From 42940051424abe96eb2f1fe7bd94b547b377e00d Mon Sep 17 00:00:00 2001 From: Prachi Damle Date: Tue, 24 Sep 2013 17:01:43 -0700 Subject: [PATCH] Check if an Account belongs to RootAdmin group --- .../acl/dao/AclGroupAccountMapDao.java | 2 ++ .../acl/dao/AclGroupAccountMapDaoImpl.java | 16 ++++++++++++++++ .../src/com/cloud/user/AccountManagerImpl.java | 11 +++++++++++ server/test/com/cloud/vm/UserVmManagerTest.java | 3 +++ .../cloud/vpc/MockResourceLimitManagerImpl.java | 2 +- 5 files changed, 33 insertions(+), 1 deletion(-) diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDao.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDao.java index b60dcb495f2..1102047b92c 100644 --- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDao.java +++ b/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDao.java @@ -28,4 +28,6 @@ public interface AclGroupAccountMapDao extends GenericDao listByAccountId(long accountId); + AclGroupAccountMapVO findAccountInAdminGroup(long accountId); + } diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDaoImpl.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDaoImpl.java index ecccf857376..d0c8a5bbc4d 100644 --- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDaoImpl.java +++ b/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDaoImpl.java @@ -33,6 +33,7 @@ import com.cloud.utils.db.SearchCriteria; public class AclGroupAccountMapDaoImpl extends GenericDaoBase implements AclGroupAccountMapDao { private SearchBuilder ListByGroupId; private SearchBuilder ListByAccountId; + private SearchBuilder _findByAccountAndGroupId; @Override public boolean configure(String name, Map params) throws ConfigurationException { @@ -46,6 +47,13 @@ public class AclGroupAccountMapDaoImpl extends GenericDaoBase sc = _findByAccountAndGroupId.create(); + sc.setParameters("accountId", accountId); + sc.setParameters("groupId", 2); + return findOneBy(sc); + } + } diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java index e78620e5cb7..3b0e87c4a85 100755 --- a/server/src/com/cloud/user/AccountManagerImpl.java +++ b/server/src/com/cloud/user/AccountManagerImpl.java @@ -39,10 +39,12 @@ import javax.naming.ConfigurationException; import org.apache.commons.codec.binary.Base64; import org.apache.log4j.Logger; +import org.apache.cloudstack.acl.AclGroupAccountMapVO; import org.apache.cloudstack.acl.ControlledEntity; import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.acl.SecurityChecker; import org.apache.cloudstack.acl.SecurityChecker.AccessType; +import org.apache.cloudstack.acl.dao.AclGroupAccountMapDao; import org.apache.cloudstack.affinity.AffinityGroup; import org.apache.cloudstack.affinity.dao.AffinityGroupDao; import org.apache.cloudstack.api.command.admin.account.UpdateAccountCmd; @@ -244,6 +246,10 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M private DedicatedResourceDao _dedicatedDao; @Inject private GlobalLoadBalancerRuleDao _gslbRuleDao; + + @Inject + private AclGroupAccountMapDao _aclGroupAccountDao; + @Inject public com.cloud.region.ha.GlobalLoadBalancingRulesService _gslbService; @@ -347,6 +353,11 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M public boolean isRootAdmin(long accountId) { // refer to account_group_map and check if account is in Root 'Admin' // group + + AclGroupAccountMapVO adminGroupMember = _aclGroupAccountDao.findAccountInAdminGroup(accountId); + if (adminGroupMember != null) { + return true; + } return false; } diff --git a/server/test/com/cloud/vm/UserVmManagerTest.java b/server/test/com/cloud/vm/UserVmManagerTest.java index df676d31594..8e5032f4995 100755 --- a/server/test/com/cloud/vm/UserVmManagerTest.java +++ b/server/test/com/cloud/vm/UserVmManagerTest.java @@ -564,6 +564,9 @@ public class UserVmManagerTest { any(Boolean.class), any(ControlledEntity.class)); CallContext.register(user, caller); + + when(_accountMgr.isRootAdmin(anyLong())).thenReturn(true); + try { _userVmMgr.moveVMToUser(cmd); } finally { diff --git a/server/test/com/cloud/vpc/MockResourceLimitManagerImpl.java b/server/test/com/cloud/vpc/MockResourceLimitManagerImpl.java index 367ca455727..172d6b39581 100644 --- a/server/test/com/cloud/vpc/MockResourceLimitManagerImpl.java +++ b/server/test/com/cloud/vpc/MockResourceLimitManagerImpl.java @@ -75,7 +75,7 @@ public class MockResourceLimitManagerImpl extends ManagerBase implements Resourc @Override - public long findCorrectResourceLimitForAccount(short accountType, Long limit, ResourceType type) { + public long findCorrectResourceLimitForAccount(long accountId, Long limit, ResourceType type) { // TODO Auto-generated method stub return 0; }