diff --git a/api/src/com/cloud/acl/SecurityChecker.java b/api/src/com/cloud/acl/SecurityChecker.java index ae6736a01a0..e0438610a3e 100644 --- a/api/src/com/cloud/acl/SecurityChecker.java +++ b/api/src/com/cloud/acl/SecurityChecker.java @@ -46,12 +46,11 @@ public interface SecurityChecker extends Adapter { * Checks if the account owns the object. * * @param caller account to check against. - * @param accessType TODO * @param object object that the account is trying to access. * @return true if access allowed. false if this adapter cannot authenticate ownership. * @throws PermissionDeniedException if this adapter is suppose to authenticate ownership and the check failed. */ - boolean checkAccess(Account caller, Domain domain, AccessType accessType) throws PermissionDeniedException; + boolean checkAccess(Account caller, Domain domain) throws PermissionDeniedException; /** * Checks if the user belongs to an account that owns the object. diff --git a/api/src/com/cloud/agent/api/ClusterSyncAnswer.java b/api/src/com/cloud/agent/api/ClusterSyncAnswer.java index 927f857e5db..858acb46439 100644 --- a/api/src/com/cloud/agent/api/ClusterSyncAnswer.java +++ b/api/src/com/cloud/agent/api/ClusterSyncAnswer.java @@ -18,7 +18,6 @@ package com.cloud.agent.api; import java.util.HashMap; -import java.util.Map; import com.cloud.utils.Pair; import com.cloud.vm.VirtualMachine.State; diff --git a/api/src/com/cloud/agent/api/ClusterSyncCommand.java b/api/src/com/cloud/agent/api/ClusterSyncCommand.java index 9a6b009cc0a..83b79cbbddb 100644 --- a/api/src/com/cloud/agent/api/ClusterSyncCommand.java +++ b/api/src/com/cloud/agent/api/ClusterSyncCommand.java @@ -17,9 +17,6 @@ package com.cloud.agent.api; -import java.util.Map; - -import com.cloud.vm.VirtualMachine.State; public class ClusterSyncCommand extends Command implements CronCommand { int _interval; diff --git a/api/src/com/cloud/api/ApiConstants.java b/api/src/com/cloud/api/ApiConstants.java index f25ecda6760..2b4d410ddf2 100755 --- a/api/src/com/cloud/api/ApiConstants.java +++ b/api/src/com/cloud/api/ApiConstants.java @@ -261,6 +261,7 @@ public class ApiConstants { public static final String HYPERVISOR_VERSION = "hypervisorversion"; public static final String MAX_GUESTS_LIMIT = "maxguestslimit"; public static final String PROJECT_ID = "projectid"; + public static final String PROJECT_IDS = "projectids"; public static final String PROJECT = "project"; public static final String ROLE = "role"; public static final String USER = "user"; diff --git a/api/src/com/cloud/api/BaseCmd.java b/api/src/com/cloud/api/BaseCmd.java index 215e9cde844..3803d6c1685 100755 --- a/api/src/com/cloud/api/BaseCmd.java +++ b/api/src/com/cloud/api/BaseCmd.java @@ -35,7 +35,6 @@ import com.cloud.domain.Domain; import com.cloud.exception.ConcurrentOperationException; import com.cloud.exception.InsufficientCapacityException; import com.cloud.exception.InvalidParameterValueException; -import com.cloud.exception.PermissionDeniedException; import com.cloud.exception.ResourceAllocationException; import com.cloud.exception.ResourceUnavailableException; import com.cloud.network.NetworkService; @@ -56,7 +55,6 @@ import com.cloud.user.Account; import com.cloud.user.AccountService; import com.cloud.user.DomainService; import com.cloud.user.ResourceLimitService; -import com.cloud.user.UserContext; import com.cloud.utils.Pair; import com.cloud.utils.component.ComponentLocator; import com.cloud.vm.BareMetalVmService; @@ -194,124 +192,6 @@ public abstract class BaseCmd { return formattedString; } - protected Account getValidOwner(String accountName, Long domainId) { - Account owner = null; - if (accountName != null) { - owner = _responseGenerator.findAccountByNameDomain(accountName, domainId); - } else { - owner = UserContext.current().getCaller(); - } - if (owner == null) { - throw new InvalidParameterValueException("Invalid value for owner specified: " + accountName); - } - if (owner.getState() == Account.State.disabled || owner.getState() == Account.State.locked) { - throw new PermissionDeniedException("Account disabled."); - } - return owner; - } - - public Map validateParams(Map params, boolean decode) { -// List> properties = getProperties(); - - // step 1 - all parameter names passed in will be converted to lowercase - Map processedParams = lowercaseParams(params, decode); - return processedParams; - - /* - // step 2 - make sure all required params exist, and all existing params adhere to the appropriate data type - Map validatedParams = new HashMap(); - for (Pair propertyPair : properties) { - Properties prop = (Properties)propertyPair.first(); - Object param = processedParams.get(prop.getName()); - // possible validation errors are - // - NULL (not specified) - // - MALFORMED - if (param != null) { - short propertyType = prop.getDataType(); - String decodedParam = null; - if ((propertyType != TYPE_OBJECT) && (propertyType != TYPE_OBJECT_MAP)) { - decodedParam = (String)param; - if (decode) { - try { - decodedParam = URLDecoder.decode((String)param, "UTF-8"); - } catch (UnsupportedEncodingException usex) { - s_logger.warn(prop.getName() + " could not be decoded, value = " + param); - throw new ServerApiException(PARAM_ERROR, prop.getName() + " could not be decoded"); - } - } - } - - switch (propertyType) { - case TYPE_INT: - try { - validatedParams.put(prop.getName(), Integer.valueOf(Integer.parseInt(decodedParam))); - } catch (NumberFormatException ex) { - s_logger.warn(prop.getName() + " (type is int) is malformed, value = " + decodedParam); - throw new ServerApiException(MALFORMED_PARAMETER_ERROR, prop.getName() + " is malformed"); - } - break; - case TYPE_LONG: - try { - validatedParams.put(prop.getName(), Long.valueOf(Long.parseLong(decodedParam))); - } catch (NumberFormatException ex) { - s_logger.warn(prop.getName() + " (type is long) is malformed, value = " + decodedParam); - throw new ServerApiException(MALFORMED_PARAMETER_ERROR, prop.getName() + " is malformed"); - } - break; - case TYPE_DATE: - try { - synchronized(_format) { // SimpleDataFormat is not thread safe, synchronize on it to avoid parse errors - validatedParams.put(prop.getName(), _format.parse(decodedParam)); - } - } catch (ParseException ex) { - s_logger.warn(prop.getName() + " (type is date) is malformed, value = " + decodedParam); - throw new ServerApiException(MALFORMED_PARAMETER_ERROR, prop.getName() + " uses an unsupported date format"); - } - break; - case TYPE_TZDATE: - try { - validatedParams.put(prop.getName(), DateUtil.parseTZDateString(decodedParam)); - } catch (ParseException ex) { - s_logger.warn(prop.getName() + " (type is date) is malformed, value = " + decodedParam); - throw new ServerApiException(MALFORMED_PARAMETER_ERROR, prop.getName() + " uses an unsupported date format"); - } - break; - case TYPE_FLOAT: - try { - validatedParams.put(prop.getName(), Float.valueOf(Float.parseFloat(decodedParam))); - } catch (NumberFormatException ex) { - s_logger.warn(prop.getName() + " (type is float) is malformed, value = " + decodedParam); - throw new ServerApiException(MALFORMED_PARAMETER_ERROR, prop.getName() + " is malformed"); - } - break; - case TYPE_BOOLEAN: - validatedParams.put(prop.getName(), Boolean.valueOf(Boolean.parseBoolean(decodedParam))); - break; - case TYPE_STRING: - validatedParams.put(prop.getName(), decodedParam); - break; - default: - validatedParams.put(prop.getName(), param); - break; - } - } else if (propertyPair.second().booleanValue() == true) { - s_logger.warn("missing parameter, " + prop.getTagName() + " is not specified"); - throw new ServerApiException(MALFORMED_PARAMETER_ERROR, prop.getTagName() + " is not specified"); - } - } - - return validatedParams; - */ - } - - private Map lowercaseParams(Map params, boolean decode) { - Map lowercaseParams = new HashMap(); - for (String key : params.keySet()) { - lowercaseParams.put(key.toLowerCase(), params.get(key)); - } - return lowercaseParams; - } - // FIXME: move this to a utils method so that maps can be unpacked and integer/long values can be appropriately cast @SuppressWarnings({"unchecked", "rawtypes"}) public Map unpackParams(Map params) { @@ -584,7 +464,7 @@ public abstract class BaseCmd { } Domain domain = _domainService.getDomain(domainId); - if (domain == null || domain.getType() == Domain.Type.Project) { + if (domain == null) { throw new InvalidParameterValueException("Unable to find domain by id=" + domainId); } diff --git a/api/src/com/cloud/api/commands/AddAccountToProjectCmd.java b/api/src/com/cloud/api/commands/AddAccountToProjectCmd.java index c23155e896a..7048acd55d6 100644 --- a/api/src/com/cloud/api/commands/AddAccountToProjectCmd.java +++ b/api/src/com/cloud/api/commands/AddAccountToProjectCmd.java @@ -28,7 +28,6 @@ import com.cloud.api.ServerApiException; import com.cloud.api.response.SuccessResponse; import com.cloud.exception.InvalidParameterValueException; import com.cloud.projects.Project; -import com.cloud.user.Account; import com.cloud.user.UserContext; @Implementation(description="Adds acoount to a project", responseObject=SuccessResponse.class) diff --git a/api/src/com/cloud/api/commands/AddVpnUserCmd.java b/api/src/com/cloud/api/commands/AddVpnUserCmd.java index da7c94e1b12..bd65c5e2a4d 100644 --- a/api/src/com/cloud/api/commands/AddVpnUserCmd.java +++ b/api/src/com/cloud/api/commands/AddVpnUserCmd.java @@ -20,6 +20,7 @@ package com.cloud.api.commands; import org.apache.log4j.Logger; +import com.cloud.api.ApiConstants; import com.cloud.api.BaseAsyncCreateCmd; import com.cloud.api.BaseCmd; import com.cloud.api.Implementation; @@ -41,16 +42,19 @@ public class AddVpnUserCmd extends BaseAsyncCreateCmd { ///////////////////////////////////////////////////// //////////////// API parameters ///////////////////// ///////////////////////////////////////////////////// - @Parameter(name="username", type=CommandType.STRING, required=true, description="username for the vpn user") + @Parameter(name=ApiConstants.USERNAME, type=CommandType.STRING, required=true, description="username for the vpn user") private String userName; - @Parameter(name="password", type=CommandType.STRING, required=true, description="password for the username") + @Parameter(name=ApiConstants.PASSWORD, type=CommandType.STRING, required=true, description="password for the username") private String password; - @Parameter(name="account", type=CommandType.STRING, description="an optional account for the vpn user. Must be used with domainId.") + @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="an optional account for the vpn user. Must be used with domainId.") private String accountName; + + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="add vpn user to the specific project") + private Long projectId; - @Parameter(name="domainid", type=CommandType.LONG, description="an optional domainId for the vpn user. If the account parameter is used, domainId must also be used.") + @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="an optional domainId for the vpn user. If the account parameter is used, domainId must also be used.") private Long domainId; ///////////////////////////////////////////////////// @@ -69,17 +73,13 @@ public class AddVpnUserCmd extends BaseAsyncCreateCmd { public String getUserName() { return userName; } - - public void setUserName(String userName) { - this.userName = userName; - } - + public String getPassword() { return password; } - - public void setPassword(String password) { - this.password = password; + + public Long getProjectId() { + return projectId; } ///////////////////////////////////////////////////// @@ -93,21 +93,12 @@ public class AddVpnUserCmd extends BaseAsyncCreateCmd { @Override public long getEntityOwnerId() { - Account account = UserContext.current().getCaller(); - if ((account == null) || isAdmin(account.getType())) { - if ((domainId != null) && (accountName != null)) { - Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId); - if (userAccount != null) { - return userAccount.getId(); - } - } + Long accountId = getAccountId(accountName, domainId, projectId); + if (accountId == null) { + return UserContext.current().getCaller().getId(); } - - if (account != null) { - return account.getId(); - } - - return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked + + return accountId; } @Override @@ -115,8 +106,6 @@ public class AddVpnUserCmd extends BaseAsyncCreateCmd { return "Add Remote Access VPN user for account " + getEntityOwnerId() + " username= " + getUserName(); } - - @Override public String getEventType() { return EventTypes.EVENT_VPN_USER_ADD; @@ -145,13 +134,8 @@ public class AddVpnUserCmd extends BaseAsyncCreateCmd { @Override public void create() { - Account owner = null; - if (accountName != null) { - owner = _responseGenerator.findAccountByNameDomain(accountName, domainId); - } else { - owner = UserContext.current().getCaller(); - } - + Account owner = _accountService.getAccount(getEntityOwnerId()); + VpnUser vpnUser = _ravService.addVpnUser(owner.getId(), userName, password); if (vpnUser == null) { throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to add vpn user"); diff --git a/api/src/com/cloud/api/commands/AssociateIPAddrCmd.java b/api/src/com/cloud/api/commands/AssociateIPAddrCmd.java index a9a53e5d72e..6a94b3e02cb 100644 --- a/api/src/com/cloud/api/commands/AssociateIPAddrCmd.java +++ b/api/src/com/cloud/api/commands/AssociateIPAddrCmd.java @@ -42,7 +42,6 @@ import com.cloud.exception.ResourceUnavailableException; import com.cloud.network.IpAddress; import com.cloud.network.Network; import com.cloud.network.Networks.TrafficType; -import com.cloud.user.Account; import com.cloud.user.UserContext; @Implementation(description="Acquires and associates a public IP to an account.", responseObject=IPAddressResponse.class) @@ -65,7 +64,9 @@ public class AssociateIPAddrCmd extends BaseAsyncCreateCmd { @Parameter(name=ApiConstants.NETWORK_ID, type=CommandType.LONG, description="The network this ip address should be associated to.") private Long networkId; - + + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="Deploy vm for the project") + private Long projectId; ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// @@ -96,7 +97,7 @@ public class AssociateIPAddrCmd extends BaseAsyncCreateCmd { DataCenter zone = _configService.getZone(getZoneId()); if (zone.getNetworkType() == NetworkType.Advanced) { - List networks = _networkService.getVirtualNetworksOwnedByAccountInZone(getAccountName(), getDomainId(), getZoneId()); + List networks = _networkService.getVirtualNetworksOwnedByAccountInZone(getZoneId(), _accountService.getAccount(getEntityOwnerId())); if (networks.size() == 0) { String domain = _domainService.getDomain(getDomainId()).getName(); throw new InvalidParameterValueException("Account name=" + getAccountName() + " domain=" + domain + " doesn't have virtual networks in zone=" + zone.getName()); @@ -116,8 +117,12 @@ public class AssociateIPAddrCmd extends BaseAsyncCreateCmd { @Override public long getEntityOwnerId() { - Account caller = UserContext.current().getCaller(); - return _accountService.finalizeOwner(caller, accountName, domainId).getAccountId(); + Long accountId = getAccountId(accountName, domainId, projectId); + if (accountId == null) { + return UserContext.current().getCaller().getId(); + } + + return accountId; } @Override diff --git a/api/src/com/cloud/api/commands/AttachIsoCmd.java b/api/src/com/cloud/api/commands/AttachIsoCmd.java index 968c4b316b9..1ea03709a4f 100755 --- a/api/src/com/cloud/api/commands/AttachIsoCmd.java +++ b/api/src/com/cloud/api/commands/AttachIsoCmd.java @@ -93,7 +93,7 @@ public class AttachIsoCmd extends BaseAsyncCmd { @Override public void execute(){ UserContext.current().setEventDetails("Vm Id: " +getVirtualMachineId()+ " ISO Id: "+getId()); - boolean result = _templateService.attachIso(this); + boolean result = _templateService.attachIso(id, virtualMachineId); if (result) { UserVm userVm = _responseGenerator.findUserVmById(virtualMachineId); if (userVm != null) { diff --git a/api/src/com/cloud/api/commands/AuthorizeSecurityGroupIngressCmd.java b/api/src/com/cloud/api/commands/AuthorizeSecurityGroupIngressCmd.java index 95f29b0d236..e718d57353b 100644 --- a/api/src/com/cloud/api/commands/AuthorizeSecurityGroupIngressCmd.java +++ b/api/src/com/cloud/api/commands/AuthorizeSecurityGroupIngressCmd.java @@ -32,6 +32,7 @@ import com.cloud.api.BaseCmd; import com.cloud.api.Implementation; import com.cloud.api.Parameter; import com.cloud.api.ServerApiException; +import com.cloud.api.BaseCmd.CommandType; import com.cloud.api.response.IngressRuleResponse; import com.cloud.api.response.SecurityGroupResponse; import com.cloud.async.AsyncJob; @@ -77,9 +78,12 @@ public class AuthorizeSecurityGroupIngressCmd extends BaseAsyncCmd { @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="an optional domainId for the security group. If the account parameter is used, domainId must also be used.") private Long domainId; - @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="an optional account for the virtual machine. Must be used with domainId.") + @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="an optional account for the security group. Must be used with domainId.") private String accountName; + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="an optional project of the security group") + private Long projectId; + @Parameter(name=ApiConstants.SECURITY_GROUP_ID, type=CommandType.LONG, description="The ID of the security group. Mutually exclusive with securityGroupName parameter") private Long securityGroupId; @@ -160,19 +164,12 @@ public class AuthorizeSecurityGroupIngressCmd extends BaseAsyncCmd { @Override public long getEntityOwnerId() { - Account account = UserContext.current().getCaller(); - if ((account == null) || isAdmin(account.getType())) { - if ((domainId != null) && (accountName != null)) { - Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId); - if (userAccount != null) { - return userAccount.getId(); - } else { - throw new InvalidParameterValueException("Unable to find account by name " + accountName + " in domain " + domainId); - } - } + Long accountId = getAccountId(accountName, domainId, projectId); + if (accountId == null) { + return UserContext.current().getCaller().getId(); } - return account.getId(); + return accountId; } @Override diff --git a/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java b/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java index 9c1ca212baf..aefde81f8c3 100644 --- a/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java +++ b/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java @@ -37,7 +37,6 @@ import com.cloud.exception.NetworkRuleConflictException; import com.cloud.exception.ResourceAllocationException; import com.cloud.exception.ResourceUnavailableException; import com.cloud.network.IpAddress; -import com.cloud.network.lb.LoadBalancingRule; import com.cloud.network.rules.LoadBalancer; import com.cloud.user.Account; import com.cloud.user.UserContext; diff --git a/api/src/com/cloud/api/commands/CreateNetworkCmd.java b/api/src/com/cloud/api/commands/CreateNetworkCmd.java index eccfcae258a..b07a24cb838 100644 --- a/api/src/com/cloud/api/commands/CreateNetworkCmd.java +++ b/api/src/com/cloud/api/commands/CreateNetworkCmd.java @@ -27,6 +27,7 @@ import com.cloud.api.BaseCmd; import com.cloud.api.Implementation; import com.cloud.api.Parameter; import com.cloud.api.ServerApiException; +import com.cloud.api.BaseCmd.CommandType; import com.cloud.api.response.NetworkResponse; import com.cloud.exception.ConcurrentOperationException; import com.cloud.exception.InsufficientCapacityException; @@ -73,6 +74,9 @@ public class CreateNetworkCmd extends BaseCmd { @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="account who will own the network") private String accountName; + + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="an optional project for the ssh key") + private Long projectId; @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="domain ID of the account owning a network") private Long domainId; @@ -152,6 +156,10 @@ public class CreateNetworkCmd extends BaseCmd { return networkDomain; } + public Long getProjectId() { + return projectId; + } + ///////////////////////////////////////////////////// /////////////// API Implementation/////////////////// ///////////////////////////////////////////////////// @@ -163,21 +171,12 @@ public class CreateNetworkCmd extends BaseCmd { @Override public long getEntityOwnerId() { - Account account = UserContext.current().getCaller(); - if ((account == null) || isAdmin(account.getType())) { - if ((domainId != null) && (accountName != null)) { - Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId); - if (userAccount != null) { - return userAccount.getId(); - } - } + Long accountId = getAccountId(accountName, domainId, projectId); + if (accountId == null) { + return UserContext.current().getCaller().getId(); } - - if (account != null) { - return account.getId(); - } - - return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked + + return accountId; } @Override diff --git a/api/src/com/cloud/api/commands/CreateProjectCmd.java b/api/src/com/cloud/api/commands/CreateProjectCmd.java index 1b168dde22a..7c6d59df409 100644 --- a/api/src/com/cloud/api/commands/CreateProjectCmd.java +++ b/api/src/com/cloud/api/commands/CreateProjectCmd.java @@ -45,7 +45,7 @@ public class CreateProjectCmd extends BaseCmd { @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="account who will own the project") private String accountName; - @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="domain ID of the account owning a project") + @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, required=true, description="domain ID of the account owning a project") private Long domainId; @Parameter(name=ApiConstants.NAME, type=CommandType.STRING, required=true, description="name of the project") @@ -88,7 +88,7 @@ public class CreateProjectCmd extends BaseCmd { } if (accountName != null) { - return _accountService.finalizeOwner(caller, accountName, domainId).getId(); + return _accountService.finalizeOwner(caller, accountName, domainId, null).getId(); } return caller.getId(); diff --git a/api/src/com/cloud/api/commands/CreateRemoteAccessVpnCmd.java b/api/src/com/cloud/api/commands/CreateRemoteAccessVpnCmd.java index 4f62dee3349..861b6a999be 100644 --- a/api/src/com/cloud/api/commands/CreateRemoteAccessVpnCmd.java +++ b/api/src/com/cloud/api/commands/CreateRemoteAccessVpnCmd.java @@ -27,7 +27,6 @@ import com.cloud.api.BaseCmd; import com.cloud.api.Implementation; import com.cloud.api.Parameter; import com.cloud.api.ServerApiException; -import com.cloud.api.BaseCmd.CommandType; import com.cloud.api.response.RemoteAccessVpnResponse; import com.cloud.event.EventTypes; import com.cloud.exception.InvalidParameterValueException; @@ -35,8 +34,6 @@ import com.cloud.exception.NetworkRuleConflictException; import com.cloud.exception.ResourceUnavailableException; import com.cloud.network.IpAddress; import com.cloud.network.RemoteAccessVpn; -import com.cloud.user.Account; -import com.cloud.user.UserContext; @Implementation(description="Creates a l2tp/ipsec remote access vpn", responseObject=RemoteAccessVpnResponse.class) public class CreateRemoteAccessVpnCmd extends BaseAsyncCreateCmd { @@ -53,10 +50,12 @@ public class CreateRemoteAccessVpnCmd extends BaseAsyncCreateCmd { @Parameter(name="iprange", type=CommandType.STRING, required=false, description="the range of ip addresses to allocate to vpn clients. The first ip in the range will be taken by the vpn server") private String ipRange; - @Parameter(name="account", type=CommandType.STRING, description="an optional account for the VPN. Must be used with domainId.") + @Deprecated + @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="an optional account for the VPN. Must be used with domainId.") private String accountName; - @Parameter(name="domainid", type=CommandType.LONG, description="an optional domainId for the VPN. If the account parameter is used, domainId must also be used.") + @Deprecated + @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="an optional domainId for the VPN. If the account parameter is used, domainId must also be used.") private Long domainId; @Parameter(name = ApiConstants.OPEN_FIREWALL, type = CommandType.BOOLEAN, description = "if true, firewall rule for source/end pubic port is automatically created; if false - firewall rule has to be created explicitely. Has value true by default") @@ -106,21 +105,13 @@ public class CreateRemoteAccessVpnCmd extends BaseAsyncCreateCmd { @Override public long getEntityOwnerId() { - Account account = UserContext.current().getCaller(); - if ((account == null) || isAdmin(account.getType())) { - if ((domainId != null) && (accountName != null)) { - Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId); - if (userAccount != null) { - return userAccount.getId(); - } - } - } - - if (account != null) { - return account.getId(); - } - - return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked + IpAddress ip = _networkService.getIp(publicIpId); + + if (ip == null) { + throw new InvalidParameterValueException("Unable to find ip address by id=" + publicIpId); + } + + return ip.getAccountId(); } @Override diff --git a/api/src/com/cloud/api/commands/CreateSSHKeyPairCmd.java b/api/src/com/cloud/api/commands/CreateSSHKeyPairCmd.java index 99e61010a10..e005b638051 100644 --- a/api/src/com/cloud/api/commands/CreateSSHKeyPairCmd.java +++ b/api/src/com/cloud/api/commands/CreateSSHKeyPairCmd.java @@ -25,7 +25,6 @@ import com.cloud.api.BaseCmd; import com.cloud.api.Implementation; import com.cloud.api.Parameter; import com.cloud.api.response.SSHKeyPairResponse; -import com.cloud.user.Account; import com.cloud.user.SSHKeyPair; import com.cloud.user.UserContext; @@ -48,6 +47,9 @@ public class CreateSSHKeyPairCmd extends BaseCmd { @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="an optional domainId for the ssh key. If the account parameter is used, domainId must also be used.") private Long domainId; + + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="an optional project for the ssh key") + private Long projectId; ///////////////////////////////////////////////////// @@ -66,20 +68,22 @@ public class CreateSSHKeyPairCmd extends BaseCmd { return domainId; } + public Long getProjectId() { + return projectId; + } ///////////////////////////////////////////////////// /////////////// API Implementation/////////////////// ///////////////////////////////////////////////////// @Override public long getEntityOwnerId() { - Account account = UserContext.current().getCaller(); - - if (account != null) { - return account.getId(); + Long accountId = getAccountId(accountName, domainId, projectId); + if (accountId == null) { + return UserContext.current().getCaller().getId(); } - - return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked - } + + return accountId; + } @Override public void execute() { diff --git a/api/src/com/cloud/api/commands/CreateSecurityGroupCmd.java b/api/src/com/cloud/api/commands/CreateSecurityGroupCmd.java index b5e7f1247d6..d47aab8558c 100644 --- a/api/src/com/cloud/api/commands/CreateSecurityGroupCmd.java +++ b/api/src/com/cloud/api/commands/CreateSecurityGroupCmd.java @@ -24,6 +24,7 @@ import com.cloud.api.BaseCmd; import com.cloud.api.Implementation; import com.cloud.api.Parameter; import com.cloud.api.ServerApiException; +import com.cloud.api.BaseCmd.CommandType; import com.cloud.api.response.SecurityGroupResponse; import com.cloud.network.security.SecurityGroup; import com.cloud.user.Account; @@ -49,7 +50,10 @@ public class CreateSecurityGroupCmd extends BaseCmd { private String description; @Parameter(name=ApiConstants.NAME, type=CommandType.STRING, required=true, description="name of the security group") - private String securityGroupName; + private String securityGroupName; + + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="Deploy vm for the project") + private Long projectId; ///////////////////////////////////////////////////// @@ -70,6 +74,10 @@ public class CreateSecurityGroupCmd extends BaseCmd { public String getSecurityGroupName() { return securityGroupName; + } + + public Long getProjectId() { + return projectId; } diff --git a/api/src/com/cloud/api/commands/CreateVMGroupCmd.java b/api/src/com/cloud/api/commands/CreateVMGroupCmd.java index ac30bfe289b..2387b25b966 100644 --- a/api/src/com/cloud/api/commands/CreateVMGroupCmd.java +++ b/api/src/com/cloud/api/commands/CreateVMGroupCmd.java @@ -25,7 +25,6 @@ import com.cloud.api.Implementation; import com.cloud.api.Parameter; import com.cloud.api.ServerApiException; import com.cloud.api.response.InstanceGroupResponse; -import com.cloud.user.Account; import com.cloud.user.UserContext; import com.cloud.vm.InstanceGroup; @@ -47,6 +46,9 @@ public class CreateVMGroupCmd extends BaseCmd{ @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="the domain ID of account owning the instance group") private Long domainId; + + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="The project of the instance group") + private Long projectId; ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// @@ -63,6 +65,10 @@ public class CreateVMGroupCmd extends BaseCmd{ public Long getDomainId() { return domainId; } + + public Long getProjectId() { + return projectId; + } ///////////////////////////////////////////////////// /////////////// API Implementation/////////////////// @@ -75,21 +81,12 @@ public class CreateVMGroupCmd extends BaseCmd{ @Override public long getEntityOwnerId() { - Account account = UserContext.current().getCaller(); - if ((account == null) || isAdmin(account.getType())) { - if ((domainId != null) && (accountName != null)) { - Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId); - if (userAccount != null) { - return userAccount.getId(); - } - } + Long accountId = getAccountId(accountName, domainId, projectId); + if (accountId == null) { + return UserContext.current().getCaller().getId(); } - - if (account != null) { - return account.getId(); - } - - return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked + + return accountId; } @Override diff --git a/api/src/com/cloud/api/commands/CreateVolumeCmd.java b/api/src/com/cloud/api/commands/CreateVolumeCmd.java index 5c4961eda4d..7f184f3c7a7 100644 --- a/api/src/com/cloud/api/commands/CreateVolumeCmd.java +++ b/api/src/com/cloud/api/commands/CreateVolumeCmd.java @@ -26,6 +26,7 @@ import com.cloud.api.BaseCmd; import com.cloud.api.Implementation; import com.cloud.api.Parameter; import com.cloud.api.ServerApiException; +import com.cloud.api.BaseCmd.CommandType; import com.cloud.api.response.VolumeResponse; import com.cloud.async.AsyncJob; import com.cloud.event.EventTypes; @@ -45,13 +46,16 @@ public class CreateVolumeCmd extends BaseAsyncCreateCmd { @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account associated with the disk volume. Must be used with the domainId parameter.") private String accountName; + + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="the project associated with the volume. Mutually exclusive with account parameter") + private Long projectId; + + @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="the domain ID associated with the disk offering. If used with the account parameter returns the disk volume associated with the account for the specified domain.") + private Long domainId; @Parameter(name=ApiConstants.DISK_OFFERING_ID,required = false, type=CommandType.LONG, description="the ID of the disk offering. Either diskOfferingId or snapshotId must be passed in.") private Long diskOfferingId; - @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="the domain ID associated with the disk offering. If used with the account parameter returns the disk volume associated with the account for the specified domain.") - private Long domainId; - @Parameter(name=ApiConstants.NAME, type=CommandType.STRING, required=true, description="the name of the disk volume") private String volumeName; @@ -97,6 +101,9 @@ public class CreateVolumeCmd extends BaseAsyncCreateCmd { return zoneId; } + private Long getProjectId() { + return projectId; + } ///////////////////////////////////////////////////// /////////////// API Implementation/////////////////// @@ -116,21 +123,12 @@ public class CreateVolumeCmd extends BaseAsyncCreateCmd { @Override public long getEntityOwnerId() { - Account account = UserContext.current().getCaller(); - if ((account == null) || isAdmin(account.getType())) { - if ((domainId != null) && (accountName != null)) { - Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId); - if (userAccount != null) { - return userAccount.getId(); - } - } + Long accountId = getAccountId(accountName, domainId, projectId); + if (accountId == null) { + return UserContext.current().getCaller().getId(); } - - if (account != null) { - return account.getId(); - } - - return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked + + return accountId; } @Override diff --git a/api/src/com/cloud/api/commands/DeleteSSHKeyPairCmd.java b/api/src/com/cloud/api/commands/DeleteSSHKeyPairCmd.java index f6279e88712..e51c12a03bc 100644 --- a/api/src/com/cloud/api/commands/DeleteSSHKeyPairCmd.java +++ b/api/src/com/cloud/api/commands/DeleteSSHKeyPairCmd.java @@ -47,6 +47,9 @@ public class DeleteSSHKeyPairCmd extends BaseCmd { @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="the domain ID associated with the keypair") private Long domainId; + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="the project associated with keypair") + private Long projectId; + ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// ///////////////////////////////////////////////////// @@ -62,8 +65,11 @@ public class DeleteSSHKeyPairCmd extends BaseCmd { public Long getDomainId() { return domainId; } - - + + public Long getProjectId() { + return projectId; + } + ///////////////////////////////////////////////////// /////////////// API Implementation/////////////////// ///////////////////////////////////////////////////// diff --git a/api/src/com/cloud/api/commands/DeleteSecurityGroupCmd.java b/api/src/com/cloud/api/commands/DeleteSecurityGroupCmd.java index c29647592a4..28383a4e32e 100644 --- a/api/src/com/cloud/api/commands/DeleteSecurityGroupCmd.java +++ b/api/src/com/cloud/api/commands/DeleteSecurityGroupCmd.java @@ -10,7 +10,6 @@ import com.cloud.api.ServerApiException; import com.cloud.api.response.SuccessResponse; import com.cloud.exception.InvalidParameterValueException; import com.cloud.exception.ResourceInUseException; -import com.cloud.user.Account; import com.cloud.user.UserContext; @Implementation(description="Deletes security group", responseObject=SuccessResponse.class) @@ -27,6 +26,9 @@ public class DeleteSecurityGroupCmd extends BaseCmd { @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="the domain ID of account owning the security group") private Long domainId; + + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="the project of the security group") + private Long projectId; @Parameter(name=ApiConstants.ID, type=CommandType.LONG, description="The ID of the security group. Mutually exclusive with name parameter") private Long id; @@ -46,6 +48,10 @@ public class DeleteSecurityGroupCmd extends BaseCmd { public Long getDomainId() { return domainId; } + + public Long getProjectId() { + return projectId; + } public Long getId() { if (id != null && name != null) { @@ -79,19 +85,12 @@ public class DeleteSecurityGroupCmd extends BaseCmd { @Override public long getEntityOwnerId() { - Account account = UserContext.current().getCaller(); - if ((account == null) || isAdmin(account.getType())) { - if ((domainId != null) && (accountName != null)) { - Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId); - if (userAccount != null) { - return userAccount.getId(); - } else { - throw new InvalidParameterValueException("Unable to find account by name " + accountName + " in domain " + domainId); - } - } + Long accountId = getAccountId(accountName, domainId, projectId); + if (accountId == null) { + return UserContext.current().getCaller().getId(); } - return account.getId(); + return accountId; } @Override diff --git a/api/src/com/cloud/api/commands/DeleteSnapshotCmd.java b/api/src/com/cloud/api/commands/DeleteSnapshotCmd.java index 87c2d75ea1b..fdf875060f4 100644 --- a/api/src/com/cloud/api/commands/DeleteSnapshotCmd.java +++ b/api/src/com/cloud/api/commands/DeleteSnapshotCmd.java @@ -94,7 +94,7 @@ public class DeleteSnapshotCmd extends BaseAsyncCmd { @Override public void execute(){ UserContext.current().setEventDetails("Snapshot Id: "+getId()); - boolean result = _snapshotService.deleteSnapshot(this); + boolean result = _snapshotService.deleteSnapshot(getId()); if (result) { SuccessResponse response = new SuccessResponse(getCommandName()); this.setResponseObject(response); diff --git a/api/src/com/cloud/api/commands/DeleteVolumeCmd.java b/api/src/com/cloud/api/commands/DeleteVolumeCmd.java index a25388499ee..6c6d99ebb96 100644 --- a/api/src/com/cloud/api/commands/DeleteVolumeCmd.java +++ b/api/src/com/cloud/api/commands/DeleteVolumeCmd.java @@ -1,4 +1,5 @@ /** + * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. * * This software is licensed under the GNU General Public License v3 or later. @@ -79,7 +80,7 @@ public class DeleteVolumeCmd extends BaseCmd { @Override public void execute() throws ConcurrentOperationException { UserContext.current().setEventDetails("Volume Id: "+getId()); - boolean result = _storageService.deleteVolume(this); + boolean result = _storageService.deleteVolume(id); if (result) { SuccessResponse response = new SuccessResponse(getCommandName()); this.setResponseObject(response); diff --git a/api/src/com/cloud/api/commands/DetachIsoCmd.java b/api/src/com/cloud/api/commands/DetachIsoCmd.java index 9cf6b9e9a04..1253095f869 100755 --- a/api/src/com/cloud/api/commands/DetachIsoCmd.java +++ b/api/src/com/cloud/api/commands/DetachIsoCmd.java @@ -82,7 +82,7 @@ public class DetachIsoCmd extends BaseAsyncCmd { @Override public void execute(){ - boolean result = _templateService.detachIso(this); + boolean result = _templateService.detachIso(virtualMachineId); if (result) { UserVm userVm = _entityMgr.findById(UserVm.class, virtualMachineId); UserVmResponse response = _responseGenerator.createUserVmResponse("virtualmachine", userVm).get(0); diff --git a/api/src/com/cloud/api/commands/DisassociateIPAddrCmd.java b/api/src/com/cloud/api/commands/DisassociateIPAddrCmd.java index 5cd274e796b..0714fecbbcc 100644 --- a/api/src/com/cloud/api/commands/DisassociateIPAddrCmd.java +++ b/api/src/com/cloud/api/commands/DisassociateIPAddrCmd.java @@ -45,7 +45,6 @@ public class DisassociateIPAddrCmd extends BaseAsyncCmd { @Parameter(name=ApiConstants.ID, type=CommandType.LONG, required=true, description="the id of the public ip address to disassociate") private Long id; - // unexposed parameter needed for events logging @Parameter(name=ApiConstants.ACCOUNT_ID, type=CommandType.LONG, expose=false) private Long ownerId; @@ -69,7 +68,7 @@ public class DisassociateIPAddrCmd extends BaseAsyncCmd { @Override public void execute(){ UserContext.current().setEventDetails("Ip Id: "+getIpAddressId()); - boolean result = _networkService.disassociateIpAddress(this); + boolean result = _networkService.disassociateIpAddress(id); if (result) { SuccessResponse response = new