From a4773b70802e8dccdaca84ff570ed3133b77b0d4 Mon Sep 17 00:00:00 2001 From: Alena Prokharchyk Date: Fri, 2 Dec 2011 15:16:24 -0800 Subject: [PATCH] bug 12291: listVms - show non-project resources only if no projectId specified status 12291: resolved fixed --- api/src/com/cloud/event/Event.java | 2 + core/src/com/cloud/event/EventVO.java | 23 ++-- server/src/com/cloud/api/ApiDBUtils.java | 2 +- .../cloud/server/ManagementServerImpl.java | 106 +++++++++--------- .../com/cloud/user/AccountManagerImpl.java | 34 +++--- server/src/com/cloud/user/dao/AccountDao.java | 25 +++-- .../com/cloud/user/dao/AccountDaoImpl.java | 91 +++++++++------ server/src/com/cloud/vm/UserVmManager.java | 3 +- .../src/com/cloud/vm/UserVmManagerImpl.java | 43 ++++--- .../com/cloud/vm/MockUserVmManagerImpl.java | 4 +- 10 files changed, 195 insertions(+), 138 deletions(-) diff --git a/api/src/com/cloud/event/Event.java b/api/src/com/cloud/event/Event.java index 9f1207e8236..dfa81ce8daa 100644 --- a/api/src/com/cloud/event/Event.java +++ b/api/src/com/cloud/event/Event.java @@ -1,4 +1,5 @@ /** + * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. * * This software is licensed under the GNU General Public License v3 or later. @@ -44,4 +45,5 @@ public interface Event extends ControlledEntity{ String getLevel(); long getStartId(); String getParameters(); + String getAccountType(); } diff --git a/core/src/com/cloud/event/EventVO.java b/core/src/com/cloud/event/EventVO.java index 76eec027e2b..c6dfbd53701 100644 --- a/core/src/com/cloud/event/EventVO.java +++ b/core/src/com/cloud/event/EventVO.java @@ -69,7 +69,10 @@ public class EventVO implements Event, Identity { private long domainId; @Column(name="account_name", table="account", insertable=false, updatable=false) - private String accountName; + private String accountName; + + @Column(name="type", table="account", insertable=false, updatable=false) + private String accountType; @Column(name="removed", table="account", insertable=false, updatable=false) private Date removed; @@ -148,16 +151,12 @@ public class EventVO implements Event, Identity { public long getDomainId() { return domainId; } - public void setDomainId(long domainId) { - this.domainId = domainId; - } + @Override public String getAccountName() { return accountName; - } - public void setAccountName(String accountName) { - this.accountName = accountName; - } + } + @Override public int getTotalSize() { return totalSize; @@ -196,5 +195,11 @@ public class EventVO implements Event, Identity { public void setUuid(String uuid) { this.uuid = uuid; - } + } + + @Override + public String getAccountType() { + return accountType; + } + } diff --git a/server/src/com/cloud/api/ApiDBUtils.java b/server/src/com/cloud/api/ApiDBUtils.java index d28e9c30e1d..79e7edad87a 100755 --- a/server/src/com/cloud/api/ApiDBUtils.java +++ b/server/src/com/cloud/api/ApiDBUtils.java @@ -288,7 +288,7 @@ public class ApiDBUtils { } public static List searchForUserVMs(Criteria c) { - return _userVmMgr.searchForUserVMs(c); + return _userVmMgr.searchForUserVMs(c, true); } public static List searchForStoragePools(Criteria c) { diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java index c9971e3bde5..84362c3a2c6 100755 --- a/server/src/com/cloud/server/ManagementServerImpl.java +++ b/server/src/com/cloud/server/ManagementServerImpl.java @@ -1427,51 +1427,56 @@ public class ManagementServerImpl implements ManagementServer { String accountName = cmd.getAccountName(); Long domainId = cmd.getDomainId(); Long projectId = cmd.getProjectId(); - - if ((caller == null) || isAdmin(caller.getType())) { + + if (_accountMgr.isAdmin(caller.getType())) { isAdmin = true; // validate domainId before proceeding if (domainId != null) { - if ((caller != null) && !