etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-3347: fixed project deletion for project's owned template 

Conflicts:
	server/src/com/cloud/template/TemplateAdapterBase.java
This commit is contained in:
Alena Prokharchyk 2013-07-03 13:40:32 -07:00
parent 0e273578b3
commit fdb85998ef
1 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
server/src/com/cloud/template/TemplateAdapterBase.java
View File

@ -25,8 +25,8 @@ import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.command.user.iso.DeleteIsoCmd;
import org.apache.cloudstack.api.command.user.iso.RegisterIsoCmd;
import org.apache.cloudstack.api.command.user.template.DeleteTemplateCmd;
import org.apache.cloudstack.api.command.user.template.RegisterTemplateCmd;
import org.apache.cloudstack.api.command.user.template.ExtractTemplateCmd;
import org.apache.cloudstack.api.command.user.template.RegisterTemplateCmd;
import org.apache.cloudstack.engine.subsystem.api.storage.DataStore;
import org.apache.cloudstack.engine.subsystem.api.storage.DataStoreManager;
import org.apache.cloudstack.storage.datastore.db.TemplateDataStoreDao;
@ -46,6 +46,7 @@ import com.cloud.exception.ResourceAllocationException;
import com.cloud.host.dao.HostDao;
import com.cloud.hypervisor.Hypervisor.HypervisorType;
import com.cloud.org.Grouping;
import com.cloud.projects.ProjectManager;
import com.cloud.server.ConfigurationServer;
import com.cloud.storage.GuestOS;
import com.cloud.storage.Storage.ImageFormat;
@ -86,8 +87,9 @@ public abstract class TemplateAdapterBase extends AdapterBase implements Templat
protected @Inject ResourceLimitService _resourceLimitMgr;
protected @Inject DataStoreManager storeMgr;
@Inject TemplateManager templateMgr;
@Inject ConfigurationServer _configServer;
@Inject ConfigurationServer _configServer;
@Inject ProjectManager _projectMgr;
@Override
public boolean stop() {
return true;
@ -289,9 +291,16 @@ public abstract class TemplateAdapterBase extends AdapterBase implements Templat
if ((template != null)
&& (!template.isPublicTemplate() && (account.getId() != template.getAccountId()) && (template.getTemplateType() != TemplateType.PERHOST))) {
throw new PermissionDeniedException(msg + ". Permission denied.");
//special handling for the project case
Account owner = _accountMgr.getAccount(template.getAccountId());
if (owner.getType() == Account.ACCOUNT_TYPE_PROJECT) {
if (!_projectMgr.canAccessProjectAccount(account, owner.getId())) {
throw new PermissionDeniedException(msg + ". Permission denied. The caller can't access project's template");
}
} else {
throw new PermissionDeniedException(msg + ". Permission denied.");
}
}
} else {
if ((vmInstanceCheck != null) && !_domainDao.isChildDomain(account.getDomainId(), vmInstanceCheck.getDomainId())) {
throw new PermissionDeniedException(msg + ". Permission denied.");