etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix for CS-15300 Limits on domain admin accounts 

Reviewed-by: devdeep.singh@citrix.com
This commit is contained in:
Deepti Dohare 2012-06-26 12:42:17 +05:30
parent 6cd0febb29
commit 13d432fe87
1 changed files with 18 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
View File

@ -206,12 +206,12 @@ public class ResourceLimitManagerImpl implements ResourceLimitService, Manager {
public long findCorrectResourceLimitForAccount(Account account, ResourceType type) {
long max = Resource.RESOURCE_UNLIMITED; // if resource limit is not found, then we treat it as unlimited
//no limits for Admin accounts
if (_accountMgr.isAdmin(account.getType())) {
// No limits for Root Admin accounts
if (_accountMgr.isRootAdmin(account.getType())) {
return max;
}
ResourceLimitVO limit = _resourceLimitDao.findByOwnerIdAndType(account.getId(), ResourceOwnerType.Account, type);
// Check if limit is configured for account
@ -273,8 +273,8 @@ public class ResourceLimitManagerImpl implements ResourceLimitService, Manager {
long numResources = ((count.length == 0) ? 1 : count[0]);
Project project = null;
// Don't place any limits on system or admin accounts
if (_accountMgr.isAdmin(account.getType())) {
// Don't place any limits on system or root admin accounts
if (_accountMgr.isRootAdmin(account.getType())) {
return;
}
@ -337,7 +337,7 @@ public class ResourceLimitManagerImpl implements ResourceLimitService, Manager {
List<ResourceLimitVO> limits = new ArrayList<ResourceLimitVO>();
boolean isAccount = true;
if (!_accountMgr.isAdmin(caller.getType())) {
if (!_accountMgr.isRootAdmin(caller.getType())) {
accountId = caller.getId();
domainId = null;
} else {
@ -506,10 +506,17 @@ public class ResourceLimitManagerImpl implements ResourceLimitService, Manager {
if (account.getId() == Account.ACCOUNT_ID_SYSTEM) {
throw new InvalidParameterValueException("Can't update system account");
}
//only Unlimited value is accepted if account is Admin
if (_accountMgr.isAdmin(account.getType()) && max.shortValue() != ResourceLimit.RESOURCE_UNLIMITED) {
throw new InvalidParameterValueException("Only " + ResourceLimit.RESOURCE_UNLIMITED + " limit is supported for Admin accounts");
//only Unlimited value is accepted if account is Root Admin
if (_accountMgr.isRootAdmin(account.getType()) && max.shortValue() != ResourceLimit.RESOURCE_UNLIMITED) {
throw new InvalidParameterValueException("Only " + ResourceLimit.RESOURCE_UNLIMITED + " limit is supported for Root Admin accounts");
}
if ((caller.getAccountId() == accountId.longValue()) &&
(caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN ||
caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN)) {
// If the admin is trying to update his own account, disallow.
throw new PermissionDeniedException("Unable to update resource limit for his own account " + accountId + ", permission denied");
}
if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) {