From 841dcb0e8e76793b07cf7ae48371ed81555275b4 Mon Sep 17 00:00:00 2001 From: Min Chen Date: Mon, 16 Dec 2013 10:08:28 -0800 Subject: [PATCH] Handle special scopeId = -1 case for current domain or current account in AclPolicyPermission table. --- .../apache/cloudstack/acl/AclPolicyPermissionVO.java | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/engine/schema/src/org/apache/cloudstack/acl/AclPolicyPermissionVO.java b/engine/schema/src/org/apache/cloudstack/acl/AclPolicyPermissionVO.java index 0d93b4f7b36..0eb48ad8796 100644 --- a/engine/schema/src/org/apache/cloudstack/acl/AclPolicyPermissionVO.java +++ b/engine/schema/src/org/apache/cloudstack/acl/AclPolicyPermissionVO.java @@ -28,7 +28,9 @@ import javax.persistence.Id; import javax.persistence.Table; import org.apache.cloudstack.acl.SecurityChecker.AccessType; +import org.apache.cloudstack.context.CallContext; +import com.cloud.user.Account; import com.cloud.utils.db.GenericDao; @Entity @@ -137,6 +139,15 @@ public class AclPolicyPermissionVO implements AclPolicyPermission { @Override public Long getScopeId() { + // handle special -1 scopeId, current caller domain, account + if ( scopeId < 0 ){ + Account caller = CallContext.current().getCallingAccount(); + if ( scope == PermissionScope.DOMAIN){ + return caller.getDomainId(); + } else if (scope == PermissionScope.ACCOUNT) { + return caller.getAccountId(); + } + } return scopeId; }