mirror of https://github.com/apache/cloudstack.git
Fixed numerous bugs in listNetworks call related to filtering by projectId/listAll/domainId/etc. All the rules below are followed now:
1) When account/domainId or projectId are passed in: * list all account specific networks of the account/project * list all domain level networks from the domainId + subdomains if the targeted network has allowSubdomainAccess = true In other words, we use all the networks that can be used for vm deployment by account/domainId. If listAll is not specified in the request, account/domainId are being defaulted to the account/domainId of the caller listAll is ignored if the call is being done by the regular user. 2) listAll is passed in by the Root admin, we list: * all Account specific networks in the system * all domain specific networks in the system 3) listAll is passed by the Domain admin, we list: * All Account specific networks belonging to domain/subdomains of the domain admin. * All domain specific networks belonging to domain/subdomains of the domain admin * All domain specific networks allowing subdomain access belonging to the parent domain. 4) domainId - can be passed either with or without listAll. We list: * all account specific networks belonging to the domain * all domain specific networks of the domain * all domain specific networks of the subdomains if isRecursive = true is passed in
This commit is contained in:
Alena Prokharchyk
parent
c55489224b
commit
9630cf574f
|
|
@ -3028,15 +3028,11 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
|||
}
|
||||
}
|
||||
|
||||
if (!_accountMgr.isAdmin(caller.getType()) || !listAll) {
|
||||
if (!_accountMgr.isAdmin(caller.getType()) || (!listAll && (projectId != null && projectId != -1 && domainId == null))) {
|
||||
permittedAccounts.add(caller.getId());
|
||||
domainId = caller.getDomainId();
|
||||
}
|
||||
|
||||
if (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) {
|
||||
domainId = caller.getDomainId();
|
||||
}
|
||||
|
||||
// set project information
|
||||
boolean skipProjectNetworks = true;
|
||||
if (projectId != null) {
|
||||
|
|
@ -3059,8 +3055,13 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
|||
skipProjectNetworks = false;
|
||||
}
|
||||
|
||||
path = _domainDao.findById(caller.getDomainId()).getPath();
|
||||
if (listAll) {
|
||||
if (domainId != null) {
|
||||
path = _domainDao.findById(domainId).getPath();
|
||||
} else {
|
||||
path = _domainDao.findById(caller.getDomainId()).getPath();
|
||||
}
|
||||
|
||||
if (listAll && domainId == null) {
|
||||
isRecursive = true;
|
||||
}
|
||||
|
||||
|
|
@ -3106,38 +3107,51 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
|||
sb.join("domainSearch", domainSearch, sb.entity().getDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER);
|
||||
}
|
||||
|
||||
if (skipProjectNetworks) {
|
||||
SearchBuilder<AccountVO> accountSearch = _accountDao.createSearchBuilder();
|
||||
accountSearch.and("type", accountSearch.entity().getType(), SearchCriteria.Op.NEQ);
|
||||
sb.join("accountSearch", accountSearch, sb.entity().getAccountId(), accountSearch.entity().getId(), JoinBuilder.JoinType.INNER);
|
||||
}
|
||||
|
||||
SearchBuilder<AccountVO> accountSearch = _accountDao.createSearchBuilder();
|
||||
accountSearch.and("typeNEQ", accountSearch.entity().getType(), SearchCriteria.Op.NEQ);
|
||||
accountSearch.and("typeEQ", accountSearch.entity().getType(), SearchCriteria.Op.EQ);
|
||||
|
||||
|
||||
sb.join("accountSearch", accountSearch, sb.entity().getAccountId(), accountSearch.entity().getId(), JoinBuilder.JoinType.INNER);
|
||||
|
||||
|
||||
List<NetworkVO> networksToReturn = new ArrayList<NetworkVO>();
|
||||
|
||||
if (isSystem == null || !isSystem) {
|
||||
// Get domain level networks
|
||||
if (domainId != null) {
|
||||
networksToReturn
|
||||
.addAll(listDomainLevelNetworks(
|
||||
buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType,
|
||||
physicalNetworkId, aclType, skipProjectNetworks, restartRequired, specifyIpRanges, vpcId, tags), searchFilter,
|
||||
domainId));
|
||||
}
|
||||
|
||||
if (isSystem == null || !isSystem) {
|
||||
if (!permittedAccounts.isEmpty()) {
|
||||
//get account level networks
|
||||
networksToReturn.addAll(listAccountSpecificNetworks(
|
||||
buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType,
|
||||
physicalNetworkId, aclType, skipProjectNetworks, restartRequired, specifyIpRanges, vpcId, tags), searchFilter,
|
||||
permittedAccounts));
|
||||
} else if (domainId == null) {
|
||||
//get domain level networks
|
||||
if (domainId != null) {
|
||||
networksToReturn
|
||||
.addAll(listDomainLevelNetworks(
|
||||
buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType,
|
||||
physicalNetworkId, aclType, true, restartRequired, specifyIpRanges, vpcId, tags), searchFilter,
|
||||
domainId, false));
|
||||
}
