mirror of https://github.com/apache/cloudstack.git
Don't allow to create snapshotPolicy for disabled account and suspended/inactive project
This commit is contained in:
Alena Prokharchyk
parent
ceb0a918a1
commit
42a460023e
|
|
@ -106,21 +106,16 @@ public class CreateSnapshotCmd extends BaseAsyncCreateCmd {
|
|||
|
||||
@Override
|
||||
public long getEntityOwnerId() {
|
||||
Long volumeId = getVolumeId();
|
||||
Long accountId = null;
|
||||
|
||||
Volume volume = _entityMgr.findById(Volume.class, volumeId);
|
||||
if (volume != null) {
|
||||
accountId = volume.getAccountId();
|
||||
} else {
|
||||
|
||||
Volume volume = _entityMgr.findById(Volume.class, getVolumeId());
|
||||
if (volume == null) {
|
||||
throw new InvalidParameterValueException("Unable to find volume by id=" + volumeId);
|
||||
}
|
||||
|
||||
|
||||
Account account = _accountService.getAccount(accountId);
|
||||
Account account = _accountService.getAccount(volume.getAccountId());
|
||||
//Can create templates for enabled projects/accounts only
|
||||
if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
|
||||
Project project = _projectService.findByProjectAccountId(accountId);
|
||||
Project project = _projectService.findByProjectAccountId(volume.getAccountId());
|
||||
if (project.getState() != Project.State.Active) {
|
||||
throw new PermissionDeniedException("Can't add resources to the project id=" + project.getId() + " in state=" + project.getState() + " as it's no longer active");
|
||||
}
|
||||
|
|
@ -128,7 +123,7 @@ public class CreateSnapshotCmd extends BaseAsyncCreateCmd {
|
|||
throw new PermissionDeniedException("The owner of template is disabled: " + account);
|
||||
}
|
||||
|
||||
return accountId;
|
||||
return volume.getAccountId();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -27,6 +27,9 @@ import com.cloud.api.Implementation;
|
|||
import com.cloud.api.Parameter;
|
||||
import com.cloud.api.ServerApiException;
|
||||
import com.cloud.api.response.SnapshotPolicyResponse;
|
||||
import com.cloud.exception.InvalidParameterValueException;
|
||||
import com.cloud.exception.PermissionDeniedException;
|
||||
import com.cloud.projects.Project;
|
||||
import com.cloud.storage.Volume;
|
||||
import com.cloud.storage.snapshot.SnapshotPolicy;
|
||||
import com.cloud.user.Account;
|
||||
|
|
@ -100,16 +103,27 @@ public class CreateSnapshotPolicyCmd extends BaseCmd {
|
|||
@Override
|
||||
public long getEntityOwnerId() {
|
||||
Volume volume = _entityMgr.findById(Volume.class, getVolumeId());
|
||||
if (volume != null) {
|
||||
return volume.getAccountId();
|
||||
if (volume == null) {
|
||||
throw new InvalidParameterValueException("Unable to find volume by id=" + volumeId);
|
||||
}
|
||||
|
||||
return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
|
||||
|
||||
Account account = _accountService.getAccount(volume.getAccountId());
|
||||
//Can create templates for enabled projects/accounts only
|
||||
if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
|
||||
Project project = _projectService.findByProjectAccountId(volume.getAccountId());
|
||||
if (project.getState() != Project.State.Active) {
|
||||
throw new PermissionDeniedException("Can't add resources to the project id=" + project.getId() + " in state=" + project.getState() + " as it's no longer active");
|
||||
}
|
||||
} else if (account.getState() == Account.State.disabled) {
|
||||
throw new PermissionDeniedException("The owner of template is disabled: " + account);
|
||||
}
|
||||
|
||||
return volume.getAccountId();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void execute(){
|
||||
SnapshotPolicy result = _snapshotService.createPolicy(this);
|
||||
SnapshotPolicy result = _snapshotService.createPolicy(this, _accountService.getAccount(getEntityOwnerId()));
|
||||
if (result != null) {
|
||||
SnapshotPolicyResponse response = _responseGenerator.createSnapshotPolicyResponse(result);
|
||||
response.setResponseName(getCommandName());
|
||||
|
|
|
|||
|
|
@ -54,9 +54,10 @@ public interface SnapshotService {
|
|||
*
|
||||
* @param cmd
|
||||
* the command that
|
||||
* @param policyOwner TODO
|
||||
* @return the newly created snapshot policy if success, null otherwise
|
||||
*/
|
||||
SnapshotPolicy createPolicy(CreateSnapshotPolicyCmd cmd);
|
||||
SnapshotPolicy createPolicy(CreateSnapshotPolicyCmd cmd, Account policyOwner);
|
||||
|
||||
/**
|
||||
* Get the recurring snapshots scheduled for this volume currently along with the time at which they are scheduled
|
||||
|
|
|
|||
|
|
@ -1126,7 +1126,7 @@ public class SnapshotManagerImpl implements SnapshotManager, SnapshotService, Ma
|
|||
|
||||
@Override
|
||||
@DB
|
||||
public SnapshotPolicyVO createPolicy(CreateSnapshotPolicyCmd cmd) {
|
||||
public SnapshotPolicyVO createPolicy(CreateSnapshotPolicyCmd cmd, Account policyOwner) {
|
||||
Long volumeId = cmd.getVolumeId();
|
||||
VolumeVO volume = _volsDao.findById(cmd.getVolumeId());
|
||||
if (volume == null) {
|
||||
|
|
@ -1139,7 +1139,7 @@ public class SnapshotManagerImpl implements SnapshotManager, SnapshotService, Ma
|
|||
throw new InvalidParameterValueException("VolumeId: " + volumeId + " is not in " + Volume.State.Ready + " state but " + volume.getState() + ". Cannot take snapshot.");
|
||||
}
|
||||
|
||||
if ( volume.getTemplateId() != null ) {
|
||||
if (volume.getTemplateId() != null ) {
|
||||
VMTemplateVO template = _templateDao.findById(volume.getTemplateId());
|
||||
if( template != null && template.getTemplateType() == Storage.TemplateType.SYSTEM ) {
|
||||
throw new InvalidParameterValueException("VolumeId: " + volumeId + " is for System VM , Creating snapshot against System VM volumes is not supported");
|
||||
|
|
|
|||
Loading…
Reference in New Issue