etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

bug 12268: listTemplates API - don't list projects' templates in default view 

status 12268: resolved fixed
This commit is contained in:
Alena Prokharchyk 2011-12-06 20:06:02 -08:00
parent a5772425ff
commit 0e983d8d86
3 changed files with 86 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
server/src/com/cloud/server/ManagementServerImpl.java
View File

@ -1193,30 +1193,34 @@ public class ManagementServerImpl implements ManagementServer {
permittedAccounts.add(_accountMgr.finalizeOwner(caller, accountName, domainId, null));
}
//set project information
//set project information
boolean skipProjectTemplates = true;
if (projectId != null) {
permittedAccounts.clear();
Project project = _projectMgr.getProject(projectId);
if (project == null) {
throw new InvalidParameterValueException("Unable to find project by id " + projectId);
}
if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) {
throw new InvalidParameterValueException("Account " + caller + " can't access project id=" + projectId);
}
permittedAccounts.add(_accountMgr.getAccount(project.getProjectAccountId()));
} else {
List<Long> permittedAccountIds = _projectMgr.listPermittedProjectAccounts(caller.getId());
for (Long permittedAccountId : permittedAccountIds) {
permittedAccounts.add(_accountMgr.getAccount(permittedAccountId));
}
}
if (projectId == -1) {
List<Long> permittedAccountIds = _projectMgr.listPermittedProjectAccounts(caller.getId());
for (Long permittedAccountId : permittedAccountIds) {
permittedAccounts.add(_accountMgr.getAccount(permittedAccountId));
}
} else {
permittedAccounts.clear();
Project project = _projectMgr.getProject(projectId);
if (project == null) {
throw new InvalidParameterValueException("Unable to find project by id " + projectId);
}
if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) {
throw new InvalidParameterValueException("Account " + caller + " can't access project id=" + projectId);
}
permittedAccounts.add(_accountMgr.getAccount(project.getProjectAccountId()));
skipProjectTemplates = false;
}
}
// It is account specific if account is admin type and domainId and accountName are not null
boolean isAccountSpecific = (isAdmin(caller.getType())) && (accountName != null) && (domainId != null);
HypervisorType hypervisorType = HypervisorType.getType(cmd.getHypervisor());
return listTemplates(cmd.getId(), cmd.getIsoName(), cmd.getKeyword(), isoFilter, true, cmd.isBootable(), cmd.getPageSizeVal(), cmd.getStartIndex(), cmd.getZoneId(), hypervisorType, isAccountSpecific,
true, cmd.listInReadyState(), permittedAccounts, caller);
true, cmd.listInReadyState(), permittedAccounts, caller, skipProjectTemplates);
}
@Override
@ -1235,34 +1239,38 @@ public class ManagementServerImpl implements ManagementServer {
}
//set project information
boolean skipProjectTemplates = true;
if (projectId != null) {
permittedAccounts.clear();
Project project = _projectMgr.getProject(projectId);
if (project == null) {
throw new InvalidParameterValueException("Unable to find project by id " + projectId);
}
if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) {
throw new InvalidParameterValueException("Account " + caller + " can't access project id=" + projectId);
}
permittedAccounts.add(_accountMgr.getAccount(project.getProjectAccountId()));
} else {
List<Long> permittedAccountIds = _projectMgr.listPermittedProjectAccounts(caller.getId());
for (Long permittedAccountId : permittedAccountIds) {
permittedAccounts.add(_accountMgr.getAccount(permittedAccountId));
}
if (projectId == -1) {
List<Long> permittedAccountIds = _projectMgr.listPermittedProjectAccounts(caller.getId());
for (Long permittedAccountId : permittedAccountIds) {
permittedAccounts.add(_accountMgr.getAccount(permittedAccountId));
}
} else {
permittedAccounts.clear();
Project project = _projectMgr.getProject(projectId);
if (project == null) {
throw new InvalidParameterValueException("Unable to find project by id " + projectId);
}
if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) {
throw new InvalidParameterValueException("Account " + caller + " can't access project id=" + projectId);
}
permittedAccounts.add(_accountMgr.getAccount(project.getProjectAccountId()));
skipProjectTemplates = false;
}
}
// It is account specific if account is admin type and domainId and accountName are not null
boolean isAccountSpecific = (caller == null || isAdmin(caller.getType())) && (accountName != null) && (domainId != null);
boolean showDomr = ((templateFilter != TemplateFilter.selfexecutable) && (templateFilter != TemplateFilter.featured));
HypervisorType hypervisorType = HypervisorType.getType(cmd.getHypervisor());
return listTemplates(cmd.getId(), cmd.getTemplateName(), cmd.getKeyword(), templateFilter, false, null, cmd.getPageSizeVal(), cmd.getStartIndex(), cmd.getZoneId(), hypervisorType, isAccountSpecific,
showDomr, cmd.listInReadyState(), permittedAccounts, caller);
showDomr, cmd.listInReadyState(), permittedAccounts, caller, skipProjectTemplates);
}
private Set<Pair<Long, Long>> listTemplates(Long templateId, String name, String keyword, TemplateFilter templateFilter, boolean isIso, Boolean bootable, Long pageSize, Long startIndex,
Long zoneId, HypervisorType hyperType, boolean isAccountSpecific, boolean showDomr, boolean onlyReady, List<Account> permittedAccounts, Account caller) {
Long zoneId, HypervisorType hyperType, boolean isAccountSpecific, boolean showDomr, boolean onlyReady, List<Account> permittedAccounts, Account caller, boolean skipProjectTemplates) {
VMTemplateVO template = null;
if (templateId != null) {
@ -1297,7 +1305,7 @@ public class ManagementServerImpl implements ManagementServer {
permittedAccounts, caller);
Set<Pair<Long, Long>> templateZonePairSet2 = new HashSet<Pair<Long, Long>>();
templateZonePairSet2 = _templateDao.searchTemplates(name, keyword, templateFilter, isIso, hypers, bootable, domain, pageSize, startIndex, zoneId, hyperType, onlyReady, showDomr,
permittedAccounts, caller);
permittedAccounts, caller, skipProjectTemplates);
for (Pair<Long, Long> tmpltPair : templateZonePairSet2) {
if (!templateZonePairSet.contains(new Pair<Long, Long>(tmpltPair.first(), 0L))) {
templateZonePairSet.add(tmpltPair);
@ -1315,7 +1323,7 @@ public class ManagementServerImpl implements ManagementServer {
} else {
if (template == null) {
templateZonePairSet = _templateDao.searchTemplates(name, keyword, templateFilter, isIso, hypers, bootable, domain, pageSize, startIndex, zoneId, hyperType, onlyReady, showDomr,
permittedAccounts, caller);
permittedAccounts, caller, skipProjectTemplates);
} else {
// if template is not public, perform permission check here
if (!template.isPublicTemplate() && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {

2
server/src/com/cloud/storage/dao/VMTemplateDao.java
View File

@ -59,7 +59,7 @@ public interface VMTemplateDao extends GenericDao<VMTemplateVO, Long> {
public List<VMTemplateVO> listReadyTemplates();
public List<VMTemplateVO> listByAccountId(long accountId);
public Set<Pair<Long, Long>> searchTemplates(String name, String keyword, TemplateFilter templateFilter, boolean isIso, List<HypervisorType> hypers, Boolean bootable,
DomainVO domain, Long pageSize, Long startIndex, Long zoneId, HypervisorType hyperType, boolean onlyReady, boolean showDomr, List<Account> permittedAccounts, Account caller);
DomainVO domain, Long pageSize, Long startIndex, Long zoneId, HypervisorType hyperType, boolean onlyReady, boolean showDomr, List<Account> permittedAccounts, Account caller, boolean skipProjectTemplates);
public Set<Pair<Long, Long>> searchSwiftTemplates(String name, String keyword, TemplateFilter templateFilter, boolean isIso, List<HypervisorType> hypers, Boolean bootable, DomainVO domain,
Long pageSize, Long startIndex, Long zoneId, HypervisorType hyperType, boolean onlyReady, boolean showDomr, List<Account> permittedAccounts, Account caller);

