/scripts/accounts.js +++ b/ui/scripts/accounts.js @@ -66,7 +66,7 @@ add: { label: 'label.add.account', preFilter: function(args) { - if (isAdmin()) + if (isAdmin() || isDomainAdmin()) return true; else return false; @@ -901,7 +901,7 @@ label: 'label.add.user', preFilter: function(args) { - if (isAdmin()) + if (isAdmin() || isDomainAdmin()) return true; else return false; @@ -1409,6 +1409,16 @@ } allowedActions.push("updateResourceCount"); } else if (isDomainAdmin()) { + if (jsonObj.name != g_account) { + allowedActions.push("edit"); //updating networkdomain is allowed on any account, including system-generated default admin account + if (jsonObj.state == "enabled") { + allowedActions.push("disable"); + allowedActions.push("lock"); + } else if (jsonObj.state == "disabled" || jsonObj.state == "locked") { + allowedActions.push("enable"); + } + allowedActions.push("remove"); + } allowedActions.push("updateResourceCount"); } return allowedActions; @@ -1434,6 +1444,14 @@ } } else { if (isSelfOrChildDomainUser(jsonObj.username, jsonObj.accounttype, jsonObj.domainid, jsonObj.iscallerchilddomain)) { + if (isDomainAdmin() && jsonObj.username != g_username) { + allowedActions.push("edit"); + if (jsonObj.state == "enabled") + allowedActions.push("disable"); + if (jsonObj.state == "disabled") + allowedActions.push("enable"); + allowedActions.push("remove"); + } allowedActions.push("changePassword"); allowedActions.push("generateKeys"); } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/51094987/ui/scripts/sharedFunctions.js ---------------------------------------------------------------------- diff --git a/ui/scripts/sharedFunctions.js b/ui/scripts/sharedFunctions.js index fb07d37..05d2d9d 100644 --- a/ui/scripts/sharedFunctions.js +++ b/ui/scripts/sharedFunctions.js @@ -766,7 +766,7 @@ var addGuestNetworkDialog = { function isSelfOrChildDomainUser(username, useraccounttype, userdomainid, iscallerchilddomain) { if (username == g_username) { //is self return true; - } else if (isDomainAdmin() && iscallerchilddomain && (useraccounttype == 0)) { //domain admin to user + } else if (isDomainAdmin() && !iscallerchilddomain && (useraccounttype == 0)) { //domain admin to user return true; } else if (isDomainAdmin() && iscallerchilddomain && (userdomainid != g_domainid)) { //domain admin to subdomain admin and user return true;
