diff --git a/client/tomcatconf/commands.properties.in b/client/tomcatconf/commands.properties.in index 66223f5bd76..a4906802ed3 100644 --- a/client/tomcatconf/commands.properties.in +++ b/client/tomcatconf/commands.properties.in @@ -19,9 +19,9 @@ ### Please standardize naming conventions to camel-case (even for acronyms). ### Account commands -createAccount=3 -deleteAccount=3 -updateAccount=3 +createAccount=7 +deleteAccount=7 +updateAccount=7 disableAccount=7 enableAccount=7 lockAccount=7 @@ -29,8 +29,8 @@ listAccounts=15 markDefaultZoneForAccount=1 #### User commands -createUser=3 -deleteUser=3 +createUser=7 +deleteUser=7 updateUser=15 listUsers=7 lockUser=7 diff --git a/server/src/com/cloud/api/ApiDBUtils.java b/server/src/com/cloud/api/ApiDBUtils.java index 2263c4d1db1..70fa744d2a8 100755 --- a/server/src/com/cloud/api/ApiDBUtils.java +++ b/server/src/com/cloud/api/ApiDBUtils.java @@ -1473,7 +1473,15 @@ public class ApiDBUtils { } public static UserResponse newUserResponse(UserAccountJoinVO usr) { - return _userAccountJoinDao.newUserResponse(usr); + return newUserResponse(usr, null); + } + public static UserResponse newUserResponse(UserAccountJoinVO usr, Long domainId) { + UserResponse response = _userAccountJoinDao.newUserResponse(usr); + if (domainId != null && usr.getDomainId() != domainId) + response.setIsCallerChildDomain(true); + else + response.setIsCallerChildDomain(false); + return response; } public static UserAccountJoinVO newUserView(User usr){ diff --git a/server/src/com/cloud/api/query/QueryManagerImpl.java b/server/src/com/cloud/api/query/QueryManagerImpl.java index 305c065ac30..66104b663d7 100644 --- a/server/src/com/cloud/api/query/QueryManagerImpl.java +++ b/server/src/com/cloud/api/query/QueryManagerImpl.java @@ -336,8 +336,8 @@ public class QueryManagerImpl extends ManagerBase implements QueryService { public ListResponse searchForUsers(ListUsersCmd cmd) throws PermissionDeniedException { Pair, Integer> result = searchForUsersInternal(cmd); ListResponse response = new ListResponse(); - List userResponses = ViewResponseHelper.createUserResponse(result.first().toArray( - new UserAccountJoinVO[result.first().size()])); + List userResponses = ViewResponseHelper.createUserResponse(UserContext.current().getCaller().getDomainId(), + result.first().toArray(new UserAccountJoinVO[result.first().size()])); response.setResponses(userResponses, result.second()); return response; } diff --git a/server/src/com/cloud/api/query/ViewResponseHelper.java b/server/src/com/cloud/api/query/ViewResponseHelper.java index 14187955276..f2901e18c4a 100644 --- a/server/src/com/cloud/api/query/ViewResponseHelper.java +++ b/server/src/com/cloud/api/query/ViewResponseHelper.java @@ -81,9 +81,13 @@ public class ViewResponseHelper { public static final Logger s_logger = Logger.getLogger(ViewResponseHelper.class); public static List createUserResponse(UserAccountJoinVO... users) { + return createUserResponse(null, users); + } + + public static List createUserResponse(Long domainId, UserAccountJoinVO... users) { List respList = new ArrayList(); for (UserAccountJoinVO vt : users){ - respList.add(ApiDBUtils.newUserResponse(vt)); + respList.add(ApiDBUtils.newUserResponse(vt, domainId)); } return respList; } diff --git a/ui/scripts/accounts.js b/ui/scripts/accounts.js index 9ba3ebfe711..343557ce6f8 100644 --- a/ui/scripts/accounts.js +++ b/ui/scripts/accounts.js @@ -66,7 +66,7 @@ add: { label: 'label.add.account', preFilter: function(args) { - if (isAdmin()) + if (isAdmin() || isDomainAdmin()) return true; else return false; @@ -1103,7 +1103,7 @@ label: 'label.add.user', preFilter: function(args) { - if (isAdmin()) + if (isAdmin() || isDomainAdmin()) return true; else return false; @@ -1602,6 +1602,16 @@ } allowedActions.push("updateResourceCount"); } else if (isDomainAdmin()) { + if (jsonObj.name != g_account) { + allowedActions.push("edit"); //updating networkdomain is allowed on any account, including system-generated default admin account + if (jsonObj.state == "enabled") { + allowedActions.push("disable"); + allowedActions.push("lock"); + } else if (jsonObj.state == "disabled" || jsonObj.state == "locked") { + allowedActions.push("enable"); + } + allowedActions.push("remove"); + } allowedActions.push("updateResourceCount"); } return allowedActions; @@ -1627,6 +1637,14 @@ } } else { if (isSelfOrChildDomainUser(jsonObj.username, jsonObj.accounttype, jsonObj.domainid, jsonObj.iscallerchilddomain)) { + if (isDomainAdmin() && jsonObj.username != g_username) { + allowedActions.push("edit"); + if (jsonObj.state == "enabled") + allowedActions.push("disable"); + if (jsonObj.state == "disabled") + allowedActions.push("enable"); + allowedActions.push("remove"); + } allowedActions.push("changePassword"); allowedActions.push("generateKeys"); } diff --git a/ui/scripts/sharedFunctions.js b/ui/scripts/sharedFunctions.js index 358b26a5381..87255cbe063 100644 --- a/ui/scripts/sharedFunctions.js +++ b/ui/scripts/sharedFunctions.js @@ -750,7 +750,7 @@ var addGuestNetworkDialog = { function isSelfOrChildDomainUser(username, useraccounttype, userdomainid, iscallerchilddomain) { if (username == g_username) { //is self return true; - } else if (isDomainAdmin() && iscallerchilddomain && (useraccounttype == 0)) { //domain admin to user + } else if (isDomainAdmin() && !iscallerchilddomain && (useraccounttype == 0)) { //domain admin to user return true; } else if (isDomainAdmin() && iscallerchilddomain && (userdomainid != g_domainid)) { //domain admin to subdomain admin and user return true;