SuccessResponse(getCommandName()); this.setResponseObject(response); diff --git a/api/src/com/cloud/api/commands/GetCloudIdentifierCmd.java b/api/src/com/cloud/api/commands/GetCloudIdentifierCmd.java index 269da9e4c98..0dc7d54dc7e 100644 --- a/api/src/com/cloud/api/commands/GetCloudIdentifierCmd.java +++ b/api/src/com/cloud/api/commands/GetCloudIdentifierCmd.java @@ -67,7 +67,7 @@ public class GetCloudIdentifierCmd extends BaseCmd { @Override public void execute(){ - ArrayList result = _mgr.getCloudIdentifierResponse(this); + ArrayList result = _mgr.getCloudIdentifierResponse(userid); CloudIdentifierResponse response = new CloudIdentifierResponse(); if (result != null) { response.setCloudIdentifier(result.get(0)); diff --git a/api/src/com/cloud/api/commands/ListAsyncJobsCmd.java b/api/src/com/cloud/api/commands/ListAsyncJobsCmd.java index 5a571ddcaf1..5e20d302159 100644 --- a/api/src/com/cloud/api/commands/ListAsyncJobsCmd.java +++ b/api/src/com/cloud/api/commands/ListAsyncJobsCmd.java @@ -37,7 +37,7 @@ public class ListAsyncJobsCmd extends BaseListCmd { //////////////// API parameters ///////////////////// ///////////////////////////////////////////////////// - @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account associated with the async job. Must be used with the domainId parameter.") + @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account associated with the async job (this account is the job initiator). Must be used with the domainId parameter.") private String accountName; @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="the domain ID associated with the async job. If used with the account parameter, returns async jobs for the account in the specified domain.") diff --git a/api/src/com/cloud/api/commands/ListFirewallRulesCmd.java b/api/src/com/cloud/api/commands/ListFirewallRulesCmd.java index e72eba210d6..f80f497757c 100644 --- a/api/src/com/cloud/api/commands/ListFirewallRulesCmd.java +++ b/api/src/com/cloud/api/commands/ListFirewallRulesCmd.java @@ -50,6 +50,9 @@ public class ListFirewallRulesCmd extends BaseListCmd { @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="the domain ID. If used with the account parameter, lists firewall rules for the specified account in this domain.") private Long domainId; + + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="list firewall rules by project") + private Long projectId; ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// @@ -70,6 +73,10 @@ public class ListFirewallRulesCmd extends BaseListCmd { public Long getId() { return id; } + + public Long getProjectId() { + return projectId; + } ///////////////////////////////////////////////////// /////////////// API Implementation/////////////////// diff --git a/api/src/com/cloud/api/commands/ListIpForwardingRulesCmd.java b/api/src/com/cloud/api/commands/ListIpForwardingRulesCmd.java index a5f51fbe84a..dfb580ce7f4 100644 --- a/api/src/com/cloud/api/commands/ListIpForwardingRulesCmd.java +++ b/api/src/com/cloud/api/commands/ListIpForwardingRulesCmd.java @@ -26,6 +26,7 @@ import com.cloud.api.ApiConstants; import com.cloud.api.BaseListCmd; import com.cloud.api.Implementation; import com.cloud.api.Parameter; +import com.cloud.api.BaseCmd.CommandType; import com.cloud.api.response.FirewallRuleResponse; import com.cloud.api.response.IpForwardingRuleResponse; import com.cloud.api.response.ListResponse; @@ -56,6 +57,9 @@ public class ListIpForwardingRulesCmd extends BaseListCmd { @Parameter(name=ApiConstants.VIRTUAL_MACHINE_ID, type=CommandType.LONG, description="Lists all rules applied to the specified Vm.") private Long vmId; + + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="list static nat rules by project") + private Long projectId; ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// @@ -90,9 +94,13 @@ public class ListIpForwardingRulesCmd extends BaseListCmd { return vmId; } + private Long getProjectId() { + return projectId; + } + @Override public void execute(){ - List result = _rulesService.searchStaticNatRules(publicIpAddressId, id, vmId, this.getStartIndex(), this.getPageSizeVal(), this.getAccountName(), this.getDomainId()); + List result = _rulesService.searchStaticNatRules(publicIpAddressId, id, vmId, this.getStartIndex(), this.getPageSizeVal(), this.getAccountName(), this.getDomainId(), this.getProjectId()); ListResponse response = new ListResponse(); List ipForwardingResponses = new ArrayList(); for (FirewallRule rule : result) { diff --git a/api/src/com/cloud/api/commands/ListIsosCmd.java b/api/src/com/cloud/api/commands/ListIsosCmd.java index d28923bfb0b..29d7a4265bc 100755 --- a/api/src/com/cloud/api/commands/ListIsosCmd.java +++ b/api/src/com/cloud/api/commands/ListIsosCmd.java @@ -79,6 +79,9 @@ public class ListIsosCmd extends BaseListCmd { @Parameter(name=ApiConstants.ZONE_ID, type=CommandType.LONG, description="the ID of the zone") private Long zoneId; + + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="list isos by project") + private Long projectId; ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// @@ -124,6 +127,10 @@ public class ListIsosCmd extends BaseListCmd { return zoneId; } + public Long getProjectId() { + return projectId; + } + public boolean listInReadyState() { Account account = UserContext.current().getCaller(); // It is account specific if account is admin type and domainId and accountName are not null diff --git a/api/src/com/cloud/api/commands/ListLoadBalancerRulesCmd.java b/api/src/com/cloud/api/commands/ListLoadBalancerRulesCmd.java index f95e4d924c8..ba8105b946c 100644 --- a/api/src/com/cloud/api/commands/ListLoadBalancerRulesCmd.java +++ b/api/src/com/cloud/api/commands/ListLoadBalancerRulesCmd.java @@ -27,6 +27,7 @@ import com.cloud.api.ApiConstants; import com.cloud.api.BaseListCmd; import com.cloud.api.Implementation; import com.cloud.api.Parameter; +import com.cloud.api.BaseCmd.CommandType; import com.cloud.api.response.ListResponse; import com.cloud.api.response.LoadBalancerResponse; import com.cloud.network.rules.LoadBalancer; @@ -61,6 +62,9 @@ public class ListLoadBalancerRulesCmd extends BaseListCmd { @Parameter(name = ApiConstants.ZONE_ID, type = CommandType.LONG, description = "the availability zone ID") private Long zoneId; + + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="list port forwarding rules by project") + private Long projectId; // /////////////////////////////////////////////////// // ///////////////// Accessors /////////////////////// @@ -93,6 +97,10 @@ public class ListLoadBalancerRulesCmd extends BaseListCmd { public Long getZoneId() { return zoneId; } + + public Long getProjectId() { + return projectId; + } // /////////////////////////////////////////////////// // ///////////// API Implementation/////////////////// diff --git a/api/src/com/cloud/api/commands/ListNetworksCmd.java b/api/src/com/cloud/api/commands/ListNetworksCmd.java index f015e6d18b1..a198a044148 100644 --- a/api/src/com/cloud/api/commands/ListNetworksCmd.java +++ b/api/src/com/cloud/api/commands/ListNetworksCmd.java @@ -27,6 +27,7 @@ import com.cloud.api.ApiConstants; import com.cloud.api.BaseListCmd; import com.cloud.api.Implementation; import com.cloud.api.Parameter; +import com.cloud.api.BaseCmd.CommandType; import com.cloud.api.response.ListResponse; import com.cloud.api.response.NetworkResponse; import com.cloud.network.Network; @@ -66,6 +67,9 @@ public class ListNetworksCmd extends BaseListCmd { @Parameter(name=ApiConstants.TRAFFIC_TYPE, type=CommandType.STRING, description="type of the traffic") private String trafficType; + + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="list networks by project id") + private Long projectId; ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// @@ -106,6 +110,10 @@ public class ListNetworksCmd extends BaseListCmd { public String getTrafficType() { return trafficType; } + + public Long getProjectId() { + return projectId; + } ///////////////////////////////////////////////////// /////////////// API Implementation/////////////////// diff --git a/api/src/com/cloud/api/commands/ListPortForwardingRulesCmd.java b/api/src/com/cloud/api/commands/ListPortForwardingRulesCmd.java index 098910b4e8e..7874935efce 100644 --- a/api/src/com/cloud/api/commands/ListPortForwardingRulesCmd.java +++ b/api/src/com/cloud/api/commands/ListPortForwardingRulesCmd.java @@ -50,6 +50,9 @@ public class ListPortForwardingRulesCmd extends BaseListCmd { @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="the domain ID. If used with the account parameter, lists port forwarding rules for the specified account in this domain.") private Long domainId; + + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="list port forwarding rules by project") + private Long projectId; ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// @@ -70,6 +73,10 @@ public class ListPortForwardingRulesCmd extends BaseListCmd { public Long getId() { return id; } + + public Long getProjectId() { + return projectId; + } ///////////////////////////////////////////////////// /////////////// API Implementation/////////////////// diff --git a/api/src/com/cloud/api/commands/ListPublicIpAddressesCmd.java b/api/src/com/cloud/api/commands/ListPublicIpAddressesCmd.java index e5eb706eab1..dd648b6758d 100644 --- a/api/src/com/cloud/api/commands/ListPublicIpAddressesCmd.java +++ b/api/src/com/cloud/api/commands/ListPublicIpAddressesCmd.java @@ -68,6 +68,9 @@ public class ListPublicIpAddressesCmd extends BaseListCmd { @Parameter(name=ApiConstants.FOR_LOAD_BALANCING, type=CommandType.BOOLEAN, description="list only ips used for load balancing") private Boolean forLoadBalancing; + + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="list ips by project") + private Long projectId; ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// @@ -103,6 +106,10 @@ public class ListPublicIpAddressesCmd extends BaseListCmd { public Long getZoneId() { return zoneId; } + + public Long getProjectId() { + return projectId; + } ///////////////////////////////////////////////////// /////////////// API Implementation/////////////////// diff --git a/api/src/com/cloud/api/commands/ListRemoteAccessVpnsCmd.java b/api/src/com/cloud/api/commands/ListRemoteAccessVpnsCmd.java index fedcb13784f..630ad91f010 100644 --- a/api/src/com/cloud/api/commands/ListRemoteAccessVpnsCmd.java +++ b/api/src/com/cloud/api/commands/ListRemoteAccessVpnsCmd.java @@ -41,14 +41,17 @@ public class ListRemoteAccessVpnsCmd extends BaseListCmd { //////////////// API parameters ///////////////////// ///////////////////////////////////////////////////// - @Parameter(name="account", type=CommandType.STRING, description="the account of the remote access vpn. Must be used with the domainId parameter.") + @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account of the remote access vpn. Must be used with the domainId parameter.") private String accountName; - @Parameter(name="domainid", type=CommandType.LONG, description="the domain ID of the remote access vpn rule. If used with the account parameter, lists remote access vpns for the account in the specified domain.") + @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="the domain ID of the remote access vpn rule. If used with the account parameter, lists remote access vpns for the account in the specified domain.") private Long domainId; @Parameter(name=ApiConstants.PUBLIC_IP_ID, type=CommandType.LONG, required=true, description="public ip address id of the vpn server") private Long publicIpId; + + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="list remote access vpn by project") + private Long projectId; ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// @@ -65,6 +68,10 @@ public class ListRemoteAccessVpnsCmd extends BaseListCmd { public Long getPublicIpId() { return publicIpId; } + + public Long getProjectId() { + return projectId; + } ///////////////////////////////////////////////////// /////////////// API Implementation/////////////////// diff --git a/api/src/com/cloud/api/commands/ListRoutersCmd.java b/api/src/com/cloud/api/commands/ListRoutersCmd.java index f1fc1c85ebd..a0a9067771f 100644 --- a/api/src/com/cloud/api/commands/ListRoutersCmd.java +++ b/api/src/com/cloud/api/commands/ListRoutersCmd.java @@ -68,6 +68,9 @@ public class ListRoutersCmd extends BaseListCmd { @Parameter(name=ApiConstants.NETWORK_ID, type=CommandType.LONG, description="list by network id") private Long networkId; + + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="list firewall rules by project") + private Long projectId; ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// @@ -108,6 +111,10 @@ public class ListRoutersCmd extends BaseListCmd { public Long getNetworkId() { return networkId; } + + public Long getProjectId() { + return projectId; + } ///////////////////////////////////////////////////// /////////////// API Implementation/////////////////// diff --git a/api/src/com/cloud/api/commands/ListSecurityGroupsCmd.java b/api/src/com/cloud/api/commands/ListSecurityGroupsCmd.java index 2b5c697d47e..be2b07c4566 100644 --- a/api/src/com/cloud/api/commands/ListSecurityGroupsCmd.java +++ b/api/src/com/cloud/api/commands/ListSecurityGroupsCmd.java @@ -25,6 +25,7 @@ import com.cloud.api.ApiConstants; import com.cloud.api.BaseListCmd; import com.cloud.api.Implementation; import com.cloud.api.Parameter; +import com.cloud.api.BaseCmd.CommandType; import com.cloud.api.response.ListResponse; import com.cloud.api.response.SecurityGroupResponse; import com.cloud.async.AsyncJob; @@ -53,7 +54,10 @@ public class ListSecurityGroupsCmd extends BaseListCmd { private Long virtualMachineId; @Parameter(name=ApiConstants.ID, type=CommandType.LONG, description="list the security group by the id provided") - private Long id; + private Long id; + + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="list security groups by project") + private Long projectId; ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// @@ -77,6 +81,10 @@ public class ListSecurityGroupsCmd extends BaseListCmd { public Long getId(){ return id; + } + + public Long getProjectId() { + return projectId; } ///////////////////////////////////////////////////// diff --git a/api/src/com/cloud/api/commands/ListSnapshotsCmd.java b/api/src/com/cloud/api/commands/ListSnapshotsCmd.java index 0e8b4cd048a..dc976b13a0e 100644 --- a/api/src/com/cloud/api/commands/ListSnapshotsCmd.java +++ b/api/src/com/cloud/api/commands/ListSnapshotsCmd.java @@ -26,7 +26,6 @@ import com.cloud.api.ApiConstants; import com.cloud.api.BaseListCmd; import com.cloud.api.Implementation; import com.cloud.api.Parameter; -import com.cloud.api.BaseCmd.CommandType; import com.cloud.api.response.ListResponse; import com.cloud.api.response.SnapshotResponse; import com.cloud.async.AsyncJob; @@ -65,6 +64,10 @@ public class ListSnapshotsCmd extends BaseListCmd { @Parameter(name=ApiConstants.IS_RECURSIVE, type=CommandType.BOOLEAN, description="defaults to false, but if true, lists all snapshots from the parent specified by the domain id till leaves.") private Boolean recursive; + + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="list snapshots by project") + private Long projectId; + ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// ///////////////////////////////////////////////////// @@ -99,8 +102,12 @@ public class ListSnapshotsCmd extends BaseListCmd { public Boolean isRecursive() { return recursive; - } + + public Long getProjectId() { + return projectId; + } + ///////////////////////////////////////////////////// /////////////// API Implementation/////////////////// ///////////////////////////////////////////////////// diff --git a/api/src/com/cloud/api/commands/ListTemplateOrIsoPermissionsCmd.java b/api/src/com/cloud/api/commands/ListTemplateOrIsoPermissionsCmd.java index ae6fe30bfbb..af92890cb8b 100644 --- a/api/src/com/cloud/api/commands/ListTemplateOrIsoPermissionsCmd.java +++ b/api/src/com/cloud/api/commands/ListTemplateOrIsoPermissionsCmd.java @@ -99,7 +99,7 @@ public class ListTemplateOrIsoPermissionsCmd extends BaseCmd { List accountNames = _mgr.listTemplatePermissions(this); Account account = UserContext.current().getCaller(); - boolean isAdmin = ((account == null) || isAdmin(account.getType())); + boolean isAdmin = (isAdmin(account.getType())); TemplatePermissionsResponse response = _responseGenerator.createTemplatePermissionsResponse(accountNames, id, isAdmin); response.setResponseName(getCommandName()); diff --git a/api/src/com/cloud/api/commands/ListTemplatesCmd.java b/api/src/com/cloud/api/commands/ListTemplatesCmd.java index d9c388ee4bf..1a5fd3ebafa 100755 --- a/api/src/com/cloud/api/commands/ListTemplatesCmd.java +++ b/api/src/com/cloud/api/commands/ListTemplatesCmd.java @@ -70,6 +70,9 @@ public class ListTemplatesCmd extends BaseListCmd { @Parameter(name=ApiConstants.ZONE_ID, type=CommandType.LONG, description="list templates by zoneId") private Long zoneId; + + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="list templates by project") + private Long projectId; ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// @@ -103,6 +106,10 @@ public class ListTemplatesCmd extends BaseListCmd { return zoneId; } + public Long getProjectId() { + return projectId; + } + public boolean listInReadyState() { Account account = UserContext.current().getCaller(); diff --git a/api/src/com/cloud/api/commands/ListVMGroupsCmd.java b/api/src/com/cloud/api/commands/ListVMGroupsCmd.java index 9aa5f3f87a5..ddcc1c42835 100644 --- a/api/src/com/cloud/api/commands/ListVMGroupsCmd.java +++ b/api/src/com/cloud/api/commands/ListVMGroupsCmd.java @@ -26,6 +26,7 @@ import com.cloud.api.ApiConstants; import com.cloud.api.BaseListCmd; import com.cloud.api.Implementation; import com.cloud.api.Parameter; +import com.cloud.api.BaseCmd.CommandType; import com.cloud.api.response.InstanceGroupResponse; import com.cloud.api.response.ListResponse; import com.cloud.vm.InstanceGroup; @@ -51,6 +52,9 @@ public class ListVMGroupsCmd extends BaseListCmd { @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="the domain ID. If used with the account parameter, lists virtual machines for the specified account in this domain.") private Long domainId; + + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="list instance group belonging to the specified project") + private Long projectId; ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// @@ -71,6 +75,10 @@ public class ListVMGroupsCmd extends BaseListCmd { public Long getDomainId() { return domainId; } + + public Long getProjectId() { + return projectId; + } ///////////////////////////////////////////////////// /////////////// API Implementation/////////////////// diff --git a/api/src/com/cloud/api/commands/ListVMsCmd.java b/api/src/com/cloud/api/commands/ListVMsCmd.java index 485fdd9f9ae..3e5c5a6a8b5 100755 --- a/api/src/com/cloud/api/commands/ListVMsCmd.java +++ b/api/src/com/cloud/api/commands/ListVMsCmd.java @@ -25,7 +25,6 @@ import com.cloud.api.ApiConstants; import com.cloud.api.BaseListCmd; import com.cloud.api.Implementation; import com.cloud.api.Parameter; -import com.cloud.api.BaseCmd.CommandType; import com.cloud.api.response.ListResponse; import com.cloud.api.response.UserVmResponse; import com.cloud.async.AsyncJob; diff --git a/api/src/com/cloud/api/commands/ListVolumesCmd.java b/api/src/com/cloud/api/commands/ListVolumesCmd.java index fbd6bd9a6ee..923da760e59 100755 --- a/api/src/com/cloud/api/commands/ListVolumesCmd.java +++ b/api/src/com/cloud/api/commands/ListVolumesCmd.java @@ -71,6 +71,9 @@ public class ListVolumesCmd extends BaseListCmd { @Parameter(name=ApiConstants.IS_RECURSIVE, type=CommandType.BOOLEAN, description="defaults to false, but if true, lists all volumes from the parent specified by the domain id till leaves.") private Boolean recursive; + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="list firewall rules by project") + private Long projectId; + ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// ///////////////////////////////////////////////////// @@ -115,6 +118,10 @@ public class ListVolumesCmd extends BaseListCmd { return recursive; } + public Long getProjectId() { + return projectId; + } + ///////////////////////////////////////////////////// /////////////// API Implementation/////////////////// ///////////////////////////////////////////////////// diff --git a/api/src/com/cloud/api/commands/ListVpnUsersCmd.java b/api/src/com/cloud/api/commands/ListVpnUsersCmd.java index 39d01e3033c..25c826de119 100644 --- a/api/src/com/cloud/api/commands/ListVpnUsersCmd.java +++ b/api/src/com/cloud/api/commands/ListVpnUsersCmd.java @@ -23,6 +23,7 @@ import java.util.List; import org.apache.log4j.Logger; +import com.cloud.api.ApiConstants; import com.cloud.api.BaseListCmd; import com.cloud.api.Implementation; import com.cloud.api.Parameter; @@ -40,17 +41,20 @@ public class ListVpnUsersCmd extends BaseListCmd { //////////////// API parameters ///////////////////// ///////////////////////////////////////////////////// - @Parameter(name="account", type=CommandType.STRING, description="the account of the remote access vpn. Must be used with the domainId parameter.") + @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="the account of the remote access vpn. Must be used with the domainId parameter.") private String accountName; - @Parameter(name="domainid", type=CommandType.LONG, description="the domain ID of the remote access vpn. If used with the account parameter, lists remote access vpns for the account in the specified domain.") + @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="the domain ID of the remote access vpn. If used with the account parameter, lists remote access vpns for the account in the specified domain.") private Long domainId; - @Parameter(name="id", type=CommandType.LONG, description="the ID of the vpn user") + @Parameter(name=ApiConstants.ID, type=CommandType.LONG, description="the ID of the vpn user") private Long id; - @Parameter(name="username", type=CommandType.STRING, description="the username of the vpn user.") + @Parameter(name=ApiConstants.USERNAME, type=CommandType.STRING, description="the username of the vpn user.") private String userName; + + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="list firewall rules by project") + private Long projectId; ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// ///////////////////////////////////////////////////// @@ -71,6 +75,9 @@ public class ListVpnUsersCmd extends BaseListCmd { return userName; } + public Long getProjectId() { + return projectId; + } ///////////////////////////////////////////////////// /////////////// API Implementation/////////////////// diff --git a/api/src/com/cloud/api/commands/PrepareTemplateCmd.java b/api/src/com/cloud/api/commands/PrepareTemplateCmd.java index 728f94fb666..c75936746e5 100644 --- a/api/src/com/cloud/api/commands/PrepareTemplateCmd.java +++ b/api/src/com/cloud/api/commands/PrepareTemplateCmd.java @@ -76,7 +76,7 @@ public class PrepareTemplateCmd extends BaseCmd { public void execute() { ListResponse response = new ListResponse(); - VirtualMachineTemplate vmTemplate = _templateService.prepareTemplate(this); + VirtualMachineTemplate vmTemplate = _templateService.prepareTemplate(templateId, zoneId); List templateResponses = _responseGenerator.createTemplateResponses(vmTemplate.getId(), zoneId, true); response.setResponses(templateResponses); response.setResponseName(getCommandName()); diff --git a/api/src/com/cloud/api/commands/RegisterIsoCmd.java b/api/src/com/cloud/api/commands/RegisterIsoCmd.java index 5de08e1a675..cdf15d770d6 100755 --- a/api/src/com/cloud/api/commands/RegisterIsoCmd.java +++ b/api/src/com/cloud/api/commands/RegisterIsoCmd.java @@ -26,6 +26,7 @@ import com.cloud.api.BaseCmd; import com.cloud.api.Implementation; import com.cloud.api.Parameter; import com.cloud.api.ServerApiException; +import com.cloud.api.BaseCmd.CommandType; import com.cloud.api.response.ListResponse; import com.cloud.api.response.TemplateResponse; import com.cloud.exception.InvalidParameterValueException; @@ -80,6 +81,9 @@ public class RegisterIsoCmd extends BaseCmd { @Parameter(name=ApiConstants.CHECKSUM, type=CommandType.STRING, description="the MD5 checksum value of this ISO") private String checksum; + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="Register iso for the project") + private Long projectId; + ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// ///////////////////////////////////////////////////// @@ -141,22 +145,15 @@ public class RegisterIsoCmd extends BaseCmd { return s_name; } - @Override - public long getEntityOwnerId() { - Account account = UserContext.current().getCaller(); - if (isAdmin(account.getType())) { - if ((domainId != null) && (accountName != null)) { - Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId); - if (userAccount != null) { - return userAccount.getId(); - } else { - throw new InvalidParameterValueException("Unable to find account by name " + getAccountName() + " in domain " + getDomainId()); - } - } + @Override + public long getEntityOwnerId() { + Long accountId = getAccountId(accountName, domainId, projectId); + if (accountId == null) { + return UserContext.current().getCaller().getId(); } - return account.getId(); - } + return accountId; + } @Override public void execute() throws ResourceAllocationException{ diff --git a/api/src/com/cloud/api/commands/RegisterSSHKeyPairCmd.java b/api/src/com/cloud/api/commands/RegisterSSHKeyPairCmd.java index 15aa96f2f5b..94cefd92038 100644 --- a/api/src/com/cloud/api/commands/RegisterSSHKeyPairCmd.java +++ b/api/src/com/cloud/api/commands/RegisterSSHKeyPairCmd.java @@ -24,9 +24,7 @@ import com.cloud.api.ApiConstants; import com.cloud.api.BaseCmd; import com.cloud.api.Implementation; import com.cloud.api.Parameter; -import com.cloud.api.BaseCmd.CommandType; import com.cloud.api.response.SSHKeyPairResponse; -import com.cloud.user.Account; import com.cloud.user.SSHKeyPair; import com.cloud.user.UserContext; @@ -53,6 +51,9 @@ public class RegisterSSHKeyPairCmd extends BaseCmd { @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="an optional domainId for the ssh key. If the account parameter is used, domainId must also be used.") private Long domainId; + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="an optional project for the ssh key") + private Long projectId; + ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// ///////////////////////////////////////////////////// @@ -73,19 +74,22 @@ public class RegisterSSHKeyPairCmd extends BaseCmd { return domainId; } + public Long getProjectId() { + return projectId; + } + ///////////////////////////////////////////////////// /////////////// API Implementation/////////////////// ///////////////////////////////////////////////////// @Override public long getEntityOwnerId() { - Account account = UserContext.current().getCaller(); - - if (account != null) { - return account.getId(); + Long accountId = getAccountId(accountName, domainId, projectId); + if (accountId == null) { + return UserContext.current().getCaller().getId(); } - - return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked + + return accountId; } @Override diff --git a/api/src/com/cloud/api/commands/RegisterTemplateCmd.java b/api/src/com/cloud/api/commands/RegisterTemplateCmd.java index a150488f325..b0b9073772d 100755 --- a/api/src/com/cloud/api/commands/RegisterTemplateCmd.java +++ b/api/src/com/cloud/api/commands/RegisterTemplateCmd.java @@ -27,6 +27,7 @@ import com.cloud.api.BaseCmd; import com.cloud.api.Implementation; import com.cloud.api.Parameter; import com.cloud.api.ServerApiException; +import com.cloud.api.BaseCmd.CommandType; import com.cloud.api.response.ListResponse; import com.cloud.api.response.TemplateResponse; import com.cloud.async.AsyncJob; @@ -95,7 +96,10 @@ public class RegisterTemplateCmd extends BaseCmd { private String checksum; @Parameter(name=ApiConstants.TEMPLATE_TAG, type=CommandType.STRING, description="the tag for this template.") - private String templateTag; + private String templateTag; + + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="Register template for the project") + private Long projectId; ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// @@ -183,19 +187,12 @@ public class RegisterTemplateCmd extends BaseCmd { @Override public long getEntityOwnerId() { - Account account = UserContext.current().getCaller(); - if (isAdmin(account.getType())) { - if ((domainId != null) && (accountName != null)) { - Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId); - if (userAccount != null) { - return userAccount.getId(); - } else { - throw new InvalidParameterValueException("Unable to find account by name " + getAccountName() + " in domain " + getDomainId()); - } - } + Long accountId = getAccountId(accountName, domainId, projectId); + if (accountId == null) { + return UserContext.current().getCaller().getId(); } - - return account.getId(); + + return accountId; } @Override diff --git a/api/src/com/cloud/api/commands/RemoveVpnUserCmd.java b/api/src/com/cloud/api/commands/RemoveVpnUserCmd.java index 972b767014e..75a1e77bd88 100644 --- a/api/src/com/cloud/api/commands/RemoveVpnUserCmd.java +++ b/api/src/com/cloud/api/commands/RemoveVpnUserCmd.java @@ -20,6 +20,7 @@ package com.cloud.api.commands; import org.apache.log4j.Logger; +import com.cloud.api.ApiConstants; import com.cloud.api.BaseAsyncCmd; import com.cloud.api.BaseCmd; import com.cloud.api.Implementation; @@ -39,13 +40,16 @@ public class RemoveVpnUserCmd extends BaseAsyncCmd { ///////////////////////////////////////////////////// //////////////// API parameters ///////////////////// ///////////////////////////////////////////////////// - @Parameter(name="username", type=CommandType.STRING, required=true, description="username for the vpn user") + @Parameter(name=ApiConstants.USERNAME, type=CommandType.STRING, required=true, description="username for the vpn user") private String userName; - @Parameter(name="account", type=CommandType.STRING, description="an optional account for the vpn user. Must be used with domainId.") + @Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="an optional account for the vpn user. Must be used with domainId.") private String accountName; + + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="remove vpn user from the project") + private Long projectId; - @Parameter(name="domainid", type=CommandType.LONG, description="an optional domainId for the vpn user. If the account parameter is used, domainId must also be used.") + @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="an optional domainId for the vpn user. If the account parameter is used, domainId must also be used.") private Long domainId; ///////////////////////////////////////////////////// @@ -65,8 +69,8 @@ public class RemoveVpnUserCmd extends BaseAsyncCmd { return userName; } - public void setUserName(String userName) { - this.userName = userName; + public Long getProjecId() { + return projectId; } @@ -81,21 +85,12 @@ public class RemoveVpnUserCmd extends BaseAsyncCmd { @Override public long getEntityOwnerId() { - Account account = UserContext.current().getCaller(); - if ((account == null) || isAdmin(account.getType())) { - if ((domainId != null) && (accountName != null)) { - Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId); - if (userAccount != null) { - return userAccount.getId(); - } - } + Long accountId = getAccountId(accountName, domainId, projectId); + if (accountId == null) { + return UserContext.current().getCaller().getId(); } - - if (account != null) { - return account.getId(); - } - - return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked + + return accountId; } @Override @@ -111,7 +106,7 @@ public class RemoveVpnUserCmd extends BaseAsyncCmd { @Override public void execute(){ - Account owner = getValidOwner(accountName, domainId); + Account owner = _accountService.getAccount(getEntityOwnerId()); boolean result = _ravService.removeVpnUser(owner.getId(), userName); if (!result) { throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to remove vpn user"); diff --git a/api/src/com/cloud/api/commands/StartRouterCmd.java b/api/src/com/cloud/api/commands/StartRouterCmd.java index a05197d8b29..e00c8cce60a 100644 --- a/api/src/com/cloud/api/commands/StartRouterCmd.java +++ b/api/src/com/cloud/api/commands/StartRouterCmd.java @@ -102,7 +102,7 @@ public class StartRouterCmd extends BaseAsyncCmd { @Override public void execute() throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException{ UserContext.current().setEventDetails("Router Id: "+getId()); - VirtualRouter result = _routerService.startRouter(this); + VirtualRouter result = _routerService.startRouter(id); if (result != null){ DomainRouterResponse routerResponse = _responseGenerator.createDomainRouterResponse(result); routerResponse.setResponseName(getCommandName()); diff --git a/api/src/com/cloud/api/commands/UpdateResourceCountCmd.java b/api/src/com/cloud/api/commands/UpdateResourceCountCmd.java index 8ac4ac139e6..0939b6a7a58 100644 --- a/api/src/com/cloud/api/commands/UpdateResourceCountCmd.java +++ b/api/src/com/cloud/api/commands/UpdateResourceCountCmd.java @@ -18,7 +18,11 @@ package com.cloud.api.commands; +import java.util.ArrayList; +import java.util.List; + import org.apache.log4j.Logger; + import com.cloud.api.ApiConstants; import com.cloud.api.BaseCmd; import com.cloud.api.Implementation; @@ -29,8 +33,6 @@ import com.cloud.api.response.ResourceCountResponse; import com.cloud.configuration.ResourceCount; import com.cloud.user.Account; import com.cloud.user.UserContext; -import java.util.ArrayList; -import java.util.List; @Implementation(description="Recalculate and update resource count for an account or domain.", responseObject=ResourceCountResponse.class) @@ -57,6 +59,9 @@ public class UpdateResourceCountCmd extends BaseCmd { "3 - Snapshot. Number of snapshots a user can create." + "4 - Template. Number of templates that a user can register/create.") private Integer resourceType; + + @Parameter(name=ApiConstants.PROJECT_ID, type=CommandType.LONG, description="Update resource limits for project") + private Long projectId; ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// @@ -104,7 +109,7 @@ public class UpdateResourceCountCmd extends BaseCmd { @Override public void execute(){ - List result = _resourceLimitService.recalculateResourceCount(this); + List result = _resourceLimitService.recalculateResourceCount(getAccountId(accountName, domainId, projectId), getDomainId(), getResourceType()); if ((result != null) && (result.size()>0)){ ListResponse response = new ListResponse(); diff --git a/api/src/com/cloud/api/commands/UpdateTemplateOrIsoPermissionsCmd.java b/api/src/com/cloud/api/commands/UpdateTemplateOrIsoPermissionsCmd.java index 263fa3d7c0c..019633aac4f 100755 --- a/api/src/com/cloud/api/commands/UpdateTemplateOrIsoPermissionsCmd.java +++ b/api/src/com/cloud/api/commands/UpdateTemplateOrIsoPermissionsCmd.java @@ -25,6 +25,7 @@ import org.apache.log4j.Logger; import com.cloud.api.ApiConstants; import com.cloud.api.BaseCmd; import com.cloud.api.Parameter; +import com.cloud.exception.InvalidParameterValueException; public abstract class UpdateTemplateOrIsoPermissionsCmd extends BaseCmd { public Logger s_logger = getLogger(); @@ -51,13 +52,20 @@ public abstract class UpdateTemplateOrIsoPermissionsCmd extends BaseCmd { @Parameter(name = ApiConstants.OP, type = CommandType.STRING, description = "permission operator (add, remove, reset)") private String operation; + + @Parameter(name = ApiConstants.PROJECT_IDS, type = CommandType.LIST, collectionType = CommandType.LONG, description = "a comma delimited list of projects. If specified, \"op\" parameter has to be passed in.") + private List projectIds; // /////////////////////////////////////////////////// // ///////////////// Accessors /////////////////////// // /////////////////////////////////////////////////// public List getAccountNames() { - return accountNames; + if (accountNames != null && projectIds != null) { + throw new InvalidParameterValueException("Accounts and projectIds can't be specified together"); + } + + return accountNames; } public Long getId() { @@ -79,6 +87,13 @@ public abstract class UpdateTemplateOrIsoPermissionsCmd extends BaseCmd { public String getOperation() { return operation; } + + public List getProjectIds() { + if (accountNames != null && projectIds != null) { + throw new InvalidParameterValueException("Accounts and projectIds can't be specified together"); + } + return projectIds; + } // /////////////////////////////////////////////////// // ///////////// API Implementation/////////////////// diff --git a/api/src/com/cloud/api/response/DomainRouterResponse.java b/api/src/com/cloud/api/response/DomainRouterResponse.java index f67659bd20c..f5def8a36e7 100644 --- a/api/src/com/cloud/api/response/DomainRouterResponse.java +++ b/api/src/com/cloud/api/response/DomainRouterResponse.java @@ -24,7 +24,8 @@ import com.cloud.serializer.Param; import com.cloud.vm.VirtualMachine.State; import com.google.gson.annotations.SerializedName; -public class DomainRouterResponse extends BaseResponse { +@SuppressWarnings("unused") +public class DomainRouterResponse extends BaseResponse implements ControlledEntityResponse{ @SerializedName(ApiConstants.ID) @Param(description="the id of the router") private Long id; @@ -94,8 +95,7 @@ public class DomainRouterResponse extends BaseResponse { @SerializedName("guestnetworkid") @Param(description="the ID of the corresponding guest network") private Long guestNetworkId; - - @SerializedName("templateid") @Param(description="the template ID for the router") + @SerializedName(ApiConstants.TEMPLATE_ID) @Param(description="the template ID for the router") private Long templateId; @SerializedName(ApiConstants.CREATED) @Param(description="the date and time the router was created") @@ -106,6 +106,12 @@ public class DomainRouterResponse extends BaseResponse { @SerializedName(ApiConstants.ACCOUNT) @Param(description="the account associated with the router") private String accountName; + + @SerializedName(ApiConstants.PROJECT_ID) @Param(description="the project id of the ipaddress") + private Long projectId; + + @SerializedName(ApiConstants.PROJECT) @Param(description="the project name of the address") + private String projectName; @SerializedName(ApiConstants.DOMAIN_ID) @Param(description="the domain ID associated with the router") private Long domainId; @@ -144,262 +150,137 @@ public class DomainRouterResponse extends BaseResponse { this.id = id; } - public Long getZoneId() { - return zoneId; - } - public void setZoneId(Long zoneId) { this.zoneId = zoneId; } - public String getZoneName() { - return zoneName; - } - public void setZoneName(String zoneName) { this.zoneName = zoneName; } - public String getDns1() { - return dns1; - } - public void setDns1(String dns1) { this.dns1 = dns1; } - public String getDns2() { - return dns2; - } - public void setDns2(String dns2) { this.dns2 = dns2; } - public String getNetworkDomain() { - return networkDomain; - } - public void setNetworkDomain(String networkDomain) { this.networkDomain = networkDomain; } - public String getGateway() { - return gateway; - } - public void setGateway(String gateway) { this.gateway = gateway; } - public String getName() { - return name; - } - public void setName(String name) { this.name = name; } - public Long getPodId() { - return podId; - } - public void setPodId(Long podId) { this.podId = podId; } - public Long getHostId() { - return