diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index 53426ee5223..ba4e1bb9641 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -1649,7 +1649,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag sc.addAnd("trafficType", SearchCriteria.Op.EQ, trafficType); } - if (path != null && (isShared == null || !isShared)) { + if (!isSystem && path != null && (isShared == null || !isShared)) { sc.setJoinParameters("domainSearch", "path", path + "%"); } diff --git a/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java b/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java index 9311585c373..5ead203167a 100644 --- a/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java +++ b/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java @@ -34,6 +34,7 @@ import com.cloud.api.commands.ListLoadBalancerRuleInstancesCmd; import com.cloud.api.commands.ListLoadBalancerRulesCmd; import com.cloud.api.commands.UpdateLoadBalancerRuleCmd; import com.cloud.dc.dao.VlanDao; +import com.cloud.domain.DomainVO; import com.cloud.domain.dao.DomainDao; import com.cloud.event.ActionEvent; import com.cloud.event.EventTypes; @@ -1199,7 +1200,7 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager, @Override public List listLoadBalancerInstances(ListLoadBalancerRuleInstancesCmd cmd) throws PermissionDeniedException { - Account account = UserContext.current().getCaller(); + Account caller = UserContext.current().getCaller(); Long loadBalancerId = cmd.getId(); Boolean applied = cmd.isApplied(); @@ -1211,16 +1212,8 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager, if (loadBalancer == null) { return null; } - - long lbAcctId = loadBalancer.getAccountId(); - if (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) { - Account userAccount = _accountDao.findById(lbAcctId); - if (!_domainDao.isChildDomain(account.getDomainId(), userAccount.getDomainId())) { - throw new PermissionDeniedException("Invalid load balancer rule id (" + loadBalancerId + ") given, unable to list load balancer instances."); - } - } else if (account.getType() == Account.ACCOUNT_TYPE_NORMAL && account.getId() != lbAcctId) { - throw new PermissionDeniedException("Unable to list load balancer instances, account " + account.getAccountName() + " does not own load balancer rule " + loadBalancer.getName()); - } + + _accountMgr.checkAccess(caller, loadBalancer); List loadBalancerInstances = new ArrayList(); List vmLoadBalancerMappings = null; @@ -1266,25 +1259,35 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager, @Override public List searchForLoadBalancers(ListLoadBalancerRulesCmd cmd) throws InvalidParameterValueException, PermissionDeniedException { Account caller = UserContext.current().getCaller(); - Account owner = null; Long domainId = cmd.getDomainId(); String accountName = cmd.getAccountName(); Long accountId = null; Long ipId = cmd.getPublicIpId(); + String path = null; - if (accountName != null && domainId != null) { - owner = _accountDao.findActiveAccount(accountName, domainId); - if (owner == null) { - accountId = -1L; + if (_accountMgr.isAdmin(caller.getType())) { + if (domainId != null) { + if ((caller != null) && !_domainDao.isChildDomain(caller.getDomainId(), domainId)) { + throw new PermissionDeniedException("Invalid domain id (" + domainId + ") given, unable to list load balancers"); + } + if (accountName != null) { + caller = _accountMgr.getActiveAccount(accountName, domainId); + if (caller == null) { + throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId); + } + accountId = caller.getId(); + } + } + + if (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) { + DomainVO domain = _domainDao.findById(caller.getDomainId()); + if (domain != null) { + path = domain.getPath(); + } } - } - - if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) { - accountId = caller.getAccountId(); - } else if (caller.getType() == Account.ACCOUNT_TYPE_ADMIN && owner != null) { - accountId = owner.getId(); - } else if (owner != null && caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN){ - _accountMgr.checkAccess(caller, owner); + } else { + domainId = caller.getDomainId(); + accountId = caller.getId(); } Filter searchFilter = new Filter(LoadBalancerVO.class, "id", true, cmd.getStartIndex(), cmd.getPageSizeVal()); @@ -1306,6 +1309,13 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager, lbVMSearch.and("instanceId", lbVMSearch.entity().getInstanceId(), SearchCriteria.Op.EQ); sb.join("lbVMSearch", lbVMSearch, sb.entity().getId(), lbVMSearch.entity().getLoadBalancerId(), JoinBuilder.JoinType.INNER); } + + if (path != null) { + //for domain admin we should show only subdomains information + SearchBuilder domainSearch = _domainDao.createSearchBuilder(); + domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE); + sb.join("domainSearch", domainSearch, sb.entity().getDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER); + } SearchCriteria sc = sb.create(); if (keyword != null) { @@ -1337,6 +1347,10 @@ public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager, } else if (domainId != null) { sc.setParameters("domainId", domainId); } + + if (path != null) { + sc.setJoinParameters("domainSearch", "path", path + "%"); + } return _lbDao.search(sc, searchFilter); }