From bf1aae8413fee4290d7ff20d0b788daecd43f69c Mon Sep 17 00:00:00 2001 From: alena Date: Mon, 14 Mar 2011 16:03:25 -0700 Subject: [PATCH] bug 8730: perform permission check when listSshKeyPair status 8730: resolved fixed --- .../api/commands/ListSSHKeyPairsCmd.java | 4 +- .../cloud/server/ManagementServerImpl.java | 55 ++++++++++++++++--- 2 files changed, 48 insertions(+), 11 deletions(-) diff --git a/api/src/com/cloud/api/commands/ListSSHKeyPairsCmd.java b/api/src/com/cloud/api/commands/ListSSHKeyPairsCmd.java index 4db3355dabe..2cf696489ab 100644 --- a/api/src/com/cloud/api/commands/ListSSHKeyPairsCmd.java +++ b/api/src/com/cloud/api/commands/ListSSHKeyPairsCmd.java @@ -23,10 +23,10 @@ public class ListSSHKeyPairsCmd extends BaseListCmd { //////////////// API parameters ///////////////////// ///////////////////////////////////////////////////// - @Parameter(name=ApiConstants.NAME, type=CommandType.STRING, required=false, description="A key pair name to look for") + @Parameter(name=ApiConstants.NAME, type=CommandType.STRING, description="A key pair name to look for") private String name; - @Parameter(name="fingerprint", type=CommandType.STRING, required=false, description="A public key fingerprint to look for") + @Parameter(name="fingerprint", type=CommandType.STRING, description="A public key fingerprint to look for") private String fingerprint; diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java index 745979e2b1f..939ac23729d 100755 --- a/server/src/com/cloud/server/ManagementServerImpl.java +++ b/server/src/com/cloud/server/ManagementServerImpl.java @@ -4857,17 +4857,54 @@ public class ManagementServerImpl implements ManagementServer { @Override public List listSSHKeyPairs(ListSSHKeyPairsCmd cmd) { - Account account = UserContext.current().getCaller(); - - if (cmd.getName() != null && cmd.getName().length() > 0) { - return _sshKeyPairDao.listKeyPairsByName(account.getAccountId(), account.getDomainId(), cmd.getName()); + Account caller = UserContext.current().getCaller(); + String name = cmd.getName(); + String fingerPrint = cmd.getFingerprint(); + Long accountId = null; + Long domainId = null; + String path = null; + + if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) { + accountId = caller.getId(); + domainId = caller.getDomainId(); + } else if (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) { + DomainVO domain = _domainDao.findById(caller.getDomainId()); + path = domain.getPath(); } - - if (cmd.getFingerprint() != null && cmd.getFingerprint().length() > 0) { - return _sshKeyPairDao.listKeyPairsByFingerprint(account.getAccountId(), account.getDomainId(), cmd.getFingerprint()); + + SearchBuilder sb = _sshKeyPairDao.createSearchBuilder(); + Filter searchFilter = new Filter(SSHKeyPairVO.class, "id", false, cmd.getStartIndex(), cmd.getPageSizeVal()); + + if (path != null) { + //for domain admin we should show only subdomains information + SearchBuilder domainSearch = _domainDao.createSearchBuilder(); + domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE); + sb.join("domainSearch", domainSearch, sb.entity().getDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER); } - - return _sshKeyPairDao.listKeyPairs(account.getAccountId(), account.getDomainId()); + + SearchCriteria sc = sb.create(); + + if (name != null) { + sc.addAnd("name", SearchCriteria.Op.EQ, name); + } + + if (accountId != null) { + sc.addAnd("accountId", SearchCriteria.Op.EQ, accountId); + } + + if (domainId != null) { + sc.addAnd("domainId", SearchCriteria.Op.EQ, domainId); + } + + if (fingerPrint != null) { + sc.addAnd("fingerprint", SearchCriteria.Op.EQ, fingerPrint); + } + + if (path != null) { + sc.setJoinParameters("domainSearch", "path", path + "%"); + } + + return _sshKeyPairDao.search(sc, searchFilter); } @Override