hostId; - } - public void setHostId(Long hostId) { this.hostId = hostId; } - public String getHostName() { - return hostName; - } - public void setHostName(String hostName) { this.hostName = hostName; } - public String getPublicIp() { - return publicIp; - } - public void setPublicIp(String publicIp) { this.publicIp = publicIp; } - public String getPublicMacAddress() { - return publicMacAddress; - } - public void setPublicMacAddress(String publicMacAddress) { this.publicMacAddress = publicMacAddress; } - public String getPublicNetmask() { - return publicNetmask; - } - public void setPublicNetmask(String publicNetmask) { this.publicNetmask = publicNetmask; } - public String getGuestIpAddress() { - return guestIpAddress; - } - public void setGuestIpAddress(String guestIpAddress) { this.guestIpAddress = guestIpAddress; } - public String getGuestMacAddress() { - return guestMacAddress; - } - public void setGuestMacAddress(String guestMacAddress) { this.guestMacAddress = guestMacAddress; } - public String getGuestNetmask() { - return guestNetmask; - } - public void setGuestNetmask(String guestNetmask) { this.guestNetmask = guestNetmask; } - public Long getTemplateId() { - return templateId; - } - public void setTemplateId(Long templateId) { this.templateId = templateId; } - public Date getCreated() { - return created; - } - public void setCreated(Date created) { this.created = created; } - public State getState() { - return state; - } - public void setState(State state) { this.state = state; } - public String getAccountName() { - return accountName; - } - + @Override public void setAccountName(String accountName) { this.accountName = accountName; } - public Long getDomainId() { - return domainId; - } - + @Override public void setDomainId(Long domainId) { this.domainId = domainId; } - public String getDomainName() { - return domainName; - } - + @Override public void setDomainName(String domainName) { this.domainName = domainName; } - - public Long getPublicNetworkId() { - return publicNetworkId; - } public void setPublicNetworkId(Long publicNetworkId) { this.publicNetworkId = publicNetworkId; } - public Long getGuestNetworkId() { - return guestNetworkId; - } - public void setGuestNetworkId(Long guestNetworkId) { this.guestNetworkId = guestNetworkId; } - public String getLinkLocalIp() { - return linkLocalIp; - } - public void setLinkLocalIp(String linkLocalIp) { this.linkLocalIp = linkLocalIp; } - - public String getLinkLocalMacAddress() { - return linkLocalMacAddress; - } - + public void setLinkLocalMacAddress(String linkLocalMacAddress) { this.linkLocalMacAddress = linkLocalMacAddress; } - public String getLinkLocalNetmask() { - return linkLocalNetmask; - } - public void setLinkLocalNetmask(String linkLocalNetmask) { this.linkLocalNetmask = linkLocalNetmask; } - public Long getLinkLocalNetworkId() { - return linkLocalNetworkId; - } - public void setLinkLocalNetworkId(Long linkLocalNetworkId) { this.linkLocalNetworkId = linkLocalNetworkId; } - - public Long getServiceOfferingId() { - return serviceOfferingId; - } public void setServiceOfferingId(Long serviceOfferingId) { this.serviceOfferingId = serviceOfferingId; } - public String getServiceOfferingName() { - return serviceOfferingName; - } - public void setServiceOfferingName(String serviceOfferingName) { this.serviceOfferingName = serviceOfferingName; } - - public String getRedundantState() { - return redundantState; - } public void setRedundantState(String redundantState) { this.redundantState = redundantState; } - - public boolean getIsRedundantRouter() { - return isRedundantRouter; - } public void setIsRedundantRouter(boolean isRedundantRouter) { this.isRedundantRouter = isRedundantRouter; } - + public String getTemplateVersion() { return this.templateVersion; } @@ -415,4 +296,13 @@ public class DomainRouterResponse extends BaseResponse { public void setScriptsVersion(String scriptsVersion) { this.scriptsVersion = scriptsVersion; } + @Override + public void setProjectId(Long projectId) { + this.projectId = projectId; + } + + @Override + public void setProjectName(String projectName) { + this.projectName = projectName; + } } diff --git a/api/src/com/cloud/api/response/FirewallRuleResponse.java b/api/src/com/cloud/api/response/FirewallRuleResponse.java index 4959c2ff5ab..fac658f0b17 100644 --- a/api/src/com/cloud/api/response/FirewallRuleResponse.java +++ b/api/src/com/cloud/api/response/FirewallRuleResponse.java @@ -21,7 +21,7 @@ import com.cloud.api.ApiConstants; import com.cloud.serializer.Param; import com.google.gson.annotations.SerializedName; -public class FirewallRuleResponse extends BaseResponse { +public class FirewallRuleResponse extends BaseResponse{ @SerializedName(ApiConstants.ID) @Param(description="the ID of the port forwarding rule") private Long id; @@ -55,7 +55,7 @@ public class FirewallRuleResponse extends BaseResponse { @SerializedName(ApiConstants.IP_ADDRESS) @Param(description="the public ip address for the port forwarding rule") private String publicIpAddress; - @SerializedName("state") @Param(description="the state of the rule") + @SerializedName(ApiConstants.STATE) @Param(description="the state of the rule") private String state; @SerializedName(ApiConstants.CIDR_LIST) @Param(description="the cidr list to forward traffic from") diff --git a/api/src/com/cloud/api/response/IPAddressResponse.java b/api/src/com/cloud/api/response/IPAddressResponse.java index 83908005541..33d136c27e3 100644 --- a/api/src/com/cloud/api/response/IPAddressResponse.java +++ b/api/src/com/cloud/api/response/IPAddressResponse.java @@ -23,17 +23,18 @@ import com.cloud.api.ApiConstants; import com.cloud.serializer.Param; import com.google.gson.annotations.SerializedName; -public class IPAddressResponse extends BaseResponse { - @SerializedName("id") @Param(description="public IP address id") +@SuppressWarnings("unused") +public class IPAddressResponse extends BaseResponse implements ControlledEntityResponse { + @SerializedName(ApiConstants.ID) @Param(description="public IP address id") private Long id; - @SerializedName("ipaddress") @Param(description="public IP address") + @SerializedName(ApiConstants.IP_ADDRESS) @Param(description="public IP address") private String ipAddress; @SerializedName("allocated") @Param(description="date the public IP address was acquired") private Date allocated; - @SerializedName("zoneid") @Param(description="the ID of the zone the public IP address belongs to") + @SerializedName(ApiConstants.ZONE_ID) @Param(description="the ID of the zone the public IP address belongs to") private Long zoneId; @SerializedName("zonename") @Param(description="the name of the zone the public IP address belongs to") @@ -42,19 +43,25 @@ public class IPAddressResponse extends BaseResponse { @SerializedName("issourcenat") @Param(description="true if the IP address is a source nat address, false otherwise") private Boolean sourceNat; - @SerializedName("account") @Param(description="the account the public IP address is associated with") + @SerializedName(ApiConstants.ACCOUNT) @Param(description="the account the public IP address is associated with") private String accountName; + + @SerializedName(ApiConstants.PROJECT_ID) @Param(description="the project id of the ipaddress") + private Long projectId; + + @SerializedName(ApiConstants.PROJECT) @Param(description="the project name of the address") + private String projectName; - @SerializedName("domainid") @Param(description="the domain ID the public IP address is associated with") + @SerializedName(ApiConstants.DOMAIN_ID) @Param(description="the domain ID the public IP address is associated with") private Long domainId; - @SerializedName("domain") @Param(description="the domain the public IP address is associated with") + @SerializedName(ApiConstants.DOMAIN) @Param(description="the domain the public IP address is associated with") private String domainName; - @SerializedName("forvirtualnetwork") @Param(description="the virtual network for the IP address") + @SerializedName(ApiConstants.FOR_VIRTUAL_NETWORK) @Param(description="the virtual network for the IP address") private Boolean forVirtualNetwork; - @SerializedName("vlanid") @Param(description="the ID of the VLAN associated with the IP address") + @SerializedName(ApiConstants.VLAN_ID) @Param(description="the ID of the VLAN associated with the IP address") private Long vlanId; @SerializedName("vlanname") @Param(description="the VLAN associated with the IP address") @@ -63,7 +70,7 @@ public class IPAddressResponse extends BaseResponse { @SerializedName("isstaticnat") @Param(description="true if this ip is for static nat, false otherwise") private Boolean staticNat; - @SerializedName("virtualmachineid") @Param(description="virutal machine id the ip address is assigned to (not null only for static nat Ip)") + @SerializedName(ApiConstants.VIRTUAL_MACHINE_ID) @Param(description="virutal machine id the ip address is assigned to (not null only for static nat Ip)") private Long virtualMachineId; @SerializedName("virtualmachinename") @Param(description="virutal machine name the ip address is assigned to (not null only for static nat Ip)") @@ -75,7 +82,7 @@ public class IPAddressResponse extends BaseResponse { @SerializedName("associatednetworkid") @Param(description="the ID of the Network associated with the IP address") private Long associatedNetworkId; - @SerializedName("networkid") @Param(description="the ID of the Network where ip belongs to") + @SerializedName(ApiConstants.NETWORK_ID) @Param(description="the ID of the Network where ip belongs to") private Long networkId; @SerializedName(ApiConstants.STATE) @Param(description="State of the ip address. Can be: Allocatin, Allocated and Releasing") @@ -84,141 +91,73 @@ public class IPAddressResponse extends BaseResponse { @SerializedName(ApiConstants.JOB_ID) @Param(description="shows the current pending asynchronous job ID. This tag is not returned if no current pending jobs are acting on the volume") private Long jobId; - @SerializedName("jobstatus") @Param(description="shows the current pending asynchronous job status") + @SerializedName(ApiConstants.JOB_STATUS) @Param(description="shows the current pending asynchronous job status") private Integer jobStatus; - - public String getIpAddress() { - return ipAddress; - } public void setIpAddress(String ipAddress) { this.ipAddress = ipAddress; } - public Date getAllocated() { - return allocated; - } - public void setAllocated(Date allocated) { this.allocated = allocated; } - - public Long getZoneId() { - return zoneId; - } - + public void setZoneId(Long zoneId) { this.zoneId = zoneId; } - public String getZoneName() { - return zoneName; - } - public void setZoneName(String zoneName) { this.zoneName = zoneName; } - public Boolean getSourceNat() { - return sourceNat; - } - public void setSourceNat(Boolean sourceNat) { this.sourceNat = sourceNat; } - public String getAccountName() { - return accountName; - } - public void setAccountName(String accountName) { this.accountName = accountName; } - public Long getDomainId() { - return domainId; - } - public void setDomainId(Long domainId) { this.domainId = domainId; } - - public String getDomainName() { - return domainName; - } - + public void setDomainName(String domainName) { this.domainName = domainName; } - public Boolean getForVirtualNetwork() { - return forVirtualNetwork; - } - public void setForVirtualNetwork(Boolean forVirtualNetwork) { this.forVirtualNetwork = forVirtualNetwork; } - public Long getVlanId() { - return vlanId; - } - public void setVlanId(Long vlanId) { this.vlanId = vlanId; } - public String getVlanName() { - return vlanName; - } - public void setVlanName(String vlanName) { this.vlanName = vlanName; } - public Boolean getStaticNat() { - return staticNat; - } - public void setStaticNat(Boolean staticNat) { this.staticNat = staticNat; } - public Long getAssociatedNetworkId() { - return associatedNetworkId; - } - public void setAssociatedNetworkId(Long networkId) { this.associatedNetworkId = networkId; } - public Long getNetworkId() { - return networkId; - } - public void setNetworkId(Long networkId) { this.networkId = networkId; } - public Long getVirtualMachineId() { - return virtualMachineId; - } - public void setVirtualMachineId(Long virtualMachineId) { this.virtualMachineId = virtualMachineId; } - public String getVirtualMachineName() { - return virtualMachineName; - } - public void setVirtualMachineName(String virtualMachineName) { this.virtualMachineName = virtualMachineName; } - public String getVirtualMachineDisplayName() { - return virtualMachineDisplayName; - } - public void setVirtualMachineDisplayName(String virtualMachineDisplayName) { this.virtualMachineDisplayName = virtualMachineDisplayName; } @@ -231,10 +170,6 @@ public class IPAddressResponse extends BaseResponse { this.id = id; } - public String getState() { - return state; - } - public void setState(String state) { this.state = state; } @@ -263,4 +198,14 @@ public class IPAddressResponse extends BaseResponse { public void setJobStatus(Integer jobStatus) { this.jobStatus = jobStatus; } + + @Override + public void setProjectId(Long projectId) { + this.projectId = projectId; + } + + @Override + public void setProjectName(String projectName) { + this.projectName = projectName; + } } diff --git a/api/src/com/cloud/api/response/InstanceGroupResponse.java b/api/src/com/cloud/api/response/InstanceGroupResponse.java index a2a1ace572f..3d393427b42 100644 --- a/api/src/com/cloud/api/response/InstanceGroupResponse.java +++ b/api/src/com/cloud/api/response/InstanceGroupResponse.java @@ -24,7 +24,8 @@ import com.cloud.api.ApiConstants; import com.cloud.serializer.Param; import com.google.gson.annotations.SerializedName; -public class InstanceGroupResponse extends BaseResponse { +@SuppressWarnings("unused") +public class InstanceGroupResponse extends BaseResponse implements ControlledEntityResponse{ @SerializedName(ApiConstants.ID) @Param(description="the id of the instance group") private Long id; @@ -36,6 +37,12 @@ public class InstanceGroupResponse extends BaseResponse { @SerializedName(ApiConstants.ACCOUNT) @Param(description="the account owning the instance group") private String accountName; + + @SerializedName(ApiConstants.PROJECT_ID) @Param(description="the project id of the group") + private Long projectId; + + @SerializedName(ApiConstants.PROJECT) @Param(description="the project name of the group") + private String projectName; @SerializedName(ApiConstants.DOMAIN_ID) @Param(description="the domain ID of the instance group") private Long domainId; @@ -43,51 +50,40 @@ public class InstanceGroupResponse extends BaseResponse { @SerializedName(ApiConstants.DOMAIN) @Param(description="the domain name of the instance group") private String domainName; - public Long getId() { - return id; - } - public void setId(Long id) { this.id = id; } - public String getName() { - return name; - } - public void setName(String name) { this.name = name; } - public Date getCreated() { - return created; - } - public void setCreated(Date created) { this.created = created; } - public String getAccountName() { - return accountName; - } - + @Override public void setAccountName(String accountName) { this.accountName = accountName; } - public Long getDomainId() { - return domainId; - } - + @Override public void setDomainId(Long domainId) { this.domainId = domainId; } - public String getDomainName() { - return domainName; - } - + @Override public void setDomainName(String domainName) { this.domainName = domainName; } + + @Override + public void setProjectId(Long projectId) { + this.projectId = projectId; + } + + @Override + public void setProjectName(String projectName) { + this.projectName = projectName; + } } diff --git a/api/src/com/cloud/api/response/IpForwardingRuleResponse.java b/api/src/com/cloud/api/response/IpForwardingRuleResponse.java index 1484ced98ed..3ee037da7b9 100644 --- a/api/src/com/cloud/api/response/IpForwardingRuleResponse.java +++ b/api/src/com/cloud/api/response/IpForwardingRuleResponse.java @@ -49,7 +49,7 @@ public class IpForwardingRuleResponse extends BaseResponse { @SerializedName(ApiConstants.END_PORT) @Param(description="the end port of the rule") private Integer endPort; - @SerializedName("state") @Param(description="state of the ip forwarding rule") + @SerializedName(ApiConstants.STATE) @Param(description="state of the ip forwarding rule") private String state; public Long getId() { diff --git a/api/src/com/cloud/api/response/LoadBalancerResponse.java b/api/src/com/cloud/api/response/LoadBalancerResponse.java index 54217fe93a4..db4d69f98c6 100644 --- a/api/src/com/cloud/api/response/LoadBalancerResponse.java +++ b/api/src/com/cloud/api/response/LoadBalancerResponse.java @@ -21,16 +21,17 @@ import com.cloud.api.ApiConstants; import com.cloud.serializer.Param; import com.google.gson.annotations.SerializedName; -public class LoadBalancerResponse extends BaseResponse { - @SerializedName("id") +@SuppressWarnings("unused") +public class LoadBalancerResponse extends BaseResponse implements ControlledEntityResponse { + @SerializedName(ApiConstants.ID) @Param(description = "the load balancer rule ID") private Long id; - @SerializedName("name") + @SerializedName(ApiConstants.NAME) @Param(description = "the name of the load balancer") private String name; - @SerializedName("description") + @SerializedName(ApiConstants.DESCRIPTION) @Param(description = "the description of the load balancer") private String description; @@ -42,34 +43,40 @@ public class LoadBalancerResponse extends BaseResponse { @Param(description = "the public ip address") private String publicIp; - @SerializedName("publicport") + @SerializedName(ApiConstants.PUBLIC_PORT) @Param(description = "the public port") private String publicPort; - @SerializedName("privateport") + @SerializedName(ApiConstants.PRIVATE_PORT) @Param(description = "the private port") private String privatePort; - @SerializedName("algorithm") + @SerializedName(ApiConstants.ALGORITHM) @Param(description = "the load balancer algorithm (source, roundrobin, leastconn)") private String algorithm; @SerializedName(ApiConstants.CIDR_LIST) @Param(description="the cidr list to forward traffic from") private String cidrList; - @SerializedName("account") + @SerializedName(ApiConstants.ACCOUNT) @Param(description = "the account of the load balancer rule") private String accountName; + + @SerializedName(ApiConstants.PROJECT_ID) @Param(description="the project id of the load balancer") + private Long projectId; + + @SerializedName(ApiConstants.PROJECT) @Param(description="the project name of the load balancer") + private String projectName; - @SerializedName("domainid") + @SerializedName(ApiConstants.DOMAIN_ID) @Param(description = "the domain ID of the load balancer rule") private Long domainId; - @SerializedName("domain") + @SerializedName(ApiConstants.DOMAIN) @Param(description = "the domain of the load balancer rule") private String domainName; - @SerializedName("state") + @SerializedName(ApiConstants.STATE) @Param(description = "the state of the rule") private String state; @@ -77,115 +84,70 @@ public class LoadBalancerResponse extends BaseResponse { @Param(description = "the id of the zone the rule belongs to") private Long zoneId; - public Long getId() { - return id; - } - public void setId(Long id) { this.id = id; } - public String getName() { - return name; - } - public void setName(String name) { this.name = name; } - public String getDescription() { - return description; - } - public void setDescription(String description) { this.description = description; } - public String getPublicIp() { - return publicIp; - } - public void setPublicIp(String publicIp) { this.publicIp = publicIp; } - public String getPublicPort() { - return publicPort; - } - public void setPublicPort(String publicPort) { this.publicPort = publicPort; } - public String getPrivatePort() { - return privatePort; - } - public void setPrivatePort(String privatePort) { this.privatePort = privatePort; } - public String getCidrList() { - return cidrList; - } - public void setCidrList(String cidrs) { this.cidrList = cidrs; } - public String getAlgorithm() { - return algorithm; - } - public void setAlgorithm(String algorithm) { this.algorithm = algorithm; } - public String getAccountName() { - return accountName; - } - public void setAccountName(String accountName) { this.accountName = accountName; } - public Long getDomainId() { - return domainId; - } - public void setDomainId(Long domainId) { this.domainId = domainId; } - public String getDomainName() { - return domainName; - } - public void setDomainName(String domainName) { this.domainName = domainName; } - public String getState() { - return state; - } - public void setState(String state) { this.state = state; } - public Long getPublicIpId() { - return publicIpId; - } - public void setPublicIpId(Long publicIpId) { this.publicIpId = publicIpId; } - public Long getZoneId() { - return zoneId; - } - public void setZoneId(Long zoneId) { this.zoneId = zoneId; } + + @Override + public void setProjectId(Long projectId) { + this.projectId = projectId; + } + + @Override + public void setProjectName(String projectName) { + this.projectName = projectName; + } + } diff --git a/api/src/com/cloud/api/response/NetworkResponse.java b/api/src/com/cloud/api/response/NetworkResponse.java index 528f119d057..f998cfc706b 100644 --- a/api/src/com/cloud/api/response/NetworkResponse.java +++ b/api/src/com/cloud/api/response/NetworkResponse.java @@ -24,36 +24,37 @@ import com.cloud.api.ApiConstants; import com.cloud.serializer.Param; import com.google.gson.annotations.SerializedName; -public class NetworkResponse extends BaseResponse{ +@SuppressWarnings("unused") +public class NetworkResponse extends BaseResponse implements ControlledEntityResponse{ - @SerializedName("id") @Param(description="the id of the network") + @SerializedName(ApiConstants.ID) @Param(description="the id of the network") private Long id; - @SerializedName("name") @Param(description="the name of the network") + @SerializedName(ApiConstants.NAME) @Param(description="the name of the network") private String name; - @SerializedName("displaytext") @Param(description="the displaytext of the network") + @SerializedName(ApiConstants.DISPLAY_TEXT) @Param(description="the displaytext of the network") private String displaytext; @SerializedName("broadcastdomaintype") @Param(description="Broadcast domain type of the network") private String broadcastDomainType; - @SerializedName("traffictype") @Param(description="the traffic type of the network") + @SerializedName(ApiConstants.TRAFFIC_TYPE) @Param(description="the traffic type of the network") private String trafficType; - @SerializedName("gateway") @Param(description="the network's gateway") + @SerializedName(ApiConstants.GATEWAY) @Param(description="the network's gateway") private String gateway; - @SerializedName("netmask") @Param(description="the network's netmask") + @SerializedName(ApiConstants.NETMASK) @Param(description="the network's netmask") private String netmask; - @SerializedName("startip") @Param(description="the start ip of the network") + @SerializedName(ApiConstants.START_IP) @Param(description="the start ip of the network") private String startIp; - @SerializedName("endip") @Param(description="the end ip of the network") + @SerializedName(ApiConstants.END_IP) @Param(description="the end ip of the network") private String endIp; - @SerializedName("zoneid") @Param(description="zone id of the network") + @SerializedName(ApiConstants.ZONE_ID) @Param(description="zone id of the network") private Long zoneId; @SerializedName("networkofferingid") @Param(description="network offering id the network is created from") @@ -68,13 +69,13 @@ public class NetworkResponse extends BaseResponse{ @SerializedName("networkofferingavailability") @Param(description="availability of the network offering the network is created from") private String networkOfferingAvailability; - @SerializedName("isshared") @Param(description="true if network is shared, false otherwise") + @SerializedName(ApiConstants.IS_SHARED) @Param(description="true if network is shared, false otherwise") private Boolean isShared; - @SerializedName("issystem") @Param(description="true if network is system, false otherwise") + @SerializedName(ApiConstants.IS_SYSTEM) @Param(description="true if network is system, false otherwise") private Boolean isSystem; - @SerializedName("state") @Param(description="state of the network") + @SerializedName(ApiConstants.STATE) @Param(description="state of the network") private String state; @SerializedName("related") @Param(description="related to what other network configuration") @@ -83,20 +84,26 @@ public class NetworkResponse extends BaseResponse{ @SerializedName("broadcasturi") @Param(description="broadcast uri of the network") private String broadcastUri; - @SerializedName("dns1") @Param(description="the first DNS for the network") + @SerializedName(ApiConstants.DNS1) @Param(description="the first DNS for the network") private String dns1; - @SerializedName("dns2") @Param(description="the second DNS for the network") + @SerializedName(ApiConstants.DNS2) @Param(description="the second DNS for the network") private String dns2; - @SerializedName("type") @Param(description="the type of the network") + @SerializedName(ApiConstants.TYPE) @Param(description="the type of the network") private String type; - @SerializedName("vlan") @Param(description="the vlan of the network") + @SerializedName(ApiConstants.VLAN) @Param(description="the vlan of the network") private String vlan; @SerializedName(ApiConstants.ACCOUNT) @Param(description="the owner of the network") private String accountName; + + @SerializedName(ApiConstants.PROJECT_ID) @Param(description="the project id of the ipaddress") + private Long projectId; + + @SerializedName(ApiConstants.PROJECT) @Param(description="the project name of the address") + private String projectName; @SerializedName(ApiConstants.DOMAIN_ID) @Param(description="the domain id of the network owner") private Long domainId; @@ -118,243 +125,123 @@ public class NetworkResponse extends BaseResponse{ @SerializedName(ApiConstants.TAGS) @Param(description="comma separated tag") private String tags; - - public Long getId() { - return id; - } public void setId(Long id) { this.id = id; } - public String getName() { - return name; - } - public void setName(String name) { this.name = name; } - public String getBroadcastDomainType() { - return broadcastDomainType; - } - public void setBroadcastDomainType(String broadcastDomainType) { this.broadcastDomainType = broadcastDomainType; } - public String getTrafficType() { - return trafficType; - } - public void setTrafficType(String trafficType) { this.trafficType = trafficType; } - public String getGateway() { - return gateway; - } - public void setGateway(String gateway) { this.gateway = gateway; } - public String getNetmask() { - return netmask; - } - public void setNetmask(String netmask) { this.netmask = netmask; } - - public Long getZoneId() { - return zoneId; - } - + public void setZoneId(Long zoneId) { this.zoneId = zoneId; } - public Long getNetworkOfferingId() { - return networkOfferingId; - } - public void setNetworkOfferingId(Long networkOfferingId) { this.networkOfferingId = networkOfferingId; } - public String getState() { - return state; - } - public void setState(String state) { this.state = state; } - public Long getRelated() { - return related; - } - public void setRelated(Long related) { this.related = related; } - public String getBroadcastUri() { - return broadcastUri; - } - public void setBroadcastUri(String broadcastUri) { this.broadcastUri = broadcastUri; } - public String getDns1() { - return dns1; - } - public void setDns1(String dns1) { this.dns1 = dns1; } - public String getDns2() { - return dns2; - } - public void setDns2(String dns2) { this.dns2 = dns2; } - public String getType() { - return type; - } - public void setType(String type) { this.type = type; } - public String getAccountName() { - return accountName; - } - public void setAccountName(String accountName) { this.accountName = accountName; } - public Long getDomainId() { - return domainId; - } - public void setDomainId(Long domainId) { this.domainId = domainId; } - public String getNetworkOfferingName() { - return networkOfferingName; - } - public void setNetworkOfferingName(String networkOfferingName) { this.networkOfferingName = networkOfferingName; } - public String getNetworkOfferingDisplayText() { - return networkOfferingDisplayText; - } - public void setNetworkOfferingDisplayText(String networkOfferingDisplayText) { this.networkOfferingDisplayText = networkOfferingDisplayText; } - public String getDisplaytext() { - return displaytext; - } - public void setDisplaytext(String displaytext) { this.displaytext = displaytext; } - public Boolean getIsShared() { - return isShared; - } - public void setIsShared(Boolean isShared) { this.isShared = isShared; } - public String getStartIp() { - return startIp; - } - public void setStartIp(String startIp) { this.startIp = startIp; } - public String getEndIp() { - return endIp; - } - public void setEndIp(String endIp) { this.endIp = endIp; } - public String getVlan() { - return vlan; - } - public void setVlan(String vlan) { this.vlan = vlan; } - public Boolean getIsSystem() { - return isSystem; - } - public void setIsSystem(Boolean isSystem) { this.isSystem = isSystem; } - public String getDomain() { - return domain; - } - - public void setDomain(String domain) { + public void setDomainName(String domain) { this.domain = domain; } - public String getNetworkOfferingAvailability() { - return networkOfferingAvailability; - } - public void setNetworkOfferingAvailability(String networkOfferingAvailability) { this.networkOfferingAvailability = networkOfferingAvailability; } - - public List getServices() { - return services; - } - + public void setServices(List services) { this.services = services; } - public Boolean getIsDefault() { - return isDefault; - } - public void setIsDefault(Boolean isDefault) { this.isDefault = isDefault; } - public String getNetworkDomain() { - return networkDomain; - } - public void setNetworkDomain(String networkDomain) { this.networkDomain = networkDomain; } - public Boolean getIsSecurityGroupEnabled() { - return this.isSecurityGroupEnabled; - } - public void setIsSecurityGroupEnabled(Boolean sgEnabled) { this.isSecurityGroupEnabled = sgEnabled; } @@ -372,4 +259,16 @@ public class NetworkResponse extends BaseResponse{ this.tags = buf.delete(buf.length()-1, buf.length()).toString(); } + @Override + public void setProjectId(Long projectId) { + this.projectId = projectId; + } + + @Override + public void setProjectName(String projectName) { + this.projectName = projectName; + } + + + } diff --git a/api/src/com/cloud/api/response/RemoteAccessVpnResponse.java b/api/src/com/cloud/api/response/RemoteAccessVpnResponse.java index de514c06b4e..03d283678be 100644 --- a/api/src/com/cloud/api/response/RemoteAccessVpnResponse.java +++ b/api/src/com/cloud/api/response/RemoteAccessVpnResponse.java @@ -21,7 +21,8 @@ import com.cloud.api.ApiConstants; import com.cloud.serializer.Param; import com.google.gson.annotations.SerializedName; -public class RemoteAccessVpnResponse extends BaseResponse { +@SuppressWarnings("unused") +public class RemoteAccessVpnResponse extends BaseResponse implements ControlledEntityResponse{ @SerializedName(ApiConstants.PUBLIC_IP_ID) @Param(description="the public ip address of the vpn server") private Long publicIpId; @@ -35,82 +36,64 @@ public class RemoteAccessVpnResponse extends BaseResponse { @SerializedName("presharedkey") @Param(description="the ipsec preshared key") private String presharedKey; - @SerializedName("account") @Param(description="the account of the remote access vpn") + @SerializedName(ApiConstants.ACCOUNT) @Param(description="the account of the remote access vpn") private String accountName; + + @SerializedName(ApiConstants.PROJECT_ID) @Param(description="the project id of the vpn") + private Long projectId; + + @SerializedName(ApiConstants.PROJECT) @Param(description="the project name of the vpn") + private String projectName; - @SerializedName("domainid") @Param(description="the domain id of the account of the remote access vpn") + @SerializedName(ApiConstants.DOMAIN_ID) @Param(description="the domain id of the account of the remote access vpn") private long domainId; - @SerializedName("domainname") @Param(description="the domain name of the account of the remote access vpn") + @SerializedName(ApiConstants.DOMAIN) @Param(description="the domain name of the account of the remote access vpn") private String domainName; - @SerializedName("state") @Param(description="the state of the rule") + @SerializedName(ApiConstants.STATE) @Param(description="the state of the rule") private String state; - - public String getAccountName() { - return accountName; - } - - public String getPublicIp() { - return publicIp; - } public void setPublicIp(String publicIp) { this.publicIp = publicIp; } - public String getIpRange() { - return ipRange; - } - public void setIpRange(String ipRange) { this.ipRange = ipRange; } - public String getPresharedKey() { - return presharedKey; - } - public void setPresharedKey(String presharedKey) { this.presharedKey = presharedKey; } public void setAccountName(String accountName) { this.accountName = accountName; - } - public void setDomainId(long domainId) { + public void setDomainId(Long domainId) { this.domainId = domainId; - } public void setDomainName(String name) { this.domainName = name; } - public long getDomainId() { - return domainId; - } - - public String getDomainName() { - return domainName; - } - - public String getState() { - return state; - } - public void setState(String state) { this.state = state; } - public Long getPublicIpId() { - return publicIpId; - } - public void setPublicIpId(Long publicIpId) { this.publicIpId = publicIpId; } + + @Override + public void setProjectId(Long projectId) { + this.projectId = projectId; + } + + @Override + public void setProjectName(String projectName) { + this.projectName = projectName; + } } diff --git a/api/src/com/cloud/api/response/SecurityGroupResponse.java b/api/src/com/cloud/api/response/SecurityGroupResponse.java index b4d67466a64..1c162f2e61f 100644 --- a/api/src/com/cloud/api/response/SecurityGroupResponse.java +++ b/api/src/com/cloud/api/response/SecurityGroupResponse.java @@ -23,29 +23,36 @@ import com.cloud.api.ApiConstants; import com.cloud.serializer.Param; import com.google.gson.annotations.SerializedName; -public class SecurityGroupResponse extends BaseResponse { - @SerializedName("id") @Param(description="the ID of the security group") +@SuppressWarnings("unused") +public class SecurityGroupResponse extends BaseResponse implements ControlledEntityResponse{ + @SerializedName(ApiConstants.ID) @Param(description="the ID of the security group") private Long id; - @SerializedName("name") @Param(description="the name of the security group") + @SerializedName(ApiConstants.NAME) @Param(description="the name of the security group") private String name; - @SerializedName("description") @Param(description="the description of the security group") + @SerializedName(ApiConstants.DESCRIPTION) @Param(description="the description of the security group") private String description; - @SerializedName("account") @Param(description="the account owning the security group") + @SerializedName(ApiConstants.ACCOUNT) @Param(description="the account owning the security group") private String accountName; + + @SerializedName(ApiConstants.PROJECT_ID) @Param(description="the project id of the group") + private Long projectId; + + @SerializedName(ApiConstants.PROJECT) @Param(description="the project name of the group") + private String projectName; - @SerializedName("domainid") @Param(description="the domain ID of the security group") + @SerializedName(ApiConstants.DOMAIN_ID) @Param(description="the domain ID of the security group") private Long domainId; - @SerializedName("domain") @Param(description="the domain name of the security group") + @SerializedName(ApiConstants.DOMAIN) @Param(description="the domain name of the security group") private String domainName; @SerializedName(ApiConstants.JOB_ID) @Param(description="shows the current pending asynchronous job ID. This tag is not returned if no current pending jobs are acting on the volume") private Long jobId; - @SerializedName("jobstatus") @Param(description="shows the current pending asynchronous job status") + @SerializedName(ApiConstants.JOB_STATUS) @Param(description="shows the current pending asynchronous job status") private Integer jobStatus; @SerializedName("ingressrule") @Param(description="the list of ingress rules associated with the security group", responseObject = IngressRuleResponse.class) @@ -53,63 +60,35 @@ public class SecurityGroupResponse extends BaseResponse { @SerializedName("egressrule") @Param(description="the list of ingress rules associated with the security group", responseObject = EgressRuleResponse.class) private List egressRules; - - public Long getId() { - return id; - } public void setId(Long id) { this.id = id; } - - public String getName() { - return name; + + public Long getId() { + return id; } public void setName(String name) { this.name = name; } - public String getDescription() { - return description; - } - public void setDescription(String description) { this.description = description; } - public String getAccountName() { - return accountName; - } - public void setAccountName(String accountName) { this.accountName = accountName; } - public Long getDomainId() { - return domainId; - } - public void setDomainId(Long domainId) { this.domainId = domainId; } - public String getDomainName() { - return domainName; - } - public void setDomainName(String domainName) { this.domainName = domainName; } - public List getIngressRules() { - return ingressRules; - } - - public List getEgressRules() { - return egressRules; - } - public void setIngressRules(List ingressRules) { this.ingressRules = ingressRules; } @@ -167,4 +146,14 @@ public class SecurityGroupResponse extends BaseResponse { return false; return true; } + + @Override + public void setProjectId(Long projectId) { + this.projectId = projectId; + } + + @Override + public void setProjectName(String projectName) { + this.projectName = projectName; + } } diff --git a/api/src/com/cloud/api/response/SnapshotResponse.java b/api/src/com/cloud/api/response/SnapshotResponse.java index 1dfa29a569c..1dab2e43be2 100644 --- a/api/src/com/cloud/api/response/SnapshotResponse.java +++ b/api/src/com/cloud/api/response/SnapshotResponse.java @@ -24,32 +24,39 @@ import com.cloud.serializer.Param; import com.cloud.storage.Snapshot; import com.google.gson.annotations.SerializedName; -public class SnapshotResponse extends BaseResponse { - @SerializedName("id") +@SuppressWarnings("unused") +public class SnapshotResponse extends BaseResponse implements ControlledEntityResponse { + @SerializedName(ApiConstants.ID) @Param(description = "ID of the snapshot") private Long id; - @SerializedName("account") + @SerializedName(ApiConstants.ACCOUNT) @Param(description = "the account associated with the snapshot") private String accountName; - @SerializedName("domainid") + @SerializedName(ApiConstants.DOMAIN_ID) @Param(description = "the domain ID of the snapshot's account") private