|
||||
} else {
|
||||
//add account specific networks
|
||||
networksToReturn.addAll(listAccountSpecificNetworksByDomainPath(
|
||||
buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType,
|
||||
physicalNetworkId, aclType, skipProjectNetworks, restartRequired, specifyIpRanges, vpcId, tags), searchFilter, path,
|
||||
isRecursive));
|
||||
//add domain specific networks of domain + parent domains
|
||||
networksToReturn.addAll(listDomainSpecificNetworksByDomainPath(
|
||||
buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType,
|
||||
physicalNetworkId, aclType, skipProjectNetworks, restartRequired, specifyIpRanges, vpcId, tags), searchFilter, path,
|
||||
physicalNetworkId, aclType, true, restartRequired, specifyIpRanges, vpcId, tags), searchFilter, path,
|
||||
isRecursive));
|
||||
//add networks of subdomains
|
||||
if (domainId == null) {
|
||||
networksToReturn
|
||||
.addAll(listDomainLevelNetworks(
|
||||
buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType,
|
||||
physicalNetworkId, aclType, true, restartRequired, specifyIpRanges, vpcId, tags), searchFilter,
|
||||
caller.getDomainId(), true));
|
||||
}
|
||||
}
|
||||
} else {
|
||||
networksToReturn = _networksDao.search(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId,
|
||||
|
|
@ -3237,9 +3251,11 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
|||
}
|
||||
|
||||
if (skipProjectNetworks) {
|
||||
sc.setJoinParameters("accountSearch", "type", Account.ACCOUNT_TYPE_PROJECT);
|
||||
sc.setJoinParameters("accountSearch", "typeNEQ", Account.ACCOUNT_TYPE_PROJECT);
|
||||
} else {
|
||||
sc.setJoinParameters("accountSearch", "typeEQ", Account.ACCOUNT_TYPE_PROJECT);
|
||||
}
|
||||
|
||||
|
||||
if (restartRequired != null) {
|
||||
sc.addAnd("restartRequired", SearchCriteria.Op.EQ, restartRequired);
|
||||
}
|
||||
|
|
@ -3265,12 +3281,15 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
|||
return sc;
|
||||
}
|
||||
|
||||
private List<NetworkVO> listDomainLevelNetworks(SearchCriteria<NetworkVO> sc, Filter searchFilter, long domainId) {
|
||||
private List<NetworkVO> listDomainLevelNetworks(SearchCriteria<NetworkVO> sc, Filter searchFilter, long domainId, boolean parentDomainsOnly) {
|
||||
List<Long> networkIds = new ArrayList<Long>();
|
||||
Set<Long> allowedDomains = _domainMgr.getDomainParentIds(domainId);
|
||||
List<NetworkDomainVO> maps = _networkDomainDao.listDomainNetworkMapByDomain(allowedDomains.toArray());
|
||||
|
||||
for (NetworkDomainVO map : maps) {
|
||||
if (map.getDomainId() == domainId && parentDomainsOnly) {
|
||||
continue;
|
||||
}
|
||||
boolean subdomainAccess = (map.isSubdomainAccess() != null) ? map.isSubdomainAccess() : getAllowSubdomainAccessGlobal();
|
||||
if (map.getDomainId() == domainId || subdomainAccess) {
|
||||
networkIds.add(map.getNetworkId());
|
||||
|
|
@ -3317,20 +3336,37 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
|
|||
return _networksDao.search(sc, searchFilter);
|
||||
}
|
||||
|
||||
private List<NetworkVO> listDomainSpecificNetworksByDomainPath(SearchCriteria<NetworkVO> sc, Filter searchFilter, String path, boolean isRecursive) {
|
||||
SearchCriteria<NetworkVO> accountSC = _networksDao.createSearchCriteria();
|
||||
accountSC.addAnd("aclType", SearchCriteria.Op.EQ, ACLType.Domain.toString());
|
||||
private List<NetworkVO> listDomainSpecificNetworksByDomainPath(SearchCriteria<NetworkVO> sc, Filter searchFilter,
|
||||
String path, boolean isRecursive) {
|
||||
|
||||
if (path != null) {
|
||||
Set<Long> allowedDomains = new HashSet<Long>();
|
||||
if (path != null) {
|
||||
if (isRecursive) {
|
||||
sc.setJoinParameters("domainSearch", "path", path + "%");
|
||||
allowedDomains = _domainMgr.getDomainChildrenIds(path);
|
||||
} else {
|
||||
sc.setJoinParameters("domainSearch", "path", path);
|
||||
Domain domain = _domainDao.findDomainByPath(path);
|
||||
allowedDomains.add(domain.getId());
|
||||
}
|
||||
}
|
||||
|
||||
List<Long> networkIds = new ArrayList<Long>();
|
||||
|
||||
List<NetworkDomainVO> maps = _networkDomainDao.listDomainNetworkMapByDomain(allowedDomains.toArray());
|
||||
|
||||
sc.addAnd("id", SearchCriteria.Op.SC, accountSC);
|
||||
return _networksDao.search(sc, searchFilter);
|
||||
for (NetworkDomainVO map : maps) {
|
||||
networkIds.add(map.getNetworkId());
|
||||
}
|
||||
|
||||
if (!networkIds.isEmpty()) {
|
||||
SearchCriteria<NetworkVO> domainSC = _networksDao.createSearchCriteria();
|
||||
domainSC.addAnd("id", SearchCriteria.Op.IN, networkIds.toArray());
|
||||
domainSC.addAnd("aclType", SearchCriteria.Op.EQ, ACLType.Domain.toString());
|
||||
|
||||
sc.addAnd("id", SearchCriteria.Op.SC, domainSC);
|
||||
return _networksDao.search(sc, searchFilter);
|
||||
} else {
|
||||
return new ArrayList<NetworkVO>();
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
Loading…
Reference in New Issue