diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java index 5f3bb98bbe1..c6ef06349c9 100755 --- a/server/src/com/cloud/api/ApiServer.java +++ b/server/src/com/cloud/api/ApiServer.java @@ -366,8 +366,8 @@ public class ApiServer implements HttpRequestHandler { private String queueCommand(BaseCmd cmdObj, Map params) { UserContext ctx = UserContext.current(); - Long userId = ctx.getCallerUserId(); - Account account = ctx.getCaller(); + Long callerUserId = ctx.getCallerUserId(); + Account caller = ctx.getCaller(); if (cmdObj instanceof BaseAsyncCmd) { Long objectId = null; if (cmdObj instanceof BaseAsyncCreateCmd) { @@ -381,18 +381,18 @@ public class ApiServer implements HttpRequestHandler { BaseAsyncCmd asyncCmd = (BaseAsyncCmd)cmdObj; - if (userId != null) { - params.put("ctxUserId", userId.toString()); + if (callerUserId != null) { + params.put("ctxUserId", callerUserId.toString()); } - if (account != null) { - params.put("ctxAccountId", String.valueOf(account.getId())); + if (caller != null) { + params.put("ctxAccountId", String.valueOf(caller.getId())); } long startEventId = ctx.getStartEventId(); asyncCmd.setStartEventId(startEventId); // save the scheduled event - Long eventId = EventUtils.saveScheduledEvent((userId == null) ? User.UID_SYSTEM : userId, asyncCmd.getEntityOwnerId(), + Long eventId = EventUtils.saveScheduledEvent((callerUserId == null) ? User.UID_SYSTEM : callerUserId, asyncCmd.getEntityOwnerId(), asyncCmd.getEventType(), asyncCmd.getEventDescription(), startEventId); if(startEventId == 0){ //There was no create event before, set current event id as start eventId @@ -407,8 +407,8 @@ public class ApiServer implements HttpRequestHandler { AsyncJobVO job = new AsyncJobVO(); job.setInstanceId((objectId == null) ? asyncCmd.getInstanceId() : objectId); job.setInstanceType(asyncCmd.getInstanceType()); - job.setUserId(userId); - job.setAccountId(asyncCmd.getEntityOwnerId()); + job.setUserId(callerUserId); + job.setAccountId(caller.getId()); job.setCmd(cmdObj.getClass().getName()); job.setCmdInfo(ApiGsonHelper.getBuilder().create().toJson(params)); @@ -431,7 +431,7 @@ public class ApiServer implements HttpRequestHandler { // if the command is of the listXXXCommand, we will need to also return the // the job id and status if possible if (cmdObj instanceof BaseListCmd) { - buildAsyncListResponse((BaseListCmd)cmdObj, account); + buildAsyncListResponse((BaseListCmd)cmdObj, caller); } return ApiResponseSerializer.toSerializedString((ResponseObject)cmdObj.getResponseObject(), cmdObj.getResponseType()); } diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java index 5fb26a0d1af..ffd0359f3f3 100755 --- a/server/src/com/cloud/server/ManagementServerImpl.java +++ b/server/src/com/cloud/server/ManagementServerImpl.java @@ -3916,8 +3916,8 @@ public class ManagementServerImpl implements ManagementServer { Object accountId = null; Long domainId = cmd.getDomainId(); - Account account = UserContext.current().getCaller(); - if ((account == null) || isAdmin(account.getType())) { + Account caller = UserContext.current().getCaller(); + if (isAdmin(caller.getType())) { String accountName = cmd.getAccountName(); if ((accountName != null) && (domainId != null)) { @@ -3928,36 +3928,60 @@ public class ManagementServerImpl implements ManagementServer { throw new InvalidParameterValueException("Failed to list async jobs for account " + accountName + " in domain " + domainId + "; account not found."); } } else if (domainId != null) { - if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), domainId)) { + if (!_domainDao.isChildDomain(caller.getDomainId(), domainId)) { throw new PermissionDeniedException("Failed to list async jobs for domain " + domainId + "; permission denied."); } - - // we can do a domain match for the admin case - SearchBuilder domainSearch = _domainDao.createSearchBuilder(); - domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE); - - SearchBuilder accountSearch = _accountDao.createSearchBuilder(); - accountSearch.join("domainSearch", domainSearch, accountSearch.entity().getDomainId(), domainSearch.entity().getId(), JoinType.INNER); - - sb.join("accountSearch", accountSearch, sb.entity().getAccountId(), accountSearch.entity().getId(), JoinType.INNER); } + + if (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN && domainId == null) { + domainId = caller.getDomainId(); + } + } else { - accountId = account.getId(); + accountId = caller.getId(); } - + + // we should do domain based search for domain admin + if (domainId != null) { + sb.and("accountsIn", sb.entity().getAccountId(), SearchCriteria.Op.IN); + } + Object keyword = cmd.getKeyword(); Object startDate = cmd.getStartDate(); - SearchCriteria sc = _jobDao.createSearchCriteria(); + SearchCriteria sc = sb.create(); + if (keyword != null) { sc.addAnd("cmd", SearchCriteria.Op.LIKE, "%" + keyword + "%"); } if (accountId != null) { sc.addAnd("accountId", SearchCriteria.Op.EQ, accountId); - } else if (domainId != null) { + } + + + if (domainId != null) { + SearchBuilder domainSearch = _domainDao.createSearchBuilder(); + domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE); + + SearchBuilder accountSearch = _accountDao.createSearchBuilder(); + accountSearch.join("domainSearch", domainSearch, accountSearch.entity().getDomainId(), domainSearch.entity().getId(), JoinType.INNER); + + SearchCriteria accountSc = accountSearch.create(); DomainVO domain = _domainDao.findById(domainId); - sc.setJoinParameters("domainSearch", "path", domain.getPath() + "%"); + + accountSc.setJoinParameters("domainSearch", "path", domain.getPath() + "%"); + + List allowedAccounts = _accountDao.search(accountSc, null); + if (!allowedAccounts.isEmpty()) { + Long[] accountIds = new Long[allowedAccounts.size()]; + for (int i = 0; i < allowedAccounts.size(); i++) { + AccountVO allowedAccount = allowedAccounts.get(i); + accountIds[i] = allowedAccount.getId(); + } + + sc.setParameters("accountsIn", (Object[])accountIds); + } } if (startDate != null) {