From 8190b687711daa5726290c046850cf1937ea4fda Mon Sep 17 00:00:00 2001 From: Anurag Awasthi Date: Wed, 31 Jul 2019 15:19:21 +0530 Subject: [PATCH 1/2] Misc fixes to sharing templates functionality 1. Fix populating g_allowUserViewAllDomainAccounts flag. This was implemented incorrectly and caused flag's effect to not reflect directly after login. 2. Filter account/project names only for add operation. update template permissions API is implemented in such a way that it allows removal of any account that could have had permissions but allows only adding accounts/projects which are in caller's domain. 3. Added some checks where null variable could result in crash. --- ui/scripts/cloudStack.js | 4 ++++ ui/scripts/sharedFunctions.js | 2 +- ui/scripts/templates.js | 16 ++++++++++------ 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/ui/scripts/cloudStack.js b/ui/scripts/cloudStack.js index 5280e7e6ff0..9b5f0117058 100644 --- a/ui/scripts/cloudStack.js +++ b/ui/scripts/cloudStack.js @@ -318,6 +318,8 @@ g_userProjectsEnabled = json.listcapabilitiesresponse.capability.allowusercreateprojects; g_cloudstackversion = json.listcapabilitiesresponse.capability.cloudstackversion; + // Allow users to see all accounts within a domain + g_allowUserViewAllDomainAccounts = json.listcapabilitiesresponse.capability.allowuserviewalldomainaccounts; if (json.listcapabilitiesresponse.capability.apilimitinterval != null && json.listcapabilitiesresponse.capability.apilimitmax != null) { var intervalLimit = ((json.listcapabilitiesresponse.capability.apilimitinterval * 1000) / json.listcapabilitiesresponse.capability.apilimitmax) * 3; //multiply 3 to be on safe side @@ -374,6 +376,7 @@ g_kvmsnapshotenabled = null; g_regionsecondaryenabled = null; g_loginCmdText = null; + g_allowUserViewAllDomainAccounts = null; // Remove any cookies var cookies = document.cookie.split(";"); @@ -410,6 +413,7 @@ g_kvmsnapshotenabled = null; g_regionsecondaryenabled = null; g_loginCmdText = null; + g_allowUserViewAllDomainAccounts = null; // Remove any cookies var cookies = document.cookie.split(";"); diff --git a/ui/scripts/sharedFunctions.js b/ui/scripts/sharedFunctions.js index 84e233f809c..2180f058767 100644 --- a/ui/scripts/sharedFunctions.js +++ b/ui/scripts/sharedFunctions.js @@ -36,7 +36,7 @@ var g_queryAsyncJobResultInterval = 3000; var g_idpList = null; var g_appendIdpDomain = false; var g_sortKeyIsAscending = false; -var g_allowUserViewAllDomainAccounts= false; +var g_allowUserViewAllDomainAccounts = false; //keyboard keycode var keycode_Enter = 13; diff --git a/ui/scripts/templates.js b/ui/scripts/templates.js index a05e001ed32..d4042a0a71d 100644 --- a/ui/scripts/templates.js +++ b/ui/scripts/templates.js @@ -1643,8 +1643,8 @@ success: function (jsonAccounts) { var accountByName = {}; $.each(jsonAccounts.listaccountsresponse.account, function(idx, account) { - // Only add current domain's accounts as update template permissions supports that - if (account.domainid === g_domainid) { + // Only add current domain's accounts for add as update template permissions supports that + if (account.domainid === g_domainid && operation === "add") { accountByName[account.name] = { projName: account.name, hasPermission: false @@ -1658,7 +1658,9 @@ success: function (json) { items = json.listtemplatepermissionsresponse.templatepermission.account; $.each(items, function(idx, accountName) { - accountByName[accountName].hasPermission = true; + if (accountByName[accountName]) { + accountByName[accountName].hasPermission = true; + } }); var accountObjs = []; @@ -1707,8 +1709,8 @@ success: function (jsonProjects) { var projectsByIds = {}; $.each(jsonProjects.listprojectsresponse.project, function(idx, project) { - // Only add current domain's projects as update template permissions supports that - if (project.domainid === g_domainid) { + // Only add current domain's projects for add operation as update template permissions supports that + if (project.domainid === g_domainid && operation === "add") { projectsByIds[project.id] = { projName: project.name, hasPermission: false @@ -1723,7 +1725,9 @@ success: function (json) { items = json.listtemplatepermissionsresponse.templatepermission.projectids; $.each(items, function(idx, projectId) { - projectsByIds[projectId].hasPermission = true; + if (projectsByIds[projectId]) { + projectsByIds[projectId].hasPermission = true; + } }); var projectObjs = []; From f9b37714890d507caf530f116f02a9e59891c436 Mon Sep 17 00:00:00 2001 From: Anurag Awasthi Date: Thu, 1 Aug 2019 14:17:47 +0530 Subject: [PATCH 2/2] Add usernames to map for remove operations as well --- ui/scripts/templates.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui/scripts/templates.js b/ui/scripts/templates.js index d4042a0a71d..6124ab13c1b 100644 --- a/ui/scripts/templates.js +++ b/ui/scripts/templates.js @@ -1710,7 +1710,7 @@ var projectsByIds = {}; $.each(jsonProjects.listprojectsresponse.project, function(idx, project) { // Only add current domain's projects for add operation as update template permissions supports that - if (project.domainid === g_domainid && operation === "add") { + if ((project.domainid === g_domainid && operation === "add") || operation === "remove") { projectsByIds[project.id] = { projName: project.name, hasPermission: false