_domainDao.isChildDomain(caller.getDomainId(), domainId)) { - throw new PermissionDeniedException("Invalid domain id (" + domainId + ") given, unable to list events."); - } - + Domain domain = _domainDao.findById(domainId); + if (domain == null) { + throw new InvalidParameterValueException("Unable to find domain by id " + domainId); + } + _accountMgr.checkAccess(caller, _domainDao.findById(domainId)); + if (accountName != null) { - Account userAccount = _accountDao.findAccount(accountName, domainId); - if (userAccount != null) { - permittedAccounts.add(userAccount.getId()); - } else { - throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId); - } - } - } else { - domainId = ((caller == null) ? DomainVO.ROOT_DOMAIN : caller.getDomainId()); - if (accountName != null) { - Account userAccount = _accountDao.findAccount(accountName, domainId); - if (userAccount != null) { - permittedAccounts.add(userAccount.getId()); - } else { - throw new InvalidParameterValueException("DomainId is not specified. Unable to find account " + accountName + " in default root domain " + domainId); + Account userAccount = _accountDao.findNonProjectAccountIncludingRemoved(accountName, domainId); + if (userAccount == null) { + throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId); } + + permittedAccounts.add(userAccount.getId()); } + } else { + domainId = caller.getDomainId(); + if (accountName != null) { + Account userAccount = _accountDao.findNonProjectAccountIncludingRemoved(accountName, domainId); + if (userAccount == null) { + throw new InvalidParameterValueException("Can't find account " + accountName + " in domain id=" + domainId); + } + permittedAccounts.add(userAccount.getId()); + } } } else { permittedAccounts.add(caller.getId()); } //set project information + boolean skipProjectEvents = true; if (projectId != null) { - permittedAccounts.clear(); - Project project = _projectMgr.getProject(projectId); - if (project == null) { - throw new InvalidParameterValueException("Unable to find project by id " + projectId); - } - if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { - throw new InvalidParameterValueException("Account " + caller + " can't access project id=" + projectId); - } - permittedAccounts.add(project.getProjectAccountId()); - } else if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL){ - permittedAccounts.addAll(_projectMgr.listPermittedProjectAccounts(caller.getId())); + if (projectId == -1) { + permittedAccounts.addAll(_projectMgr.listPermittedProjectAccounts(caller.getId())); + } else { + permittedAccounts.clear(); + Project project = _projectMgr.getProject(projectId); + if (project == null) { + throw new InvalidParameterValueException("Unable to find project by id " + projectId); + } + if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { + throw new InvalidParameterValueException("Account " + caller + " can't access project id=" + projectId); + } + permittedAccounts.add(project.getProjectAccountId()); + } + skipProjectEvents = false; } Filter searchFilter = new Filter(EventVO.class, "createDate", false, cmd.getStartIndex(), cmd.getPageSizeVal()); @@ -1503,24 +1508,35 @@ public class ManagementServerImpl implements ManagementServer { sb.and("createDateB", sb.entity().getCreateDate(), SearchCriteria.Op.BETWEEN); sb.and("createDateG", sb.entity().getCreateDate(), SearchCriteria.Op.GTEQ); sb.and("createDateL", sb.entity().getCreateDate(), SearchCriteria.Op.LTEQ); + sb.and("accountType", sb.entity().getAccountType(), SearchCriteria.Op.NEQ); - if ((permittedAccounts.isEmpty()) && (accountName == null) && (domainId != null) && isAdmin) { - // if accountId isn't specified, we can do a domain match for the admin case - SearchBuilder domainSearch = _domainDao.createSearchBuilder(); - domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE); - sb.join("domainSearch", domainSearch, sb.entity().getDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER); + if (isAdmin && permittedAccounts.isEmpty() && domainId != null) { + // if accountId isn't specified, we can do a domain match for the admin case + SearchBuilder domainSearch = _domainDao.createSearchBuilder(); + domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE); + sb.join("domainSearch", domainSearch, sb.entity().getDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER); } - + SearchCriteria sc = sb.create(); + if (!permittedAccounts.isEmpty()) { + sc.setParameters("accountId", permittedAccounts.toArray()); + } else if (domainId != null) { + sc.setJoinParameters("domainSearch", "path", _domainDao.findById(domainId).getPath() + "%"); + } + + if (skipProjectEvents) { + sc.setParameters("accountType", Account.ACCOUNT_TYPE_PROJECT); + } + if (id != null) { sc.setParameters("id", id); } + if (keyword != null) { SearchCriteria ssc = _eventDao.createSearchCriteria(); ssc.addOr("type", SearchCriteria.Op.LIKE, "%" + keyword + "%"); ssc.addOr("description", SearchCriteria.Op.LIKE, "%" + keyword + "%"); ssc.addOr("level", SearchCriteria.Op.LIKE, "%" + keyword + "%"); - sc.addAnd("level", SearchCriteria.Op.SC, ssc); } @@ -1528,18 +1544,6 @@ public class ManagementServerImpl implements ManagementServer { sc.setParameters("levelEQ", level); } - if (!permittedAccounts.isEmpty()) { - sc.setParameters("accountId", permittedAccounts.toArray()); - } else if (domainId != null) { - if (accountName != null) { - sc.setParameters("domainIdEQ", domainId); - sc.setParameters("accountName", "%" + accountName + "%"); - } else if (isAdmin) { - DomainVO domain = _domainDao.findById(domainId); - sc.setJoinParameters("domainSearch", "path", domain.getPath() + "%"); - } - } - if (type != null) { sc.setParameters("type", type); } diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java index 3ad88af792c..0abbf4be7c1 100755 --- a/server/src/com/cloud/user/AccountManagerImpl.java +++ b/server/src/com/cloud/user/AccountManagerImpl.java @@ -683,7 +683,7 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag checkAccess(UserContext.current().getCaller(), domain); - Account account = _accountDao.findNonDisabledAccount(accountName, domainId); + Account account = _accountDao.findEnabledAccount(accountName, domainId); if (account == null || account.getType() == Account.ACCOUNT_TYPE_PROJECT) { throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain id=" + domainId + " to create user"); } @@ -1066,7 +1066,7 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag if(accountId != null){ account = _accountDao.findById(accountId); }else{ - account = _accountDao.findAccount(accountName, domainId); + account = _accountDao.findEnabledAccount(accountName, domainId); } // Check if account exists @@ -1084,8 +1084,8 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag checkAccess(UserContext.current().getCaller(), _domainMgr.getDomain(account.getDomainId())); // check if the given account name is unique in this domain for updating - Account duplicateAcccount = _accountDao.findAccount(newAccountName, domainId); - if (duplicateAcccount != null && duplicateAcccount.getRemoved() == null && duplicateAcccount.getId() != account.getId()) {// allow + Account duplicateAcccount = _accountDao.findActiveAccount(newAccountName, domainId); + if (duplicateAcccount != null && duplicateAcccount.getId() != account.getId()) {// allow // same // account // to @@ -1385,18 +1385,20 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag //set project information if (projectId != null) { - permittedAccounts.clear(); - Project project = _projectMgr.getProject(projectId); - if (project == null) { - throw new InvalidParameterValueException("Unable to find project by id " + projectId); - } - if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { - throw new InvalidParameterValueException("Account " + caller + " can't access project id=" + projectId); - } - permittedAccounts.add(project.getProjectAccountId()); - } else if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL){ - permittedAccounts.addAll(_projectMgr.listPermittedProjectAccounts(caller.getId())); - } + if (projectId == -1) { + permittedAccounts.addAll(_projectMgr.listPermittedProjectAccounts(caller.getId())); + } else { + permittedAccounts.clear(); + Project project = _projectMgr.getProject(projectId); + if (project == null) { + throw new InvalidParameterValueException("Unable to find project by id " + projectId); + } + if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { + throw new InvalidParameterValueException("Account " + caller + " can't access project id=" + projectId); + } + permittedAccounts.add(project.getProjectAccountId()); + } + } return new Pair, Long>(permittedAccounts, domainId); } diff --git a/server/src/com/cloud/user/dao/AccountDao.java b/server/src/com/cloud/user/dao/AccountDao.java index 09ca01b94b4..786df448b63 100644 --- a/server/src/com/cloud/user/dao/AccountDao.java +++ b/server/src/com/cloud/user/dao/AccountDao.java @@ -18,9 +18,9 @@ package com.cloud.user.dao; -import java.util.Date; -import java.util.List; - +import java.util.Date; +import java.util.List; + import com.cloud.user.Account; import com.cloud.user.AccountVO; import com.cloud.user.User; @@ -31,17 +31,24 @@ import com.cloud.utils.db.GenericDao; public interface AccountDao extends GenericDao { Pair findUserAccountByApiKey(String apiKey); List findAccountsLike(String accountName); - Account findActiveAccount(String accountName, Long domainId); - Account findActiveAccountByName(String accountName); - Account findAccount(String accountName, Long domainId); List findActiveAccounts(Long maxAccountId, Filter filter); List findRecentlyDeletedAccounts(Long maxAccountId, Date earliestRemovedDate, Filter filter); List findNewAccounts(Long minAccountId, Filter filter); - List findCleanupsForRemovedAccounts(Long domainId); - List findAdminAccountsForDomain(Long domainId); + List findCleanupsForRemovedAccounts(Long domainId); List findActiveAccountsForDomain(Long domain); void markForCleanup(long accountId); List listAccounts(String accountName, Long domainId, Filter filter); List findCleanupsForDisabledAccounts(); - Account findNonDisabledAccount(String accountName, Long domainId); + + //return account only in enabled state + Account findEnabledAccount(String accountName, Long domainId); + Account findEnabledNonProjectAccount(String accountName, Long domainId); + + //returns account even when it's removed + Account findAccountIncludingRemoved(String accountName, Long domainId); + Account findNonProjectAccountIncludingRemoved(String accountName, Long domainId); + + //returns only non-removed account + Account findActiveAccount(String accountName, Long domainId); + Account findActiveNonProjectAccount(String accountName, Long domainId); } diff --git a/server/src/com/cloud/user/dao/AccountDaoImpl.java b/server/src/com/cloud/user/dao/AccountDaoImpl.java index 6f7c50ba63e..4eac38021fe 100755 --- a/server/src/com/cloud/user/dao/AccountDaoImpl.java +++ b/server/src/com/cloud/user/dao/AccountDaoImpl.java @@ -38,7 +38,6 @@ import com.cloud.utils.db.Filter; import com.cloud.utils.db.GenericDaoBase; import com.cloud.utils.db.SearchBuilder; import com.cloud.utils.db.SearchCriteria; -import com.cloud.utils.db.SearchCriteria.Op; import com.cloud.utils.db.Transaction; @Local(value={AccountDao.class}) @@ -49,16 +48,20 @@ public class AccountDaoImpl extends GenericDaoBase implements A "FROM `cloud`.