Check if an Account belongs to RootAdmin group

2013-09-24 17:01:43 -07:00 · 2013-09-24 17:01:43 -07:00 · 4294005142
parent aba54356d5
commit 4294005142
5 changed files with 33 additions and 1 deletions
--- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDao.java
+++ b/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDao.java
@ -28,4 +28,6 @@ public interface AclGroupAccountMapDao extends GenericDao<AclGroupAccountMapVO,

    List<AclGroupAccountMapVO> listByAccountId(long accountId);

+    AclGroupAccountMapVO findAccountInAdminGroup(long accountId);
+
 }
--- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDaoImpl.java
+++ b/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDaoImpl.java
@ -33,6 +33,7 @@ import com.cloud.utils.db.SearchCriteria;
 public class AclGroupAccountMapDaoImpl extends GenericDaoBase<AclGroupAccountMapVO, Long> implements AclGroupAccountMapDao {
    private SearchBuilder<AclGroupAccountMapVO> ListByGroupId;
    private SearchBuilder<AclGroupAccountMapVO> ListByAccountId;
+    private SearchBuilder<AclGroupAccountMapVO> _findByAccountAndGroupId;

    @Override
    public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
@ -46,6 +47,13 @@ public class AclGroupAccountMapDaoImpl extends GenericDaoBase<AclGroupAccountMap
        ListByAccountId.and("accountId", ListByAccountId.entity().getAccountId(), SearchCriteria.Op.EQ);
        ListByAccountId.done();

+        _findByAccountAndGroupId = createSearchBuilder();
+        _findByAccountAndGroupId
+                .and("groupId", _findByAccountAndGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ);
+        _findByAccountAndGroupId.and("accountId", _findByAccountAndGroupId.entity().getAccountId(),
+                SearchCriteria.Op.EQ);
+        _findByAccountAndGroupId.done();
+
        return true;
    }

@ -63,4 +71,12 @@ public class AclGroupAccountMapDaoImpl extends GenericDaoBase<AclGroupAccountMap
        return listBy(sc);
    }

+    @Override
+    public AclGroupAccountMapVO findAccountInAdminGroup(long accountId) {
+        SearchCriteria<AclGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
+        sc.setParameters("accountId", accountId);
+        sc.setParameters("groupId", 2);
+        return findOneBy(sc);
+    }
+
 }
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@ -39,10 +39,12 @@ import javax.naming.ConfigurationException;

 import org.apache.commons.codec.binary.Base64;
 import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.AclGroupAccountMapVO;
 import org.apache.cloudstack.acl.ControlledEntity;
 import org.apache.cloudstack.acl.RoleType;
 import org.apache.cloudstack.acl.SecurityChecker;
 import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.acl.dao.AclGroupAccountMapDao;
 import org.apache.cloudstack.affinity.AffinityGroup;
 import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
 import org.apache.cloudstack.api.command.admin.account.UpdateAccountCmd;
@ -244,6 +246,10 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
    private DedicatedResourceDao _dedicatedDao;
    @Inject
    private GlobalLoadBalancerRuleDao _gslbRuleDao;
+
+    @Inject
+    private AclGroupAccountMapDao _aclGroupAccountDao;
+
    @Inject
    public com.cloud.region.ha.GlobalLoadBalancingRulesService _gslbService;

@ -347,6 +353,11 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
    public boolean isRootAdmin(long accountId) {
        // refer to account_group_map and check if account is in Root 'Admin'
        // group
+        
+        AclGroupAccountMapVO adminGroupMember = _aclGroupAccountDao.findAccountInAdminGroup(accountId);
+        if (adminGroupMember != null) {
+            return true;
+        }
        return false;
    }

--- a/server/test/com/cloud/vm/UserVmManagerTest.java
+++ b/server/test/com/cloud/vm/UserVmManagerTest.java
@ -564,6 +564,9 @@ public class UserVmManagerTest {
                any(Boolean.class), any(ControlledEntity.class));

        CallContext.register(user, caller);
+
+        when(_accountMgr.isRootAdmin(anyLong())).thenReturn(true);
+
        try {
            _userVmMgr.moveVMToUser(cmd);
        } finally {
--- a/server/test/com/cloud/vpc/MockResourceLimitManagerImpl.java
+++ b/server/test/com/cloud/vpc/MockResourceLimitManagerImpl.java
@ -75,7 +75,7 @@ public class MockResourceLimitManagerImpl extends ManagerBase implements Resourc


    @Override
-    public long findCorrectResourceLimitForAccount(short accountType, Long limit, ResourceType type) {
+    public long findCorrectResourceLimitForAccount(long accountId, Long limit, ResourceType type) {
        // TODO Auto-generated method stub
        return 0;
    }