Long domainId; - - @SerializedName("domain") + + @SerializedName(ApiConstants.DOMAIN) @Param(description = "the domain name of the snapshot's account") private String domainName; + + @SerializedName(ApiConstants.PROJECT_ID) @Param(description="the project id of the snapshot") + private Long projectId; + + @SerializedName(ApiConstants.PROJECT) @Param(description="the project name of the snapshot") + private String projectName; - @SerializedName("snapshottype") + @SerializedName(ApiConstants.SNAPSHOT_TYPE) @Param(description = "the type of the snapshot") private String snapshotType; - @SerializedName("volumeid") + @SerializedName(ApiConstants.VOLUME_ID) @Param(description = "ID of the disk volume") private Long volumeId; - @SerializedName("volumename") + @SerializedName(ApiConstants.VOLUME_NAME) @Param(description = "name of the disk volume") private String volumeName; @@ -57,23 +64,23 @@ public class SnapshotResponse extends BaseResponse { @Param(description = "type of the disk volume") private String volumeType; - @SerializedName("created") + @SerializedName(ApiConstants.CREATED) @Param(description = " the date the snapshot was created") private Date created; - @SerializedName("name") + @SerializedName(ApiConstants.NAME) @Param(description = "name of the snapshot") private String name; - @SerializedName("jobid") + @SerializedName(ApiConstants.JOB_ID) @Param(description = "the job ID associated with the snapshot. This is only displayed if the snapshot listed is part of a currently running asynchronous job.") private Long jobId; - @SerializedName("jobstatus") + @SerializedName(ApiConstants.JOB_STATUS) @Param(description = "the job status associated with the snapshot. This is only displayed if the snapshot listed is part of a currently running asynchronous job.") private Integer jobStatus; - @SerializedName("intervaltype") + @SerializedName(ApiConstants.INTERVAL_TYPE) @Param(description = "valid types are hourly, daily, weekly, monthy, template, and none.") private String intervalType; @@ -85,8 +92,8 @@ public class SnapshotResponse extends BaseResponse { public Long getObjectId() { return getId(); } - - public Long getId() { + + private Long getId() { return id; } @@ -110,58 +117,30 @@ public class SnapshotResponse extends BaseResponse { this.domainId = domainId; } - public String getDomainName() { - return domainName; - } - public void setDomainName(String domainName) { this.domainName = domainName; } - public String getSnapshotType() { - return snapshotType; - } - public void setSnapshotType(String snapshotType) { this.snapshotType = snapshotType; } - public Long getVolumeId() { - return volumeId; - } - public void setVolumeId(Long volumeId) { this.volumeId = volumeId; } - public String getVolumeName() { - return volumeName; - } - public void setVolumeName(String volumeName) { this.volumeName = volumeName; } - public String getVolumeType() { - return volumeType; - } - public void setVolumeType(String volumeType) { this.volumeType = volumeType; } - public Date getCreated() { - return created; - } - public void setCreated(Date created) { this.created = created; } - public String getName() { - return name; - } - public void setName(String name) { this.name = name; } @@ -186,19 +165,21 @@ public class SnapshotResponse extends BaseResponse { this.jobStatus = jobStatus; } - public String getIntervalType() { - return intervalType; - } - public void setIntervalType(String intervalType) { this.intervalType = intervalType; } - public Snapshot.Status getState() { - return state; - } - public void setState(Snapshot.Status state) { this.state = state; } + + @Override + public void setProjectId(Long projectId) { + this.projectId = projectId; + } + + @Override + public void setProjectName(String projectName) { + this.projectName = projectName; + } } diff --git a/api/src/com/cloud/api/response/TemplatePermissionsResponse.java b/api/src/com/cloud/api/response/TemplatePermissionsResponse.java index 9c69a4c3415..a859e9a181e 100644 --- a/api/src/com/cloud/api/response/TemplatePermissionsResponse.java +++ b/api/src/com/cloud/api/response/TemplatePermissionsResponse.java @@ -19,51 +19,45 @@ package com.cloud.api.response; import java.util.List; +import com.cloud.api.ApiConstants; import com.cloud.serializer.Param; import com.google.gson.annotations.SerializedName; +@SuppressWarnings("unused") public class TemplatePermissionsResponse extends BaseResponse { - @SerializedName("id") @Param(description="the template ID") + @SerializedName(ApiConstants.ID) @Param(description="the template ID") private Long id; - @SerializedName("ispublic") @Param(description="true if this template is a public template, false otherwise") + @SerializedName(ApiConstants.IS_PUBLIC) @Param(description="true if this template is a public template, false otherwise") private Boolean publicTemplate; - @SerializedName("domainid") @Param(description="the ID of the domain to which the template belongs") + @SerializedName(ApiConstants.DOMAIN_ID) @Param(description="the ID of the domain to which the template belongs") private Long domainId; - @SerializedName("account") @Param(description="the list of accounts the template is available for") + @SerializedName(ApiConstants.ACCOUNT) @Param(description="the list of accounts the template is available for") private List accountNames; - - public Long getId() { - return id; - } + + @SerializedName(ApiConstants.PROJECT_IDS) @Param(description="the list of projects the template is available for") + private List projectIds; + public void setId(Long id) { this.id = id; } - public Boolean getPublicTemplate() { - return publicTemplate; - } - public void setPublicTemplate(Boolean publicTemplate) { this.publicTemplate = publicTemplate; } - public Long getDomainId() { - return domainId; - } - public void setDomainId(Long domainId) { this.domainId = domainId; } - public List getAccountNames() { - return accountNames; - } - public void setAccountNames(List accountNames) { this.accountNames = accountNames; } + + public void setProjectIds(List projectIds) { + this.projectIds = projectIds; + } } diff --git a/api/src/com/cloud/api/response/TemplateResponse.java b/api/src/com/cloud/api/response/TemplateResponse.java index 29e07557b7a..1171faace5b 100755 --- a/api/src/com/cloud/api/response/TemplateResponse.java +++ b/api/src/com/cloud/api/response/TemplateResponse.java @@ -24,91 +24,92 @@ import com.cloud.serializer.Param; import com.cloud.storage.Storage.ImageFormat; import com.google.gson.annotations.SerializedName; -public class TemplateResponse extends BaseResponse { - @SerializedName("id") @Param(description="the template ID") +@SuppressWarnings("unused") +public class TemplateResponse extends BaseResponse implements ControlledEntityResponse { + @SerializedName(ApiConstants.ID) @Param(description="the template ID") private long id; - @SerializedName("name") @Param(description="the template name") + @SerializedName(ApiConstants.NAME) @Param(description="the template name") private String name; - @SerializedName("displaytext") @Param(description="the template display text") + @SerializedName(ApiConstants.DISPLAY_TEXT) @Param(description="the template display text") private String displayText; - @SerializedName("ispublic") // propName="public" (FIXME: this used to be part of Param annotation, do we need it?) + @SerializedName(ApiConstants.IS_PUBLIC) // propName="public" (FIXME: this used to be part of Param annotation, do we need it?) @Param(description="true if this template is a public template, false otherwise") private boolean isPublic; - @SerializedName("created") @Param(description="the date this template was created") + @SerializedName(ApiConstants.CREATED) @Param(description="the date this template was created") private Date created; @SerializedName("removed") @Param(description="the date this template was removed") private Date removed; - @SerializedName("isready") // propName="ready" (FIXME: this used to be part of Param annotation, do we need it?) + @SerializedName(ApiConstants.IS_READY) // propName="ready" (FIXME: this used to be part of Param annotation, do we need it?) @Param(description="true if the template is ready to be deployed from, false otherwise.") private boolean isReady; - @SerializedName("passwordenabled") @Param(description="true if the reset password feature is enabled, false otherwise") + @SerializedName(ApiConstants.PASSWORD_ENABLED) @Param(description="true if the reset password feature is enabled, false otherwise") private Boolean passwordEnabled; - @SerializedName("format") @Param(description="the format of the template.") + @SerializedName(ApiConstants.FORMAT) @Param(description="the format of the template.") private ImageFormat format; - @SerializedName("bootable") @Param(description="true if the ISO is bootable, false otherwise") + @SerializedName(ApiConstants.BOOTABLE) @Param(description="true if the ISO is bootable, false otherwise") private Boolean bootable; - @SerializedName("isfeatured") @Param(description="true if this template is a featured template, false otherwise") + @SerializedName(ApiConstants.IS_FEATURED) @Param(description="true if this template is a featured template, false otherwise") private boolean featured; @SerializedName("crossZones") @Param(description="true if the template is managed across all Zones, false otherwise") private boolean crossZones; - @SerializedName("ostypeid") @Param(description="the ID of the OS type for this template.") + @SerializedName(ApiConstants.OS_TYPE_ID) @Param(description="the ID of the OS type for this template.") private Long osTypeId; @SerializedName("ostypename") @Param(description="the name of the OS type for this template.") private String osTypeName; - @SerializedName("accountid") @Param(description="the account id to which the template belongs") + @SerializedName(ApiConstants.ACCOUNT_ID) @Param(description="the account id to which the template belongs") private Long accountId; - @SerializedName("account") @Param(description="the account name to which the template belongs") + @SerializedName(ApiConstants.ACCOUNT) @Param(description="the account name to which the template belongs") private String account; - @SerializedName("zoneid") @Param(description="the ID of the zone for this template") + @SerializedName(ApiConstants.ZONE_ID) @Param(description="the ID of the zone for this template") private Long zoneId; @SerializedName("zonename") @Param(description="the name of the zone for this template") private String zoneName; - @SerializedName("status") @Param(description="the status of the template") + @SerializedName(ApiConstants.STATUS) @Param(description="the status of the template") private String status; - @SerializedName("size") @Param(description="the size of the template") + @SerializedName(ApiConstants.SIZE) @Param(description="the size of the template") private Long size; @SerializedName("templatetype") @Param(description="the type of the template") private String templateType; - @SerializedName("hypervisor") @Param(description="the hypervisor on which the template runs") + @SerializedName(ApiConstants.HYPERVISOR) @Param(description="the hypervisor on which the template runs") private String hypervisor; - @SerializedName("jobid") @Param(description="shows the current pending asynchronous job ID. This tag is not returned if no current pending jobs are acting on the template") + @SerializedName(ApiConstants.JOB_ID) @Param(description="shows the current pending asynchronous job ID. This tag is not returned if no current pending jobs are acting on the template") private Long jobId; - @SerializedName("jobstatus") @Param(description="shows the current pending asynchronous job status") + @SerializedName(ApiConstants.JOB_STATUS) @Param(description="shows the current pending asynchronous job status") private Integer jobStatus; - @SerializedName("domain") @Param(description="the name of the domain to which the template belongs") + @SerializedName(ApiConstants.DOMAIN) @Param(description="the name of the domain to which the template belongs") private String domainName; - @SerializedName("domainid") @Param(description="the ID of the domain to which the template belongs") + @SerializedName(ApiConstants.DOMAIN_ID) @Param(description="the ID of the domain to which the template belongs") private Long domainId; - @SerializedName("isextractable") @Param(description="true if the template is extractable, false otherwise") + @SerializedName(ApiConstants.IS_EXTRACTABLE) @Param(description="true if the template is extractable, false otherwise") private Boolean extractable; - @SerializedName("checksum") @Param(description="checksum of the template") + @SerializedName(ApiConstants.CHECKSUM) @Param(description="checksum of the template") private String checksum; @SerializedName("sourcetemplateid") @Param(description="the template ID of the parent template if present") @@ -120,274 +121,169 @@ public class TemplateResponse extends BaseResponse { @SerializedName("hostname") @Param(description="the name of the secondary storage host for the template") private String hostName; - @SerializedName("templatetag") @Param(description="the tag of this template") + @SerializedName(ApiConstants.TEMPLATE_TAG) @Param(description="the tag of this template") private String templateTag; + + @SerializedName(ApiConstants.PROJECT_ID) @Param(description="the project id of the template") + private Long projectId; + + @SerializedName(ApiConstants.PROJECT) @Param(description="the project name of the template") + private String projectName; @Override public Long getObjectId() { return getId(); } - - public Long getZoneId() { - return zoneId; + + public Long getId() { + return id; } public void setZoneId(Long zoneId) { this.zoneId = zoneId; } - public String getZoneName() { - return zoneName; - } - public void setZoneName(String zoneName) { this.zoneName = zoneName; } - public Long getAccountId() { - return accountId; - } - public void setAccountId(Long accountId) { this.accountId = accountId; } - public String getAccount() { - return account; - } - - public void setAccount(String account) { + public void setAccountName(String account) { this.account = account; } - public Long getOsTypeId() { - return osTypeId; - } - public void setOsTypeId(Long osTypeId) { this.osTypeId = osTypeId; } - public String getOsTypeName() { - return osTypeName; - } - public void setOsTypeName(String osTypeName) { this.osTypeName = osTypeName; } - public long getId() { - return id; - } - public void setId(long id) { this.id = id; } - public String getName() { - return name; - } - public void setName(String name) { this.name = name; } - public String getDisplayText() { - return displayText; - } - public void setDisplayText(String displayText) { this.displayText = displayText; } - public boolean isPublic() { - return isPublic; - } - public void setPublic(boolean isPublic) { this.isPublic = isPublic; } - public Date getCreated() { - return created; - } - public void setCreated(Date created) { this.created = created; } - public Date getRemoved() { - return removed; - } - public void setRemoved(Date removed) { this.removed = removed; } - public boolean isReady() { - return isReady; - } - public void setReady(boolean isReady) { this.isReady = isReady; } - public boolean isPasswordEnabled() { - return passwordEnabled; - } - public void setPasswordEnabled(boolean passwordEnabled) { this.passwordEnabled = passwordEnabled; } - public ImageFormat getFormat() { - return format; - } - public void setFormat(ImageFormat format) { this.format = format; } - public Boolean isBootable() { - return bootable; - } - public void setBootable(Boolean bootable) { this.bootable = bootable; } - public boolean isFeatured() { - return featured; - } - public void setFeatured(boolean featured) { this.featured = featured; } - public boolean isCrossZones() { - return crossZones; - } - public void setCrossZones(boolean crossZones) { this.crossZones = crossZones; } - public String getStatus() { - return status; - } - public void setStatus(String status) { this.status = status; } - public Long getSize() { - return size; - } - public void setSize(Long size) { this.size = size; } - public String getTemplateType() { - return templateType; - } - public void setTemplateType(String templateType) { this.templateType = templateType; } - public String getHypervisor() { - return hypervisor; - } - public void setHypervisor(String hypervisor) { this.hypervisor = hypervisor; } - - public Long getJobId() { return jobId; } - - public void setJobId(Long jobId) { this.jobId = jobId; } - - public Integer getJobStatus() { return jobStatus; } - public void setJobStatus(Integer jobStatus) { this.jobStatus = jobStatus; } - - public long getDomainId() { - return domainId; - } - - public String getDomainName(){ - return domainName; - } - + + @Override public void setDomainName(String domainName) { this.domainName = domainName; } - public void setDomainId(long domainId) { + @Override + public void setDomainId(Long domainId) { this.domainId = domainId; } - public Boolean isExtractable() { - return extractable; - } - public void setExtractable(Boolean extractable) { this.extractable = extractable; } - public String getChecksum() { - return checksum; - } - public void setChecksum(String checksum) { this.checksum = checksum; } - public Long getSourceTemplateId() { - return sourcetemplateId; - } - public void setSourceTemplateId(Long sourcetemplateId) { this.sourcetemplateId = sourcetemplateId; } - public Long getHostId() { - return hostId; - } - public void setHostId(Long hostId) { this.hostId = hostId; } - public String getHostName() { - return hostName; - } - public void setHostName(String hostName) { this.hostName = hostName; } - public String getTemplateTag() { - return templateTag; - } - public void setTemplateTag(String templateTag) { this.templateTag = templateTag; - } + } + + @Override + public void setProjectId(Long projectId) { + this.projectId = projectId; + } + + @Override + public void setProjectName(String projectName) { + this.projectName = projectName; + } } diff --git a/api/src/com/cloud/api/response/VolumeResponse.java b/api/src/com/cloud/api/response/VolumeResponse.java index 7faee11826b..5d117f65151 100755 --- a/api/src/com/cloud/api/response/VolumeResponse.java +++ b/api/src/com/cloud/api/response/VolumeResponse.java @@ -23,7 +23,8 @@ import com.cloud.api.ApiConstants; import com.cloud.serializer.Param; import com.google.gson.annotations.SerializedName; -public class VolumeResponse extends BaseResponse { +@SuppressWarnings("unused") +public class VolumeResponse extends BaseResponse implements ControlledEntityResponse{ @SerializedName(ApiConstants.ID) @Param(description = "ID of the disk volume") private Long id; @@ -32,7 +33,7 @@ public class VolumeResponse extends BaseResponse { @Param(description = "shows the current pending asynchronous job ID. This tag is not returned if no current pending jobs are acting on the volume") private Long jobId; - @SerializedName("jobstatus") + @SerializedName(ApiConstants.JOB_STATUS) @Param(description = "shows the current pending asynchronous job status") private Integer jobStatus; @@ -87,6 +88,12 @@ public class VolumeResponse extends BaseResponse { @SerializedName(ApiConstants.ACCOUNT) @Param(description = "the account associated with the disk volume") private String accountName; + + @SerializedName(ApiConstants.PROJECT_ID) @Param(description="the project id of the vpn") + private Long projectId; + + @SerializedName(ApiConstants.PROJECT) @Param(description="the project name of the vpn") + private String projectName; @SerializedName(ApiConstants.DOMAIN_ID) @Param(description = "the ID of the domain associated with the disk volume") @@ -189,219 +196,121 @@ public class VolumeResponse extends BaseResponse { this.id = id; } - public String getName() { - return name; - } - public void setName(String name) { this.name = name; } - public Long getZoneId() { - return zoneId; - } - public void setZoneId(Long zoneId) { this.zoneId = zoneId; } - - public String getZoneName() { - return zoneName; - } - + public void setZoneName(String zoneName) { this.zoneName = zoneName; } - public String getVolumeType() { - return volumeType; - } - public void setVolumeType(String volumeType) { this.volumeType = volumeType; } - public Long getDeviceId() { - return deviceId; - } - public void setDeviceId(Long deviceId) { this.deviceId = deviceId; } - public Long getVirtualMachineId() { - return virtualMachineId; - } - public void setVirtualMachineId(Long virtualMachineId) { this.virtualMachineId = virtualMachineId; } - public String getVirtualMachineName() { - return virtualMachineName; - } - public void setVirtualMachineName(String virtualMachineName) { this.virtualMachineName = virtualMachineName; } - public String getVirtualMachineDisplayName() { - return virtualMachineDisplayName; - } - public void setVirtualMachineDisplayName(String virtualMachineDisplayName) { this.virtualMachineDisplayName = virtualMachineDisplayName; } - public String getVirtualMachineState() { - return virtualMachineState; - } - public void setVirtualMachineState(String virtualMachineState) { this.virtualMachineState = virtualMachineState; } - public Long getSize() { - return size; - } - public void setSize(Long size) { this.size = size; } - public Date getCreated() { - return created; - } - public void setCreated(Date created) { this.created = created; } - public String getAccountName() { - return accountName; - } - public void setAccountName(String accountName) { this.accountName = accountName; } - public Long getDomainId() { - return domainId; - } - public void setDomainId(Long domainId) { this.domainId = domainId; } - - public String getDomainName() { - return domainName; - } - + public void setDomainName(String domainName) { this.domainName = domainName; } - public String getStorageType() { - return storageType; - } - public void setStorageType(String storageType) { this.storageType = storageType; } - public String getHypervisor() { - return hypervisor; - } - public void setHypervisor(String hypervisor) { this.hypervisor = hypervisor; } - public Long getDiskOfferingId() { - return diskOfferingId; - } - public void setDiskOfferingId(Long diskOfferingId) { this.diskOfferingId = diskOfferingId; } - public String getDiskOfferingName() { - return diskOfferingName; - } - public void setDiskOfferingName(String diskOfferingName) { this.diskOfferingName = diskOfferingName; } - public String getDiskOfferingDisplayText() { - return diskOfferingDisplayText; - } - public void setDiskOfferingDisplayText(String diskOfferingDisplayText) { this.diskOfferingDisplayText = diskOfferingDisplayText; } - public String getStoragePoolName() { - return storagePoolName; - } - public void setStoragePoolName(String storagePoolName) { this.storagePoolName = storagePoolName; } - public Long getSnapshotId() { - return snapshotId; - } - public void setSnapshotId(Long snapshotId) { this.snapshotId = snapshotId; } - public Date getAttached() { - return attached; - } - public void setAttached(Date attached) { this.attached = attached; } - public Long getServiceOfferingId() { - return serviceOfferingId; - } - public void setServiceOfferingId(Long serviceOfferingId) { this.serviceOfferingId = serviceOfferingId; } - public String getServiceOfferingName() { - return serviceOfferingName; - } - public void setServiceOfferingName(String serviceOfferingName) { this.serviceOfferingName = serviceOfferingName; } - public String getServiceOfferingDisplayText() { - return serviceOfferingDisplayText; - } - public void setServiceOfferingDisplayText(String serviceOfferingDisplayText) { this.serviceOfferingDisplayText = serviceOfferingDisplayText; } - public Boolean getExtractable() { - return extractable; - } - public void setExtractable(Boolean extractable) { this.extractable = extractable; } - public String getState() { - return state; - } - public void setState(String state) { this.state = state; } + + @Override + public void setProjectId(Long projectId) { + this.projectId = projectId; + } + + @Override + public void setProjectName(String projectName) { + this.projectName = projectName; + } } diff --git a/api/src/com/cloud/api/response/VpnUsersResponse.java b/api/src/com/cloud/api/response/VpnUsersResponse.java index 516b064bbda..0754bbabbf7 100644 --- a/api/src/com/cloud/api/response/VpnUsersResponse.java +++ b/api/src/com/cloud/api/response/VpnUsersResponse.java @@ -17,64 +17,62 @@ */ package com.cloud.api.response; +import com.cloud.api.ApiConstants; import com.cloud.serializer.Param; import com.google.gson.annotations.SerializedName; -public class VpnUsersResponse extends BaseResponse { - @SerializedName("id") @Param(description="the vpn userID") +@SuppressWarnings("unused") +public class VpnUsersResponse extends BaseResponse implements ControlledEntityResponse{ + @SerializedName(ApiConstants.ID) @Param(description="the vpn userID") private Long id; - @SerializedName("username") @Param(description="the username of the vpn user") + @SerializedName(ApiConstants.USERNAME) @Param(description="the username of the vpn user") private String userName; - @SerializedName("account") @Param(description="the account of the remote access vpn") + @SerializedName(ApiConstants.ACCOUNT) @Param(description="the account of the remote access vpn") private String accountName; - @SerializedName("domainid") @Param(description="the domain id of the account of the remote access vpn") + @SerializedName(ApiConstants.DOMAIN_ID) @Param(description="the domain id of the account of the remote access vpn") private long domainId; - @SerializedName("domainname") @Param(description="the domain name of the account of the remote access vpn") + @SerializedName(ApiConstants.DOMAIN) @Param(description="the domain name of the account of the remote access vpn") private String domainName; - public String getAccountName() { - return accountName; - } - - public Long getId() { - return id; - } + @SerializedName(ApiConstants.PROJECT_ID) @Param(description="the project id of the vpn") + private Long projectId; + + @SerializedName(ApiConstants.PROJECT) @Param(description="the project name of the vpn") + private String projectName; + public void setId(Long id) { this.id = id; } - - public String getUserName() { - return userName; - } - + public void setUserName(String name) { this.userName = name; } public void setAccountName(String accountName) { this.accountName = accountName; - } - public void setDomainId(long domainId) { + public void setDomainId(Long domainId) { this.domainId = domainId; - } public void setDomainName(String name) { this.domainName = name; } + + @Override + public void setProjectId(Long projectId) { + this.projectId = projectId; + } - public long getDomainId() { - return domainId; - } + @Override + public void setProjectName(String projectName) { + this.projectName = projectName; + } - public String getDomainName() { - return domainName; - } } diff --git a/api/src/com/cloud/domain/Domain.java b/api/src/com/cloud/domain/Domain.java index 7f891b6b405..fc27974f374 100644 --- a/api/src/com/cloud/domain/Domain.java +++ b/api/src/com/cloud/domain/Domain.java @@ -30,10 +30,6 @@ import com.cloud.user.OwnedBy; */ public interface Domain extends OwnedBy { public static final long ROOT_DOMAIN = 1L; - public enum Type { - Normal, - Project, - } enum State {Active, Inactive}; @@ -64,6 +60,4 @@ public interface Domain extends OwnedBy { void setState(State state); String getNetworkDomain(); - - Type getType(); } diff --git a/api/src/com/cloud/network/NetworkService.java b/api/src/com/cloud/network/NetworkService.java index 6aa92538861..2d21f52af65 100644 --- a/api/src/com/cloud/network/NetworkService.java +++ b/api/src/com/cloud/network/NetworkService.java @@ -22,7 +22,6 @@ import java.util.Map; import com.cloud.api.commands.AssociateIPAddrCmd; import com.cloud.api.commands.CreateNetworkCmd; -import com.cloud.api.commands.DisassociateIPAddrCmd; import com.cloud.api.commands.ListNetworksCmd; import com.cloud.api.commands.RestartNetworkCmd; import com.cloud.exception.ConcurrentOperationException; @@ -38,7 +37,7 @@ import com.cloud.user.Account; public interface NetworkService { - List getVirtualNetworksOwnedByAccountInZone(String accountName, long domainId, long zoneId); + List getVirtualNetworksOwnedByAccountInZone(long zoneId, Account owner); List listNetworkOfferings(); @@ -55,7 +54,7 @@ public interface NetworkService { */ IpAddress associateIP(AssociateIPAddrCmd cmd) throws ResourceAllocationException, InsufficientAddressCapacityException, ConcurrentOperationException, ResourceUnavailableException; - boolean disassociateIpAddress(DisassociateIPAddrCmd cmd); + boolean disassociateIpAddress(long ipAddressId); Network createNetwork(CreateNetworkCmd cmd) throws InsufficientCapacityException, ConcurrentOperationException; diff --git a/api/src/com/cloud/network/VirtualNetworkApplianceService.java b/api/src/com/cloud/network/VirtualNetworkApplianceService.java index 28947e12e07..581ae727ddf 100644 --- a/api/src/com/cloud/network/VirtualNetworkApplianceService.java +++ b/api/src/com/cloud/network/VirtualNetworkApplianceService.java @@ -17,7 +17,6 @@ */ package com.cloud.network; -import com.cloud.api.commands.StartRouterCmd; import com.cloud.api.commands.UpgradeRouterCmd; import com.cloud.exception.ConcurrentOperationException; import com.cloud.exception.InsufficientCapacityException; @@ -51,7 +50,7 @@ public interface VirtualNetworkApplianceService{ */ VirtualRouter stopRouter(long routerId, boolean forced) throws ResourceUnavailableException, ConcurrentOperationException; - VirtualRouter startRouter(StartRouterCmd cmd) throws ResourceUnavailableException, InsufficientCapacityException, ConcurrentOperationException; + VirtualRouter startRouter(long id) throws ResourceUnavailableException, InsufficientCapacityException, ConcurrentOperationException; VirtualRouter destroyRouter(long routerId) throws ResourceUnavailableException, ConcurrentOperationException; } diff --git a/api/src/com/cloud/network/rules/RulesService.java b/api/src/com/cloud/network/rules/RulesService.java index 61e912ae5e0..2a5af3987f1 100644 --- a/api/src/com/cloud/network/rules/RulesService.java +++ b/api/src/com/cloud/network/rules/RulesService.java @@ -25,7 +25,7 @@ import com.cloud.exception.ResourceUnavailableException; import com.cloud.user.Account; public interface RulesService { - List searchStaticNatRules(Long ipId, Long id, Long vmId, Long start, Long size, String accountName, Long domainId); + List searchStaticNatRules(Long ipId, Long id, Long vmId, Long start, Long size, String accountName, Long domainId, Long projectId); /** * Creates a port forwarding rule between two ip addresses or between diff --git a/api/src/com/cloud/projects/Project.java b/api/src/com/cloud/projects/Project.java index 6b8c62aef9b..cf253730271 100644 --- a/api/src/com/cloud/projects/Project.java +++ b/api/src/com/cloud/projects/Project.java @@ -38,8 +38,6 @@ public interface Project extends PartOf{ long getProjectAccountId(); - long getProjectDomainId(); - State getState(); void setState(State state); diff --git a/api/src/com/cloud/projects/ProjectAccount.java b/api/src/com/cloud/projects/ProjectAccount.java index 11918dcc331..6e30948b187 100644 --- a/api/src/com/cloud/projects/ProjectAccount.java +++ b/api/src/com/cloud/projects/ProjectAccount.java @@ -11,6 +11,4 @@ public interface ProjectAccount { Role getAccountRole(); long getProjectAccountId(); - - long getProjectDomainId(); } diff --git a/api/src/com/cloud/projects/ProjectService.java b/api/src/com/cloud/projects/ProjectService.java index c46ca0b0271..950d5fd6375 100644 --- a/api/src/com/cloud/projects/ProjectService.java +++ b/api/src/com/cloud/projects/ProjectService.java @@ -44,8 +44,6 @@ public interface ProjectService { boolean unassignAccountFromProject(long projectId, long accountId); - Project findByProjectDomainId(long projectDomainId); - Project findByProjectAccountId(long projectAccountId); Project findByNameAndDomainId(String name, long domainId); diff --git a/api/src/com/cloud/server/ManagementService.java b/api/src/com/cloud/server/ManagementService.java index 9e4e3be653e..96848d11321 100755 --- a/api/src/com/cloud/server/ManagementService.java +++ b/api/src/com/cloud/server/ManagementService.java @@ -29,7 +29,6 @@ import com.cloud.api.commands.CreateSSHKeyPairCmd; import com.cloud.api.commands.DeleteSSHKeyPairCmd; import com.cloud.api.commands.DestroySystemVmCmd; import com.cloud.api.commands.ExtractVolumeCmd; -import com.cloud.api.commands.GetCloudIdentifierCmd; import com.cloud.api.commands.GetVMPasswordCmd; import com.cloud.api.commands.ListAccountsCmd; import com.cloud.api.commands.ListAlertsCmd; @@ -351,7 +350,7 @@ public interface ManagementService { * -- id for the user * @return -- ArrayList of */ - ArrayList getCloudIdentifierResponse(GetCloudIdentifierCmd cmd); + ArrayList getCloudIdentifierResponse(long userId); boolean updateTemplatePermissions(UpdateTemplatePermissionsCmd cmd); diff --git a/api/src/com/cloud/storage/StorageService.java b/api/src/com/cloud/storage/StorageService.java index 82714d5518d..95658af1238 100644 --- a/api/src/com/cloud/storage/StorageService.java +++ b/api/src/com/cloud/storage/StorageService.java @@ -23,7 +23,6 @@ import com.cloud.api.commands.CancelPrimaryStorageMaintenanceCmd; import com.cloud.api.commands.CreateStoragePoolCmd; import com.cloud.api.commands.CreateVolumeCmd; import com.cloud.api.commands.DeletePoolCmd; -import com.cloud.api.commands.DeleteVolumeCmd; import com.cloud.api.commands.PreparePrimaryStorageForMaintenanceCmd; import com.cloud.api.commands.UpdateStoragePoolCmd; import com.cloud.exception.ConcurrentOperationException; @@ -67,7 +66,7 @@ public interface StorageService { */ Volume createVolume(CreateVolumeCmd cmd); - boolean deleteVolume(DeleteVolumeCmd cmd) throws ConcurrentOperationException; + boolean deleteVolume(long volumeId) throws ConcurrentOperationException; /** * Delete the storage pool diff --git a/api/src/com/cloud/storage/snapshot/SnapshotService.java b/api/src/com/cloud/storage/snapshot/SnapshotService.java index c72f1ac358c..371396c5498 100644 --- a/api/src/com/cloud/storage/snapshot/SnapshotService.java +++ b/api/src/com/cloud/storage/snapshot/SnapshotService.java @@ -20,7 +20,6 @@ package com.cloud.storage.snapshot; import java.util.List; import com.cloud.api.commands.CreateSnapshotPolicyCmd; -import com.cloud.api.commands.DeleteSnapshotCmd; import com.cloud.api.commands.DeleteSnapshotPoliciesCmd; import com.cloud.api.commands.ListRecurringSnapshotScheduleCmd; import com.cloud.api.commands.ListSnapshotPoliciesCmd; @@ -44,8 +43,9 @@ public interface SnapshotService { /** * Delete specified snapshot from the specified. If no other policies are assigned it calls destroy snapshot. This will be * used for manual snapshots too. + * @param snapshotId TODO */ - boolean deleteSnapshot(DeleteSnapshotCmd cmd); + boolean deleteSnapshot(long snapshotId); /** * Creates a policy with specified schedule. maxSnaps specifies the number of most recent snapshots that are to be retained. diff --git a/api/src/com/cloud/template/TemplateService.java b/api/src/com/cloud/template/TemplateService.java index 61206c28ad2..70d0517469f 100755 --- a/api/src/com/cloud/template/TemplateService.java +++ b/api/src/com/cloud/template/TemplateService.java @@ -19,14 +19,11 @@ package com.cloud.template; import java.net.URISyntaxException; -import com.cloud.api.commands.AttachIsoCmd; import com.cloud.api.commands.CopyTemplateCmd; import com.cloud.api.commands.DeleteIsoCmd; import com.cloud.api.commands.DeleteTemplateCmd; -import com.cloud.api.commands.DetachIsoCmd; import com.cloud.api.commands.ExtractIsoCmd; import com.cloud.api.commands.ExtractTemplateCmd; -import com.cloud.api.commands.PrepareTemplateCmd; import com.cloud.api.commands.RegisterIsoCmd; import com.cloud.api.commands.RegisterTemplateCmd; import com.cloud.exception.InternalErrorException; @@ -41,11 +38,11 @@ public interface TemplateService { VirtualMachineTemplate copyTemplate(CopyTemplateCmd cmd) throws StorageUnavailableException, ResourceAllocationException; - VirtualMachineTemplate prepareTemplate(PrepareTemplateCmd cmd) ; + VirtualMachineTemplate prepareTemplate(long templateId, long zoneId) ; - boolean detachIso(DetachIsoCmd cmd); + boolean detachIso(long vmId); - boolean attachIso(AttachIsoCmd cmd); + boolean attachIso(long isoId, long vmId); /** * Deletes a template diff --git a/api/src/com/cloud/user/AccountService.java b/api/src/com/cloud/user/AccountService.java index 372d2fe86e1..7f1ab9678cb 100644 --- a/api/src/com/cloud/user/AccountService.java +++ b/api/src/com/cloud/user/AccountService.java @@ -17,6 +17,8 @@ */ package com.cloud.user; +import java.util.List; + import com.cloud.api.commands.DeleteUserCmd; import com.cloud.api.commands.RegisterCmd; import com.cloud.api.commands.UpdateAccountCmd; @@ -134,9 +136,9 @@ public interface AccountService { boolean isAdmin(short accountType); - Account finalizeOwner(Account caller, String accountName, Long domainId); + Account finalizeOwner(Account caller, String accountName, Long domainId, Long projectId); - Pair finalizeAccountDomainForList(Account caller, String accountName, Long domainId); + Pair,Long> finalizeAccountDomainForList(Account caller, String accountName, Long domainId, Long projectId); Account getActiveAccountByName(String accountName, Long domainId); diff --git a/api/src/com/cloud/user/ResourceLimitService.java b/api/src/com/cloud/user/ResourceLimitService.java index 7758a2ddb33..542e3f0300b 100644 --- a/api/src/com/cloud/user/ResourceLimitService.java +++ b/api/src/com/cloud/user/ResourceLimitService.java @@ -19,7 +19,6 @@ package com.cloud.user; import java.util.List; -import com.cloud.api.commands.UpdateResourceCountCmd; import com.cloud.configuration.Resource.ResourceType; import com.cloud.configuration.ResourceCount; import com.cloud.configuration.ResourceLimit; @@ -41,12 +40,12 @@ public interface ResourceLimitService { /** * Updates an existing resource count details for the account/domain - * - * @param cmd - * the command that wraps the domainId, accountId, resource type parameters + * @param accountId TODO + * @param domainId TODO + * @param typeId TODO * @return the updated/created resource counts */ - List recalculateResourceCount(UpdateResourceCountCmd cmd); + List recalculateResourceCount(Long accountId, Long domainId, Integer typeId); /** * Search for resource limits for the given id and/or account and/or type and/or domain. diff --git a/server/src/com/cloud/acl/DomainChecker.java b/server/src/com/cloud/acl/DomainChecker.java index 84b9273816d..38341df939a 100755 --- a/server/src/com/cloud/acl/DomainChecker.java +++ b/server/src/com/cloud/acl/DomainChecker.java @@ -53,30 +53,12 @@ public class DomainChecker extends AdapterBase implements SecurityChecker { } @Override - public boolean checkAccess(Account caller, Domain domain, AccessType accessType) throws PermissionDeniedException { + public boolean checkAccess(Account caller, Domain domain) throws PermissionDeniedException { if (caller.getState() != Account.State.enabled) { throw new PermissionDeniedException(caller + " is disabled."); } long domainId = domain.getId(); - if (domain.getType() == Domain.Type.Project) { - - if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) { - if (accessType != null && accessType == AccessType.ModifyProject) { - if (!