`user` u, `cloud`.`account` a " + "WHERE u.account_id = a.id AND u.api_key = ? and u.removed IS NULL"; - protected final SearchBuilder AccountNameSearch; + protected final SearchBuilder AllFieldsSearch; protected final SearchBuilder AccountTypeSearch; protected final SearchBuilder DomainAccountsSearch; protected final SearchBuilder CleanupForRemovedAccountsSearch; - protected final SearchBuilder CleanupForDisabledAccountsSearch; + protected final SearchBuilder CleanupForDisabledAccountsSearch; + protected final SearchBuilder NonProjectAccountSearch; protected AccountDaoImpl() { - AccountNameSearch = createSearchBuilder(); - AccountNameSearch.and("accountName", AccountNameSearch.entity().getAccountName(), SearchCriteria.Op.EQ); - AccountNameSearch.done(); + AllFieldsSearch = createSearchBuilder(); + AllFieldsSearch.and("accountName", AllFieldsSearch.entity().getAccountName(), SearchCriteria.Op.EQ); + AllFieldsSearch.and("domainId", AllFieldsSearch.entity().getDomainId(), SearchCriteria.Op.EQ); + AllFieldsSearch.and("state", AllFieldsSearch.entity().getState(), SearchCriteria.Op.EQ); + AllFieldsSearch.and("type", AllFieldsSearch.entity().getType(), SearchCriteria.Op.EQ); + AllFieldsSearch.done(); AccountTypeSearch = createSearchBuilder(); AccountTypeSearch.and("domainId", AccountTypeSearch.entity().getDomainId(), SearchCriteria.Op.EQ); @@ -80,7 +83,14 @@ public class AccountDaoImpl extends GenericDaoBase implements A CleanupForDisabledAccountsSearch.and("cleanup", CleanupForDisabledAccountsSearch.entity().getNeedsCleanup(), SearchCriteria.Op.EQ); CleanupForDisabledAccountsSearch.and("removed", CleanupForDisabledAccountsSearch.entity().getRemoved(), SearchCriteria.Op.NULL); CleanupForDisabledAccountsSearch.and("state", CleanupForDisabledAccountsSearch.entity().getState(), SearchCriteria.Op.EQ); - CleanupForDisabledAccountsSearch.done(); + CleanupForDisabledAccountsSearch.done(); + + NonProjectAccountSearch = createSearchBuilder(); + NonProjectAccountSearch.and("accountName", NonProjectAccountSearch.entity().getAccountName(), SearchCriteria.Op.EQ); + NonProjectAccountSearch.and("domainId", NonProjectAccountSearch.entity().getDomainId(), SearchCriteria.Op.EQ); + NonProjectAccountSearch.and("state", NonProjectAccountSearch.entity().getState(), SearchCriteria.Op.EQ); + NonProjectAccountSearch.and("type", NonProjectAccountSearch.entity().getType(), SearchCriteria.Op.NEQ); + NonProjectAccountSearch.done(); } @Override @@ -144,38 +154,57 @@ public class AccountDaoImpl extends GenericDaoBase implements A } @Override - public Account findNonDisabledAccount(String accountName, Long domainId) { - SearchCriteria sc = AccountNameSearch.create("accountName", accountName); - sc.addAnd("domainId", SearchCriteria.Op.EQ, domainId); - sc.addAnd("state", SearchCriteria.Op.EQ, State.enabled); + public Account findEnabledAccount(String accountName, Long domainId) { + SearchCriteria sc = AllFieldsSearch.create("accountName", accountName); + sc.setParameters("domainId",domainId); + sc.setParameters("state", State.enabled); return findOneBy(sc); + } + + @Override + public Account findEnabledNonProjectAccount(String accountName, Long domainId) { + SearchCriteria sc = NonProjectAccountSearch.create("accountName", accountName); + sc.setParameters("domainId", domainId); + sc.setParameters("state", State.enabled); + sc.setParameters("type", Account.ACCOUNT_TYPE_PROJECT); + return findOneBy(sc); } @Override public Account findActiveAccount(String accountName, Long domainId) { - SearchCriteria sc = AccountNameSearch.create("accountName", accountName); - sc.addAnd("domainId", SearchCriteria.Op.EQ, domainId); + SearchCriteria sc = AllFieldsSearch.create("accountName", accountName); + sc.setParameters("domainId", domainId); + return findOneBy(sc); + } + + @Override + public Account findActiveNonProjectAccount(String accountName, Long domainId) { + SearchCriteria sc = NonProjectAccountSearch.create("accountName", accountName); + sc.setParameters("domainId", domainId); + sc.setParameters("type", Account.ACCOUNT_TYPE_PROJECT); return findOneBy(sc); } @Override - public Account findAccount(String accountName, Long domainId) { - SearchCriteria sc = AccountNameSearch.create("accountName", accountName); - sc.addAnd("domainId", SearchCriteria.Op.EQ, domainId); + public Account findAccountIncludingRemoved(String accountName, Long domainId) { + SearchCriteria sc = AllFieldsSearch.create("accountName", accountName); + sc.setParameters("domainId", domainId); return findOneIncludingRemovedBy(sc); } @Override - public List listAccounts(String accountName, Long domainId, Filter filter) { - SearchCriteria sc = AccountNameSearch.create("accountName", accountName); - sc.addAnd("domainId", SearchCriteria.Op.EQ, domainId); - return listIncludingRemovedBy(sc, filter); - } - + public Account findNonProjectAccountIncludingRemoved(String accountName, Long domainId) { + SearchCriteria sc = NonProjectAccountSearch.create("accountName", accountName); + sc.setParameters("domainId", domainId); + sc.setParameters("type", Account.ACCOUNT_TYPE_PROJECT); + return findOneIncludingRemovedBy(sc); + } + @Override - public Account findActiveAccountByName(String accountName) { - SearchCriteria sc = AccountNameSearch.create("accountName", accountName); - return findOneBy(sc); + public List listAccounts(String accountName, Long domainId, Filter filter) { + SearchCriteria sc = AllFieldsSearch.create("accountName", accountName); + sc.setParameters("domainId", domainId); + return listIncludingRemovedBy(sc, filter); } @Override @@ -215,20 +244,12 @@ public class AccountDaoImpl extends GenericDaoBase implements A sc.addAnd("id", SearchCriteria.Op.GT, minAccountId); return listIncludingRemovedBy(sc, filter); - } - - @Override - public List findAdminAccountsForDomain(Long domain) { - SearchCriteria sc = AccountTypeSearch.create(); - sc.addAnd("domainId", Op.EQ, domain); - sc.addAnd("type", Op.IN, Account.ACCOUNT_TYPE_ADMIN, Account.ACCOUNT_TYPE_DOMAIN_ADMIN, Account.ACCOUNT_TYPE_READ_ONLY_ADMIN, Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN); - return null; - } + } @Override public List findActiveAccountsForDomain(Long domain) { SearchCriteria sc = DomainAccountsSearch.create(); - sc.addAnd("domainId", Op.EQ, domain); + sc.setParameters("domainId", domain); return listBy(sc); } diff --git a/server/src/com/cloud/vm/UserVmManager.java b/server/src/com/cloud/vm/UserVmManager.java index a62d9573681..0051b3be45d 100755 --- a/server/src/com/cloud/vm/UserVmManager.java +++ b/server/src/com/cloud/vm/UserVmManager.java @@ -84,9 +84,10 @@ public interface UserVmManager extends VirtualMachineGuru, UserVmServi * Obtains a list of virtual machines by the specified search criteria. * Can search by: "userId", "name", "state", "dataCenterId", "podId", "hostId" * @param c + * @param skipProjectVms TODO * @return List of UserVMs. */ - List searchForUserVMs(Criteria c); + List searchForUserVMs(Criteria c, boolean skipProjectVms); String getChecksum(Long hostId, String templatePath); } diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java index c5e7e9fad7c..2d45e075970 100755 --- a/server/src/com/cloud/vm/UserVmManagerImpl.java +++ b/server/src/com/cloud/vm/UserVmManagerImpl.java @@ -2994,19 +2994,23 