etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-6501:IAM - DomainAdmin - When listVirtualMachines is used 

with listall=true and account and domainId , Vms owned by the account
account is not listed.
This commit is contained in:
Min Chen 2014-04-24 18:13:59 -07:00 committed by Daan Hoogland
parent e811e61ded
commit 2bba381a63
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
server/src/com/cloud/user/AccountManagerImpl.java
View File

@ -2283,7 +2283,11 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
if (accountId != null) {
// specific account filter is specified
if (grantedAccounts.contains(accountId)) {
if (grantedDomains.contains(domainId)) {
// the account domain is granted to the caller
permittedAccounts.add(accountId);
}
else if (grantedAccounts.contains(accountId)) {
permittedAccounts.add(accountId);
} else {
//TODO: we should also filter granted resources based on accountId passed.

4
services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityQuerySelector.java
View File

@ -73,8 +73,8 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
domainId = p.getScopeId();
//domainIds.add(p.getScopeId());
}
domainIds.add(domainId);
// add all the domain children from this domain. Like RoleBasedEntityAccessChecker, we made an assumption, if DOMAIN scope is granted, it means that
//domainIds.add(domainId);
// add all the domain children from this domain (including this domain itself). Like RoleBasedEntityAccessChecker, we made an assumption, if DOMAIN scope is granted, it means that
// the whole domain tree is granted access.
DomainVO domain = _domainDao.findById(domainId);
List<Long> childDomains = _domainDao.getDomainChildrenIds(domain.getPath());