From f8ef13c5e6fe833c923dbcda9d0e61381ded3de5 Mon Sep 17 00:00:00 2001
From: Sudhansu <sudhansu.sahu@citrix.com>
Date: Fri, 13 Mar 2015 17:48:47 +0530
Subject: [PATCH] BUG-ID: CLOUDSTACK-8483 - Private template not visible in
 project added new 'projectId' parameter in createTemplate command and based
 current user, account and projectid decide the owner of the template.

Signed-off-by: Pierre-Luc Dion <pdion891@apache.org>
---
 .../user/template/CreateTemplateCmd.java      | 50 ++++++++++++-------
 1 file changed, 31 insertions(+), 19 deletions(-)

diff --git a/api/src/org/apache/cloudstack/api/command/user/template/CreateTemplateCmd.java b/api/src/org/apache/cloudstack/api/command/user/template/CreateTemplateCmd.java
index 7be7e62ee52..ae9205fc480 100644
--- a/api/src/org/apache/cloudstack/api/command/user/template/CreateTemplateCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/template/CreateTemplateCmd.java
@@ -20,6 +20,14 @@ import java.util.Collection;
 import java.util.List;
 import java.util.Map;
 
+import org.apache.cloudstack.acl.SecurityChecker;
+import org.apache.cloudstack.api.response.GuestOSResponse;
+import org.apache.cloudstack.api.response.SnapshotResponse;
+import org.apache.cloudstack.api.response.TemplateResponse;
+import org.apache.cloudstack.api.response.UserVmResponse;
+import org.apache.cloudstack.api.response.VolumeResponse;
+import org.apache.cloudstack.api.response.ProjectResponse;
+
 import org.apache.log4j.Logger;
 
 import org.apache.cloudstack.api.APICommand;
@@ -30,11 +38,6 @@ import org.apache.cloudstack.api.BaseAsyncCreateCmd;
 import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.ResponseObject.ResponseView;
 import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.GuestOSResponse;
-import org.apache.cloudstack.api.response.SnapshotResponse;
-import org.apache.cloudstack.api.response.TemplateResponse;
-import org.apache.cloudstack.api.response.UserVmResponse;
-import org.apache.cloudstack.api.response.VolumeResponse;
 import org.apache.cloudstack.context.CallContext;
 
 import com.cloud.event.EventTypes;
@@ -124,6 +127,9 @@ public class CreateTemplateCmd extends BaseAsyncCreateCmd {
                description = "true if template contains XS/VMWare tools inorder to support dynamic scaling of VM cpu/memory")
     protected Boolean isDynamicallyScalable;
 
+    @Parameter(name = ApiConstants.PROJECT_ID, type = CommandType.UUID, entityType = ProjectResponse.class, description = "create template for the project")
+    private Long projectId;
+
     // ///////////////////////////////////////////////////
     // ///////////////// Accessors ///////////////////////
     // ///////////////////////////////////////////////////
@@ -215,33 +221,39 @@ public class CreateTemplateCmd extends BaseAsyncCreateCmd {
         if (volumeId != null) {
             Volume volume = _entityMgr.findById(Volume.class, volumeId);
             if (volume != null) {
-                accountId = volume.getAccountId();
+                _accountService.checkAccess(CallContext.current().getCallingAccount(), SecurityChecker.AccessType.UseEntry, false, volume);
             } else {
                 throw new InvalidParameterValueException("Unable to find volume by id=" + volumeId);
             }
         } else {
             Snapshot snapshot = _entityMgr.findById(Snapshot.class, snapshotId);
             if (snapshot != null) {
-                accountId = snapshot.getAccountId();
+                _accountService.checkAccess(CallContext.current().getCallingAccount(), SecurityChecker.AccessType.UseEntry, false, snapshot);
             } else {
                 throw new InvalidParameterValueException("Unable to find snapshot by id=" + snapshotId);
             }
         }
 
-        Account account = _accountService.getAccount(accountId);
-        //Can create templates for enabled projects/accounts only
-        if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
-            Project project = _projectService.findByProjectAccountId(accountId);
-            if (project.getState() != Project.State.Active) {
-                PermissionDeniedException ex =
-                    new PermissionDeniedException("Can't add resources to the specified project id in state=" + project.getState() + " as it's no longer active");
-                ex.addProxyObject(project.getUuid(), "projectId");
+        if(projectId != null){
+            final Project project = _projectService.getProject(projectId);
+            if (project != null) {
+                if (project.getState() == Project.State.Active) {
+                    Account projectAccount= _accountService.getAccount(project.getProjectAccountId());
+                    _accountService.checkAccess(CallContext.current().getCallingAccount(), SecurityChecker.AccessType.UseEntry, false, projectAccount);
+                    return project.getProjectAccountId();
+                } else {
+                    final PermissionDeniedException ex =
+                            new PermissionDeniedException("Can't add resources to the project with specified projectId in state=" + project.getState() +
+                                    " as it's no longer active");
+                    ex.addProxyObject(project.getUuid(), "projectId");
+                    throw ex;
+                }
+            } else {
+                throw new InvalidParameterValueException("Unable to find project by id");
             }
-        } else if (account.getState() == Account.State.disabled) {
-            throw new PermissionDeniedException("The owner of template is disabled: " + account);
         }
 
-        return accountId;
+        return CallContext.current().getCallingAccount().getId();
     }
 
     @Override
@@ -267,7 +279,7 @@ public class CreateTemplateCmd extends BaseAsyncCreateCmd {
     public void create() throws ResourceAllocationException {
         VirtualMachineTemplate template = null;
         //TemplateOwner should be the caller https://issues.citrite.net/browse/CS-17530
-        template = _templateService.createPrivateTemplateRecord(this, CallContext.current().getCallingAccount());
+        template = _templateService.createPrivateTemplateRecord(this, _accountService.getAccount(getEntityOwnerId()));
         if (template != null) {
             setEntityId(template.getId());
             setEntityUuid(template.getUuid());