_projectMgr.canModifyProjectDomain(caller, domainId)) { - throw new PermissionDeniedException(caller + " does not have permission to operate within " + domain); - } - } else if (!_projectMgr.canAccessDomain(caller, domainId)){ - throw new PermissionDeniedException(caller + " does not have permission to operate within " + domain); - } - return true; - } - - //need to check the domain the project belongs to - Project project = _projectMgr.findByProjectDomainId(domainId); - domainId = project.getDomainId(); - } - if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) { if (caller.getDomainId() != domainId) { throw new PermissionDeniedException(caller + " does not have permission to operate within " + domain); @@ -94,7 +76,7 @@ public class DomainChecker extends AdapterBase implements SecurityChecker { throw new PermissionDeniedException(user + " is no longer active."); } Account account = _accountDao.findById(user.getAccountId()); - return checkAccess(account, domain, null); + return checkAccess(account, domain); } @Override @@ -135,7 +117,7 @@ public class DomainChecker extends AdapterBase implements SecurityChecker { if (!_projectMgr.canModifyProjectAccount(caller, account.getId())) { throw new PermissionDeniedException(caller + " does not have permission to operate with resource " + entity); } - } else if (!_projectMgr.canAccessAccount(caller, account.getId())){ + } else if (!_projectMgr.canAccessProjectAccount(caller, account.getId())){ throw new PermissionDeniedException(caller + " does not have permission to operate with resource " + entity); } } else { diff --git a/server/src/com/cloud/api/ApiDBUtils.java b/server/src/com/cloud/api/ApiDBUtils.java index a2de8a4b91b..047b7380f25 100755 --- a/server/src/com/cloud/api/ApiDBUtils.java +++ b/server/src/com/cloud/api/ApiDBUtils.java @@ -637,10 +637,6 @@ public class ApiDBUtils { return _projectMgr.getProjectOwner(projectId); } - public static Project findProjectByProjectDomainId(long projectDomainId) { - return _projectMgr.findByProjectDomainId(projectDomainId); - } - public static Project findProjectByProjectAccountId(long projectAccountId) { return _projectMgr.findByProjectAccountId(projectAccountId); } diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java index c9eff204e58..c4d460ef91c 100755 --- a/server/src/com/cloud/api/ApiResponseHelper.java +++ b/server/src/com/cloud/api/ApiResponseHelper.java @@ -464,13 +464,8 @@ public class ApiResponseHelper implements ResponseGenerator { public SnapshotResponse createSnapshotResponse(Snapshot snapshot) { SnapshotResponse snapshotResponse = new SnapshotResponse(); snapshotResponse.setId(snapshot.getId()); - - Account acct = ApiDBUtils.findAccountById(Long.valueOf(snapshot.getAccountId())); - if (acct != null) { - snapshotResponse.setAccountName(acct.getAccountName()); - snapshotResponse.setDomainId(acct.getDomainId()); - snapshotResponse.setDomainName(ApiDBUtils.findDomainById(acct.getDomainId()).getName()); - } + + populateOwner(snapshotResponse, snapshot); VolumeVO volume = findVolumeById(snapshot.getVolumeId()); String snapshotTypeStr = snapshot.getType().name(); @@ -660,12 +655,7 @@ public class ApiResponseHelper implements ResponseGenerator { ipResponse.setSourceNat(ipAddress.isSourceNat()); // get account information - Account accountTemp = ApiDBUtils.findAccountById(ipAddress.getAllocatedToAccountId()); - if (accountTemp != null) { - ipResponse.setAccountName(accountTemp.getAccountName()); - ipResponse.setDomainId(accountTemp.getDomainId()); - ipResponse.setDomainName(ApiDBUtils.findDomainById(accountTemp.getDomainId()).getName()); - } + populateOwner(ipResponse, ipAddress); ipResponse.setForVirtualNetwork(forVirtualNetworks); ipResponse.setStaticNat(ipAddress.isOneToOneNat()); @@ -730,14 +720,7 @@ public class ApiResponseHelper implements ResponseGenerator { stateToSet = "Deleting"; } lbResponse.setState(stateToSet); - - Account accountTemp = ApiDBUtils.findAccountById(loadBalancer.getAccountId()); - if (accountTemp != null) { - lbResponse.setAccountName(accountTemp.getAccountName()); - lbResponse.setDomainId(accountTemp.getDomainId()); - lbResponse.setDomainName(ApiDBUtils.findDomainById(accountTemp.getDomainId()).getName()); - } - + populateOwner(lbResponse, loadBalancer); lbResponse.setZoneId(publicIp.getDataCenterId()); lbResponse.setObjectName("loadbalancer"); @@ -878,12 +861,7 @@ public class ApiResponseHelper implements ResponseGenerator { volResponse.setCreated(volume.getCreated()); volResponse.setState(volume.getState().toString()); - Account accountTemp = ApiDBUtils.findAccountById(volume.getAccountId()); - if (accountTemp != null) { - volResponse.setAccountName(accountTemp.getAccountName()); - volResponse.setDomainId(accountTemp.getDomainId()); - volResponse.setDomainName(ApiDBUtils.findDomainById(accountTemp.getDomainId()).getName()); - } + populateOwner(volResponse, volume); String storageType; try { @@ -941,13 +919,9 @@ public class ApiResponseHelper implements ResponseGenerator { groupResponse.setId(group.getId()); groupResponse.setName(group.getName()); groupResponse.setCreated(group.getCreated()); + + populateOwner(groupResponse, group); - Account accountTemp = ApiDBUtils.findAccountById(group.getAccountId()); - if (accountTemp != null) { - groupResponse.setAccountName(accountTemp.getAccountName()); - groupResponse.setDomainId(accountTemp.getDomainId()); - groupResponse.setDomainName(ApiDBUtils.findDomainById(accountTemp.getDomainId()).getName()); - } groupResponse.setObjectName("instancegroup"); return groupResponse; } @@ -977,7 +951,6 @@ public class ApiResponseHelper implements ResponseGenerator { } StorageStats stats = ApiDBUtils.getStoragePoolStatistics(pool.getId()); - Long capacity = pool.getCapacityBytes(); long allocatedSize = ApiDBUtils.getStorageCapacitybyPool(pool.getId(),Capacity.CAPACITY_TYPE_STORAGE_ALLOCATED); poolResponse.setDiskSizeTotal(pool.getCapacityBytes()); poolResponse.setDiskSizeAllocated(allocatedSize); @@ -1180,12 +1153,7 @@ public class ApiResponseHelper implements ResponseGenerator { routerResponse.setServiceOfferingId(offering.getId()); routerResponse.setServiceOfferingName(offering.getName()); - Account accountTemp = ApiDBUtils.findAccountById(router.getAccountId()); - if (accountTemp != null) { - routerResponse.setAccountName(accountTemp.getAccountName()); - routerResponse.setDomainId(accountTemp.getDomainId()); - routerResponse.setDomainName(ApiDBUtils.findDomainById(accountTemp.getDomainId()).getName()); - } + populateOwner(routerResponse, router); List nicProfiles = ApiDBUtils.getNics(router); for (NicProfile singleNicProfile : nicProfiles) { @@ -1328,12 +1296,7 @@ public class ApiResponseHelper implements ResponseGenerator { vpnResponse.setId(vpnUser.getId()); vpnResponse.setUserName(vpnUser.getUsername()); - Account accountTemp = ApiDBUtils.findAccountById(vpnUser.getAccountId()); - if (accountTemp != null) { - vpnResponse.setAccountName(accountTemp.getAccountName()); - vpnResponse.setDomainId(accountTemp.getDomainId()); - vpnResponse.setDomainName(ApiDBUtils.findDomainById(accountTemp.getDomainId()).getName()); - } + populateOwner(vpnResponse, vpnUser); vpnResponse.setObjectName("vpnuser"); return vpnResponse; @@ -1348,11 +1311,8 @@ public class ApiResponseHelper implements ResponseGenerator { vpnResponse.setPresharedKey(vpn.getIpsecPresharedKey()); vpnResponse.setDomainId(vpn.getDomainId()); - Account accountTemp = ApiDBUtils.findAccountById(vpn.getAccountId()); - if (accountTemp != null) { - vpnResponse.setAccountName(accountTemp.getAccountName()); - vpnResponse.setDomainName(ApiDBUtils.findDomainById(accountTemp.getDomainId()).getName()); - } + populateOwner(vpnResponse, vpn); + vpnResponse.setState(vpn.getState().toString()); vpnResponse.setObjectName("remoteaccessvpn"); @@ -1379,11 +1339,9 @@ public class ApiResponseHelper implements ResponseGenerator { // add account ID and name Account owner = ApiDBUtils.findAccountById(result.getAccountId()); - if (owner != null) { - response.setAccount(owner.getAccountName()); - response.setDomainId(owner.getDomainId()); - response.setDomainName(ApiDBUtils.findDomainById(owner.getDomainId()).getName()); - } + populateAccount(response, owner.getId()); + populateDomain(response, owner.getDomainId()); + response.setObjectName("iso"); return response; } @@ -1444,15 +1402,9 @@ public class ApiResponseHelper implements ResponseGenerator { templateResponse.setOsTypeName(""); } - // add account ID and name - Account owner = ApiDBUtils.findAccountById(template.getAccountId()); - if (owner != null) { - templateResponse.setAccount(owner.getAccountName()); - templateResponse.setDomainId(owner.getDomainId()); - templateResponse.setDomainName(ApiDBUtils.findDomainById(owner.getDomainId()).getName()); - } - - + Account account = ApiDBUtils.findAccountByIdIncludingRemoved(template.getAccountId()); + populateAccount(templateResponse, account.getId()); + populateDomain(templateResponse, account.getDomainId()); DataCenterVO datacenter = ApiDBUtils.findZoneById(zoneId); @@ -1460,14 +1412,14 @@ public class ApiResponseHelper implements ResponseGenerator { templateResponse.setZoneId(zoneId); templateResponse.setZoneName(datacenter.getName()); - Account account = UserContext.current().getCaller(); + Account caller = UserContext.current().getCaller(); boolean isAdmin = false; - if ((account == null) || BaseCmd.isAdmin(account.getType())) { + if ((caller == null) || BaseCmd.isAdmin(caller.getType())) { isAdmin = true; } // If the user is an Admin, add the template download status - if (isAdmin || account.getId() == template.getAccountId()) { + if (isAdmin || caller.getId() == template.getAccountId()) { // add download status if (templateHostRef.getDownloadState() != Status.DOWNLOADED) { String templateStatus = "Processing"; @@ -1525,7 +1477,7 @@ public class ApiResponseHelper implements ResponseGenerator { isoResponse.setPasswordEnabled(false); Account owner = ApiDBUtils.findAccountById(iso.getAccountId()); if (owner != null) { - isoResponse.setAccount(owner.getAccountName()); + isoResponse.setAccountName(owner.getAccountName()); isoResponse.setDomainId(owner.getDomainId()); isoResponse.setDomainName(ApiDBUtils.findDomainById(owner.getDomainId()).getName()); } @@ -1581,7 +1533,7 @@ public class ApiResponseHelper implements ResponseGenerator { // add account ID and name Account owner = ApiDBUtils.findAccountById(iso.getAccountId()); if (owner != null) { - isoResponse.setAccount(owner.getAccountName()); + isoResponse.setAccountName(owner.getAccountName()); isoResponse.setDomainId(owner.getDomainId()); // TODO: implement isoResponse.setDomainName(ApiDBUtils.findDomainById(owner.getDomainId()).getName()); @@ -1641,6 +1593,9 @@ public class ApiResponseHelper implements ResponseGenerator { netGrpResponse.setName(networkGroup.getName()); netGrpResponse.setDescription(networkGroup.getDescription()); netGrpResponse.setAccountName(networkGroup.getAccountName()); + + populateOwner(netGrpResponse, networkGroup); + netGrpResponse.setDomainId(networkGroup.getDomainId()); netGrpResponse.setDomainName(ApiDBUtils.findDomainById(networkGroup.getDomainId()).getName()); @@ -1960,9 +1915,9 @@ public class ApiResponseHelper implements ResponseGenerator { public TemplatePermissionsResponse createTemplatePermissionsResponse(List accountNames, Long id, boolean isAdmin) { Long templateOwnerDomain = null; VirtualMachineTemplate template = ApiDBUtils.findTemplateById(id); + Account templateOwner = ApiDBUtils.findAccountById(template.getAccountId()); if (isAdmin) { // FIXME: we have just template id and need to get template owner from that - Account templateOwner = ApiDBUtils.findAccountById(template.getAccountId()); if (templateOwner != null) { templateOwnerDomain = templateOwner.getDomainId(); } @@ -1974,8 +1929,29 @@ public class ApiResponseHelper implements ResponseGenerator { if (isAdmin && (templateOwnerDomain != null)) { response.setDomainId(templateOwnerDomain); } - - response.setAccountNames(accountNames); + + //Set accounts + List projectIds = new ArrayList(); + List regularAccounts = new ArrayList(); + for (String accountName : accountNames) { + Account account = ApiDBUtils.findAccountByNameDomain(accountName, templateOwner.getDomainId()); + if (account.getType() != Account.ACCOUNT_TYPE_PROJECT) { + regularAccounts.add(accountName); + } else { + //convert account to projectIds + Project project = ApiDBUtils.findProjectByProjectAccountId(account.getId()); + projectIds.add(project.getId()); + } + } + + if (!projectIds.isEmpty()) { + response.setProjectIds(projectIds); + } + + if (!regularAccounts.isEmpty()) { + response.setAccountNames(regularAccounts); + } + response.setObjectName("templatepermission"); return response; } @@ -2252,20 +2228,14 @@ public class ApiResponseHelper implements ResponseGenerator { } } response.setServices(serviceResponses); - - Account account = ApiDBUtils.findAccountById(network.getAccountId()); - if (account != null && !network.getIsShared()) { - response.setAccountName(account.getAccountName()); - Domain domain = ApiDBUtils.findDomainById(account.getDomainId()); - response.setDomainId(domain.getId()); - response.setDomain(domain.getName()); - } + + populateOwner(response, network); Long dedicatedDomainId = ApiDBUtils.getDedicatedNetworkDomain(network.getId()); if (dedicatedDomainId != null) { Domain domain = ApiDBUtils.findDomainById(dedicatedDomainId); response.setDomainId(dedicatedDomainId); - response.setDomain(domain.getName()); + response.setDomainName(domain.getName()); } response.setObjectName("network"); @@ -2486,11 +2456,6 @@ public class ApiResponseHelper implements ResponseGenerator { private void populateDomain(ControlledEntityResponse response, long domainId) { Domain domain = ApiDBUtils.findDomainById(domainId); - if (domain.getType() == Domain.Type.Project) { - Project project = ApiDBUtils.findProjectByProjectDomainId(domainId); - domain = ApiDBUtils.findDomainById(project.getDomainId()); - } - response.setDomainId(domain.getId()); response.setDomainName(domain.getName()); diff --git a/server/src/com/cloud/api/response/SecurityGroupResultObject.java b/server/src/com/cloud/api/response/SecurityGroupResultObject.java index 15050e492c1..454f8a2ffc2 100644 --- a/server/src/com/cloud/api/response/SecurityGroupResultObject.java +++ b/server/src/com/cloud/api/response/SecurityGroupResultObject.java @@ -23,13 +23,14 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import com.cloud.acl.ControlledEntity; import com.cloud.api.ApiDBUtils; import com.cloud.network.security.SecurityGroup; import com.cloud.network.security.SecurityGroupRules; import com.cloud.serializer.Param; import com.cloud.user.Account; -public class SecurityGroupResultObject { +public class SecurityGroupResultObject implements ControlledEntity{ @Param(name = "id") private Long id; @@ -40,10 +41,10 @@ public class SecurityGroupResultObject { private String description; @Param(name = "domainid") - private Long domainId; + private long domainId; @Param(name = "accountid") - private Long accountId; + private long accountId; @Param(name = "accountname") private String accountName = null; @@ -54,7 +55,7 @@ public class SecurityGroupResultObject { public SecurityGroupResultObject() { } - public SecurityGroupResultObject(Long id, String name, String description, Long domainId, Long accountId, String accountName, List ingressRules) { + public SecurityGroupResultObject(Long id, String name, String description, long domainId, long accountId, String accountName, List ingressRules) { this.id = id; this.name = name; this.description = description; @@ -88,7 +89,7 @@ public class SecurityGroupResultObject { this.description = description; } - public Long getDomainId() { + public long getDomainId() { return domainId; } @@ -96,7 +97,7 @@ public class SecurityGroupResultObject { this.domainId = domainId; } - public Long getAccountId() { + public long getAccountId() { return accountId; } diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java index 39032d47b63..8b9fb9a8f63 100755 --- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java +++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java @@ -2072,7 +2072,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura if (associateIpRangeToAccount) { _networkMgr.associateIpAddressListToAccount(userId, account.getId(), zoneId, vlan.getId(), network); if (network == null) { - List networks = _networkMgr.getVirtualNetworksOwnedByAccountInZone(account.getAccountName(), account.getDomainId(), zoneId); + List networks = _networkMgr.getVirtualNetworksOwnedByAccountInZone(zoneId, account); network = networks.get(0); } if (network == null) { diff --git a/server/src/com/cloud/domain/DomainVO.java b/server/src/com/cloud/domain/DomainVO.java index 7f00e5fabd9..05c0d4e4b21 100644 --- a/server/src/com/cloud/domain/DomainVO.java +++ b/server/src/com/cloud/domain/DomainVO.java @@ -22,8 +22,6 @@ import java.util.Date; import javax.persistence.Column; import javax.persistence.Entity; -import javax.persistence.EnumType; -import javax.persistence.Enumerated; import javax.persistence.GeneratedValue; import javax.persistence.GenerationType; import javax.persistence.Id; @@ -68,10 +66,6 @@ public class DomainVO implements Domain { @Column(name="network_domain") private String networkDomain; - - @Column(name="type") - @Enumerated(value=EnumType.STRING) - private Domain.Type type = Domain.Type.Normal; public DomainVO() {} @@ -89,14 +83,6 @@ public class DomainVO implements Domain { this.state = Domain.State.Active; this.networkDomain = networkDomain; - } - - public DomainVO(String name, long owner, Long parentId, String networkDomain, Domain.Type type) { - this(name, owner, parentId, networkDomain); - - if (type != null) { - this.type = type; - } } @Override @@ -200,11 +186,6 @@ public class DomainVO implements Domain { public void setNetworkDomain(String domainSuffix) { this.networkDomain = domainSuffix; - } - - @Override - public Domain.Type getType() { - return type; } } diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index 33d6f31c49b..f0c1a1af16e 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -44,7 +44,6 @@ import com.cloud.agent.api.to.NicTO; import com.cloud.alert.AlertManager; import com.cloud.api.commands.AssociateIPAddrCmd; import com.cloud.api.commands.CreateNetworkCmd; -import com.cloud.api.commands.DisassociateIPAddrCmd; import com.cloud.api.commands.ListNetworksCmd; import com.cloud.api.commands.RestartNetworkCmd; import com.cloud.capacity.dao.CapacityDao; @@ -115,6 +114,8 @@ import com.cloud.offering.NetworkOffering.Availability; import com.cloud.offerings.NetworkOfferingVO; import com.cloud.offerings.dao.NetworkOfferingDao; import com.cloud.org.Grouping; +import com.cloud.projects.Project; +import com.cloud.projects.ProjectManager; import com.cloud.user.Account; import com.cloud.user.AccountManager; import com.cloud.user.AccountVO; @@ -229,6 +230,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag ResourceLimitService _resourceLimitMgr; @Inject DomainRouterDao _routerDao; @Inject DomainManager _domainMgr; + @Inject ProjectManager _projectMgr; private final HashMap _systemNetworks = new HashMap(5); @@ -529,11 +531,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag } @Override - public List getVirtualNetworksOwnedByAccountInZone(String accountName, long domainId, long zoneId) { - Account owner = _accountMgr.getActiveAccountByName(accountName, domainId); - if (owner == null) { - throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId + ", permission denied"); - } + public List getVirtualNetworksOwnedByAccountInZone(long zoneId, Account owner) { return _networksDao.listBy(owner.getId(), zoneId, GuestIpType.Virtual); } @@ -1400,11 +1398,9 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag @Override @DB @ActionEvent(eventType = EventTypes.EVENT_NET_IP_RELEASE, eventDescription = "disassociating Ip", async = true) - public boolean disassociateIpAddress(DisassociateIPAddrCmd cmd) { - + public boolean disassociateIpAddress(long ipAddressId) { Long userId = UserContext.current().getCallerUserId(); Account caller = UserContext.current().getCaller(); - Long ipAddressId = cmd.getIpAddressId(); // Verify input parameters IPAddressVO ipVO = _ipAddressDao.findById(ipAddressId); @@ -1417,6 +1413,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag return true; } + //verify permissions if (ipVO.getAllocatedToAccountId() != null) { _accountMgr.checkAccess(caller, null, ipVO); } @@ -1569,7 +1566,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag Account owner = null; if (cmd.getAccountName() != null && cmd.getDomainId() != null) { - owner = _accountMgr.finalizeOwner(caller, cmd.getAccountName(), cmd.getDomainId()); + owner = _accountMgr.finalizeOwner(caller, cmd.getAccountName(), cmd.getDomainId(), cmd.getProjectId()); } else { owner = caller; } @@ -1837,7 +1834,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag Boolean isSystem = cmd.getIsSystem(); Boolean isShared = cmd.getIsShared(); Boolean isDefault = cmd.isDefault(); - Long accountId = null; + Long projectId = cmd.getProjectId(); + List permittedAccounts = new ArrayList(); String path = null; Long sharedNetworkDomainId = null; @@ -1866,14 +1864,29 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag } _accountMgr.checkAccess(caller, null, owner); - accountId = owner.getId(); + permittedAccounts.add(owner.getId()); } } if (!_accountMgr.isAdmin(caller.getType())) { - accountId = caller.getId(); + permittedAccounts.add(caller.getId()); } + //set project information + if (projectId != null) { + permittedAccounts.clear(); + Project project = _projectMgr.getProject(projectId); + if (project == null) { + throw new InvalidParameterValueException("Unable to find project by id " + projectId); + } + if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { + throw new InvalidParameterValueException("Account " + caller + " can't access project id=" + projectId); + } + permittedAccounts.add(project.getProjectAccountId()); + } else if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL){ + permittedAccounts.addAll(_projectMgr.listPermittedProjectAccounts(caller.getId())); + } + path = _domainDao.findById(caller.getDomainId()).getPath(); if ((isSystem == null || !isSystem) && (isShared == null || isShared)) { @@ -1923,8 +1936,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag } //if user requested only domain specific networks, don't return account/zone wide networks - if (accountId != null || (domainId == null && accountName == null)) { - networksToReturn.addAll(listAccountSpecificAndZoneLevelNetworks(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, type, isDefault, trafficType, isShared), searchFilter, accountId, path)); + if (!permittedAccounts.isEmpty() || (domainId == null && accountName == null && projectId == null)) { + networksToReturn.addAll(listAccountSpecificAndZoneLevelNetworks(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, type, isDefault, trafficType, isShared), searchFilter, path, permittedAccounts)); } return networksToReturn; @@ -1988,14 +2001,14 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag return _networksDao.search(sc, searchFilter); } - private List listAccountSpecificAndZoneLevelNetworks(SearchCriteria sc, Filter searchFilter, Long accountId, String path) { + private List listAccountSpecificAndZoneLevelNetworks(SearchCriteria sc, Filter searchFilter, String path, List permittedAccounts) { SearchCriteria ssc = _networksDao.createSearchCriteria(); //account level networks SearchCriteria accountSC = _networksDao.createSearchCriteria(); - if (accountId != null) { - accountSC.addAnd("accountId", SearchCriteria.Op.EQ, accountId); + if (!permittedAccounts.isEmpty()) { + accountSC.addAnd("accountId", SearchCriteria.Op.IN, permittedAccounts); } accountSC.addAnd("isShared", SearchCriteria.Op.EQ, false); @@ -2050,13 +2063,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag Account owner = _accountMgr.getAccount(network.getAccountId()); // Perform permission check - if (!_accountMgr.isAdmin(caller.getType())) { - if (network.getAccountId() != caller.getId()) { - throw new PermissionDeniedException("Account " + caller.getAccountName() + " does not own network id=" + networkId + ", permission denied"); - } - } else { - _accountMgr.checkAccess(caller, null, owner); - } + _accountMgr.checkAccess(caller, null, network); User callerUser = _accountMgr.getActiveUser(UserContext.current().getCallerUserId()); ReservationContext context = new ReservationContextImpl(null, null, callerUser, owner); @@ -2694,7 +2701,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag txn.start(); if (network == null) { - List networks = getVirtualNetworksOwnedByAccountInZone(owner.getAccountName(), owner.getDomainId(), zoneId); + List networks = getVirtualNetworksOwnedByAccountInZone(zoneId, owner); if (networks.size() == 0) { createNetwork = true; } else { @@ -2987,8 +2994,6 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag @Override public boolean isNetworkAvailableInDomain(long networkId, long domainId) { - - Long networkDomainId = null; Network network = getNetwork(networkId); if (!network.getIsShared()) { diff --git a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java index 317edc642e3..a17c4e4b7c7 100644 --- a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java +++ b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java @@ -191,8 +191,8 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma Long id = cmd.getId(); String path = null; - Pair accountDomainPair = _accountMgr.finalizeAccountDomainForList(caller, cmd.getAccountName(), cmd.getDomainId()); - String accountName = accountDomainPair.first(); + Pair, Long> accountDomainPair = _accountMgr.finalizeAccountDomainForList(caller, cmd.getAccountName(), cmd.getDomainId(), cmd.getProjectId()); + List permittedAccounts = accountDomainPair.first(); Long domainId = accountDomainPair.second(); if (ipId != null) { @@ -212,7 +212,7 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma SearchBuilder sb = _firewallDao.createSearchBuilder(); sb.and("id", sb.entity().getId(), Op.EQ); sb.and("ip", sb.entity().getSourceIpAddressId(), Op.EQ); - sb.and("accountId", sb.entity().getAccountId(), Op.EQ); + sb.and("accountId", sb.entity().getAccountId(), Op.IN); sb.and("domainId", sb.entity().getDomainId(), Op.EQ); sb.and("purpose", sb.entity().getPurpose(), Op.EQ); @@ -235,10 +235,10 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma if (domainId != null) { sc.setParameters("domainId", domainId); - if (accountName != null) { - Account account = _accountMgr.getActiveAccountByName(accountName, domainId); - sc.setParameters("accountId", account.getId()); - } + } + + if (!permittedAccounts.isEmpty()) { + sc.setParameters("accountId", permittedAccounts.toArray()); } sc.setParameters("purpose", Purpose.Firewall); @@ -449,7 +449,6 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma _accountMgr.checkAccess(caller, null, rule); - revokeRule(rule, caller, userId, false); boolean success = false; diff --git a/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java b/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java index b193694e254..d31734a5370 100755 --- a/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java +++ b/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java @@ -611,11 +611,19 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager, @Override @ActionEvent(eventType = EventTypes.EVENT_LOAD_BALANCER_UPDATE, eventDescription = "updating load balancer", async = true) public LoadBalancer updateLoadBalancerRule(UpdateLoadBalancerRuleCmd cmd) { + Account caller = UserContext.current().getCaller(); Long lbRuleId = cmd.getId(); String name = cmd.getLoadBalancerName(); String description = cmd.getDescription(); String algorithm = cmd.getAlgorithm(); LoadBalancerVO lb = _lbDao.findById(lbRuleId); + + if (lb == null) { + throw new InvalidParameterValueException("Unable to find lb rule by id=" + lbRuleId); + } + + //check permissions + _accountMgr.checkAccess(caller, null, lb); if (name != null) { lb.setName(name); @@ -703,8 +711,8 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager, Long zoneId = cmd.getZoneId(); String path = null; - Pair accountDomainPair = _accountMgr.finalizeAccountDomainForList(caller, cmd.getAccountName(), cmd.getDomainId()); - String accountName = accountDomainPair.first(); + Pair, Long> accountDomainPair = _accountMgr.finalizeAccountDomainForList(caller, cmd.getAccountName(), cmd.getDomainId(), cmd.getProjectId()); + List permittedAccounts = accountDomainPair.first(); Long domainId = accountDomainPair.second(); if (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN || caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) { @@ -723,7 +731,7 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager, sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ); sb.and("name", sb.entity().getName(), SearchCriteria.Op.LIKE); sb.and("sourceIpAddress", sb.entity().getSourceIpAddressId(), SearchCriteria.Op.EQ); - sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ); + sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.IN); sb.and("domainId", sb.entity().getDomainId(), SearchCriteria.Op.EQ); if (instanceId != null) { @@ -772,10 +780,10 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager, if (domainId != null) { sc.setParameters("domainId", domainId); - if (accountName != null) { - Account account = _accountMgr.getActiveAccountByName(accountName, domainId); - sc.setParameters("accountId", account.getId()); - } + } + + if (!permittedAccounts.isEmpty()) { + sc.setParameters("accountId", permittedAccounts.toArray()); } if (path != null) { diff --git a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java index 08612bef7b8..0d2011e5be7 100755 --- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java +++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java @@ -35,8 +35,8 @@ import javax.naming.ConfigurationException; import org.apache.log4j.Logger; import com.cloud.agent.AgentManager; -import com.cloud.agent.Listener; import com.cloud.agent.AgentManager.OnError; +import com.cloud.agent.Listener; import com.cloud.agent.api.AgentControlAnswer; import com.cloud.agent.api.AgentControlCommand; import com.cloud.agent.api.Answer; @@ -72,7 +72,6 @@ import com.cloud.agent.api.to.PortForwardingRuleTO; import com.cloud.agent.api.to.StaticNatRuleTO; import com.cloud.agent.manager.Commands; import com.cloud.alert.AlertManager; -import com.cloud.api.commands.StartRouterCmd; import com.cloud.api.commands.UpgradeRouterCmd; import com.cloud.async.AsyncJobManager; import com.cloud.capacity.dao.CapacityDao; @@ -107,7 +106,6 @@ import com.cloud.exception.InsufficientServerCapacityException; import com.cloud.exception.InsufficientVirtualNetworkCapcityException; import com.cloud.exception.InvalidParameterValueException; import com.cloud.exception.OperationTimedoutException; -import com.cloud.exception.PermissionDeniedException; import com.cloud.exception.ResourceUnavailableException; import com.cloud.exception.StorageUnavailableException; import com.cloud.host.HostVO; @@ -368,6 +366,9 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian if (router == null) { return null; } + + _accountMgr.checkAccess(context.getCaller(), null, router); + boolean result = _itMgr.expunge(router, user, _accountMgr.getAccount(router.getAccountId())); if (result) { @@ -381,16 +382,14 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian public VirtualRouter upgradeRouter(UpgradeRouterCmd cmd) { Long routerId = cmd.getId(); Long serviceOfferingId = cmd.getServiceOfferingId(); - Account account = UserContext.current().getCaller(); + Account caller = UserContext.current().getCaller(); DomainRouterVO router = _routerDao.findById(routerId); if (router == null) { throw new InvalidParameterValueException("Unable to find router with id " + routerId); } - if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), router.getDomainId())) { - throw new PermissionDeniedException("Invalid domain router id (" + routerId + ") given, unable to stop router."); - } + _accountMgr.checkAccess(caller, null, router); if (router.getServiceOfferingId() == serviceOfferingId) { s_logger.debug("Router: " + routerId + "already has service offering: " + serviceOfferingId); @@ -561,9 +560,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian throw new InvalidParameterValueException("Unable to find domain router with id " + routerId + "."); } - if ((caller != null) && !_domainDao.isChildDomain(caller.getDomainId(), router.getDomainId())) { - throw new PermissionDeniedException("Unable to reboot domain router with id " + routerId + ". Permission denied"); - } + _accountMgr.checkAccess(caller, null, router); // Can reboot domain router only in Running state if (router == null || router.getState() != State.Running) { @@ -2051,21 +2048,21 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian } @Override @ActionEvent(eventType = EventTypes.EVENT_ROUTER_START, eventDescription = "starting router Vm", async = true) - public VirtualRouter startRouter(StartRouterCmd cmd) throws ResourceUnavailableException, InsufficientCapacityException, ConcurrentOperationException{ - return startRouter(cmd.getId(), true); + public VirtualRouter startRouter(long id) throws ResourceUnavailableException, InsufficientCapacityException, ConcurrentOperationException{ + return startRouter(id, true); } @Override public VirtualRouter startRouter(long routerId, boolean restartNetwork) throws ResourceUnavailableException, InsufficientCapacityException, ConcurrentOperationException { - Account account = UserContext.current().getCaller(); - User caller = _accountMgr.getActiveUser(UserContext.current().getCallerUserId()); + Account caller = UserContext.current().getCaller(); + User callerUser = _accountMgr.getActiveUser(UserContext.current().getCallerUserId()); // verify parameters DomainRouterVO router = _routerDao.findById(routerId); if (router == null) { throw new InvalidParameterValueException("Unable to find router by id " + routerId + "."); } - _accountMgr.checkAccess(account, null, router); + _accountMgr.checkAccess(caller, null, router); Account owner = _accountMgr.getAccount(router.getAccountId()); @@ -2077,7 +2074,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian } DeployDestination dest = new DeployDestination(dc, pod, null, null); - ReservationContext context = new ReservationContextImpl(null, null, caller, owner); + ReservationContext context = new ReservationContextImpl(null, null, callerUser, owner); List nics = _nicDao.listByVmId(routerId); @@ -2095,7 +2092,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian } else { params.put(Param.RestartNetwork, false); } - return startVirtualRouter(router, user, account, params); + return startVirtualRouter(router, user, caller, params); } private void createAssociateIPCommands(final VirtualRouter router, final List ips, Commands cmds, long vmId) { diff --git a/server/src/com/cloud/network/rules/RulesManagerImpl.java b/server/src/com/cloud/network/rules/RulesManagerImpl.java index ca7c4e34d08..c358a184315 100755 --- a/server/src/com/cloud/network/rules/RulesManagerImpl.java +++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java @@ -145,7 +145,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { } if (rule.getAccountId() != userVm.getAccountId()) { - throw new InvalidParameterValueException("Rule id=" + rule.getId() + " and vm id=" + userVm.getId() + " belong to different accounts"); + throw new InvalidParameterValueException("New rule " + rule + " and vm id=" + userVm.getId() + " belong to different accounts"); } } @@ -537,8 +537,8 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { Long id = cmd.getId(); String path = null; - Pair accountDomainPair = _accountMgr.finalizeAccountDomainForList(caller, cmd.getAccountName(), cmd.getDomainId()); - String accountName = accountDomainPair.first(); + Pair, Long> accountDomainPair = _accountMgr.finalizeAccountDomainForList(caller, cmd.getAccountName(), cmd.getDomainId(), cmd.getProjectId()); + List permittedAccounts = accountDomainPair.first(); Long domainId = accountDomainPair.second(); if (ipId != null) { @@ -558,7 +558,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { SearchBuilder sb = _forwardingDao.createSearchBuilder(); sb.and("id", sb.entity().getId(), Op.EQ); sb.and("ip", sb.entity().getSourceIpAddressId(), Op.EQ); - sb.and("accountId", sb.entity().getAccountId(), Op.EQ); + sb.and("accountId", sb.entity().getAccountId(), Op.IN); sb.and("domainId", sb.entity().getDomainId(), Op.EQ); sb.and("purpose", sb.entity().getPurpose(), Op.EQ); @@ -581,10 +581,10 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { if (domainId != null) { sc.setParameters("domainId", domainId); - if (accountName != null) { - Account account = _accountMgr.getActiveAccountByName(accountName, domainId); - sc.setParameters("accountId", account.getId()); - } + } + + if (!permittedAccounts.isEmpty()) { + sc.setParameters("accountId", permittedAccounts.toArray()); } sc.setParameters("purpose", Purpose.PortForwarding); @@ -763,12 +763,12 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { } @Override - public List searchStaticNatRules(Long ipId, Long id, Long vmId, Long start, Long size, String accountName, Long domainId) { + public List searchStaticNatRules(Long ipId, Long id, Long vmId, Long start, Long size, String accountName, Long domainId, Long projectId) { Account caller = UserContext.current().getCaller(); String path = null; - Pair accountDomainPair = _accountMgr.finalizeAccountDomainForList(caller, accountName, domainId); - accountName = accountDomainPair.first(); + Pair, Long> accountDomainPair = _accountMgr.finalizeAccountDomainForList(caller, accountName, domainId, projectId); + List permittedAccounts = accountDomainPair.first(); domainId = accountDomainPair.second(); if (ipId != null) { @@ -787,7 +787,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { Filter filter = new Filter(PortForwardingRuleVO.class, "id", false, start, size); SearchBuilder sb = _firewallDao.createSearchBuilder(); sb.and("ip", sb.entity().getSourceIpAddressId(), Op.EQ); - sb.and("accountId", sb.entity().getAccountId(), Op.EQ); + sb.and("accountId", sb.entity().getAccountId(), Op.IN); sb.and("domainId", sb.entity().getDomainId(), Op.EQ); sb.and("purpose", sb.entity().getPurpose(), Op.EQ); sb.and("id", sb.entity().getId(), Op.EQ); @@ -817,10 +817,10 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { if (domainId != null) { sc.setParameters("domainId", domainId); - if (accountName != null) { - Account account = _accountMgr.getActiveAccountByName(accountName, domainId); - sc.setParameters("accountId", account.getId()); - } + } + + if (!permittedAccounts.isEmpty()) { + sc.setParameters("accountId", permittedAccounts.toArray()); } sc.setParameters("purpose", Purpose.StaticNat); diff --git a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java index 9983c5fd328..63516f0af63 100755 --- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java +++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java @@ -71,6 +71,8 @@ import com.cloud.network.security.dao.SecurityGroupRulesDao; import com.cloud.network.security.dao.SecurityGroupVMMapDao; import com.cloud.network.security.dao.SecurityGroupWorkDao; import com.cloud.network.security.dao.VmRulesetLogDao; +import com.cloud.projects.Project; +import com.cloud.projects.ProjectManager; import com.cloud.server.ManagementServer; import com.cloud.user.Account; import com.cloud.user.AccountManager; @@ -146,6 +148,8 