diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index f2bdbe5b88e..2fa6a47156a 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -3028,15 +3028,11 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag } } - if (!_accountMgr.isAdmin(caller.getType()) || !listAll) { + if (!_accountMgr.isAdmin(caller.getType()) || (!listAll && (projectId != null && projectId != -1 && domainId == null))) { permittedAccounts.add(caller.getId()); domainId = caller.getDomainId(); } - if (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) { - domainId = caller.getDomainId(); - } - // set project information boolean skipProjectNetworks = true; if (projectId != null) { @@ -3059,8 +3055,13 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag skipProjectNetworks = false; } - path = _domainDao.findById(caller.getDomainId()).getPath(); - if (listAll) { + if (domainId != null) { + path = _domainDao.findById(domainId).getPath(); + } else { + path = _domainDao.findById(caller.getDomainId()).getPath(); + } + + if (listAll && domainId == null) { isRecursive = true; } @@ -3106,38 +3107,51 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag sb.join("domainSearch", domainSearch, sb.entity().getDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER); } - if (skipProjectNetworks) { - SearchBuilder accountSearch = _accountDao.createSearchBuilder(); - accountSearch.and("type", accountSearch.entity().getType(), SearchCriteria.Op.NEQ); - sb.join("accountSearch", accountSearch, sb.entity().getAccountId(), accountSearch.entity().getId(), JoinBuilder.JoinType.INNER); - } + + SearchBuilder accountSearch = _accountDao.createSearchBuilder(); + accountSearch.and("typeNEQ", accountSearch.entity().getType(), SearchCriteria.Op.NEQ); + accountSearch.and("typeEQ", accountSearch.entity().getType(), SearchCriteria.Op.EQ); + + + sb.join("accountSearch", accountSearch, sb.entity().getAccountId(), accountSearch.entity().getId(), JoinBuilder.JoinType.INNER); + List networksToReturn = new ArrayList(); - if (isSystem == null || !isSystem) { - // Get domain level networks - if (domainId != null) { - networksToReturn - .addAll(listDomainLevelNetworks( - buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, - physicalNetworkId, aclType, skipProjectNetworks, restartRequired, specifyIpRanges, vpcId, tags), searchFilter, - domainId)); - } - + if (isSystem == null || !isSystem) { if (!permittedAccounts.isEmpty()) { + //get account level networks networksToReturn.addAll(listAccountSpecificNetworks( buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, aclType, skipProjectNetworks, restartRequired, specifyIpRanges, vpcId, tags), searchFilter, permittedAccounts)); - } else if (domainId == null) { + //get domain level networks + if (domainId != null) { + networksToReturn + .addAll(listDomainLevelNetworks( + buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, + physicalNetworkId, aclType, true, restartRequired, specifyIpRanges, vpcId, tags), searchFilter, + domainId, false)); + } + } else { + //add account specific networks networksToReturn.addAll(listAccountSpecificNetworksByDomainPath( buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, physicalNetworkId, aclType, skipProjectNetworks, restartRequired, specifyIpRanges, vpcId, tags), searchFilter, path, isRecursive)); + //add domain specific networks of domain + parent domains networksToReturn.addAll(listDomainSpecificNetworksByDomainPath( buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, - physicalNetworkId, aclType, skipProjectNetworks, restartRequired, specifyIpRanges, vpcId, tags), searchFilter, path, + physicalNetworkId, aclType, true, restartRequired, specifyIpRanges, vpcId, tags), searchFilter, path, isRecursive)); + //add networks of subdomains + if (domainId == null) { + networksToReturn + .addAll(listDomainLevelNetworks( + buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, guestIpType, trafficType, + physicalNetworkId, aclType, true, restartRequired, specifyIpRanges, vpcId, tags), searchFilter, + caller.getDomainId(), true)); + } } } else { networksToReturn = _networksDao.search(buildNetworkSearchCriteria(sb, keyword, id, isSystem, zoneId, @@ -3237,9 +3251,11 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag } if (skipProjectNetworks) { - sc.setJoinParameters("accountSearch", "type", Account.ACCOUNT_TYPE_PROJECT); + sc.setJoinParameters("accountSearch", "typeNEQ", Account.ACCOUNT_TYPE_PROJECT); + } else { + sc.setJoinParameters("accountSearch", "typeEQ", Account.ACCOUNT_TYPE_PROJECT); } - + if (restartRequired != null) { sc.addAnd("restartRequired", SearchCriteria.Op.EQ, restartRequired); } @@ -3265,12 +3281,15 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag return sc; } - private List listDomainLevelNetworks(SearchCriteria sc, Filter searchFilter, long domainId) { + private List listDomainLevelNetworks(SearchCriteria sc, Filter searchFilter, long domainId, boolean parentDomainsOnly) { List networkIds = new ArrayList(); Set allowedDomains = _domainMgr.getDomainParentIds(domainId); List maps = _networkDomainDao.listDomainNetworkMapByDomain(allowedDomains.toArray()); for (NetworkDomainVO map : maps) { + if (map.getDomainId() == domainId && parentDomainsOnly) { + continue; + } boolean subdomainAccess = (map.isSubdomainAccess() != null) ? map.isSubdomainAccess() : getAllowSubdomainAccessGlobal(); if (map.getDomainId() == domainId || subdomainAccess) { networkIds.add(map.getNetworkId()); @@ -3317,20 +3336,37 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag return _networksDao.search(sc, searchFilter); } - private List listDomainSpecificNetworksByDomainPath(SearchCriteria sc, Filter searchFilter, String path, boolean isRecursive) { - SearchCriteria accountSC = _networksDao.createSearchCriteria(); - accountSC.addAnd("aclType", SearchCriteria.Op.EQ, ACLType.Domain.toString()); + private List listDomainSpecificNetworksByDomainPath(SearchCriteria sc, Filter searchFilter, + String path, boolean isRecursive) { - if (path != null) { + Set allowedDomains = new HashSet(); + if (path != null) { if (isRecursive) { - sc.setJoinParameters("domainSearch", "path", path + "%"); + allowedDomains = _domainMgr.getDomainChildrenIds(path); } else { - sc.setJoinParameters("domainSearch", "path", path); + Domain domain = _domainDao.findDomainByPath(path); + allowedDomains.add(domain.getId()); } } + + List networkIds = new ArrayList(); + + List maps = _networkDomainDao.listDomainNetworkMapByDomain(allowedDomains.toArray()); - sc.addAnd("id", SearchCriteria.Op.SC, accountSC); - return _networksDao.search(sc, searchFilter); + for (NetworkDomainVO map : maps) { + networkIds.add(map.getNetworkId()); + } + + if (!networkIds.isEmpty()) { + SearchCriteria domainSC = _networksDao.createSearchCriteria(); + domainSC.addAnd("id", SearchCriteria.Op.IN, networkIds.toArray()); + domainSC.addAnd("aclType", SearchCriteria.Op.EQ, ACLType.Domain.toString()); + + sc.addAnd("id", SearchCriteria.Op.SC, domainSC); + return _networksDao.search(sc, searchFilter); + } else { + return new ArrayList(); + } } @Override