From a12c358842839dba805f7a3cad16067d43912240 Mon Sep 17 00:00:00 2001 From: Alena Prokharchyk Date: Mon, 19 Dec 2011 12:02:02 -0800 Subject: [PATCH] bug 12624: don't allow to delete the account when he is the owner for project(s) status 12624: resolved fixed --- api/src/com/cloud/acl/SecurityChecker.java | 1 - .../cloud/projects/dao/ProjectAccountDao.java | 2 + .../projects/dao/ProjectAccountDaoImpl.java | 39 ++++++++++++------- .../com/cloud/user/AccountManagerImpl.java | 14 +++++++ 4 files changed, 41 insertions(+), 15 deletions(-) diff --git a/api/src/com/cloud/acl/SecurityChecker.java b/api/src/com/cloud/acl/SecurityChecker.java index e0438610a3e..3d5c7c9d3a3 100644 --- a/api/src/com/cloud/acl/SecurityChecker.java +++ b/api/src/com/cloud/acl/SecurityChecker.java @@ -21,7 +21,6 @@ */ package com.cloud.acl; -import com.cloud.acl.SecurityChecker.AccessType; import com.cloud.dc.DataCenter; import com.cloud.domain.Domain; import com.cloud.exception.PermissionDeniedException; diff --git a/server/src/com/cloud/projects/dao/ProjectAccountDao.java b/server/src/com/cloud/projects/dao/ProjectAccountDao.java index 97606174c06..658ec8fbf9f 100644 --- a/server/src/com/cloud/projects/dao/ProjectAccountDao.java +++ b/server/src/com/cloud/projects/dao/ProjectAccountDao.java @@ -32,4 +32,6 @@ public interface ProjectAccountDao extends GenericDao{ boolean canModifyProjectAccount(long accountId, long projectAccountId); List listPermittedAccountIds(long accountId); + + List listAdministratedProjects(long adminAccountId); } diff --git a/server/src/com/cloud/projects/dao/ProjectAccountDaoImpl.java b/server/src/com/cloud/projects/dao/ProjectAccountDaoImpl.java index 8555aca9ab4..802f3fe9a61 100644 --- a/server/src/com/cloud/projects/dao/ProjectAccountDaoImpl.java +++ b/server/src/com/cloud/projects/dao/ProjectAccountDaoImpl.java @@ -17,23 +17,23 @@ */ package com.cloud.projects.dao; -import java.util.ArrayList; import java.util.List; import javax.ejb.Local; -import org.apache.log4j.Logger; - import com.cloud.projects.ProjectAccount; import com.cloud.projects.ProjectAccountVO; import com.cloud.utils.db.GenericDaoBase; +import com.cloud.utils.db.GenericSearchBuilder; import com.cloud.utils.db.SearchBuilder; import com.cloud.utils.db.SearchCriteria; +import com.cloud.utils.db.SearchCriteria.Op; @Local(value={ProjectAccountDao.class}) public class ProjectAccountDaoImpl extends GenericDaoBase implements ProjectAccountDao { - private static final Logger s_logger = Logger.getLogger(ProjectAccountDaoImpl.class); protected final SearchBuilder AllFieldsSearch; + final GenericSearchBuilder AdminSearch; + final GenericSearchBuilder ProjectAccountSearch; protected ProjectAccountDaoImpl() { AllFieldsSearch = createSearchBuilder(); @@ -42,6 +42,17 @@ public class ProjectAccountDaoImpl extends GenericDaoBase listPermittedAccountIds(long accountId) { - List permittedAccounts = new ArrayList(); - SearchCriteria sc = AllFieldsSearch.create(); + SearchCriteria sc = ProjectAccountSearch.create(); sc.setParameters("accountId", accountId); - - List records = listBy(sc); - - for (ProjectAccountVO record : records) { - permittedAccounts.add(record.getProjectAccountId()); - } - - return permittedAccounts; + return customSearch(sc, null); + } + + @Override + public List listAdministratedProjects(long adminAccountId) { + SearchCriteria sc = AdminSearch.create(); + sc.setParameters("role", ProjectAccount.Role.Admin); + sc.setParameters("accountId", adminAccountId); + return customSearch(sc, null); } } diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java index 295b96eff19..a834f932a74 100755 --- a/server/src/com/cloud/user/AccountManagerImpl.java +++ b/server/src/com/cloud/user/AccountManagerImpl.java @@ -83,6 +83,7 @@ import com.cloud.network.security.dao.SecurityGroupDao; import com.cloud.network.vpn.RemoteAccessVpnService; import com.cloud.projects.Project; import com.cloud.projects.ProjectManager; +import com.cloud.projects.dao.ProjectAccountDao; import com.cloud.projects.dao.ProjectDao; import com.cloud.server.auth.UserAuthenticator; import com.cloud.storage.StorageManager; @@ -194,6 +195,8 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag private AccountDetailsDao _accountDetailsDao; @Inject private DomainDao _domainDao; + @Inject + private ProjectAccountDao _projectAccountDao; private Adapters _userAuthenticators; @@ -962,6 +965,17 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag throw new PermissionDeniedException("Account id : " + accountId + " is a system account, delete is not allowed"); } + //Account that manages project(s) can't be removed + List managedProjectIds = _projectAccountDao.listAdministratedProjects(accountId); + if (!managedProjectIds.isEmpty()) { + StringBuilder projectIds = new StringBuilder(); + for (Long projectId : managedProjectIds) { + projectIds.append(projectId + ", "); + } + + throw new InvalidParameterValueException("The account id=" + accountId + " manages project(s) with ids " + projectIds + "and can't be removed"); + } + return deleteAccount(account, callerUserId, caller); }