server: allow admins to blacklist vm details that users should not see (#3213)

This introduces a new global setting `user.vm.blacklisted.details` that allows admins to blacklist VM details that non-admin users should not see via the VM's settings tab. Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2019-05-10 23:39:13 +05:30 · 2019-05-10 23:39:13 +05:30 · 67160478a6
parent bfad334117
commit 67160478a6
3 changed files with 15 additions and 2 deletions
--- a/api/src/main/java/org/apache/cloudstack/query/QueryService.java
+++ b/api/src/main/java/org/apache/cloudstack/query/QueryService.java
@ -88,6 +88,10 @@ public interface QueryService {
    static final ConfigKey<Boolean> AllowUserViewDestroyedVM = new ConfigKey<Boolean>("Advanced", Boolean.class, "allow.user.view.destroyed.vm", "false",
            "Determines whether users can view their destroyed or expunging vm ", true, ConfigKey.Scope.Account);

+    static final ConfigKey<String> UserVMBlacklistedDetails = new ConfigKey<String>("Advanced", String.class,
+            "user.vm.blacklisted.details", "rootdisksize, cpuOvercommitRatio, memoryOvercommitRatio, Message.ReservedCapacityFreed.Flag",
+            "Determines whether users can view certain VM settings", true);
+
    ListResponse<UserResponse> searchForUsers(ListUsersCmd cmd) throws PermissionDeniedException;

    ListResponse<EventResponse> searchForEvents(ListEventsCmd cmd);
--- a/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java
+++ b/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java
@ -3714,6 +3714,6 @@ public class QueryManagerImpl extends MutualExclusiveIdsManagerBase implements Q

    @Override
    public ConfigKey<?>[] getConfigKeys() {
-        return new ConfigKey<?>[] {AllowUserViewDestroyedVM};
+        return new ConfigKey<?>[] {AllowUserViewDestroyedVM, UserVMBlacklistedDetails};
    }
 }
--- a/server/src/main/java/com/cloud/api/query/dao/UserVmJoinDaoImpl.java
+++ b/server/src/main/java/com/cloud/api/query/dao/UserVmJoinDaoImpl.java
@ -42,6 +42,7 @@ import org.springframework.stereotype.Component;

 import com.cloud.api.ApiDBUtils;
 import com.cloud.api.ApiResponseHelper;
+import com.cloud.api.query.QueryManagerImpl;
 import com.cloud.api.query.vo.UserVmJoinVO;
 import com.cloud.gpu.GPU;
 import com.cloud.service.ServiceOfferingDetailsVO;
@ -305,12 +306,20 @@ public class UserVmJoinDaoImpl extends GenericDaoBaseWithTagInformation<UserVmJo

        // set resource details map
        // Allow passing details to end user
-        List<UserVmDetailVO> vmDetails = _userVmDetailsDao.listDetails(userVm.getId());
+        // Honour the display field and only return if display is set to true
+        List<UserVmDetailVO> vmDetails = _userVmDetailsDao.listDetails(userVm.getId(), true);
        if (vmDetails != null) {
            Map<String, String> resourceDetails = new HashMap<String, String>();
            for (UserVmDetailVO userVmDetailVO : vmDetails) {
                resourceDetails.put(userVmDetailVO.getName(), userVmDetailVO.getValue());
            }
+            // Remove blacklisted settings if user is not admin
+            if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
+                String[] userVmSettingsToHide = QueryManagerImpl.UserVMBlacklistedDetails.value().split(",");
+                for (String key : userVmSettingsToHide) {
+                    resourceDetails.remove(key.trim());
+                }
+            }
            userVmResponse.setDetails(resourceDetails);
        }