58
server/src/com/cloud/storage/dao/VMTemplateDaoImpl.java
View File

@ -440,7 +440,7 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
}
@Override
public Set<Pair<Long, Long>> searchTemplates(String name, String keyword, TemplateFilter templateFilter, boolean isIso, List<HypervisorType> hypers, Boolean bootable, DomainVO domain, Long pageSize, Long startIndex, Long zoneId, HypervisorType hyperType, boolean onlyReady, boolean showDomr,List<Account> permittedAccounts, Account caller) {
public Set<Pair<Long, Long>> searchTemplates(String name, String keyword, TemplateFilter templateFilter, boolean isIso, List<HypervisorType> hypers, Boolean bootable, DomainVO domain, Long pageSize, Long startIndex, Long zoneId, HypervisorType hyperType, boolean onlyReady, boolean showDomr,List<Account> permittedAccounts, Account caller, boolean skipProjectTemplates) {
StringBuilder builder = new StringBuilder();
if (!permittedAccounts.isEmpty()) {
@ -486,9 +486,19 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
}
sql += guestOSJoin + templateHostRefJoin + dataCenterJoin;
String whereClause = "";
String whereClause = "";
//All joins have to be made before we start setting the condition settings
boolean joinedWithAccounts = false;
if (skipProjectTemplates || (!permittedAccounts.isEmpty() && !(templateFilter == TemplateFilter.community || templateFilter == TemplateFilter.featured))) {
whereClause += " INNER JOIN account a on (t.account_id = a.id)";
if (skipProjectTemplates) {
whereClause += " WHERE a.type != " + Account.ACCOUNT_TYPE_PROJECT;
}
joinedWithAccounts = true;
}
if ( !isIso ) {
if (!isIso) {
if ( hypers.isEmpty() ) {
return templateZonePairList;
} else {
@ -503,8 +513,8 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
whereClause += " AND t.hypervisor_type IN (" + relatedHypers + ")";
}
}
if (!permittedAccounts.isEmpty()) {
for (Account account : permittedAccounts) {
//accountType = account.getType();
//accountId = Long.toString(account.getId());
@ -532,18 +542,29 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
}
relatedDomainIds.setLength(relatedDomainIds.length()-1);
}
}
}
String attr = " AND ";
if (whereClause.endsWith(" WHERE ")) {
attr += " WHERE ";
}
if (!permittedAccounts.isEmpty() && !(templateFilter == TemplateFilter.featured || templateFilter == TemplateFilter.community)) {
whereClause += attr + "t.account_id IN (" + permittedAccountsStr + ")";
}
if (templateFilter == TemplateFilter.featured) {
whereClause += " WHERE t.public = 1 AND t.featured = 1";
whereClause += attr + "t.public = 1 AND t.featured = 1";
if (!permittedAccounts.isEmpty()) {
whereClause += " AND (dc.domain_id IN (" + relatedDomainIds + ") OR dc.domain_id is NULL)";
whereClause += attr + "(dc.domain_id IN (" + relatedDomainIds + ") OR dc.domain_id is NULL)";
}
} else if ((templateFilter == TemplateFilter.self || templateFilter == TemplateFilter.selfexecutable) && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
if (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN || caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) {
whereClause += " INNER JOIN account a on (t.account_id = a.id) INNER JOIN domain d on (a.domain_id = d.id) WHERE d.path LIKE '" + domain.getPath() + "%'";
} else {
whereClause += " WHERE t.account_id IN (" + permittedAccountsStr + ")";
if (!joinedWithAccounts) {
whereClause += " INNER JOIN account a on (t.account_id = a.id)";
}
whereClause += " INNER JOIN domain d on (a.domain_id = d.id) WHERE d.path LIKE '" + domain.getPath() + "%'";
}
} else if (templateFilter == TemplateFilter.sharedexecutable && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) {
@ -551,17 +572,20 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
" (t.account_id IN (" + permittedAccountsStr + ") OR" +
" lp.account_id IN (" + permittedAccountsStr + "))";
} else {
whereClause += " INNER JOIN account a on (t.account_id = a.id) INNER JOIN domain d on (a.domain_id = d.id) WHERE d.path LIKE '" + domain.getPath() + "%'";
}
if (!joinedWithAccounts) {
whereClause += " INNER JOIN account a on (t.account_id = a.id)";
}
whereClause += " INNER JOIN domain d on (a.domain_id = d.id) WHERE d.path LIKE '" + domain.getPath() + "%'";
}
} else if (templateFilter == TemplateFilter.executable && !permittedAccounts.isEmpty()) {
whereClause += " WHERE (t.public = 1 OR t.account_id IN (" + permittedAccountsStr + "))";
whereClause += attr + "(t.public = 1 OR t.account_id IN (" + permittedAccountsStr + "))";
} else if (templateFilter == TemplateFilter.community) {
whereClause += " WHERE t.public = 1 AND t.featured = 0";
whereClause += attr + "t.public = 1 AND t.featured = 0";
if (!permittedAccounts.isEmpty()) {
whereClause += " AND (dc.domain_id IN (" + relatedDomainIds + ") OR dc.domain_id is NULL)";
whereClause += attr + "(dc.domain_id IN (" + relatedDomainIds + ") OR dc.domain_id is NULL)";
}
} else if (templateFilter == TemplateFilter.all && caller.getType() == Account.ACCOUNT_TYPE_ADMIN) {
whereClause += " WHERE ";
whereClause += attr;
} else if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
return templateZonePairList;
}
@ -571,7 +595,7 @@ public class VMTemplateDaoImpl extends GenericDaoBase<VMTemplateVO, Long> implem
} else if (!whereClause.equals(" WHERE ")) {
whereClause += " AND ";
}
sql += whereClause + getExtrasWhere(templateFilter, name, keyword, isIso, bootable, hyperType, zoneId, onlyReady, showDomr) + groupByClause + getOrderByLimit(pageSize, startIndex);
pstmt = txn.prepareStatement(sql);