diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java index 3f5e6e42bc6..d3b0bffa455 100755 --- a/server/src/com/cloud/server/ManagementServerImpl.java +++ b/server/src/com/cloud/server/ManagementServerImpl.java @@ -1193,30 +1193,34 @@ public class ManagementServerImpl implements ManagementServer { permittedAccounts.add(_accountMgr.finalizeOwner(caller, accountName, domainId, null)); } - //set project information + //set project information + boolean skipProjectTemplates = true; if (projectId != null) { - permittedAccounts.clear(); - Project project = _projectMgr.getProject(projectId); - if (project == null) { - throw new InvalidParameterValueException("Unable to find project by id " + projectId); - } - if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { - throw new InvalidParameterValueException("Account " + caller + " can't access project id=" + projectId); - } - permittedAccounts.add(_accountMgr.getAccount(project.getProjectAccountId())); - } else { - List permittedAccountIds = _projectMgr.listPermittedProjectAccounts(caller.getId()); - for (Long permittedAccountId : permittedAccountIds) { - permittedAccounts.add(_accountMgr.getAccount(permittedAccountId)); - } - } + if (projectId == -1) { + List permittedAccountIds = _projectMgr.listPermittedProjectAccounts(caller.getId()); + for (Long permittedAccountId : permittedAccountIds) { + permittedAccounts.add(_accountMgr.getAccount(permittedAccountId)); + } + } else { + permittedAccounts.clear(); + Project project = _projectMgr.getProject(projectId); + if (project == null) { + throw new InvalidParameterValueException("Unable to find project by id " + projectId); + } + if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { + throw new InvalidParameterValueException("Account " + caller + " can't access project id=" + projectId); + } + permittedAccounts.add(_accountMgr.getAccount(project.getProjectAccountId())); + skipProjectTemplates = false; + } + } // It is account specific if account is admin type and domainId and accountName are not null boolean isAccountSpecific = (isAdmin(caller.getType())) && (accountName != null) && (domainId != null); HypervisorType hypervisorType = HypervisorType.getType(cmd.getHypervisor()); return listTemplates(cmd.getId(), cmd.getIsoName(), cmd.getKeyword(), isoFilter, true, cmd.isBootable(), cmd.getPageSizeVal(), cmd.getStartIndex(), cmd.getZoneId(), hypervisorType, isAccountSpecific, - true, cmd.listInReadyState(), permittedAccounts, caller); + true, cmd.listInReadyState(), permittedAccounts, caller, skipProjectTemplates); } @Override @@ -1235,34 +1239,38 @@ public class ManagementServerImpl implements ManagementServer { } //set project information + boolean skipProjectTemplates = true; if (projectId != null) { - permittedAccounts.clear(); - Project project = _projectMgr.getProject(projectId); - if (project == null) { - throw new InvalidParameterValueException("Unable to find project by id " + projectId); - } - if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { - throw new InvalidParameterValueException("Account " + caller + " can't access project id=" + projectId); - } - permittedAccounts.add(_accountMgr.getAccount(project.getProjectAccountId())); - } else { - List permittedAccountIds = _projectMgr.listPermittedProjectAccounts(caller.getId()); - for (Long permittedAccountId : permittedAccountIds) { - permittedAccounts.add(_accountMgr.getAccount(permittedAccountId)); - } + if (projectId == -1) { + List permittedAccountIds = _projectMgr.listPermittedProjectAccounts(caller.getId()); + for (Long permittedAccountId : permittedAccountIds) { + permittedAccounts.add(_accountMgr.getAccount(permittedAccountId)); + } + } else { + permittedAccounts.clear(); + Project project = _projectMgr.getProject(projectId); + if (project == null) { + throw new InvalidParameterValueException("Unable to find project by id " + projectId); + } + if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { + throw new InvalidParameterValueException("Account " + caller + " can't access project id=" + projectId); + } + permittedAccounts.add(_accountMgr.getAccount(project.getProjectAccountId())); + skipProjectTemplates = false; + } } - + // It is account specific if account is admin type and domainId and accountName are not null boolean isAccountSpecific = (caller == null || isAdmin(caller.getType())) && (accountName != null) && (domainId != null); boolean showDomr = ((templateFilter != TemplateFilter.selfexecutable) && (templateFilter != TemplateFilter.featured)); HypervisorType hypervisorType = HypervisorType.getType(cmd.getHypervisor()); return listTemplates(cmd.getId(), cmd.getTemplateName(), cmd.getKeyword(), templateFilter, false, null, cmd.getPageSizeVal(), cmd.getStartIndex(), cmd.getZoneId(), hypervisorType, isAccountSpecific, - showDomr, cmd.listInReadyState(), permittedAccounts, caller); + showDomr, cmd.listInReadyState(), permittedAccounts, caller, skipProjectTemplates); } private Set> listTemplates(Long templateId, String name, String keyword, TemplateFilter templateFilter, boolean isIso, Boolean bootable, Long pageSize, Long startIndex, - Long zoneId, HypervisorType hyperType, boolean isAccountSpecific, boolean showDomr, boolean onlyReady, List permittedAccounts, Account caller) { + Long zoneId, HypervisorType hyperType, boolean isAccountSpecific, boolean showDomr, boolean onlyReady, List permittedAccounts, Account caller, boolean skipProjectTemplates) { VMTemplateVO template = null; if (templateId != null) { @@ -1297,7 +1305,7 @@ public class ManagementServerImpl implements ManagementServer { permittedAccounts, caller); Set> templateZonePairSet2 = new HashSet>(); templateZonePairSet2 = _templateDao.searchTemplates(name, keyword, templateFilter, isIso, hypers, bootable, domain, pageSize, startIndex, zoneId, hyperType, onlyReady, showDomr, - permittedAccounts, caller); + permittedAccounts, caller, skipProjectTemplates); for (Pair tmpltPair : templateZonePairSet2) { if (!templateZonePairSet.contains(new Pair(tmpltPair.first(), 0L))) { templateZonePairSet.add(tmpltPair); @@ -1315,7 +1323,7 @@ public class ManagementServerImpl implements ManagementServer { } else { if (template == null) { templateZonePairSet = _templateDao.searchTemplates(name, keyword, templateFilter, isIso, hypers, bootable, domain, pageSize, startIndex, zoneId, hyperType, onlyReady, showDomr, - permittedAccounts, caller); + permittedAccounts, caller, skipProjectTemplates); } else { // if template is not public, perform permission check here if (!template.isPublicTemplate() && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) { diff --git a/server/src/com/cloud/storage/dao/VMTemplateDao.java b/server/src/com/cloud/storage/dao/VMTemplateDao.java index d3327adb75e..fcfdad41182 100644 --- a/server/src/com/cloud/storage/dao/VMTemplateDao.java +++ b/server/src/com/cloud/storage/dao/VMTemplateDao.java @@ -59,7 +59,7 @@ public interface VMTemplateDao extends GenericDao { public List listReadyTemplates(); public List listByAccountId(long accountId); public Set> searchTemplates(String name, String keyword, TemplateFilter templateFilter, boolean isIso, List hypers, Boolean bootable, - DomainVO domain, Long pageSize, Long startIndex, Long zoneId, HypervisorType hyperType, boolean onlyReady, boolean showDomr, List permittedAccounts, Account caller); + DomainVO domain, Long pageSize, Long startIndex, Long zoneId, HypervisorType hyperType, boolean onlyReady, boolean showDomr, List permittedAccounts, Account caller, boolean skipProjectTemplates); public Set> searchSwiftTemplates(String name, String keyword, TemplateFilter templateFilter, boolean isIso, List hypers, Boolean bootable, DomainVO domain, Long pageSize, Long startIndex, Long zoneId, HypervisorType hyperType, boolean onlyReady, boolean showDomr, List permittedAccounts, Account caller); diff --git a/server/src/com/cloud/storage/dao/VMTemplateDaoImpl.java b/server/src/com/cloud/storage/dao/VMTemplateDaoImpl.java index b3c034a2af6..ae3a82713c9 100755 --- a/server/src/com/cloud/storage/dao/VMTemplateDaoImpl.java +++ b/server/src/com/cloud/storage/dao/VMTemplateDaoImpl.java @@ -440,7 +440,7 @@ public class VMTemplateDaoImpl extends GenericDaoBase implem } @Override - public Set> searchTemplates(String name, String keyword, TemplateFilter templateFilter, boolean isIso, List hypers, Boolean bootable, DomainVO domain, Long pageSize, Long startIndex, Long zoneId, HypervisorType hyperType, boolean onlyReady, boolean showDomr,List permittedAccounts, Account caller) { + public Set> searchTemplates(String name, String keyword, TemplateFilter templateFilter, boolean isIso, List hypers, Boolean bootable, DomainVO domain, Long pageSize, Long startIndex, Long zoneId, HypervisorType hyperType, boolean onlyReady, boolean showDomr,List permittedAccounts, Account caller, boolean skipProjectTemplates) { StringBuilder builder = new StringBuilder(); if (!permittedAccounts.isEmpty()) { @@ -486,9 +486,19 @@ public class VMTemplateDaoImpl extends GenericDaoBase implem } sql += guestOSJoin + templateHostRefJoin + dataCenterJoin; - String whereClause = ""; + String whereClause = ""; + + //All joins have to be made before we start setting the condition settings + boolean joinedWithAccounts = false; + if (skipProjectTemplates || (!permittedAccounts.isEmpty() && !