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG AccountManager _accountMgr; @Inject DomainManager _domainMgr; + @Inject + ProjectManager _projectMgr; ScheduledExecutorService _executorPool; ScheduledExecutorService _cleanupExecutor; @@ -750,7 +754,7 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG public SecurityGroupVO createSecurityGroup(CreateSecurityGroupCmd cmd) throws PermissionDeniedException, InvalidParameterValueException { String name = cmd.getSecurityGroupName(); Account caller = UserContext.current().getCaller(); - Account owner = _accountMgr.finalizeOwner(caller, cmd.getAccountName(), cmd.getDomainId()); + Account owner = _accountMgr.finalizeOwner(caller, cmd.getAccountName(), cmd.getDomainId(), cmd.getProjectId()); if (_securityGroupDao.isNameInUse(owner.getId(), owner.getDomainId(), cmd.getSecurityGroupName())) { throw new InvalidParameterValueException("Unable to create security group, a group with name " + name + " already exisits."); @@ -1019,8 +1023,9 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG String accountName = cmd.getAccountName(); Long instanceId = cmd.getVirtualMachineId(); String securityGroup = cmd.getSecurityGroupName(); + Long projectId = cmd.getProjectId(); Long id = cmd.getId(); - Long accountId = null; + List permittedAccounts = new ArrayList(); if (instanceId != null) { UserVmVO userVM = _userVMDao.findById(instanceId); @@ -1044,13 +1049,28 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId); } _accountMgr.checkAccess(caller, null, account); - accountId = account.getId(); + permittedAccounts.add(account.getId()); } } } else { // regular user can see only his own security groups - accountId = caller.getId(); + permittedAccounts.add(caller.getId()); } + + //set project information + if (projectId != null) { + permittedAccounts.clear(); + Project project = _projectMgr.getProject(projectId); + if (project == null) { + throw new InvalidParameterValueException("Unable to find project by id " + projectId); + } + if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { + throw new InvalidParameterValueException("Account " + caller + " can't access project id=" + projectId); + } + permittedAccounts.add(project.getProjectAccountId()); + } else if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL){ + permittedAccounts.addAll(_projectMgr.listPermittedProjectAccounts(caller.getId())); + } List securityRulesList = new ArrayList(); Filter searchFilter = new Filter(SecurityGroupVO.class, "id", true, cmd.getStartIndex(), cmd.getPageSizeVal()); @@ -1058,12 +1078,12 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG SearchBuilder sb = _securityGroupDao.createSearchBuilder(); sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ); - sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ); + sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.IN); sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ); sb.and("domainId", sb.entity().getDomainId(), SearchCriteria.Op.EQ); // only do a recursive domain search if the search is not limited by account or instance - if ((accountId == null) && (instanceId == null) && (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)) { + if (permittedAccounts.isEmpty() && instanceId == null && caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) { SearchBuilder domainSearch = _domainDao.createSearchBuilder(); domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE); sb.join("domainSearch", domainSearch, sb.entity().getDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER); @@ -1079,12 +1099,12 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG sc.setParameters("name", securityGroup); } - if (accountId != null) { - sc.setParameters("accountId", accountId); + if (!permittedAccounts.isEmpty()) { + sc.setParameters("accountId", permittedAccounts.toArray()); } // only do a recursive domain search if the search is not limited by account or instance - if ((accountId == null) && (instanceId == null) && (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)) { + if (permittedAccounts.isEmpty() && instanceId == null && caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) { DomainVO domain = _domainDao.findById(caller.getDomainId()); sc.setJoinParameters("domainSearch", "path", domain.getPath() + "%"); } diff --git a/server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java b/server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java index 272865fa289..2fee27513d3 100755 --- a/server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java +++ b/server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java @@ -262,7 +262,6 @@ public class RemoteAccessVpnManagerImpl implements RemoteAccessVpnService, Manag } if (success) { - try { txn.start(); _remoteAccessVpnDao.remove(ipId); @@ -278,7 +277,6 @@ public class RemoteAccessVpnManagerImpl implements RemoteAccessVpnService, Manag s_logger.warn("Unable to release the three vpn ports from the firewall rules", ex); } } - } } } @@ -456,8 +454,8 @@ public class RemoteAccessVpnManagerImpl implements RemoteAccessVpnService, Manag String path = null; //Verify account information - Pair accountDomainPair = _accountMgr.finalizeAccountDomainForList(caller, cmd.getAccountName(), cmd.getDomainId()); - String accountName = accountDomainPair.first(); + Pair, Long> accountDomainPair = _accountMgr.finalizeAccountDomainForList(caller, cmd.getAccountName(), cmd.getDomainId(), null); + List permittedAccounts = accountDomainPair.first(); Long domainId = accountDomainPair.second(); @@ -473,7 +471,7 @@ public class RemoteAccessVpnManagerImpl implements RemoteAccessVpnService, Manag SearchBuilder sb = _vpnUsersDao.createSearchBuilder(); sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ); sb.and("username", sb.entity().getUsername(), SearchCriteria.Op.EQ); - sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ); + sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.IN); sb.and("domainId", sb.entity().getDomainId(), SearchCriteria.Op.EQ); sb.and("state", sb.entity().getState(), SearchCriteria.Op.EQ); @@ -499,10 +497,10 @@ public class RemoteAccessVpnManagerImpl implements RemoteAccessVpnService, Manag if (domainId != null) { sc.setParameters("domainId", domainId); - if (accountName != null) { - Account account = _accountMgr.getActiveAccountByName(accountName, domainId); - sc.setParameters("accountId", account.getId()); - } + } + + if (!permittedAccounts.isEmpty()) { + sc.setParameters("accountId", permittedAccounts.toArray()); } if (path != null) { @@ -518,8 +516,8 @@ public class RemoteAccessVpnManagerImpl implements RemoteAccessVpnService, Manag Account caller = UserContext.current().getCaller(); String path = null; - Pair accountDomainPair = _accountMgr.finalizeAccountDomainForList(caller, cmd.getAccountName(), cmd.getDomainId()); - String accountName = accountDomainPair.first(); + Pair, Long> accountDomainPair = _accountMgr.finalizeAccountDomainForList(caller, cmd.getAccountName(), cmd.getDomainId(), cmd.getProjectId()); + List permittedAccounts = accountDomainPair.first(); Long domainId = accountDomainPair.second(); if (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN || caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) { @@ -546,7 +544,7 @@ public class RemoteAccessVpnManagerImpl implements RemoteAccessVpnService, Manag Filter filter = new Filter(RemoteAccessVpnVO.class, "serverAddressId", false, cmd.getStartIndex(), cmd.getPageSizeVal()); SearchBuilder sb = _remoteAccessVpnDao.createSearchBuilder(); sb.and("serverAddressId", sb.entity().getServerAddressId(), Op.EQ); - sb.and("accountId", sb.entity().getAccountId(), Op.EQ); + sb.and("accountId", sb.entity().getAccountId(), Op.IN); sb.and("domainId", sb.entity().getDomainId(), Op.EQ); sb.and("state", sb.entity().getState(), Op.EQ); @@ -567,10 +565,10 @@ public class RemoteAccessVpnManagerImpl implements RemoteAccessVpnService, Manag if (domainId != null) { sc.setParameters("domainId", domainId); - if (accountName != null) { - Account account = _accountMgr.getActiveAccountByName(accountName, domainId); - sc.setParameters("accountId", account.getId()); - } + } + + if (!permittedAccounts.isEmpty()) { + sc.setParameters("accountId", permittedAccounts.toArray()); } if (path != null) { diff --git a/server/src/com/cloud/projects/ProjectAccountVO.java b/server/src/com/cloud/projects/ProjectAccountVO.java index c757025d10c..050b5d4ed5a 100644 --- a/server/src/com/cloud/projects/ProjectAccountVO.java +++ b/server/src/com/cloud/projects/ProjectAccountVO.java @@ -51,9 +51,6 @@ public class ProjectAccountVO implements ProjectAccount{ @Column(name="project_account_id") long projectAccountId; - @Column(name="project_domain_id") - long projectDomainId; - @Column(name=GenericDao.CREATED_COLUMN) private Date created; @@ -66,7 +63,6 @@ public class ProjectAccountVO implements ProjectAccount{ this.accountRole = accountRole; this.projectId = project.getId(); this.projectAccountId = project.getProjectAccountId(); - this.projectDomainId = project.getProjectDomainId(); } public long getId() { @@ -93,11 +89,6 @@ public class ProjectAccountVO implements ProjectAccount{ return projectAccountId; } - @Override - public long getProjectDomainId() { - return projectDomainId; - } - public void setAccountRole(Role accountRole) { this.accountRole = accountRole; } diff --git a/server/src/com/cloud/projects/ProjectManager.java b/server/src/com/cloud/projects/ProjectManager.java index 3966c8e900d..c12582ed1f0 100644 --- a/server/src/com/cloud/projects/ProjectManager.java +++ b/server/src/com/cloud/projects/ProjectManager.java @@ -5,14 +5,10 @@ import java.util.List; import com.cloud.user.Account; public interface ProjectManager extends ProjectService { - boolean canAccessAccount(Account caller, long accountId); - - boolean canAccessDomain(Account caller, long domainId); + boolean canAccessProjectAccount(Account caller, long accountId); boolean canModifyProjectAccount(Account caller, long accountId); - boolean canModifyProjectDomain(Account caller, long domainId); - boolean deleteAccountFromProject(long projectId, long accountId); List listPermittedProjectAccounts(long accountId); diff --git a/server/src/com/cloud/projects/ProjectManagerImpl.java b/server/src/com/cloud/projects/ProjectManagerImpl.java index cb0f9762a5e..3a2434462df 100644 --- a/server/src/com/cloud/projects/ProjectManagerImpl.java +++ b/server/src/com/cloud/projects/ProjectManagerImpl.java @@ -130,7 +130,7 @@ public class ProjectManagerImpl implements ProjectManager, Manager{ } if (accountName != null) { - owner = _accountMgr.finalizeOwner(caller, accountName, domainId); + owner = _accountMgr.finalizeOwner(caller, accountName, domainId, null); } //don't allow 2 projects with the same name inside the same domain @@ -144,19 +144,13 @@ public class ProjectManagerImpl implements ProjectManager, Manager{ Transaction txn = Transaction.currentTxn(); txn.start(); - //Create a domain associated with the project - StringBuilder dmnNm = new StringBuilder("PrjDmn-"); - dmnNm.append(name).append("-").append(owner.getDomainId()); - - Domain projectDomain = _domainMgr.createDomain(dmnNm.toString(), Domain.ROOT_DOMAIN, Account.ACCOUNT_ID_SYSTEM, null, Domain.Type.Project); - //Create an account associated with the project StringBuilder acctNm = new StringBuilder("PrjAcct-"); acctNm.append(name).append("-").append(owner.getDomainId()); - Account projectAccount = _accountMgr.createAccount(acctNm.toString(), Account.ACCOUNT_TYPE_PROJECT, projectDomain.getId(), null); + Account projectAccount = _accountMgr.createAccount(acctNm.toString(), Account.ACCOUNT_TYPE_PROJECT, domainId, null); - Project project = _projectDao.persist(new ProjectVO(name, displayText, owner.getDomainId(), projectAccount.getId(), projectDomain.getId())); + Project project = _projectDao.persist(new ProjectVO(name, displayText, owner.getDomainId(), projectAccount.getId())); //assign owner to the project assignAccountToProject(project, owner.getId(), ProjectAccount.Role.Owner); @@ -197,7 +191,7 @@ public class ProjectManagerImpl implements ProjectManager, Manager{ txn.commit(); if (updateResult) { - if (!cleanupProject(project)) { + if (!cleanupProject(project, null, null)) { s_logger.warn("Failed to cleanup project's id=" + projectId + " resources, not removing the project yet"); return false; } else { @@ -209,7 +203,7 @@ public class ProjectManagerImpl implements ProjectManager, Manager{ } } - private boolean cleanupProject(Project project) { + private boolean cleanupProject(Project project, AccountVO caller, Long callerUserId) { boolean result=true; //Unassign all users from the project @@ -223,9 +217,11 @@ public class ProjectManagerImpl implements ProjectManager, Manager{ s_logger.debug("Accounts are unassign successfully from project " + project + " as a part of project cleanup..."); } - //Delete project's domain - s_logger.debug("Deleting projects " + project + " internal domain id=" + project.getProjectDomainId() + " as a part of project cleanup..."); - result = result && _domainMgr.deleteDomain(_domainDao.findById(project.getProjectDomainId()), true); + //Delete project's account + AccountVO account = _accountDao.findById(project.getProjectAccountId()); + s_logger.debug("Deleting projects " + project + " internal account id=" + account.getId() + " as a part of project cleanup..."); + + result = result && _accountMgr.deleteAccount(account, callerUserId, caller); return result; } @@ -350,11 +346,6 @@ public class ProjectManagerImpl implements ProjectManager, Manager{ return _accountMgr.getAccount(accountId); } - @Override - public ProjectVO findByProjectDomainId(long projectDomainId) { - return _projectDao.findByProjectDomainId(projectDomainId); - } - @Override public ProjectVO findByProjectAccountId(long projectAccountId) { return _projectDao.findByProjectAccountId(projectAccountId); @@ -366,24 +357,31 @@ public class ProjectManagerImpl implements ProjectManager, Manager{ } @Override - public boolean canAccessAccount(Account caller, long accountId) { - return _projectAccountDao.canAccessAccount(caller.getId(), accountId); - } - - @Override - public boolean canAccessDomain(Account caller, long domainId) { - return _projectAccountDao.canAccessDomain(caller.getId(), domainId); + public boolean canAccessProjectAccount(Account caller, long accountId) { + //ROOT admin always can access the project + if (caller.getType() == Account.ACCOUNT_TYPE_ADMIN) { + return true; + } else if (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) { + Account owner = _accountMgr.getAccount(accountId); + _accountMgr.checkAccess(caller, _domainDao.findById(owner.getDomainId()), null); + return true; + } + + return _projectAccountDao.canAccessProjectAccount(caller.getId(), accountId); } public boolean canModifyProjectAccount(Account caller, long accountId) { + //ROOT admin always can access the project + if (caller.getType() == Account.ACCOUNT_TYPE_ADMIN) { + return true; + } else if (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) { + Account owner = _accountMgr.getAccount(accountId); + _accountMgr.checkAccess(caller, _domainDao.findById(owner.getDomainId()), null); + return true; + } return _projectAccountDao.canModifyProjectAccount(caller.getId(), accountId); } - @Override - public boolean canModifyProjectDomain(Account caller, long domainId) { - return _projectAccountDao.canModifyProjectDomain(caller.getId(), domainId); - } - @Override @DB @ActionEvent(eventType = EventTypes.EVENT_PROJECT_UPDATE, eventDescription = "updating project") public Project updateProject(long projectId, String displayText, String newOwnerName) { @@ -397,7 +395,7 @@ public class ProjectManagerImpl implements ProjectManager, Manager{ } //verify permissions - _accountMgr.checkAccess(caller, _domainDao.findById(project.getProjectDomainId()), AccessType.ModifyProject); + _accountMgr.checkAccess(caller, _domainDao.findById(project.getDomainId()), AccessType.ModifyProject); Transaction txn = Transaction.currentTxn(); txn.start(); @@ -457,7 +455,7 @@ public class ProjectManagerImpl implements ProjectManager, Manager{ } //verify permissions - _accountMgr.checkAccess(caller, _domainDao.findById(project.getProjectDomainId()), AccessType.ModifyProject); + _accountMgr.checkAccess(caller, _domainDao.findById(project.getDomainId()), AccessType.ModifyProject); //Check if the account already added to the project ProjectAccount projectAccount = _projectAccountDao.findByProjectIdAccountId(projectId, account.getId()); @@ -504,7 +502,7 @@ public class ProjectManagerImpl implements ProjectManager, Manager{ } //verify permissions - _accountMgr.checkAccess(caller, _domainDao.findById(project.getProjectDomainId()), AccessType.ModifyProject); + _accountMgr.checkAccess(caller, _domainDao.findById(project.getDomainId()), AccessType.ModifyProject); //Check if the account exists in the project ProjectAccount projectAccount = _projectAccountDao.findByProjectIdAccountId(projectId, account.getId()); @@ -533,7 +531,7 @@ public class ProjectManagerImpl implements ProjectManager, Manager{ } //verify permissions - _accountMgr.checkAccess(caller, _domainDao.findById(project.getProjectDomainId()), null); + _accountMgr.checkAccess(caller, _domainDao.findById(project.getDomainId()), null); Filter searchFilter = new Filter(ProjectAccountVO.class, "id", false, startIndex, pageSizeVal); SearchBuilder sb = _projectAccountDao.createSearchBuilder(); @@ -678,7 +676,7 @@ public class ProjectManagerImpl implements ProjectManager, Manager{ } //verify permissions - _accountMgr.checkAccess(caller, _domainDao.findById(project.getProjectDomainId()), AccessType.ModifyProject); + _accountMgr.checkAccess(caller, _domainDao.findById(project.getDomainId()), AccessType.ModifyProject); accountId = account.getId(); } else { accountId = caller.getId(); diff --git a/server/src/com/cloud/projects/ProjectVO.java b/server/src/com/cloud/projects/ProjectVO.java index e305bf0a0a4..ae5ea6e2b77 100644 --- a/server/src/com/cloud/projects/ProjectVO.java +++ b/server/src/com/cloud/projects/ProjectVO.java @@ -50,9 +50,6 @@ public class ProjectVO implements Project{ @Column(name="project_account_id") long projectAccountId; - @Column(name="project_domain_id") - long projectDomainId; - @Column(name=GenericDao.CREATED_COLUMN) private Date created; @@ -66,12 +63,11 @@ public class ProjectVO implements Project{ protected ProjectVO(){ } - public ProjectVO(String name, String displayText, long domainId, long projectAccountId, long projectDomainId) { + public ProjectVO(String name, String displayText, long domainId, long projectAccountId) { this.name = name; this.displayText = displayText; this.projectAccountId = projectAccountId; this.domainId = domainId; - this.projectDomainId = projectDomainId; this.state = State.Inactive; } @@ -135,11 +131,6 @@ public class ProjectVO implements Project{ return projectAccountId; } - @Override - public long getProjectDomainId() { - return projectDomainId; - } - public void setName(String name) { this.name = name; } diff --git a/server/src/com/cloud/projects/dao/ProjectAccountDao.java b/server/src/com/cloud/projects/dao/ProjectAccountDao.java index e7d446955ab..97606174c06 100644 --- a/server/src/com/cloud/projects/dao/ProjectAccountDao.java +++ b/server/src/com/cloud/projects/dao/ProjectAccountDao.java @@ -27,12 +27,9 @@ public interface ProjectAccountDao extends GenericDao{ List listByProjectId(long projectId); ProjectAccountVO findByProjectIdAccountId(long projectId, long accountId); - boolean canAccessAccount(long accountId, long projectAccountId); - - boolean canAccessDomain(long accountId, long projectDomainId); + boolean canAccessProjectAccount(long accountId, long projectAccountId); boolean canModifyProjectAccount(long accountId, long projectAccountId); - boolean canModifyProjectDomain(long accountId, long projectDomainId); List listPermittedAccountIds(long accountId); } diff --git a/server/src/com/cloud/projects/dao/ProjectAccountDaoImpl.java b/server/src/com/cloud/projects/dao/ProjectAccountDaoImpl.java index 2ff9f7513fa..827beebdc45 100644 --- a/server/src/com/cloud/projects/dao/ProjectAccountDaoImpl.java +++ b/server/src/com/cloud/projects/dao/ProjectAccountDaoImpl.java @@ -41,7 +41,6 @@ public class ProjectAccountDaoImpl extends GenericDaoBase sc = AllFieldsSearch.create(); sc.setParameters("accountId", accountId); sc.setParameters("projectAccountId", projectAccountId); @@ -83,19 +82,6 @@ public class ProjectAccountDaoImpl extends GenericDaoBase sc = AllFieldsSearch.create(); - sc.setParameters("accountId", accountId); - sc.setParameters("projectDomainId", projectDomainId); - - if (findOneBy(sc) != null) { - return true; - } else { - return false; - } - } @Override public boolean canModifyProjectAccount(long accountId, long projectAccountId) { @@ -111,20 +97,6 @@ public class ProjectAccountDaoImpl extends GenericDaoBase sc = AllFieldsSearch.create(); - sc.setParameters("accountId", accountId); - sc.setParameters("projectDomainId", projectDomainId); - sc.setParameters("role", ProjectAccount.Role.Owner); - - if (findOneBy(sc) != null) { - return true; - } else { - return false; - } - } - @Override public List listPermittedAccountIds(long accountId) { List permittedAccounts = new ArrayList(); diff --git a/server/src/com/cloud/projects/dao/ProjectDao.java b/server/src/com/cloud/projects/dao/ProjectDao.java index f658f46320a..53a397a054e 100644 --- a/server/src/com/cloud/projects/dao/ProjectDao.java +++ b/server/src/com/cloud/projects/dao/ProjectDao.java @@ -26,8 +26,6 @@ public interface ProjectDao extends GenericDao{ Long countProjectsForDomain(long domainId); - ProjectVO findByProjectDomainId(long projectDomainId); - ProjectVO findByProjectAccountId(long projectAccountId); } diff --git a/server/src/com/cloud/projects/dao/ProjectDaoImpl.java b/server/src/com/cloud/projects/dao/ProjectDaoImpl.java index 0c90b48386b..4c307fd5292 100644 --- a/server/src/com/cloud/projects/dao/ProjectDaoImpl.java +++ b/server/src/com/cloud/projects/dao/ProjectDaoImpl.java @@ -23,7 +23,6 @@ public class ProjectDaoImpl extends GenericDaoBase implements P AllFieldsSearch = createSearchBuilder(); AllFieldsSearch.and("name", AllFieldsSearch.entity().getName(), SearchCriteria.Op.EQ); AllFieldsSearch.and("domainId", AllFieldsSearch.entity().getDomainId(), SearchCriteria.Op.EQ); - AllFieldsSearch.and("projectDomainId", AllFieldsSearch.entity().getProjectDomainId(), SearchCriteria.Op.EQ); AllFieldsSearch.and("projectAccountId", AllFieldsSearch.entity().getProjectAccountId(), SearchCriteria.Op.EQ); AllFieldsSearch.done(); @@ -69,14 +68,6 @@ public class ProjectDaoImpl extends GenericDaoBase implements P return customSearch(sc, null).get(0); } - @Override - public ProjectVO findByProjectDomainId(long projectDomainId) { - SearchCriteria sc = AllFieldsSearch.create(); - sc.setParameters("projectDomainId", projectDomainId); - - return findOneBy(sc); - } - @Override public ProjectVO findByProjectAccountId(long projectAccountId) { SearchCriteria sc = AllFieldsSearch.create(); diff --git a/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java b/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java index 0b6aac56245..85851eb1e4c 100644 --- a/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java +++ b/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java @@ -29,7 +29,6 @@ import org.apache.log4j.Logger; import com.cloud.acl.SecurityChecker.AccessType; import com.cloud.alert.AlertManager; -import com.cloud.api.commands.UpdateResourceCountCmd; import com.cloud.configuration.Config; import com.cloud.configuration.Resource; import com.cloud.configuration.Resource.ResourceOwnerType; @@ -493,12 +492,8 @@ public class ResourceLimitManagerImpl implements ResourceLimitService, Manager{ ownerId = accountId; } else if (domainId != null) { Domain domain = _entityMgr.findById(Domain.class, domainId); - - if (domain.getType() == Domain.Type.Project) { - _accountMgr.checkAccess(caller, domain, AccessType.ModifyProject); - } else { - _accountMgr.checkAccess(caller, domain, null); - } + + _accountMgr.checkAccess(caller, domain, null); if ((caller.getDomainId() == domainId.longValue()) && caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN || caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) { // if the admin is trying to update their own domain, disallow... @@ -532,17 +527,13 @@ public class ResourceLimitManagerImpl implements ResourceLimitService, Manager{ } @Override - public List recalculateResourceCount(UpdateResourceCountCmd cmd) throws InvalidParameterValueException, CloudRuntimeException, PermissionDeniedException{ + public List recalculateResourceCount(Long accountId, Long domainId, Integer typeId) throws InvalidParameterValueException, CloudRuntimeException, PermissionDeniedException{ Account callerAccount = UserContext.current().getCaller(); - String accountName = cmd.getAccountName(); - Long domainId = cmd.getDomainId(); - Long accountId = null; long count=0; List counts = new ArrayList(); List resourceTypes = new ArrayList(); ResourceType resourceType = null; - Integer typeId = cmd.getResourceType(); if (typeId != null) { for (ResourceType type : resourceTypes) { @@ -560,15 +551,6 @@ public class ResourceLimitManagerImpl implements ResourceLimitService, Manager{ throw new InvalidParameterValueException("Please specify a valid domain ID."); } _accountMgr.checkAccess(callerAccount, domain, null); - - if (accountName != null) { - Account userAccount = _accountMgr.getActiveAccountByName(accountName, domainId); - if (userAccount == null) { - throw new InvalidParameterValueException("unable to find account by name " + accountName + " in domain with id " + domainId); - } - accountId = userAccount.getId(); - } - if (resourceType != null) { resourceTypes.add(resourceType); diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java index ed9c02973f9..d9f13ffec6e 100755 --- a/server/src/com/cloud/server/ManagementServerImpl.java +++ b/server/src/com/cloud/server/ManagementServerImpl.java @@ -62,7 +62,6 @@ import com.cloud.api.commands.CreateSSHKeyPairCmd; import com.cloud.api.commands.DeleteSSHKeyPairCmd; import com.cloud.api.commands.DestroySystemVmCmd; import com.cloud.api.commands.ExtractVolumeCmd; -import com.cloud.api.commands.GetCloudIdentifierCmd; import com.cloud.api.commands.GetVMPasswordCmd; import com.cloud.api.commands.ListAccountsCmd; import com.cloud.api.commands.ListAlertsCmd; @@ -171,6 +170,8 @@ import com.cloud.network.NetworkVO; import com.cloud.network.dao.IPAddressDao; import com.cloud.network.dao.LoadBalancerDao; import com.cloud.network.dao.NetworkDao; +import com.cloud.projects.Project; +import com.cloud.projects.ProjectManager; import com.cloud.service.ServiceOfferingVO; import com.cloud.service.dao.ServiceOfferingDao; import com.cloud.storage.DiskOfferingVO; @@ -218,6 +219,7 @@ import com.cloud.utils.Pair; import com.cloud.utils.PasswordGenerator; import com.cloud.utils.component.Adapters; import com.cloud.utils.component.ComponentLocator; +import com.cloud.utils.component.Inject; import com.cloud.utils.concurrency.NamedThreadFactory; import com.cloud.utils.db.DB; import com.cloud.utils.db.Filter; @@ -307,6 +309,7 @@ public class ManagementServerImpl implements ManagementServer { private final LoadBalancerDao _loadbalancerDao; private final HypervisorCapabilitiesDao _hypervisorCapabilitiesDao; private final Adapters _hostAllocators; + @Inject ProjectManager _projectMgr; private final KeystoreManager _ksMgr; @@ -590,7 +593,7 @@ public class ManagementServerImpl implements ManagementServer { Long domainId = cmd.getDomainId(); if (domainId != null) { Domain domain = _domainDao.findById(domainId); - if (domain == null || domain.getType() == Domain.Type.Project) { + if (domain == null) { throw new InvalidParameterValueException("Unable to find domain by id=" + domainId); } @@ -1256,52 +1259,87 @@ public class ManagementServerImpl implements ManagementServer { @Override public Set> listIsos(ListIsosCmd cmd) throws IllegalArgumentException, InvalidParameterValueException { TemplateFilter isoFilter = TemplateFilter.valueOf(cmd.getIsoFilter()); - Long accountId = null; - Account account = UserContext.current().getCaller(); + List permittedAccounts = new ArrayList(); + Account caller = UserContext.current().getCaller(); Long domainId = cmd.getDomainId(); String accountName = cmd.getAccountName(); + Long projectId = cmd.getProjectId(); + if (accountName != null && domainId != null) { - accountId = _accountMgr.finalizeOwner(account, accountName, domainId).getAccountId(); + permittedAccounts.add(_accountMgr.finalizeOwner(caller, accountName, domainId, null)); + } + + //set project information + if (projectId != null) { + permittedAccounts.clear(); + Project project = _projectMgr.getProject(projectId); + if (project == null) { + throw new InvalidParameterValueException("Unable to find project by id " + projectId); + } + if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { + throw new InvalidParameterValueException("Account " + caller + " can't access project id=" + projectId); + } + permittedAccounts.add(_accountMgr.getAccount(project.getProjectAccountId())); } else { - accountId = account.getId(); - } + List permittedAccountIds = _projectMgr.listPermittedProjectAccounts(caller.getId()); + for (Long permittedAccountId : permittedAccountIds) { + permittedAccounts.add(_accountMgr.getAccount(permittedAccountId)); + } + } // It is account specific if account is admin type and domainId and accountName are not null - boolean isAccountSpecific = (account == null || isAdmin(account.getType())) && (accountName != null) && (domainId != null); + boolean isAccountSpecific = (isAdmin(caller.getType())) && (accountName != null) && (domainId != null); HypervisorType hypervisorType = HypervisorType.getType(cmd.getHypervisor()); - return listTemplates(cmd.getId(), cmd.getIsoName(), cmd.getKeyword(), isoFilter, true, cmd.isBootable(), accountId, cmd.getPageSizeVal(), cmd.getStartIndex(), cmd.getZoneId(), hypervisorType, - isAccountSpecific, true, cmd.listInReadyState()); + return listTemplates(cmd.getId(), cmd.getIsoName(), cmd.getKeyword(), isoFilter, true, cmd.isBootable(), cmd.getPageSizeVal(), cmd.getStartIndex(), cmd.getZoneId(), hypervisorType, isAccountSpecific, + true, cmd.listInReadyState(), permittedAccounts, caller); } @Override public Set> listTemplates(ListTemplatesCmd cmd) throws IllegalArgumentException, InvalidParameterValueException { TemplateFilter templateFilter = TemplateFilter.valueOf(cmd.getTemplateFilter()); - Long accountId = null; - Account account = UserContext.current().getCaller(); + List permittedAccounts = new ArrayList(); + Account caller = UserContext.current().getCaller(); Long domainId = cmd.getDomainId(); String accountName = cmd.getAccountName(); + Long projectId = cmd.getProjectId(); + if (accountName != null && domainId != null) { - accountId = _accountMgr.finalizeOwner(account, accountName, domainId).getAccountId(); + permittedAccounts.add(_accountMgr.finalizeOwner(caller, accountName, domainId, null)); } else { - accountId = account.getId(); + permittedAccounts.add(caller); } + + //set project information + if (projectId != null) { + permittedAccounts.clear(); + Project project = _projectMgr.getProject(projectId); + if (project == null) { + throw new InvalidParameterValueException("Unable to find project by id " + projectId); + } + if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { + throw new InvalidParameterValueException("Account " + caller + " can't access project id=" + projectId); + } + permittedAccounts.add(_accountMgr.getAccount(project.getProjectAccountId())); + } else { + List permittedAccountIds = _projectMgr.listPermittedProjectAccounts(caller.getId()); + for (Long permittedAccountId : permittedAccountIds) { + permittedAccounts.add(_accountMgr.getAccount(permittedAccountId)); + } + } // It is account specific if account is admin type and domainId and accountName are not null - boolean isAccountSpecific = (account == null || isAdmin(account.getType())) && (accountName != null) && (domainId != null); + boolean isAccountSpecific = (caller == null || isAdmin(caller.getType())) && (accountName != null) && (domainId != null); boolean showDomr = ((templateFilter != TemplateFilter.selfexecutable) && (templateFilter != TemplateFilter.featured)); HypervisorType hypervisorType = HypervisorType.getType(cmd.getHypervisor()); - return listTemplates(cmd.getId(), cmd.getTemplateName(), cmd.getKeyword(), templateFilter, false, null, accountId, cmd.getPageSizeVal(), cmd.getStartIndex(), cmd.getZoneId(), hypervisorType, - isAccountSpecific, showDomr, cmd.listInReadyState()); + return listTemplates(cmd.getId(), cmd.getTemplateName(), cmd.getKeyword(), templateFilter, false, null, cmd.getPageSizeVal(), cmd.getStartIndex(), cmd.getZoneId(), hypervisorType, isAccountSpecific, + showDomr, cmd.listInReadyState(), permittedAccounts, caller); } - private Set> listTemplates(Long templateId, String name, String keyword, TemplateFilter templateFilter, boolean isIso, Boolean bootable, Long accountId, Long pageSize, - Long startIndex, Long zoneId, HypervisorType hyperType, boolean isAccountSpecific, boolean showDomr, boolean onlyReady) { - + private Set> listTemplates(Long templateId, String name, String keyword, TemplateFilter templateFilter, boolean isIso, Boolean bootable, Long pageSize, Long startIndex, + Long zoneId, HypervisorType hyperType, boolean isAccountSpecific, boolean showDomr, boolean onlyReady, List permittedAccounts, Account caller) { - - Account caller = UserContext.current().getCaller(); VMTemplateVO template = null; if (templateId != null) { template = _templateDao.findById(templateId); @@ -1318,11 +1356,9 @@ public class ManagementServerImpl implements ManagementServer { } } - Account account = null; DomainVO domain = null; - if (accountId != null) { - account = _accountDao.findById(accountId); - domain = _domainDao.findById(account.getDomainId()); + if (!permittedAccounts.isEmpty()) { + domain = _domainDao.findById(permittedAccounts.get(0).getDomainId()); } else { domain = _domainDao.findById(DomainVO.ROOT_DOMAIN); } @@ -1333,7 +1369,7 @@ public class ManagementServerImpl implements ManagementServer { Set> templateZonePairSet = new HashSet>(); if (template == null) { - templateZonePairSet = _templateDao.searchTemplates(name, keyword, templateFilter, isIso, hypers, bootable, account, domain, pageSize, startIndex, zoneId, hyperType, onlyReady, showDomr); + templateZonePairSet = _templateDao.searchTemplates(name, keyword, templateFilter, isIso, hypers, bootable, domain, pageSize, startIndex, zoneId, hyperType, onlyReady, showDomr, permittedAccounts, caller); } else { // if template is not public, perform permission check here if (!template.isPublicTemplate() && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) { @@ -1676,27 +1712,10 @@ public class ManagementServerImpl implements ManagementServer { @Override public List searchForRouters(ListRoutersCmd cmd) { - Long domainId = cmd.getDomainId(); - String accountName = cmd.getAccountName(); - Long accountId = null; - Account account = UserContext.current().getCaller(); - - // validate domainId before proceeding - if (domainId != null) { - if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), domainId)) { - throw new PermissionDeniedException("Invalid domain id (" + domainId + ") given, unable to list routers"); - } - if (accountName != null) { - Account userAccount = _accountDao.findActiveAccount(accountName, domainId); - if (userAccount != null) { - accountId = userAccount.getId(); - } else { - throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId); - } - } - } else { - domainId = ((account == null) ? DomainVO.ROOT_DOMAIN : account.getDomainId()); - } + Account caller = UserContext.current().getCaller(); + Pair, Long> accountDomainPair = _accountMgr.finalizeAccountDomainForList(caller, cmd.getAccountName(), cmd.getDomainId(), cmd.getProjectId()); + List permittedAccounts = accountDomainPair.first(); + Long domainId = accountDomainPair.second(); Filter searchFilter = new Filter(DomainRouterVO.class, "id", true, cmd.getStartIndex(), cmd.getPageSizeVal()); @@ -1718,7 +1737,7 @@ public class ManagementServerImpl implements ManagementServer { sb.and("podId", sb.entity().getPodIdToDeployIn(), SearchCriteria.Op.EQ); sb.and("hostId", sb.entity().getHostId(), SearchCriteria.Op.EQ); - if ((accountId == null) && (domainId != null)) { + if ((permittedAccounts.isEmpty()) && (domainId != null)) { // if accountId isn't specified, we can do a domain match for the admin case SearchBuilder domainSearch = _domainDao.createSearchBuilder(); domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE); @@ -1754,8 +1773,8 @@ public class ManagementServerImpl implements ManagementServer { sc.setParameters("id", id); } - if (accountId != null) { - sc.setParameters("accountId", accountId); + if (!permittedAccounts.isEmpty()) { + sc.setParameters("accountId", permittedAccounts.toArray()); } else if (domainId != null) { DomainVO domain = _domainDao.findById(domainId); sc.setJoinParameters("domainSearch", "path", domain.getPath() + "%"); @@ -1783,38 +1802,54 @@ public class ManagementServerImpl implements ManagementServer { @Override public List searchForVolumes(ListVolumesCmd cmd) { - Account account = UserContext.current().getCaller(); + Account caller = UserContext.current().getCaller(); Long domainId = cmd.getDomainId(); String accountName = cmd.getAccountName(); - Long accountId = null; + List permittedAccounts = new ArrayList(); boolean isAdmin = false; Boolean isRecursive = cmd.isRecursive(); + Long projectId = cmd.getProjectId(); if (isRecursive == null) { isRecursive = false; } - if ((account == null) || isAdmin(account.getType())) { + if ((caller == null) || isAdmin(caller.getType())) { isAdmin = true; if (domainId != null) { - if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), domainId)) { + if ((caller != null) && !