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager } //set project information + boolean skipProjectVms = true; if (projectId != null) { - permittedAccounts.clear(); - Project project = _projectMgr.getProject(projectId); - if (project == null) { - throw new InvalidParameterValueException("Unable to find project by id " + projectId); - } - if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { - throw new InvalidParameterValueException("Account " + caller + " can't access project id=" + projectId); - } - permittedAccounts.add(project.getProjectAccountId()); - } else { - permittedAccounts.addAll(_projectMgr.listPermittedProjectAccounts(caller.getId())); - } + if (projectId == -1) { + permittedAccounts.addAll(_projectMgr.listPermittedProjectAccounts(caller.getId())); + } else { + permittedAccounts.clear(); + Project project = _projectMgr.getProject(projectId); + if (project == null) { + throw new InvalidParameterValueException("Unable to find project by id " + projectId); + } + if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { + throw new InvalidParameterValueException("Account " + caller + " can't access project id=" + projectId); + } + permittedAccounts.add(project.getProjectAccountId()); + } + skipProjectVms = false; + } Criteria c = new Criteria("id", Boolean.TRUE, cmd.getStartIndex(), cmd.getPageSizeVal()); c.addCriteria(Criteria.KEYWORD, cmd.getKeyword()); @@ -3044,11 +3048,11 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager } c.addCriteria(Criteria.ISADMIN, isAdmin); - return searchForUserVMs(c); + return searchForUserVMs(c, skipProjectVms); } @Override - public List searchForUserVMs(Criteria c) { + public List searchForUserVMs(Criteria c, boolean skipProjectVms) { Filter searchFilter = new Filter(UserVmVO.class, c.getOrderBy(), c.getAscending(), c.getOffset(), c.getLimit()); SearchBuilder sb = _vmDao.createSearchBuilder(); @@ -3091,6 +3095,12 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE); sb.join("domainSearch", domainSearch, sb.entity().getDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER); } + + if (skipProjectVms) { + SearchBuilder accountSearch = _accountDao.createSearchBuilder(); + accountSearch.and("type", accountSearch.entity().getType(), SearchCriteria.Op.NEQ); + sb.join("accountSearch", accountSearch, sb.entity().getAccountId(), accountSearch.entity().getId(), JoinBuilder.JoinType.INNER); + } if (groupId != null && (Long) groupId == -1) { SearchBuilder vmSearch = _groupVMMapDao.createSearchBuilder(); @@ -3121,6 +3131,11 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager // populate the search criteria with the values passed in SearchCriteria sc = sb.create(); + if (skipProjectVms) { + sc.setJoinParameters("accountSearch", "type", Account.ACCOUNT_TYPE_PROJECT); + } + + if (groupId != null && (Long) groupId == -1) { sc.setJoinParameters("vmSearch", "instanceId", (Object) null); } else if (groupId != null) { diff --git a/server/test/com/cloud/vm/MockUserVmManagerImpl.java b/server/test/com/cloud/vm/MockUserVmManagerImpl.java index 309724e08e7..d7eab0a9b81 100644 --- a/server/test/com/cloud/vm/MockUserVmManagerImpl.java +++ b/server/test/com/cloud/vm/MockUserVmManagerImpl.java @@ -171,7 +171,7 @@ public class MockUserVmManagerImpl implements UserVmManager, UserVmService, Mana } @Override - public List searchForUserVMs(Criteria c) { + public List searchForUserVMs(Criteria c, boolean skipProjectVms) { // TODO Auto-generated method stub return null; } @@ -316,7 +316,7 @@ public class MockUserVmManagerImpl implements UserVmManager, UserVmService, Mana } @Override - public List searchForUserVMs(ListVMsCmd cmd) { + public List searchForUserVMs(ListVMsCmd cmd, boolean skipProjectVms) { // TODO Auto-generated method stub return null; }