(templateFilter == TemplateFilter.community || templateFilter == TemplateFilter.featured))) { + whereClause += " INNER JOIN account a on (t.account_id = a.id)"; + if (skipProjectTemplates) { + whereClause += " WHERE a.type != " + Account.ACCOUNT_TYPE_PROJECT; + } + joinedWithAccounts = true; + } - if ( !isIso ) { + if (!isIso) { if ( hypers.isEmpty() ) { return templateZonePairList; } else { @@ -503,8 +513,8 @@ public class VMTemplateDaoImpl extends GenericDaoBase implem whereClause += " AND t.hypervisor_type IN (" + relatedHypers + ")"; } } + if (!permittedAccounts.isEmpty()) { - for (Account account : permittedAccounts) { //accountType = account.getType(); //accountId = Long.toString(account.getId()); @@ -532,18 +542,29 @@ public class VMTemplateDaoImpl extends GenericDaoBase implem } relatedDomainIds.setLength(relatedDomainIds.length()-1); } - } + } + + String attr = " AND "; + if (whereClause.endsWith(" WHERE ")) { + attr += " WHERE "; + } + + if (!permittedAccounts.isEmpty() && !(templateFilter == TemplateFilter.featured || templateFilter == TemplateFilter.community)) { + whereClause += attr + "t.account_id IN (" + permittedAccountsStr + ")"; + } if (templateFilter == TemplateFilter.featured) { - whereClause += " WHERE t.public = 1 AND t.featured = 1"; + whereClause += attr + "t.public = 1 AND t.featured = 1"; if (!permittedAccounts.isEmpty()) { - whereClause += " AND (dc.domain_id IN (" + relatedDomainIds + ") OR dc.domain_id is NULL)"; + whereClause += attr + "(dc.domain_id IN (" + relatedDomainIds + ") OR dc.domain_id is NULL)"; } + } else if ((templateFilter == TemplateFilter.self || templateFilter == TemplateFilter.selfexecutable) && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) { if (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN || caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) { - whereClause += " INNER JOIN account a on (t.account_id = a.id) INNER JOIN domain d on (a.domain_id = d.id) WHERE d.path LIKE '" + domain.getPath() + "%'"; - } else { - whereClause += " WHERE t.account_id IN (" + permittedAccountsStr + ")"; + if (!joinedWithAccounts) { + whereClause += " INNER JOIN account a on (t.account_id = a.id)"; + } + whereClause += " INNER JOIN domain d on (a.domain_id = d.id) WHERE d.path LIKE '" + domain.getPath() + "%'"; } } else if (templateFilter == TemplateFilter.sharedexecutable && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) { if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) { @@ -551,17 +572,20 @@ public class VMTemplateDaoImpl extends GenericDaoBase implem " (t.account_id IN (" + permittedAccountsStr + ") OR" + " lp.account_id IN (" + permittedAccountsStr + "))"; } else { - whereClause += " INNER JOIN account a on (t.account_id = a.id) INNER JOIN domain d on (a.domain_id = d.id) WHERE d.path LIKE '" + domain.getPath() + "%'"; - } + if (!joinedWithAccounts) { + whereClause += " INNER JOIN account a on (t.account_id = a.id)"; + } + whereClause += " INNER JOIN domain d on (a.domain_id = d.id) WHERE d.path LIKE '" + domain.getPath() + "%'"; + } } else if (templateFilter == TemplateFilter.executable && !permittedAccounts.isEmpty()) { - whereClause += " WHERE (t.public = 1 OR t.account_id IN (" + permittedAccountsStr + "))"; + whereClause += attr + "(t.public = 1 OR t.account_id IN (" + permittedAccountsStr + "))"; } else if (templateFilter == TemplateFilter.community) { - whereClause += " WHERE t.public = 1 AND t.featured = 0"; + whereClause += attr + "t.public = 1 AND t.featured = 0"; if (!permittedAccounts.isEmpty()) { - whereClause += " AND (dc.domain_id IN (" + relatedDomainIds + ") OR dc.domain_id is NULL)"; + whereClause += attr + "(dc.domain_id IN (" + relatedDomainIds + ") OR dc.domain_id is NULL)"; } } else if (templateFilter == TemplateFilter.all && caller.getType() == Account.ACCOUNT_TYPE_ADMIN) { - whereClause += " WHERE "; + whereClause += attr; } else if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN) { return templateZonePairList; } @@ -571,7 +595,7 @@ public class VMTemplateDaoImpl extends GenericDaoBase implem } else if (!whereClause.equals(" WHERE ")) { whereClause += " AND "; } - + sql += whereClause + getExtrasWhere(templateFilter, name, keyword, isIso, bootable, hyperType, zoneId, onlyReady, showDomr) + groupByClause + getOrderByLimit(pageSize, startIndex); pstmt = txn.prepareStatement(sql);