_domainDao.isChildDomain(caller.getDomainId(), domainId)) { throw new PermissionDeniedException("Invalid domain id (" + domainId + ") given, unable to list volumes."); } if (accountName != null) { Account userAccount = _accountDao.findActiveAccount(accountName, domainId); if (userAccount != null) { - accountId = userAccount.getId(); + permittedAccounts.add(userAccount.getId()); } else { throw new InvalidParameterValueException("could not find account " + accountName + " in domain " + domainId); } } } else { - domainId = ((account == null) ? DomainVO.ROOT_DOMAIN : account.getDomainId()); + domainId = ((caller == null) ? DomainVO.ROOT_DOMAIN : caller.getDomainId()); isRecursive = true; } } else { - accountId = account.getId(); + permittedAccounts.add(caller.getId()); } + + //set project information + if (projectId != null) { + permittedAccounts.clear(); + Project project = _projectMgr.getProject(projectId); + if (project == null) { + throw new InvalidParameterValueException("Unable to find project by id " + projectId); + } + if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { + throw new InvalidParameterValueException("Account " + caller + " can't access project id=" + projectId); + } + permittedAccounts.add(project.getProjectAccountId()); + } else if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL){ + permittedAccounts.addAll(_projectMgr.listPermittedProjectAccounts(caller.getId())); + } Filter searchFilter = new Filter(VolumeVO.class, "created", false, cmd.getStartIndex(), cmd.getPageSizeVal()); @@ -1840,7 +1875,6 @@ public class ManagementServerImpl implements ManagementServer { SearchBuilder sb = _volumeDao.createSearchBuilder(); sb.and("name", sb.entity().getName(), SearchCriteria.Op.LIKE); sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ); - sb.and("accountIdEQ", sb.entity().getAccountId(), SearchCriteria.Op.EQ); sb.and("accountIdIN", sb.entity().getAccountId(), SearchCriteria.Op.IN); sb.and("volumeType", sb.entity().getVolumeType(), SearchCriteria.Op.LIKE); sb.and("instanceId", sb.entity().getInstanceId(), SearchCriteria.Op.EQ); @@ -1854,12 +1888,12 @@ public class ManagementServerImpl implements ManagementServer { diskOfferingSearch.and("systemUse", diskOfferingSearch.entity().getSystemUse(), SearchCriteria.Op.NEQ); sb.join("diskOfferingSearch", diskOfferingSearch, sb.entity().getDiskOfferingId(), diskOfferingSearch.entity().getId(), JoinBuilder.JoinType.LEFTOUTER); - if (((accountId == null) && (domainId != null) && isRecursive)) { + if (((permittedAccounts.isEmpty()) && (domainId != null) && isRecursive)) { // if accountId isn't specified, we can do a domain match for the admin case if isRecursive is true SearchBuilder domainSearch = _domainDao.createSearchBuilder(); domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE); sb.join("domainSearch", domainSearch, sb.entity().getDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER); - } else if ((accountId == null) && (domainId != null) && !isRecursive) { + } else if ((permittedAccounts.isEmpty()) && (domainId != null) && !isRecursive) { SearchBuilder domainSearch = _domainDao.createSearchBuilder(); domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.EQ); sb.join("domainSearch", domainSearch, sb.entity().getDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER); @@ -1889,8 +1923,8 @@ public class ManagementServerImpl implements ManagementServer { sc.setParameters("id", id); } - if (accountId != null) { - sc.setParameters("accountIdEQ", accountId); + if (!permittedAccounts.isEmpty()) { + sc.setParameters("accountIdIN", permittedAccounts.toArray()); sc.setJoinParameters("diskOfferingSearch", "systemUse", 1); } else if (domainId != null) { DomainVO domain = _domainDao.findById(domainId); @@ -1929,7 +1963,9 @@ public class ManagementServerImpl implements ManagementServer { Long domainId = cmd.getDomainId(); String accountName = cmd.getAccountName(); Object keyword = cmd.getKeyword(); - Long accountId = null; + Long projectId = cmd.getProjectId(); + + List permittedAccounts = new ArrayList(); if (isAdmin(caller.getType())) { // validate domainId before proceeding @@ -1943,7 +1979,7 @@ public class ManagementServerImpl implements ManagementServer { if (accountName != null) { Account userAccount = _accountDao.findActiveAccount(accountName, domainId); if (userAccount != null) { - accountId = userAccount.getId(); + permittedAccounts.add(userAccount.getId()); } else { throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId); } @@ -1952,13 +1988,28 @@ public class ManagementServerImpl implements ManagementServer { domainId = caller.getDomainId(); } } else { - accountId = caller.getId(); + permittedAccounts.add(caller.getId()); } + + //set project information + if (projectId != null) { + permittedAccounts.clear(); + Project project = _projectMgr.getProject(projectId); + if (project == null) { + throw new InvalidParameterValueException("Unable to find project by id " + projectId); + } + if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { + throw new InvalidParameterValueException("Account " + caller + " can't access project id=" + projectId); + } + permittedAccounts.add(project.getProjectAccountId()); + } else if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL){ + permittedAccounts.addAll(_projectMgr.listPermittedProjectAccounts(caller.getId())); + } - if (accountId == null && keyword != null) { + if (permittedAccounts.isEmpty() && keyword != null) { Account userAccount = _accountDao.findActiveAccount((String) keyword, domainId); if (userAccount != null) { - accountId = userAccount.getId(); + permittedAccounts.add(userAccount.getId()); } } @@ -1977,13 +2028,13 @@ public class ManagementServerImpl implements ManagementServer { Object ipId = cmd.getId(); SearchBuilder sb = _publicIpAddressDao.createSearchBuilder(); - sb.and("accountIdEQ", sb.entity().getAllocatedToAccountId(), SearchCriteria.Op.EQ); + sb.and("accountIdIN", sb.entity().getAllocatedToAccountId(), SearchCriteria.Op.IN); sb.and("dataCenterId", sb.entity().getDataCenterId(), SearchCriteria.Op.EQ); sb.and("address", sb.entity().getAddress(), SearchCriteria.Op.EQ); sb.and("vlanDbId", sb.entity().getVlanId(), SearchCriteria.Op.EQ); sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ); - if ((accountId == null) && (domainId != null)) { + if ((permittedAccounts.isEmpty()) && (domainId != null)) { // if accountId isn't specified, we can do a domain match for the admin case SearchBuilder domainSearch = _domainDao.createSearchBuilder(); domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE); @@ -2009,8 +2060,8 @@ public class ManagementServerImpl implements ManagementServer { } SearchCriteria sc = sb.create(); - if (accountId != null) { - sc.setParameters("accountIdEQ", accountId); + if (!permittedAccounts.isEmpty()) { + sc.setParameters("accountIdIN", permittedAccounts.toArray()); } else if (domainId != null) { DomainVO domain = _domainDao.findById(domainId); sc.setJoinParameters("domainSearch", "path", domain.getPath() + "%"); @@ -2179,7 +2230,6 @@ public class ManagementServerImpl implements ManagementServer { sb.and("name", sb.entity().getName(), SearchCriteria.Op.LIKE); sb.and("level", sb.entity().getLevel(), SearchCriteria.Op.EQ); sb.and("path", sb.entity().getPath(), SearchCriteria.Op.LIKE); - sb.and("type", sb.entity().getType(), SearchCriteria.Op.NEQ); SearchCriteria sc = sb.create(); @@ -2204,9 +2254,6 @@ public class ManagementServerImpl implements ManagementServer { if (path != null) { sc.setParameters("path", "%" + path + "%"); } - - //don't list project domains to the user - sc.setParameters("type", Domain.Type.Project); return _domainDao.search(sc, searchFilter); } @@ -2268,11 +2315,7 @@ public class ManagementServerImpl implements ManagementServer { sc.addAnd("path", SearchCriteria.Op.NEQ, path); sc.addAnd("path", SearchCriteria.Op.LIKE, path + "%"); } - - //don't list domain of type Project - sc.addAnd("type", SearchCriteria.Op.NEQ, Domain.Type.Project); - - + return _domainDao.search(sc, searchFilter); } @@ -2286,7 +2329,7 @@ public class ManagementServerImpl implements ManagementServer { // check if domain exists in the system DomainVO domain = _domainDao.findById(domainId); - if (domain == null || domain.getType() == Domain.Type.Project) { + if (domain == null) { throw new InvalidParameterValueException("Unable to find domain " + domainId); } else if (domain.getParent() == null && domainName != null) { // check if domain is ROOT domain - and deny to edit it with the new name @@ -2479,7 +2522,7 @@ public class ManagementServerImpl implements ManagementServer { Long id = cmd.getId(); Account caller = UserContext.current().getCaller(); List accountNames = cmd.getAccountNames(); - Long userId = UserContext.current().getCallerUserId(); + List projectIds = cmd.getProjectIds(); Boolean isFeatured = cmd.isFeatured(); Boolean isPublic = cmd.isPublic(); Boolean isExtractable = cmd.isExtractable(); @@ -2504,14 +2547,26 @@ public class ManagementServerImpl implements ManagementServer { throw new InvalidParameterValueException("Please provide a valid iso"); } } + + //Can only assign pro + + //convert projectIds to accountNames + if (projectIds != null) { + for (Long projectId : projectIds) { + Project project = _projectMgr.getProject(projectId); + if (project == null) { + throw new InvalidParameterValueException("Unable to find project by id " + projectId); + } + + if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { + throw new InvalidParameterValueException("Account " + caller + " can't access project id=" + projectId); + } + accountNames.add(_accountMgr.getAccount(project.getProjectAccountId()).getAccountName()); + } + } _accountMgr.checkAccess(caller, AccessType.ModifyEntry, template); - // If command is executed via 8096 port, set userId to the id of System account (1) - if (userId == null) { - userId = Long.valueOf(User.UID_SYSTEM); - } - // If the template is removed throw an error. if (template.getRemoved() != null) { s_logger.error("unable to update permissions for " + mediaType + " with id " + id + " as it is removed "); @@ -2528,17 +2583,11 @@ public class ManagementServerImpl implements ManagementServer { throw new InvalidParameterValueException("Only private " + mediaType + "s can be created."); } - // // package up the accountNames as a list - // List accountNameList = new ArrayList(); if (accountNames != null) { if ((operation == null) || (!operation.equalsIgnoreCase("add") && !operation.equalsIgnoreCase("remove") && !operation.equalsIgnoreCase("reset"))) { throw new InvalidParameterValueException("Invalid operation on accounts, the operation must be either 'add' or 'remove' in order to modify launch permissions." + " Given operation is: '" + operation + "'"); } - // StringTokenizer st = new StringTokenizer(accountNames, ","); - // while (st.hasMoreTokens()) { - // accountNameList.add(st.nextToken()); - // } } Long accountId = template.getAccountId(); @@ -2566,8 +2615,7 @@ public class ManagementServerImpl implements ManagementServer { _templateDao.update(template.getId(), updatedTemplate); - Long domainId; - domainId = caller.getDomainId(); + Long domainId = caller.getDomainId(); if ("add".equalsIgnoreCase(operation)) { txn.start(); for (String accountName : accountNames) { @@ -3184,8 +3232,7 @@ public class ManagementServerImpl implements ManagementServer { } @Override - public ArrayList getCloudIdentifierResponse(GetCloudIdentifierCmd cmd) { - Long userId = cmd.getUserId(); + public ArrayList getCloudIdentifierResponse(long userId) { Account caller = UserContext.current().getCaller(); // verify that user exists @@ -3288,6 +3335,9 @@ public class ManagementServerImpl implements ManagementServer { if (volume == null) { throw new InvalidParameterValueException("Unable to find volume with id " + volumeId); } + + //perform permission check + _accountMgr.checkAccess(account, null, volume); if (_dcDao.findById(zoneId) == null) { throw new InvalidParameterValueException("Please specify a valid zone."); @@ -3316,8 +3366,7 @@ public class ManagementServerImpl implements ManagementServer { } else { extractMode = mode.equals(Upload.Mode.FTP_UPLOAD.toString()) ? Upload.Mode.FTP_UPLOAD : Upload.Mode.HTTP_DOWNLOAD; } - - _accountMgr.checkAccess(account, null, volume); + // If mode is upload perform extra checks on url and also see if there is an ongoing upload on the same. if (extractMode == Upload.Mode.FTP_UPLOAD) { URI uri = new URI(url); @@ -3428,14 +3477,12 @@ public class ManagementServerImpl implements ManagementServer { }else{ return null; } - } - @Override public InstanceGroupVO updateVmGroup(UpdateVMGroupCmd cmd) { - Account account = UserContext.current().getCaller(); + Account caller = UserContext.current().getCaller(); Long groupId = cmd.getId(); String groupName = cmd.getGroupName(); @@ -3445,56 +3492,65 @@ public class ManagementServerImpl implements ManagementServer { throw new InvalidParameterValueException("unable to find a vm group with id " + groupId); } - if (account != null) { - Account tempAccount = _accountDao.findById(group.getAccountId()); - if (!isAdmin(account.getType()) && (account.getId() != group.getAccountId())) { - throw new InvalidParameterValueException("unable to find a group with id " + groupId + " for this account"); - } else if (!_domainDao.isChildDomain(account.getDomainId(), tempAccount.getDomainId())) { - throw new InvalidParameterValueException("Invalid group id (" + groupId + ") given, unable to update the group."); - } - } + _accountMgr.checkAccess(caller, null, group); // Check if name is already in use by this account (exclude this group) boolean isNameInUse = _vmGroupDao.isNameInUse(group.getAccountId(), groupName); if (isNameInUse && !group.getName().equals(groupName)) { - throw new InvalidParameterValueException("Unable to update vm group, a group with name " + groupName + " already exisits for account"); + throw new InvalidParameterValueException("Unable to update vm group, a group with name " + groupName + " already exists for account"); } if (groupName != null) { _vmGroupDao.updateVmGroup(groupId, groupName); } - InstanceGroupVO vmGroup = _vmGroupDao.findById(groupId); - return vmGroup; + + return _vmGroupDao.findById(groupId); } @Override public List searchForVmGroups(ListVMGroupsCmd cmd) { - Account account = UserContext.current().getCaller(); + Account caller = UserContext.current().getCaller(); Long domainId = cmd.getDomainId(); String accountName = cmd.getAccountName(); - Long accountId = null; - if ((account == null) || isAdmin(account.getType())) { + Long projectId = cmd.getProjectId(); + List permittedAccounts = new ArrayList(); + + if ((caller == null) || isAdmin(caller.getType())) { if (domainId != null) { - if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), domainId)) { + if ((caller != null) && !_domainDao.isChildDomain(caller.getDomainId(), domainId)) { throw new InvalidParameterValueException("Invalid domain id (" + domainId + ") given, unable to list vm groups."); } if (accountName != null) { - account = _accountDao.findActiveAccount(accountName, domainId); - if (account == null) { + caller = _accountDao.findActiveAccount(accountName, domainId); + if (caller == null) { throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId); } - accountId = account.getId(); + permittedAccounts.add(caller.getId()); } } else { - domainId = ((account == null) ? DomainVO.ROOT_DOMAIN : account.getDomainId()); + domainId = ((caller == null) ? DomainVO.ROOT_DOMAIN : caller.getDomainId()); } } else { - accountName = account.getAccountName(); - accountId = account.getId(); - domainId = account.getDomainId(); + permittedAccounts.add(caller.getId()); + domainId = caller.getDomainId(); } + + //set project information + if (projectId != null) { + permittedAccounts.clear(); + Project project = _projectMgr.getProject(projectId); + if (project == null) { + throw new InvalidParameterValueException("Unable to find project by id " + projectId); + } + if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { + throw new InvalidParameterValueException("Account " + caller + " can't access project id=" + projectId); + } + permittedAccounts.add(project.getProjectAccountId()); + } else if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL){ + permittedAccounts.addAll(_projectMgr.listPermittedProjectAccounts(caller.getId())); + } Filter searchFilter = new Filter(InstanceGroupVO.class, "id", true, cmd.getStartIndex(), cmd.getPageSizeVal()); @@ -3505,9 +3561,9 @@ public class ManagementServerImpl implements ManagementServer { SearchBuilder sb = _vmGroupDao.createSearchBuilder(); sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ); sb.and("name", sb.entity().getName(), SearchCriteria.Op.LIKE); - sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ); + sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.IN); - if ((accountId == null) && (domainId != null)) { + if ((permittedAccounts.isEmpty()) && (domainId != null)) { // if accountId isn't specified, we can do a domain match for the admin case SearchBuilder domainSearch = _domainDao.createSearchBuilder(); domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE); @@ -3528,8 +3584,8 @@ public class ManagementServerImpl implements ManagementServer { sc.setParameters("name", "%" + name + "%"); } - if (accountId != null) { - sc.setParameters("accountId", accountId); + if (!permittedAccounts.isEmpty()) { + sc.setParameters("accountId", permittedAccounts.toArray()); } else if (domainId != null) { DomainVO domain = _domainDao.findById(domainId); if (domain != null) { @@ -3624,8 +3680,9 @@ public class ManagementServerImpl implements ManagementServer { Account caller = UserContext.current().getCaller(); String accountName = cmd.getAccountName(); Long domainId = cmd.getDomainId(); + Long projectId = cmd.getProjectId(); - Account owner = _accountMgr.finalizeOwner(caller, accountName, domainId); + Account owner = _accountMgr.finalizeOwner(caller, accountName, domainId, projectId); SSHKeyPairVO s = _sshKeyPairDao.findByName(owner.getAccountId(), owner.getDomainId(), cmd.getName()); if (s != null) { @@ -3647,7 +3704,9 @@ public class ManagementServerImpl implements ManagementServer { Account caller = UserContext.current().getCaller(); String accountName = cmd.getAccountName(); Long domainId = cmd.getDomainId(); - Account owner = _accountMgr.finalizeOwner(caller, accountName, domainId); + Long projectId = cmd.getProjectId(); + + Account owner = _accountMgr.finalizeOwner(caller, accountName, domainId, projectId); SSHKeyPairVO s = _sshKeyPairDao.findByName(owner.getAccountId(), owner.getDomainId(), cmd.getName()); if (s == null) { @@ -3662,17 +3721,21 @@ public class ManagementServerImpl implements ManagementServer { Account caller = UserContext.current().getCaller(); String name = cmd.getName(); String fingerPrint = cmd.getFingerprint(); - Long accountId = null; + List permittedAccounts = new ArrayList(); Long domainId = null; String path = null; if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) { - accountId = caller.getId(); + permittedAccounts.add(caller.getId()); domainId = caller.getDomainId(); } else if (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN || caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) { DomainVO domain = _domainDao.findById(caller.getDomainId()); path = domain.getPath(); } + + if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL){ + permittedAccounts.addAll(_projectMgr.listPermittedProjectAccounts(caller.getId())); + } SearchBuilder sb = _sshKeyPairDao.createSearchBuilder(); Filter searchFilter = new Filter(SSHKeyPairVO.class, "id", false, cmd.getStartIndex(), cmd.getPageSizeVal()); @@ -3690,8 +3753,8 @@ public class ManagementServerImpl implements ManagementServer { sc.addAnd("name", SearchCriteria.Op.EQ, name); } - if (accountId != null) { - sc.addAnd("accountId", SearchCriteria.Op.EQ, accountId); + if (!permittedAccounts.isEmpty()) { + sc.addAnd("accountId", SearchCriteria.Op.IN, permittedAccounts.toArray()); } if (domainId != null) { @@ -3713,7 +3776,7 @@ public class ManagementServerImpl implements ManagementServer { public SSHKeyPair registerSSHKeyPair(RegisterSSHKeyPairCmd cmd) { Account caller = UserContext.current().getCaller(); - Account owner = _accountMgr.finalizeOwner(caller, cmd.getAccountName(), cmd.getDomainId()); + Account owner = _accountMgr.finalizeOwner(caller, cmd.getAccountName(), cmd.getDomainId(), cmd.getProjectId()); SSHKeyPairVO s = _sshKeyPairDao.findByName(owner.getAccountId(), owner.getDomainId(), cmd.getName()); if (s != null) { diff --git a/server/src/com/cloud/storage/StorageManagerImpl.java b/server/src/com/cloud/storage/StorageManagerImpl.java index fab6a909e48..34bfce94c10 100755 --- a/server/src/com/cloud/storage/StorageManagerImpl.java +++ b/server/src/com/cloud/storage/StorageManagerImpl.java @@ -70,7 +70,6 @@ import com.cloud.api.commands.CancelPrimaryStorageMaintenanceCmd; import com.cloud.api.commands.CreateStoragePoolCmd; import com.cloud.api.commands.CreateVolumeCmd; import com.cloud.api.commands.DeletePoolCmd; -import com.cloud.api.commands.DeleteVolumeCmd; import com.cloud.api.commands.UpdateStoragePoolCmd; import com.cloud.async.AsyncJobManager; import com.cloud.capacity.Capacity; @@ -1603,34 +1602,17 @@ public class StorageManagerImpl implements StorageManager, StorageService, Manag @ActionEvent(eventType = EventTypes.EVENT_VOLUME_CREATE, eventDescription = "creating volume", create = true) public VolumeVO allocVolume(CreateVolumeCmd cmd) throws ResourceAllocationException { // FIXME: some of the scheduled event stuff might be missing here... - Account account = UserContext.current().getCaller(); - String accountName = cmd.getAccountName(); - Long domainId = cmd.getDomainId(); - Account targetAccount = null; - if ((account == null) || isAdmin(account.getType())) { - // Admin API call - if ((domainId != null) && (accountName != null)) { - if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), domainId)) { - throw new PermissionDeniedException("Unable to create volume in domain " + domainId + ", permission denied."); - } - - targetAccount = _accountDao.findActiveAccount(accountName, domainId); - } else { - targetAccount = account; - } - - // If the account is null, this means that the accountName and domainId passed in were invalid - if (targetAccount == null) { - throw new InvalidParameterValueException("Unable to find account with name: " + accountName + " and domain ID: " + domainId); - } - } else { - targetAccount = account; - } - + Account caller = UserContext.current().getCaller(); + + long ownerId = cmd.getEntityOwnerId(); + + //permission check + _accountMgr.checkAccess(caller, null, _accountMgr.getActiveAccountById(ownerId)); + // Check that the resource limit for volumes won't be exceeded - _resourceLimitMgr.checkResourceLimit(targetAccount, ResourceType.volume); + _resourceLimitMgr.checkResourceLimit(_accountMgr.getAccount(ownerId), ResourceType.volume); - Long zoneId = null; + Long zoneId = cmd.getZoneId(); Long diskOfferingId = null; Long size = null; @@ -1640,10 +1622,6 @@ public class StorageManagerImpl implements StorageManager, StorageService, Manag } if (cmd.getSnapshotId() == null) {// create a new volume - zoneId = cmd.getZoneId(); - if ((zoneId == null)) { - throw new InvalidParameterValueException("Missing parameter, zoneid must be specified."); - } diskOfferingId = cmd.getDiskOfferingId(); size = cmd.getSize(); @@ -1674,7 +1652,7 @@ public class StorageManagerImpl implements StorageManager, StorageService, Manag if (diskOffering.getDomainId() == null) { // do nothing as offering is public } else { - _configMgr.checkDiskOfferingAccess(account, diskOffering); + _configMgr.checkDiskOfferingAccess(caller, diskOffering); } if (diskOffering.getDiskSize() > 0) { @@ -1698,16 +1676,9 @@ public class StorageManagerImpl implements StorageManager, StorageService, Manag diskOfferingId = (cmd.getDiskOfferingId() != null) ? cmd.getDiskOfferingId() : snapshotCheck.getDiskOfferingId(); zoneId = snapshotCheck.getDataCenterId(); size = snapshotCheck.getSize(); // ; disk offering is used for tags purposes - if (account != null) { - if (isAdmin(account.getType())) { - Account snapshotOwner = _accountDao.findById(snapshotCheck.getAccountId()); - if (!_domainDao.isChildDomain(account.getDomainId(), snapshotOwner.getDomainId())) { - throw new PermissionDeniedException("Unable to create volume from snapshot with id " + snapshotId + ", permission denied."); - } - } else if (account.getId() != snapshotCheck.getAccountId()) { - throw new InvalidParameterValueException("unable to find a snapshot with id " + snapshotId + " for this account"); - } - } + + //check snapshot permissions + _accountMgr.checkAccess(caller, null, snapshotCheck); } // Verify that zone exists @@ -1717,7 +1688,7 @@ public class StorageManagerImpl implements StorageManager, StorageService, Manag } // Check if zone is disabled - if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(account.getType())) { + if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getType())) { throw new PermissionDeniedException("Cannot perform this operation, Zone is currently disabled: " + zoneId); } @@ -1752,13 +1723,13 @@ public class StorageManagerImpl implements StorageManager, StorageService, Manag volume.setPoolId(null); volume.setDataCenterId(zoneId); volume.setPodId(null); - volume.setAccountId(targetAccount.getId()); - volume.setDomainId(((account == null) ? Domain.ROOT_DOMAIN : account.getDomainId())); + volume.setAccountId(ownerId); + volume.setDomainId(((caller == null) ? Domain.ROOT_DOMAIN : caller.getDomainId())); volume.setDiskOfferingId(diskOfferingId); volume.setSize(size); volume.setInstanceId(null); volume.setUpdated(new Date()); - volume.setDomainId((account == null) ? Domain.ROOT_DOMAIN : account.getDomainId()); + volume.setDomainId((caller == null) ? Domain.ROOT_DOMAIN : caller.getDomainId()); if (cmd.getSnapshotId() == null) { volume.setState(Volume.State.Allocated); } else { @@ -1767,12 +1738,13 @@ public class StorageManagerImpl implements StorageManager, StorageService, Manag volume = _volsDao.persist(volume); UsageEventVO usageEvent = new UsageEventVO(EventTypes.EVENT_VOLUME_CREATE, volume.getAccountId(), volume.getDataCenterId(), volume.getId(), volume.getName(), diskOfferingId, null, size); _usageEventDao.persist(usageEvent); - txn.commit(); UserContext.current().setEventDetails("Volume Id: " + volume.getId()); // Increment resource count during allocation; if actual creation fails, decrement it _resourceLimitMgr.incrementResourceCount(volume.getAccountId(), ResourceType.volume); + + txn.commit(); return volume; } @@ -2430,45 +2402,20 @@ public class StorageManagerImpl implements StorageManager, StorageService, Manag @Override @DB @ActionEvent(eventType = EventTypes.EVENT_VOLUME_DELETE, eventDescription = "deleting volume") - public boolean deleteVolume(DeleteVolumeCmd cmd) throws ConcurrentOperationException { - Account account = UserContext.current().getCaller(); - Long volumeId = cmd.getId(); - - boolean isAdmin; - if (account == null) { - // Admin API call - isAdmin = true; - } else { - // User API call - isAdmin = isAdmin(account.getType()); - } - + public boolean deleteVolume(long volumeId) throws ConcurrentOperationException { + Account caller = UserContext.current().getCaller(); + // Check that the volume ID is valid VolumeVO volume = _volsDao.acquireInLockTable(volumeId, 10); if (volume == null) { throw new InvalidParameterValueException("Unable to aquire volume with ID: " + volumeId); } + + //permission check + _accountMgr.checkAccess(caller, null, volume); try { - // If the account is not an admin, check that the volume is owned by the account that was passed in - if (!isAdmin) { - if (account.getId() != volume.getAccountId()) { - throw new InvalidParameterValueException("Unable to find volume with ID: " + volumeId + " for account: " + account.getAccountName()); - } - } else if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), volume.getDomainId())) { - throw new PermissionDeniedException("Unable to delete volume with id " + volumeId + ", permission denied."); - } - - // If the account is not an admin, check that the volume is owned by the account that was passed in - if (!isAdmin) { - if (account.getId() != volume.getAccountId()) { - throw new InvalidParameterValueException("Unable to find volume with ID: " + volumeId + " for account: " + account.getAccountName()); - } - } else if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), volume.getDomainId())) { - throw new PermissionDeniedException("Unable to delete volume with id " + volumeId + ", permission denied."); - } - // Check that the volume is stored on shared storage // NOTE: We used to ensure the volume is on shared storage before deleting. However, this seems like an unnecessary // check since all we allow diff --git a/server/src/com/cloud/storage/dao/SnapshotDaoImpl.java b/server/src/com/cloud/storage/dao/SnapshotDaoImpl.java index 60ff9c51878..bad7b6e5c55 100644 --- a/server/src/com/cloud/storage/dao/SnapshotDaoImpl.java +++ b/server/src/com/cloud/storage/dao/SnapshotDaoImpl.java @@ -26,9 +26,8 @@ import javax.ejb.Local; import org.apache.log4j.Logger; -import com.cloud.host.dao.HostDetailsDaoImpl; -import com.cloud.storage.Snapshot.Type; import com.cloud.storage.Snapshot; +import com.cloud.storage.Snapshot.Type; import com.cloud.storage.SnapshotVO; import com.cloud.storage.VMTemplateStorageResourceAssoc.Status; import com.cloud.storage.Volume; @@ -270,7 +269,11 @@ public class SnapshotDaoImpl extends GenericDaoBase implements @Override public List listByInstanceId(long instanceId, Snapshot.Status... status) { SearchCriteria sc = this.InstanceIdSearch.create(); - sc.setParameters("status", status); + + if (status != null) { + sc.setParameters("status", status.toString()); + } + sc.setJoinParameters("instanceSnapshots", "state", Volume.State.Ready); sc.setJoinParameters("instanceVolumes", "instanceId", instanceId); return listBy(sc, null); diff --git a/server/src/com/cloud/storage/dao/VMTemplateDao.java b/server/src/com/cloud/storage/dao/VMTemplateDao.java index 4b21a0a8833..da83391131e 100644 --- a/server/src/com/cloud/storage/dao/VMTemplateDao.java +++ b/server/src/com/cloud/storage/dao/VMTemplateDao.java @@ -59,7 +59,7 @@ public interface VMTemplateDao extends GenericDao { public List listReadyTemplates(); public List listByAccountId(long accountId); public Set> searchTemplates(String name, String keyword, TemplateFilter templateFilter, boolean isIso, List hypers, Boolean bootable, - Account account, DomainVO domain, Long pageSize, Long startIndex, Long zoneId, HypervisorType hyperType, boolean onlyReady, boolean showDomr); + DomainVO domain, Long pageSize, Long startIndex, Long zoneId, HypervisorType hyperType, boolean onlyReady, boolean showDomr, List permittedAccounts, Account caller); public long addTemplateToZone(VMTemplateVO tmplt, long zoneId); public List listAllInZone(long dataCenterId); diff --git a/server/src/com/cloud/storage/dao/VMTemplateDaoImpl.java b/server/src/com/cloud/storage/dao/VMTemplateDaoImpl.java index 02066fe0fa0..4a46c9fc3b2 100755 --- a/server/src/com/cloud/storage/dao/VMTemplateDaoImpl.java +++ b/server/src/com/cloud/storage/dao/VMTemplateDaoImpl.java @@ -304,8 +304,23 @@ public class VMTemplateDaoImpl extends GenericDaoBase implem } @Override - public Set> searchTemplates(String name, String keyword, TemplateFilter templateFilter, boolean isIso, List hypers, Boolean bootable, Account account, DomainVO domain, Long pageSize, Long startIndex, Long zoneId, HypervisorType hyperType, boolean onlyReady,boolean showDomr) { - Transaction txn = Transaction.currentTxn(); + public Set> searchTemplates(String name, String keyword, TemplateFilter templateFilter, boolean isIso, List hypers, Boolean bootable, DomainVO domain, Long pageSize, Long startIndex, Long zoneId, HypervisorType hyperType, boolean onlyReady, boolean showDomr,List permittedAccounts, Account caller) { + + StringBuilder builder = new StringBuilder(); + if (!permittedAccounts.isEmpty()) { + for (Account permittedAccount : permittedAccounts) { + builder.append(permittedAccount.getAccountId() + ","); + } + } + + String permittedAccountsStr = builder.toString(); + + if (permittedAccountsStr.length() > 0) { + //chop the "," off + permittedAccountsStr = permittedAccountsStr.substring(0, permittedAccountsStr.length()-1); + } + + Transaction txn = Transaction.currentTxn(); txn.start(); Set> templateZonePairList = new HashSet>(); @@ -315,8 +330,8 @@ public class VMTemplateDaoImpl extends GenericDaoBase implem String sql = SELECT_TEMPLATE_ZONE_REF; String groupByClause = ""; try { - short accountType; - String accountId = null; + //short accountType; + //String accountId = null; String guestOSJoin = ""; StringBuilder templateHostRefJoin = new StringBuilder(); String dataCenterJoin = ""; @@ -351,65 +366,66 @@ public class VMTemplateDaoImpl extends GenericDaoBase implem whereClause += " AND t.hypervisor_type IN (" + relatedHypers + ")"; } } - if (account != null) { - accountType = account.getType(); - accountId = Long.toString(account.getId()); - DomainVO accountDomain = _domainDao.findById(account.getDomainId()); + if (!permittedAccounts.isEmpty()) { + + for (Account account : permittedAccounts) { + //accountType = account.getType(); + //accountId = Long.toString(account.getId()); + DomainVO accountDomain = _domainDao.findById(account.getDomainId()); - // get all parent domain ID's all the way till root domain - DomainVO domainTreeNode = accountDomain; - while (true) { - relatedDomainIds.append(domainTreeNode.getId()); - relatedDomainIds.append(","); - if (domainTreeNode.getParent() != null) { - domainTreeNode = _domainDao.findById(domainTreeNode.getParent()); - } else { - break; - } - } - - // get all child domain ID's - if ((account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) || (account.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) || (account.getType() == Account.ACCOUNT_TYPE_ADMIN) ) { - List allChildDomains = _domainDao.findAllChildren(accountDomain.getPath(), accountDomain.getId()); - for (DomainVO childDomain : allChildDomains) { - relatedDomainIds.append(childDomain.getId()); + // get all parent domain ID's all the way till root domain + DomainVO domainTreeNode = accountDomain; + while (true) { + relatedDomainIds.append(domainTreeNode.getId()); relatedDomainIds.append(","); + if (domainTreeNode.getParent() != null) { + domainTreeNode = _domainDao.findById(domainTreeNode.getParent()); + } else { + break; + } } + + // get all child domain ID's + if ((account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) || (account.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) || (account.getType() == Account.ACCOUNT_TYPE_ADMIN) ) { + List allChildDomains = _domainDao.findAllChildren(accountDomain.getPath(), accountDomain.getId()); + for (DomainVO childDomain : allChildDomains) { + relatedDomainIds.append(childDomain.getId()); + relatedDomainIds.append(","); + } + } + relatedDomainIds.setLength(relatedDomainIds.length()-1); } - relatedDomainIds.setLength(relatedDomainIds.length()-1); - } else { - accountType = Account.ACCOUNT_TYPE_ADMIN; - } + } if (templateFilter == TemplateFilter.featured) { whereClause += " WHERE t.public = 1 AND t.featured = 1"; - if (account != null) { + if (!permittedAccounts.isEmpty()) { whereClause += " AND (dc.domain_id IN (" + relatedDomainIds + ") OR dc.domain_id is NULL)"; } - } else if ((templateFilter == TemplateFilter.self || templateFilter == TemplateFilter.selfexecutable) && accountType != Account.ACCOUNT_TYPE_ADMIN) { - if (accountType == Account.ACCOUNT_TYPE_DOMAIN_ADMIN || accountType == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) { + } else if ((templateFilter == TemplateFilter.self || templateFilter == TemplateFilter.selfexecutable) && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) { + if (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN || caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) { whereClause += " INNER JOIN account a on (t.account_id = a.id) INNER JOIN domain d on (a.domain_id = d.id) WHERE d.path LIKE '" + domain.getPath() + "%'"; } else { - whereClause += " WHERE t.account_id = " + accountId; + whereClause += " WHERE t.account_id IN (" + permittedAccountsStr + ")"; } - } else if (templateFilter == TemplateFilter.sharedexecutable && accountType != Account.ACCOUNT_TYPE_ADMIN) { - if (accountType == Account.ACCOUNT_TYPE_NORMAL) { + } else if (templateFilter == TemplateFilter.sharedexecutable && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) { + if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) { whereClause += " LEFT JOIN launch_permission lp ON t.id = lp.template_id WHERE" + - " (t.account_id = " + accountId + " OR" + - " lp.account_id = " + accountId + ")"; + " (t.account_id IN (" + permittedAccountsStr + ") OR" + + " lp.account_id IN (" + permittedAccountsStr + "))"; } else { whereClause += " INNER JOIN account a on (t.account_id = a.id) INNER JOIN domain d on (a.domain_id = d.id) WHERE d.path LIKE '" + domain.getPath() + "%'"; } - } else if (templateFilter == TemplateFilter.executable && accountId != null) { - whereClause += " WHERE (t.public = 1 OR t.account_id = " + accountId + ")"; + } else if (templateFilter == TemplateFilter.executable && !permittedAccounts.isEmpty()) { + whereClause += " WHERE (t.public = 1 OR t.account_id IN (" + permittedAccountsStr + "))"; } else if (templateFilter == TemplateFilter.community) { whereClause += " WHERE t.public = 1 AND t.featured = 0"; - if (account != null) { + if (!permittedAccounts.isEmpty()) { whereClause += " AND (dc.domain_id IN (" + relatedDomainIds + ") OR dc.domain_id is NULL)"; } - } else if (templateFilter == TemplateFilter.all && accountType == Account.ACCOUNT_TYPE_ADMIN) { + } else if (templateFilter == TemplateFilter.all && caller.getType() == Account.ACCOUNT_TYPE_ADMIN) { whereClause += " WHERE "; - } else if (accountType != Account.ACCOUNT_TYPE_ADMIN) { + } else if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN) { return templateZonePairList; } @@ -419,7 +435,7 @@ public class VMTemplateDaoImpl extends GenericDaoBase implem whereClause += " AND "; } - sql += whereClause + getExtrasWhere(templateFilter, name, keyword, isIso, bootable, hyperType, zoneId, onlyReady, showDomr, accountType) + groupByClause + getOrderByLimit(pageSize, startIndex); + sql += whereClause + getExtrasWhere(templateFilter, name, keyword, isIso, bootable, hyperType, zoneId, onlyReady, showDomr) + groupByClause + getOrderByLimit(pageSize, startIndex); pstmt = txn.prepareStatement(sql); rs = pstmt.executeQuery(); @@ -431,7 +447,7 @@ public class VMTemplateDaoImpl extends GenericDaoBase implem //for now, defaulting pageSize to a large val if null; may need to revisit post 2.2RC2 if(isIso && templateZonePairList.size() < (pageSize != null ? pageSize : 500) && templateFilter != TemplateFilter.community - && !(templateFilter == TemplateFilter.self && !BaseCmd.isRootAdmin(account.getType())) ){ //evaluates to true If root admin and filter=self + && !