[jira] [Commented] (CLOUDSTACK-6276) Affinity Groups within projects

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-6276?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15014201#comment-15014201
 ] 

ASF GitHub Bot commented on CLOUDSTACK-6276:
--------------------------------------------

Github user ustcweizhou commented on the pull request:

    https://github.com/apache/cloudstack/pull/508#issuecomment-158164720
  
    @pdube 
    
    try this change:
    
    ```
    diff --git a/server/src/com/cloud/acl/AffinityGroupAccessChecker.java 
b/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
    index 57f7b37..c6e44d6 100644
    --- a/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
    +++ b/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
    @@ -30,6 +30,9 @@ import 
org.apache.cloudstack.affinity.dao.AffinityGroupDomainMapDao;
    
     import com.cloud.domain.DomainVO;
     import com.cloud.exception.PermissionDeniedException;
    +import com.cloud.projects.ProjectVO;
    +import com.cloud.projects.dao.ProjectAccountDao;
    +import com.cloud.projects.dao.ProjectDao;
     import com.cloud.user.Account;
     import com.cloud.user.AccountManager;
     import com.cloud.utils.exception.CloudRuntimeException;
    @@ -44,6 +47,10 @@ public class AffinityGroupAccessChecker extends 
DomainChecker {
         AccountManager _accountMgr;
         @Inject
         AffinityGroupDomainMapDao _affinityGroupDomainMapDao;
    +    @Inject
    +    ProjectDao _projectDao;
    +    @Inject
    +    ProjectAccountDao _projectAccountDao;
    
         @Override
         public boolean checkAccess(Account caller, ControlledEntity entity, 
AccessType accessType) throws PermissionDeniedException {
    @@ -72,6 +79,15 @@ public class AffinityGroupAccessChecker extends 
DomainChecker {
                 } else {
                     //acl_type account
                     if (caller.getId() != group.getAccountId()) {
    +                    //check if the group belongs to a project
    +                    ProjectVO project = 
_projectDao.findByProjectAccountId(group.getAccountId());
    +                    if (project != null) {
    +                        if (AccessType.ModifyProject.equals(accessType) && 
_projectAccountDao.canModifyProjectAccount(caller.getId(), 
group.getAccountId())) {
    +                            return true;
    +                        } else if 
(!AccessType.ModifyProject.equals(accessType) && 
_projectAccountDao.canAccessProjectAccount(caller.getId(), 
group.getAccountId())) {
    +                            return true;
    +                        }
    +                    }
                         throw new PermissionDeniedException(caller + " does 
not have permission to operate with resource " + entity);
                     } else {
                         return true;
    ```


> Affinity Groups within projects
> -------------------------------
>
>                 Key: CLOUDSTACK-6276
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6276
>             Project: CloudStack
>          Issue Type: New Feature
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Management Server
>            Reporter: Ingo Jochim
>
> Hello,
> I like to have the features "Affinity Group" and "Project" combined.
> As far as I know I cannot use Affinity Groups within Projects.
> Thanks and regards,
> Ingo



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)