Repository: cloudstack Updated Branches: refs/heads/4.4-forward f784f274b -> b9bdaf9d3
CLOUDSTACK-6598:IAM - listAccount() retrurns "Caller cannot be passed as NULL to IAM!" when domain deletion is in progress. Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/b9bdaf9d Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/b9bdaf9d Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/b9bdaf9d Branch: refs/heads/4.4-forward Commit: b9bdaf9d31803cd080475e27da56695c3293c4ca Parents: f784f27 Author: Min Chen <min.c...@citrix.com> Authored: Thu May 8 15:19:23 2014 -0700 Committer: Min Chen <min.c...@citrix.com> Committed: Thu May 8 15:19:23 2014 -0700 ---------------------------------------------------------------------- .../resourcelimit/ResourceLimitManagerImpl.java | 6 ++++ .../src/com/cloud/user/AccountManagerImpl.java | 31 ++++++++++++++++++-- 2 files changed, 35 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b9bdaf9d/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java b/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java index 2b5d976..0c0c588 100755 --- a/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java +++ b/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java @@ -325,6 +325,9 @@ public class ResourceLimitManagerImpl extends ManagerBase implements ResourceLim } Account account = _accountDao.findById(accountId); + if (account == null) { + return max; + } // Check if limit is configured for account if (limit != null) { @@ -633,6 +636,9 @@ public class ResourceLimitManagerImpl extends ManagerBase implements ResourceLim if (accountId != null) { Account account = _entityMgr.findById(Account.class, accountId); + if (account == null) { + throw new InvalidParameterValueException("Unable to find account " + accountId); + } if (account.getId() == Account.ACCOUNT_ID_SYSTEM) { throw new InvalidParameterValueException("Can't update system account"); } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b9bdaf9d/server/src/com/cloud/user/AccountManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java index 22be83c..3ff9bd2 100755 --- a/server/src/com/cloud/user/AccountManagerImpl.java +++ b/server/src/com/cloud/user/AccountManagerImpl.java @@ -363,6 +363,9 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M public boolean isAdmin(Long accountId) { if (accountId != null) { AccountVO acct = _accountDao.findById(accountId); + if (acct == null) { + return false; //account is deleted or does not exist + } if ((isRootAdmin(accountId)) || (isDomainAdmin(accountId)) || (isResourceDomainAdmin(accountId))) { return true; } else if (acct.getType() == Account.ACCOUNT_TYPE_READ_ONLY_ADMIN) { @@ -377,6 +380,9 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M public boolean isRootAdmin(Long accountId) { if (accountId != null) { AccountVO acct = _accountDao.findById(accountId); + if (acct == null) { + return false; //account is deleted or does not exist + } for (SecurityChecker checker : _securityCheckers) { try { if (checker.checkAccess(acct, null, null, "SystemCapability")) { @@ -397,6 +403,9 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M public boolean isDomainAdmin(Long accountId) { if (accountId != null) { AccountVO acct = _accountDao.findById(accountId); + if (acct == null) { + return false; //account is deleted or does not exist + } for (SecurityChecker checker : _securityCheckers) { try { if (checker.checkAccess(acct, null, null, "DomainCapability")) { @@ -425,6 +434,9 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M public boolean isResourceDomainAdmin(Long accountId) { if (accountId != null) { AccountVO acct = _accountDao.findById(accountId); + if (acct == null) { + return false; //account is deleted or does not exist + } for (SecurityChecker checker : _securityCheckers) { try { if (checker.checkAccess(acct, null, null, "DomainResourceCapability")) { @@ -443,6 +455,9 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M public boolean isInternalAccount(long accountId) { Account account = _accountDao.findById(accountId); + if (account == null) { + return false; //account is deleted or does not exist + } if (isRootAdmin(accountId) || (account.getType() == Account.ACCOUNT_ID_SYSTEM)) { return true; } @@ -1138,6 +1153,9 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M // If the account is an admin type, return an error. We do not allow this Account account = _accountDao.findById(user.getAccountId()); + if (account == null) { + throw new InvalidParameterValueException("unable to find user account " + user.getAccountId()); + } // don't allow updating project account if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) { @@ -1145,7 +1163,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M } // don't allow updating system account - if (account != null && (account.getId() == Account.ACCOUNT_ID_SYSTEM)) { + if (account.getId() == Account.ACCOUNT_ID_SYSTEM) { throw new PermissionDeniedException("user id : " + id + " is system account, update is not allowed"); } @@ -1252,6 +1270,9 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M } Account account = _accountDao.findById(user.getAccountId()); + if (account == null) { + throw new InvalidParameterValueException("unable to find user account " + user.getAccountId()); + } // don't allow disabling user belonging to project's account if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) { @@ -1291,6 +1312,9 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M } Account account = _accountDao.findById(user.getAccountId()); + if (account == null) { + throw new InvalidParameterValueException("unable to find user account " + user.getAccountId()); + } if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) { throw new InvalidParameterValueException("Unable to find active user by id " + userId); @@ -1339,6 +1363,9 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M } Account account = _accountDao.findById(user.getAccountId()); + if (account == null) { + throw new InvalidParameterValueException("unable to find user account " + user.getAccountId()); + } // don't allow to lock user of the account of type Project if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) { @@ -1404,7 +1431,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M // If the user is a System user, return an error. We do not allow this AccountVO account = _accountDao.findById(accountId); - if (account.getRemoved() != null) { + if (account == null || account.getRemoved() != null) { s_logger.info("The account:" + account.getAccountName() + " is already removed"); return true; }