(templateFilter == TemplateFilter.self && !BaseCmd.isRootAdmin(caller.getType())) ){ //evaluates to true If root admin and filter=self List publicIsos = publicIsoSearch(bootable); for( int i=0; i < publicIsos.size(); i++){ if (keyword != null && publicIsos.get(i).getName().contains(keyword)) { @@ -464,7 +480,7 @@ public class VMTemplateDaoImpl extends GenericDaoBase implem return templateZonePairList; } - private String getExtrasWhere(TemplateFilter templateFilter, String name, String keyword, boolean isIso, Boolean bootable, HypervisorType hyperType, Long zoneId, boolean onlyReady, boolean showDomr, short accountType) { + private String getExtrasWhere(TemplateFilter templateFilter, String name, String keyword, boolean isIso, Boolean bootable, HypervisorType hyperType, Long zoneId, boolean onlyReady, boolean showDomr) { String sql = ""; if (keyword != null) { sql += " t.name LIKE \"%" + keyword + "%\" AND"; @@ -474,9 +490,6 @@ public class VMTemplateDaoImpl extends GenericDaoBase implem if (isIso) { sql += " t.format = 'ISO'"; -// if (accountType == Account.ACCOUNT_TYPE_NORMAL){ -// sql += " AND t.public = 1 "; -// } if (!hyperType.equals(HypervisorType.None)) { sql += " AND goh.hypervisor_type = '" + hyperType.toString() + "'"; } diff --git a/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java b/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java index f2bfe4591ec..6934310bf59 100755 --- a/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java +++ b/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java @@ -40,7 +40,6 @@ import com.cloud.agent.api.ManageSnapshotAnswer; import com.cloud.agent.api.ManageSnapshotCommand; import com.cloud.agent.api.to.SwiftTO; import com.cloud.api.commands.CreateSnapshotPolicyCmd; -import com.cloud.api.commands.DeleteSnapshotCmd; import com.cloud.api.commands.DeleteSnapshotPoliciesCmd; import com.cloud.api.commands.ListRecurringSnapshotScheduleCmd; import com.cloud.api.commands.ListSnapshotPoliciesCmd; @@ -67,6 +66,8 @@ import com.cloud.host.HostVO; import com.cloud.host.dao.HostDao; import com.cloud.host.dao.HostDetailsDao; import com.cloud.hypervisor.Hypervisor.HypervisorType; +import com.cloud.projects.Project; +import com.cloud.projects.ProjectManager; import com.cloud.storage.Snapshot; import com.cloud.storage.Snapshot.Status; import com.cloud.storage.Snapshot.Type; @@ -167,6 +168,9 @@ public class SnapshotManagerImpl implements SnapshotManager, SnapshotService, Ma private ResourceLimitService _resourceLimitMgr; @Inject private SwiftDao _swiftDao; + @Inject + private ProjectManager _projectMgr; + String _name; private int _totalRetries; private int _pauseInterval; @@ -695,21 +699,21 @@ public class SnapshotManagerImpl implements SnapshotManager, SnapshotService, Ma @Override @DB @ActionEvent(eventType = EventTypes.EVENT_SNAPSHOT_DELETE, eventDescription = "deleting snapshot", async = true) - public boolean deleteSnapshot(DeleteSnapshotCmd cmd) { - Long snapshotId = cmd.getId(); + public boolean deleteSnapshot(long snapshotId) { Account caller = UserContext.current().getCaller(); // Verify parameters - Snapshot snapshotCheck = _snapshotDao.findByIdIncludingRemoved(snapshotId.longValue()); + Snapshot snapshotCheck = _snapshotDao.findByIdIncludingRemoved(snapshotId); if (snapshotCheck == null) { throw new InvalidParameterValueException("unable to find a snapshot with id " + snapshotId); } + + _accountMgr.checkAccess(caller, null, snapshotCheck); + if( !Status.BackedUp.equals(snapshotCheck.getStatus() ) ) { throw new InvalidParameterValueException("Can't delete snapshotshot " + snapshotId + " due to it is not in BackedUp Status"); } - - _accountMgr.checkAccess(caller, null, snapshotCheck); - + return deleteSnapshotInternal(snapshotId); } @@ -842,6 +846,7 @@ public class SnapshotManagerImpl implements SnapshotManager, SnapshotService, Ma public List listSnapshots(ListSnapshotsCmd cmd) { Long volumeId = cmd.getVolumeId(); Boolean isRecursive = cmd.isRecursive(); + Long projectId = cmd.getProjectId(); // Verify parameters if (volumeId != null) { @@ -851,35 +856,50 @@ public class SnapshotManagerImpl implements SnapshotManager, SnapshotService, Ma } } - Account account = UserContext.current().getCaller(); + Account caller = UserContext.current().getCaller(); Long domainId = cmd.getDomainId(); String accountName = cmd.getAccountName(); - Long accountId = null; - if ((account == null) || _accountMgr.isAdmin(account.getType())) { + List permittedAccounts = new ArrayList(); + if ((caller == null) || _accountMgr.isAdmin(caller.getType())) { if (domainId != null) { - if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), domainId)) { + if ((caller != null) && !_domainDao.isChildDomain(caller.getDomainId(), domainId)) { throw new PermissionDeniedException("Unable to list templates for domain " + domainId + ", permission denied."); } - } else if ((account != null) && ((account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) || (account.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN))) { - domainId = account.getDomainId(); + } else if ((caller != null) && ((caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) || (caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN))) { + domainId = caller.getDomainId(); isRecursive = true; } if (domainId != null && accountName != null) { Account userAccount = _accountDao.findActiveAccount(accountName, domainId); if (userAccount != null) { - accountId = userAccount.getId(); + permittedAccounts.add(userAccount.getId()); } else { throw new InvalidParameterValueException("Could not find account:" + accountName + " in domain:" + domainId); } } } else { - accountId = account.getId(); + permittedAccounts.add(caller.getId()); } if (isRecursive == null) { isRecursive = false; } + + //set project information + if (projectId != null) { + permittedAccounts.clear(); + Project project = _projectMgr.getProject(projectId); + if (project == null) { + throw new InvalidParameterValueException("Unable to find project by id " + projectId); + } + if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { + throw new InvalidParameterValueException("Account " + caller + " can't access project id=" + projectId); + } + permittedAccounts.add(project.getProjectAccountId()); + } else { + permittedAccounts.addAll(_projectMgr.listPermittedProjectAccounts(caller.getId())); + } Object name = cmd.getSnapshotName(); Object id = cmd.getId(); @@ -893,11 +913,11 @@ public class SnapshotManagerImpl implements SnapshotManager, SnapshotService, Ma sb.and("volumeId", sb.entity().getVolumeId(), SearchCriteria.Op.EQ); sb.and("name", sb.entity().getName(), SearchCriteria.Op.LIKE); sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ); - sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ); + sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.IN); sb.and("snapshotTypeEQ", sb.entity().getsnapshotType(), SearchCriteria.Op.IN); sb.and("snapshotTypeNEQ", sb.entity().getsnapshotType(), SearchCriteria.Op.NEQ); - if ((accountId == null) && (domainId != null)) { + if ((permittedAccounts.isEmpty()) && (domainId != null)) { // if accountId isn't specified, we can do a domain match for the admin case SearchBuilder accountSearch = _accountDao.createSearchBuilder(); sb.join("accountSearch", accountSearch, sb.entity().getAccountId(), accountSearch.entity().getId(), JoinType.INNER); @@ -928,12 +948,11 @@ public class SnapshotManagerImpl implements SnapshotManager, SnapshotService, Ma if (keyword != null) { SearchCriteria ssc = _snapshotDao.createSearchCriteria(); ssc.addOr("name", SearchCriteria.Op.LIKE, "%" + keyword + "%"); - sc.addAnd("name", SearchCriteria.Op.SC, ssc); } - if (accountId != null) { - sc.setParameters("accountId", accountId); + if (!permittedAccounts.isEmpty()) { + sc.setParameters("accountId", permittedAccounts.toArray()); } else if (domainId != null) { DomainVO domain = _domainDao.findById(domainId); SearchCriteria joinSearch = sc.getJoin("accountSearch"); @@ -1042,7 +1061,9 @@ public class SnapshotManagerImpl implements SnapshotManager, SnapshotService, Ma if (volume == null) { throw new InvalidParameterValueException("Failed to create snapshot policy, unable to find a volume with id " + volumeId); } - + + _accountMgr.checkAccess(UserContext.current().getCaller(), null, volume); + if (volume.getState() != Volume.State.Ready) { throw new InvalidParameterValueException("VolumeId: " + volumeId + " is not in " + Volume.State.Ready + " state but " + volume.getState() + ". Cannot take snapshot."); } @@ -1055,10 +1076,6 @@ public class SnapshotManagerImpl implements SnapshotManager, SnapshotService, Ma } AccountVO owner = _accountDao.findById(volume.getAccountId()); - DomainVO domain = _domainDao.findById(owner.getDomainId()); - - _accountMgr.checkAccess(UserContext.current().getCaller(), null, volume); - Long instanceId = volume.getInstanceId(); if (instanceId != null) { // It is not detached, but attached to a VM diff --git a/server/src/com/cloud/template/TemplateAdapter.java b/server/src/com/cloud/template/TemplateAdapter.java index dada14ff4b9..c27f7d3fc44 100644 --- a/server/src/com/cloud/template/TemplateAdapter.java +++ b/server/src/com/cloud/template/TemplateAdapter.java @@ -7,6 +7,7 @@ import com.cloud.api.commands.RegisterTemplateCmd; import com.cloud.exception.ResourceAllocationException; import com.cloud.hypervisor.Hypervisor.HypervisorType; import com.cloud.storage.VMTemplateVO; +import com.cloud.user.Account; import com.cloud.utils.component.Adapter; public interface TemplateAdapter extends Adapter { @@ -45,5 +46,5 @@ public interface TemplateAdapter extends Adapter { public TemplateProfile prepare(boolean isIso, Long userId, String name, String displayText, Integer bits, Boolean passwordEnabled, Boolean requiresHVM, String url, Boolean isPublic, Boolean featured, Boolean isExtractable, String format, Long guestOSId, Long zoneId, HypervisorType hypervisorType, - String accountName, Long domainId, String chksum, Boolean bootable, String templateTag) throws ResourceAllocationException; + String chksum, Boolean bootable, String templateTag, Account templateOwner) throws ResourceAllocationException; } diff --git a/server/src/com/cloud/template/TemplateAdapterBase.java b/server/src/com/cloud/template/TemplateAdapterBase.java index 039198903fd..b8695cd2254 100755 --- a/server/src/com/cloud/template/TemplateAdapterBase.java +++ b/server/src/com/cloud/template/TemplateAdapterBase.java @@ -34,7 +34,6 @@ import com.cloud.storage.dao.VMTemplateHostDao; import com.cloud.storage.dao.VMTemplateZoneDao; import com.cloud.user.Account; import com.cloud.user.AccountManager; -import com.cloud.user.AccountVO; import com.cloud.user.ResourceLimitService; import com.cloud.user.UserContext; import com.cloud.user.UserVO; @@ -93,15 +92,13 @@ public abstract class TemplateAdapterBase implements TemplateAdapter { Boolean isExtractable, String format, Long guestOSId, Long zoneId, HypervisorType hypervisorType, String accountName, Long domainId, String chksum, Boolean bootable) throws ResourceAllocationException { return prepare(isIso, userId, name, displayText, bits, passwordEnabled, requiresHVM, url, isPublic, featured, isExtractable, format, guestOSId, zoneId, hypervisorType, - accountName, domainId, chksum, bootable, null); + chksum, bootable, null, null); } public TemplateProfile prepare(boolean isIso, Long userId, String name, String displayText, Integer bits, Boolean passwordEnabled, Boolean requiresHVM, String url, Boolean isPublic, Boolean featured, Boolean isExtractable, String format, Long guestOSId, Long zoneId, HypervisorType hypervisorType, - String accountName, Long domainId, String chksum, Boolean bootable, String templateTag) throws ResourceAllocationException { - Account ctxAccount = UserContext.current().getCaller(); - Account resourceAccount = null; - Long accountId = null; + String chksum, Boolean bootable, String templateTag, Account templateOwner) throws ResourceAllocationException { + //Long accountId = null; // parameters verification if (isPublic == null) { @@ -138,40 +135,8 @@ public abstract class TemplateAdapterBase implements TemplateAdapter { if (isExtractable == null) { isExtractable = Boolean.FALSE; } - if ((accountName == null) ^ (domainId == null)) {// XOR - Both have to be passed or don't pass any of them - throw new InvalidParameterValueException("Please specify both account and domainId or dont specify any of them"); - } - // This complex logic is just for figuring out the template owning - // account because a user can register templates on other account's - // behalf. - if ((ctxAccount == null) || isAdmin(ctxAccount.getType())) { - if (domainId != null) { - if ((ctxAccount != null) && !_domainDao.isChildDomain(ctxAccount.getDomainId(), domainId)) { - throw new PermissionDeniedException("Failed to register template, invalid domain id (" + domainId + ") given."); - } - if (accountName != null) { - resourceAccount = _accountDao.findActiveAccount(accountName, domainId); - if (resourceAccount == null) { - throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId); - } - accountId = resourceAccount.getId(); - } - } else { - accountId = ((ctxAccount != null) ? ctxAccount.getId() : null); - } - } else { - accountId = ctxAccount.getId(); - } - - if (null == accountId && null == accountName && null == domainId && null == ctxAccount) { - accountId = 1L; - } - if (null == accountId) { - throw new InvalidParameterValueException("No valid account specified for registering template."); - } - - boolean isAdmin = _accountDao.findById(accountId).getType() == Account.ACCOUNT_TYPE_ADMIN; + boolean isAdmin = _accountDao.findById(templateOwner.getId()).getType() == Account.ACCOUNT_TYPE_ADMIN; if (!isAdmin && zoneId == null) { throw new InvalidParameterValueException("Please specify a valid zone Id."); @@ -207,10 +172,9 @@ public abstract class TemplateAdapterBase implements TemplateAdapter { throw new IllegalArgumentException("Unable to find user with id " + userId); } - AccountVO account = _accountDao.findById(accountId); - _resourceLimitMgr.checkResourceLimit(account, ResourceType.template); + _resourceLimitMgr.checkResourceLimit(templateOwner, ResourceType.template); - if (account.getType() != Account.ACCOUNT_TYPE_ADMIN && zoneId == null) { + if (templateOwner.getType() != Account.ACCOUNT_TYPE_ADMIN && zoneId == null) { throw new IllegalArgumentException("Only admins can create templates in all zones"); } @@ -236,21 +200,31 @@ public abstract class TemplateAdapterBase implements TemplateAdapter { Long id = _tmpltDao.getNextInSequence(Long.class, "id"); UserContext.current().setEventDetails("Id: " +id+ " name: " + name); return new TemplateProfile(id, userId, name, displayText, bits, passwordEnabled, requiresHVM, url, isPublic, - featured, isExtractable, imgfmt, guestOSId, zoneId, hypervisorType, accountName, domainId, accountId, chksum, bootable, templateTag); + featured, isExtractable, imgfmt, guestOSId, zoneId, hypervisorType, templateOwner.getAccountName(), templateOwner.getDomainId(), templateOwner.getAccountId(), chksum, bootable, templateTag); } @Override public TemplateProfile prepare(RegisterTemplateCmd cmd) throws ResourceAllocationException { + //check if the caller can operate with the template owner + Account caller = UserContext.current().getCaller(); + Account owner = _accountMgr.getAccount(cmd.getEntityOwnerId()); + _accountMgr.checkAccess(caller, null, owner); + return prepare(false, UserContext.current().getCallerUserId(), cmd.getTemplateName(), cmd.getDisplayText(), cmd.getBits(), cmd.isPasswordEnabled(), cmd.getRequiresHvm(), cmd.getUrl(), cmd.isPublic(), cmd.isFeatured(), cmd.isExtractable(), cmd.getFormat(), cmd.getOsTypeId(), cmd.getZoneId(), HypervisorType.getType(cmd.getHypervisor()), - cmd.getAccountName(), cmd.getDomainId(), cmd.getChecksum(), true, cmd.getTemplateTag()); + cmd.getChecksum(), true, cmd.getTemplateTag(), owner); } public TemplateProfile prepare(RegisterIsoCmd cmd) throws ResourceAllocationException { + //check if the caller can operate with the template owner + Account caller = UserContext.current().getCaller(); + Account owner = _accountMgr.getAccount(cmd.getEntityOwnerId()); + _accountMgr.checkAccess(caller, null, owner); + return prepare(true, UserContext.current().getCallerUserId(), cmd.getIsoName(), cmd.getDisplayText(), 64, false, true, cmd.getUrl(), cmd.isPublic(), cmd.isFeatured(), cmd.isExtractable(), ImageFormat.ISO.toString(), cmd.getOsTypeId(), - cmd.getZoneId(), HypervisorType.None, cmd.getAccountName(), cmd.getDomainId(), cmd.getChecksum(), cmd.isBootable(), null); + cmd.getZoneId(), HypervisorType.None, cmd.getChecksum(), cmd.isBootable(), null, owner); } protected VMTemplateVO persistTemplate(TemplateProfile profile) { diff --git a/server/src/com/cloud/template/TemplateManagerImpl.java b/server/src/com/cloud/template/TemplateManagerImpl.java index 13bd857d1c3..1560af8b8e9 100755 --- a/server/src/com/cloud/template/TemplateManagerImpl.java +++ b/server/src/com/cloud/template/TemplateManagerImpl.java @@ -39,14 +39,11 @@ import com.cloud.agent.api.Answer; import com.cloud.agent.api.storage.DestroyCommand; import com.cloud.agent.api.storage.PrimaryStorageDownloadAnswer; import com.cloud.agent.api.storage.PrimaryStorageDownloadCommand; -import com.cloud.api.commands.AttachIsoCmd; import com.cloud.api.commands.CopyTemplateCmd; import com.cloud.api.commands.DeleteIsoCmd; import com.cloud.api.commands.DeleteTemplateCmd; -import com.cloud.api.commands.DetachIsoCmd; import com.cloud.api.commands.ExtractIsoCmd; import com.cloud.api.commands.ExtractTemplateCmd; -import com.cloud.api.commands.PrepareTemplateCmd; import com.cloud.api.commands.RegisterIsoCmd; import com.cloud.api.commands.RegisterTemplateCmd; import com.cloud.async.AsyncJobManager; @@ -240,13 +237,15 @@ public class TemplateManagerImpl implements TemplateManager, Manager, TemplateSe } @Override - public VirtualMachineTemplate prepareTemplate(PrepareTemplateCmd cmd) { + public VirtualMachineTemplate prepareTemplate(long templateId, long zoneId) { - VMTemplateVO vmTemplate = _tmpltDao.findById(cmd.getTemplateId()); + VMTemplateVO vmTemplate = _tmpltDao.findById(templateId); if(vmTemplate == null) - throw new InvalidParameterValueException("Unable to find template " + cmd.getTemplateId()); + throw new InvalidParameterValueException("Unable to find template id=" + templateId); - prepareTemplateInAllStoragePools(vmTemplate, cmd.getZoneId()); + _accountMgr.checkAccess(UserContext.current().getCaller(), AccessType.ModifyEntry, vmTemplate); + + prepareTemplateInAllStoragePools(vmTemplate, zoneId); return vmTemplate; } @@ -785,13 +784,12 @@ public class TemplateManagerImpl implements TemplateManager, Manager, TemplateSe @Override @ActionEvent(eventType = EventTypes.EVENT_ISO_DETACH, eventDescription = "detaching ISO", async = true) - public boolean detachIso(DetachIsoCmd cmd) { + public boolean detachIso(long vmId) { Account caller = UserContext.current().getCaller(); Long userId = UserContext.current().getCallerUserId(); - Long vmId = cmd.getVirtualMachineId(); // Verify input parameters - UserVmVO vmInstanceCheck = _userVmDao.findById(vmId.longValue()); + UserVmVO vmInstanceCheck = _userVmDao.findById(vmId); if (vmInstanceCheck == null) { throw new InvalidParameterValueException ("Unable to find a virtual machine with id " + vmId); } @@ -819,11 +817,9 @@ public class TemplateManagerImpl implements TemplateManager, Manager, TemplateSe @Override @ActionEvent(eventType = EventTypes.EVENT_ISO_ATTACH, eventDescription = "attaching ISO", async = true) - public boolean attachIso(AttachIsoCmd cmd) { + public boolean attachIso(long isoId, long vmId) { Account caller = UserContext.current().getCaller(); Long userId = UserContext.current().getCallerUserId(); - Long vmId = cmd.getVirtualMachineId(); - Long isoId = cmd.getId(); // Verify input parameters UserVmVO vm = _userVmDao.findById(vmId); diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java index 266ef87cf7b..09900991628 100755 --- a/server/src/com/cloud/user/AccountManagerImpl.java +++ b/server/src/com/cloud/user/AccountManagerImpl.java @@ -78,6 +78,8 @@ import com.cloud.network.dao.VpnUserDao; import com.cloud.network.security.SecurityGroupManager; import com.cloud.network.security.dao.SecurityGroupDao; import com.cloud.network.vpn.RemoteAccessVpnService; +import com.cloud.projects.Project; +import com.cloud.projects.ProjectManager; import com.cloud.server.auth.UserAuthenticator; import com.cloud.storage.StorageManager; import com.cloud.storage.VMTemplateVO; @@ -176,6 +178,9 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag private DataCenterDao _dcDao; @Inject private DomainManager _domainMgr; + @Inject + private ProjectManager _projectMgr; + private Adapters _userAuthenticators; private final ScheduledExecutorService _executor = Executors.newScheduledThreadPool(1, new NamedThreadFactory("AccountChecker")); @@ -261,7 +266,7 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag @Override public void checkAccess(Account caller, Domain domain, AccessType accessType) throws PermissionDeniedException { for (SecurityChecker checker : _securityCheckers) { - if (checker.checkAccess(caller, domain, accessType)) { + if (checker.checkAccess(caller, domain)) { if (s_logger.isDebugEnabled()) { s_logger.debug("Access granted to " + caller + " to " + domain + " by " + checker.getName()); } @@ -316,7 +321,7 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag throw new PermissionDeniedException("Domain is not found.", caller, domain.getValue()); } try { - checker.checkAccess(caller, d, accessType); + checker.checkAccess(caller, d); } catch (PermissionDeniedException e) { e.addDetails(caller, domain.getValue()); throw e; @@ -645,7 +650,6 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag user.setRegistrationToken(registrationToken); } - txn.commit(); return _userAccountDao.findById(user.getId()); } @@ -1195,11 +1199,30 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag } @Override - public Account finalizeOwner(Account caller, String accountName, Long domainId) { + public Account finalizeOwner(Account caller, String accountName, Long domainId, Long projectId) { // don't default the owner to the system account - if (caller.getId() == Account.ACCOUNT_ID_SYSTEM && (accountName == null || domainId == null)) { + if (caller.getId() == Account.ACCOUNT_ID_SYSTEM && ((accountName == null || domainId == null) && projectId == null)) { throw new InvalidParameterValueException("Account and domainId are needed for resource creation"); } + + //projectId and account/domainId can't be specified together + if ((accountName != null && domainId != null) && projectId != null) { + throw new InvalidParameterValueException("ProjectId and account/domainId can't be specified together"); + } + + if (projectId != null) { + Project project = _projectMgr.getProject(projectId); + if (project == null) { + throw new InvalidParameterValueException("Unable to find project by id=" + projectId); + } + + if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { + throw new PermissionDeniedException("Account " + caller + " is unauthorised to use project id=" + projectId); + } + + return getAccount(project.getProjectAccountId()); + } + if (isAdmin(caller.getType()) && accountName != null && domainId != null) { Domain domain = _domainMgr.getDomain(domainId); @@ -1267,7 +1290,9 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag } @Override - public Pair finalizeAccountDomainForList(Account caller, String accountName, Long domainId) { + public Pair,Long> finalizeAccountDomainForList(Account caller, String accountName, Long domainId, Long projectId) { + List permittedAccounts = new ArrayList(); + if (isAdmin(caller.getType())) { if (domainId == null && accountName != null) { throw new InvalidParameterValueException("accountName and domainId might be specified together"); @@ -1284,18 +1309,39 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag if (owner == null) { throw new InvalidParameterValueException("Unable to find account with name " + accountName + " in domain id=" + domainId); } + + permittedAccounts.add(owner.getId()); } } } else if (accountName != null && domainId != null) { if (!accountName.equals(caller.getAccountName()) || domainId.longValue() != caller.getDomainId()) { throw new PermissionDeniedException("Can't list port forwarding rules for account " + accountName + " in domain " + domainId + ", permission denied"); } + permittedAccounts.add(getActiveAccountByName(accountName, domainId).getId()); } else { - accountName = caller.getAccountName(); + permittedAccounts.add(caller.getAccountId()); + } + + if (domainId == null && caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) { domainId = caller.getDomainId(); } + + //set project information + if (projectId != null) { + permittedAccounts.clear(); + Project project = _projectMgr.getProject(projectId); + if (project == null) { + throw new InvalidParameterValueException("Unable to find project by id " + projectId); + } + if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { + throw new InvalidParameterValueException("Account " + caller + " can't access project id=" + projectId); + } + permittedAccounts.add(project.getProjectAccountId()); + } else if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL){ + permittedAccounts.addAll(_projectMgr.listPermittedProjectAccounts(caller.getId())); + } - return new Pair(accountName, domainId); + return new Pair, Long>(permittedAccounts, domainId); } @Override diff --git a/server/src/com/cloud/user/DomainManager.java b/server/src/com/cloud/user/DomainManager.java index 9730f25a9bb..ea990d86dda 100644 --- a/server/src/com/cloud/user/DomainManager.java +++ b/server/src/com/cloud/user/DomainManager.java @@ -21,13 +21,12 @@ import java.util.List; import java.util.Set; import com.cloud.domain.Domain; -import com.cloud.domain.Domain.Type; import com.cloud.domain.DomainVO; public interface DomainManager extends DomainService{ Set getDomainChildrenIds(String parentDomainPath); - Domain createDomain(String name, Long parentId, Long ownerId, String networkDomain, Type domainType); + Domain createDomain(String name, Long parentId, Long ownerId, String networkDomain); /** * find the domain by its path diff --git a/server/src/com/cloud/user/DomainManagerImpl.java b/server/src/com/cloud/user/DomainManagerImpl.java index 549f9d536ba..28dabf03189 100644 --- a/server/src/com/cloud/user/DomainManagerImpl.java +++ b/server/src/com/cloud/user/DomainManagerImpl.java @@ -31,7 +31,6 @@ import org.apache.log4j.Logger; import com.cloud.configuration.ResourceLimit; import com.cloud.configuration.dao.ResourceCountDao; import com.cloud.domain.Domain; -import com.cloud.domain.Domain.Type; import com.cloud.domain.DomainVO; import com.cloud.domain.dao.DomainDao; import com.cloud.event.ActionEvent; @@ -128,7 +127,7 @@ public class DomainManagerImpl implements DomainManager, DomainService, Manager{ } DomainVO parentDomain = _domainDao.findById(parentId); - if (parentDomain == null || parentDomain.getType() == Domain.Type.Project) { + if (parentDomain == null) { throw new InvalidParameterValueException("Unable to create domain " + name + ", parent domain " + parentId + " not found."); } @@ -139,13 +138,13 @@ public class DomainManagerImpl implements DomainManager, DomainService, Manager{ _accountMgr.checkAccess(caller, parentDomain, null); - return createDomain(name, parentId, caller.getId(), networkDomain, null); + return createDomain(name, parentId, caller.getId(), networkDomain); } @Override @DB - public Domain createDomain(String name, Long parentId, Long ownerId, String networkDomain, Type domainType) { + public Domain createDomain(String name, Long parentId, Long ownerId, String networkDomain) { //Verify network domain if (networkDomain != null) { if (!NetUtils.verifyDomainName(networkDomain)) { @@ -154,12 +153,6 @@ public class DomainManagerImpl implements DomainManager, DomainService, Manager{ + "and the hyphen ('-'); can't start or end with \"-\""); } } - - - //verify domainType - if (domainType != null && !(domainType == Domain.Type.Project || domainType == Domain.Type.Normal)) { - throw new InvalidParameterValueException("Invalid domain type; following values are supported: " + Domain.Type.Normal + ", " + Domain.Type.Project); - } SearchCriteria sc = _domainDao.createSearchCriteria(); sc.addAnd("name", SearchCriteria.Op.EQ, name); @@ -173,7 +166,7 @@ public class DomainManagerImpl implements DomainManager, DomainService, Manager{ Transaction txn = Transaction.currentTxn(); txn.start(); - DomainVO domain = _domainDao.create(new DomainVO(name, ownerId, parentId, networkDomain, domainType)); + DomainVO domain = _domainDao.create(new DomainVO(name, ownerId, parentId, networkDomain)); _resourceCountDao.createResourceCounts(domain.getId(), ResourceLimit.ResourceOwnerType.Domain); txn.commit(); @@ -209,7 +202,7 @@ public class DomainManagerImpl implements DomainManager, DomainService, Manager{ DomainVO domain = _domainDao.findById(domainId); - if (domain == null || domain.getType() == Domain.Type.Project) { + if (domain == null) { throw new InvalidParameterValueException("Failed to delete domain " + domainId + ", domain not found"); } else if (domainId == DomainVO.ROOT_DOMAIN) { throw new PermissionDeniedException("Can't delete ROOT domain"); diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java index 1e943e9f07a..864ec1611c8 100755 --- a/server/src/com/cloud/vm/UserVmManagerImpl.java +++ b/server/src/com/cloud/vm/UserVmManagerImpl.java @@ -495,7 +495,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager Long vmId = command.getVirtualMachineId(); Long volumeId = command.getId(); Long deviceId = command.getDeviceId(); - Account account = UserContext.current().getCaller(); + Account caller = UserContext.current().getCaller(); // Check that the volume ID is valid VolumeVO volume = _volsDao.findById(volumeId); @@ -559,7 +559,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager // If the account is not an admin, check that the volume and the virtual machine are owned by the account that was // passed in - _accountMgr.checkAccess(account, null, volume); + _accountMgr.checkAccess(caller, null, volume); VolumeVO rootVolumeOfVm = null; List rootVolumesOfVm = _volsDao.findByInstanceAndType(vmId, Volume.Type.ROOT); @@ -711,7 +711,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager @Override @ActionEvent(eventType = EventTypes.EVENT_VOLUME_DETACH, eventDescription = "detaching volume", async = true) public Volume detachVolumeFromVM(DetachVolumeCmd cmmd) { - Account account = UserContext.current().getCaller(); + Account caller = UserContext.current().getCaller(); if ((cmmd.getId() == null && cmmd.getDeviceId() == null && cmmd.getVirtualMachineId() == null) || (cmmd.getId() != null && (cmmd.getDeviceId() != null || cmmd.getVirtualMachineId() != null)) || (cmmd.getId() == null && (cmmd.getDeviceId() == null || cmmd.getVirtualMachineId() == null))) { throw new InvalidParameterValueException("Please provide either a volume id, or a tuple(device id, instance id)"); @@ -739,8 +739,8 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager throw new InvalidParameterValueException("Unable to find volume with ID: " + volumeId); } - // If the account is not an admin, check that the volume is owned by the account that was passed in - _accountMgr.checkAccess(account, null, volume); + // Permissions check + _accountMgr.checkAccess(caller, null, volume); // Check that the volume is a data volume if (volume.getVolumeType() != Volume.Type.DATADISK) { @@ -1812,8 +1812,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager Long domainId = cmd.getDomainId(); String accountName = cmd.getAccountName(); String groupName = cmd.getGroupName(); + Long projectId = cmd.getProjectId(); - Account owner = _accountMgr.finalizeOwner(caller, accountName, domainId); + Account owner = _accountMgr.finalizeOwner(caller, accountName, domainId, projectId); long accountId = owner.getId(); // Check if name is already in use by this account @@ -2935,11 +2936,12 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager //set project information if (projectId != null) { + permittedAccounts.clear(); Project project = _projectMgr.getProject(projectId); if (project == null) { throw new InvalidParameterValueException("Unable to find project by id " + projectId); } - if (!_projectMgr.canAccessAccount(caller, project.getProjectAccountId())) { + if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { throw new InvalidParameterValueException("Account " + caller + " can't access project id=" + projectId); } permittedAccounts.add(project.getProjectAccountId()); @@ -3255,9 +3257,14 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager //VV 1: verify the two users Account oldAccount = UserContext.current().getCaller(); Account newAccount = _accountService.getAccount(cmd.getAccountId()); - if (newAccount == null) { + if (newAccount == null || newAccount.getType() == Account.ACCOUNT_TYPE_PROJECT) { throw new InvalidParameterValueException("Unable to find account " + newAccount + " in domain " + oldAccount.getDomainId()); } + + //don't allow to move the vm from the project + if (oldAccount.getType() == Account.ACCOUNT_TYPE_PROJECT) { + throw new InvalidParameterValueException("Vm id=" + cmd.getVmId() + " belongs to the project and can't be moved"); + } //VV 2: check if account/domain is with in resource limits to create a new vm _resourceLimitMgr.checkResourceLimit(newAccount, ResourceType.user_vm); @@ -3353,7 +3360,6 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager VirtualMachineProfileImpl vmProfile = new VirtualMachineProfileImpl(vmi); _networkMgr.allocate(vmProfile, networks); } - } return vm; diff --git a/server/test/com/cloud/network/MockNetworkManagerImpl.java b/server/test/com/cloud/network/MockNetworkManagerImpl.java index 40189dce6e9..fa661458be1 100644 --- a/server/test/com/cloud/network/MockNetworkManagerImpl.java +++ b/server/test/com/cloud/network/MockNetworkManagerImpl.java @@ -8,7 +8,6 @@ import javax.naming.ConfigurationException; import com.cloud.api.commands.AssociateIPAddrCmd; import com.cloud.api.commands.CreateNetworkCmd; -import com.cloud.api.commands.DisassociateIPAddrCmd; import com.cloud.api.commands.ListNetworksCmd; import com.cloud.api.commands.RestartNetworkCmd; import com.cloud.dc.Vlan; @@ -47,7 +46,7 @@ import com.cloud.vm.VirtualMachineProfile; public class MockNetworkManagerImpl implements NetworkManager, Manager, NetworkService { @Override - public List getVirtualNetworksOwnedByAccountInZone(String accountName, long domainId, long zoneId) { + public List getVirtualNetworksOwnedByAccountInZone(long zoneId, Account owner) { // TODO Auto-generated method stub return null; } @@ -71,7 +70,7 @@ public class MockNetworkManagerImpl implements NetworkManager, Manager, NetworkS } @Override - public boolean disassociateIpAddress(DisassociateIPAddrCmd cmd) { + public boolean disassociateIpAddress(long ipAddressId) { // TODO Auto-generated method stub return false; } diff --git a/server/test/com/cloud/user/MockAccountManagerImpl.java b/server/test/com/cloud/user/MockAccountManagerImpl.java index 2d79a1c125b..1c4afeeb3d3 100644 --- a/server/test/com/cloud/user/MockAccountManagerImpl.java +++ b/server/test/com/cloud/user/MockAccountManagerImpl.java @@ -107,13 +107,13 @@ public class MockAccountManagerImpl implements Manager, AccountManager { } @Override - public Account finalizeOwner(Account caller, String accountName, Long domainId) { + public Account finalizeOwner(Account caller, String accountName, Long domainId, Long projectId) { // TODO Auto-generated method stub return null; } @Override - public Pair finalizeAccountDomainForList(Account caller, String accountName, Long domainId) { + public Pair,Long> finalizeAccountDomainForList(Account caller, String accountName, Long domainId, Long projectId) { // TODO Auto-generated method stub return null; } diff --git a/setup/db/create-schema.sql b/setup/db/create-schema.sql index 21809842eb9..b9269c8310e 100755 --- a/setup/db/create-schema.sql +++ b/setup/db/create-schema.sql @@ -1671,14 +1671,12 @@ CREATE TABLE `cloud`.`projects` ( `name` varchar(255) COMMENT 'project name', `display_text` varchar(255) COMMENT 'project name', `project_account_id` bigint unsigned NOT NULL, - `project_domain_id` bigint unsigned NOT NULL, `domain_id` bigint unsigned NOT NULL, `created` datetime COMMENT 'date created', `removed` datetime COMMENT 'date removed', `state` varchar(255) NOT NULL COMMENT 'state of the project (Active/Inactive/Suspended)', PRIMARY KEY (`id`), CONSTRAINT `fk_projects__project_account_id` FOREIGN KEY(`project_account_id`) REFERENCES `account`(`id`) ON DELETE CASCADE, - CONSTRAINT `fk_projects__project_domain_id` FOREIGN KEY(`project_domain_id`) REFERENCES `domain`(`id`) ON DELETE CASCADE, CONSTRAINT `fk_projects__domain_id` FOREIGN KEY(`domain_id`) REFERENCES `domain`(`id`) ON DELETE CASCADE, INDEX `i_projects__removed`(`removed`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; @@ -1690,13 +1688,11 @@ CREATE TABLE `cloud`.`project_account` ( `account_role` varchar(255) NOT NULL DEFAULT 'Regular' COMMENT 'Account role in the project (Owner or Regular)', `project_id` bigint unsigned NOT NULL COMMENT 'project id', `project_account_id` bigint unsigned NOT NULL, - `project_domain_id` bigint unsigned NOT NULL, `created` datetime COMMENT 'date created', PRIMARY KEY (`id`), CONSTRAINT `fk_project_account__account_id` FOREIGN KEY(`account_id`) REFERENCES `account`(`id`) ON DELETE CASCADE, CONSTRAINT `fk_project_account__project_id` FOREIGN KEY(`project_id`) REFERENCES `projects`(`id`) ON DELETE CASCADE, CONSTRAINT `fk_project_account__project_account_id` FOREIGN KEY(`project_account_id`) REFERENCES `account`(`id`) ON DELETE CASCADE, - CONSTRAINT `fk_project_account__project_domain_id` FOREIGN KEY(`project_domain_id`) REFERENCES `domain`(`id`) ON DELETE CASCADE, UNIQUE (`account_id`, `project_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; diff --git a/setup/db/db/schema-2212to30.sql b/setup/db/db/schema-2212to30.sql index 7b8e508906d..f057e7bb18a 100644 --- a/setup/db/db/schema-2212to30.sql +++ b/setup/db/db/schema-2212to30.sql @@ -34,14 +34,12 @@ CREATE TABLE `cloud`.`projects` ( `name` varchar(255) COMMENT 'project name', `display_text` varchar(255) COMMENT 'project name', `project_account_id` bigint unsigned NOT NULL, - `project_domain_id` bigint unsigned NOT NULL, `domain_id` bigint unsigned NOT NULL, `created` datetime COMMENT 'date created', - `removed` datetime COMMENT 'date removed',\ + `removed` datetime COMMENT 'date removed', `state` varchar(255) NOT NULL COMMENT 'state of the project (Active/Inactive/Suspended)', PRIMARY KEY (`id`), CONSTRAINT `fk_projects__project_account_id` FOREIGN KEY(`project_account_id`) REFERENCES `account`(`id`) ON DELETE CASCADE, - CONSTRAINT `fk_projects__project_domain_id` FOREIGN KEY(`project_domain_id`) REFERENCES `domain`(`id`) ON DELETE CASCADE, CONSTRAINT `fk_projects__domain_id` FOREIGN KEY(`domain_id`) REFERENCES `domain`(`id`) ON DELETE CASCADE, INDEX `i_projects__removed`(`removed`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; @@ -53,12 +51,11 @@ CREATE TABLE `cloud`.`project_account` ( `account_role` varchar(255) NOT NULL DEFAULT 'Regular' COMMENT 'Account role in the project (Owner or Regular)', `project_id` bigint unsigned NOT NULL COMMENT 'project id', `project_account_id` bigint unsigned NOT NULL, - `project_domain_id` bigint unsigned NOT NULL, + `created` datetime COMMENT 'date created', PRIMARY KEY (`id`), CONSTRAINT `fk_project_account__account_id` FOREIGN KEY(`account_id`) REFERENCES `account`(`id`) ON DELETE CASCADE, CONSTRAINT `fk_project_account__project_id` FOREIGN KEY(`project_id`) REFERENCES `projects`(`id`) ON DELETE CASCADE, CONSTRAINT `fk_project_account__project_account_id` FOREIGN KEY(`project_account_id`) REFERENCES `account`(`id`) ON DELETE CASCADE, - CONSTRAINT `fk_project_account__project_domain_id` FOREIGN KEY(`project_domain_id`) REFERENCES `domain`(`id`) ON DELETE CASCADE, UNIQUE (`account_id`, `project_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; @@ -70,7 +67,7 @@ CREATE TABLE `cloud`.`project_invitations` ( `domain_id` bigint unsigned COMMENT 'domain id', `email` varchar(255) COMMENT 'email', `token` varchar(255) COMMENT 'token', - `state` varchar(255) unsigned NOT NULL DEFAULT 'Pending' COMMENT 'the state of the invitation', + `state` varchar(255) NOT NULL DEFAULT 'Pending' COMMENT 'the state of the invitation', `created` datetime COMMENT 'date created', PRIMARY KEY (`id`), CONSTRAINT `fk_project_invitations__account_id` FOREIGN KEY(`account_id`) REFERENCES `account`(`id`) ON DELETE CASCADE, @@ -78,7 +75,6 @@ CREATE TABLE `cloud`.`project_invitations` ( CONSTRAINT `fk_project_invitations__project_id` FOREIGN KEY(`project_id`) REFERENCES `projects`(`id`) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -ALTER TABLE domain ADD COLUMN `type` varchar(255) NOT NULL DEFAULT 'Normal' COMMENT 'type of the domain - can be Normal or Project'; INSERT IGNORE INTO configuration VALUES ('Advanced', 'DEFAULT', 'management-server', 'max.project.user.vms', '20', 'The default maximum number of user VMs that can be deployed for a project'); INSERT IGNORE INTO configuration VALUES ('Advanced', 'DEFAULT', 'management-server', 'max.project.public.ips', '20', 'The default maximum number of public IPs that can be consumed by a project');