Skip to content

Commit 3314e11

Browse files
minchen07minchen07
committed
CLOUDSTACK-6569: IAM - Regular user is able to listNetworks of another
user in the same domain , by passing account and domainId.
1 parent 15c4851 commit 3314e11

6 files changed

Lines changed: 4 additions & 29 deletions

File tree

api/src/com/cloud/user/AccountService.java

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,6 @@
2424
import org.apache.cloudstack.api.command.admin.user.RegisterCmd;
2525

2626
import com.cloud.domain.Domain;
27-
import com.cloud.domain.PartOf;
2827
import com.cloud.exception.PermissionDeniedException;
2928

3029
public interface AccountService {
@@ -110,9 +109,6 @@ UserAccount createUserAccount(String userName, String password, String firstName
110109

111110
void checkAccess(Account caller, AccessType accessType, String apiName, ControlledEntity... entities) throws PermissionDeniedException;
112111

113-
//TO be implemented, to check accessibility for an entity owned by domain
114-
void checkAccess(Account caller, AccessType accessType, boolean sameOwner, PartOf... entities) throws PermissionDeniedException;
115-
116112
Long finalyzeAccountId(String accountName, Long domainId, Long projectId, boolean enabledOnly);
117113

118114
/**

plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,6 @@
3737
import com.cloud.configuration.ResourceLimit;
3838
import com.cloud.configuration.dao.ResourceCountDao;
3939
import com.cloud.domain.Domain;
40-
import com.cloud.domain.PartOf;
4140
import com.cloud.exception.ConcurrentOperationException;
4241
import com.cloud.exception.PermissionDeniedException;
4342
import com.cloud.exception.ResourceUnavailableException;
@@ -194,12 +193,6 @@ public boolean isNormalUser(long accountId) {
194193
return false;
195194
}
196195

197-
@Override
198-
public void checkAccess(Account account, AccessType accessType, boolean sameOwner, PartOf... entities) throws PermissionDeniedException {
199-
// TODO Auto-generated method stub
200-
201-
}
202-
203196

204197
@Override
205198
public void buildACLSearchParameters(Account caller, Long id, String accountName, Long projectId, List<Long> permittedDomains, List<Long> permittedAccounts,

server/src/com/cloud/api/query/QueryManagerImpl.java

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3111,7 +3111,7 @@ private void buildTemplateAffinityGroupSearchParameters(Account caller, Long id,
31113111
}
31123112

31133113
if (userAccount != null) {
3114-
_accountMgr.checkAccess(caller, null, false, userAccount);
3114+
_accountMgr.checkAccess(caller, null, userAccount);
31153115
// check permissions
31163116
permittedAccounts.add(userAccount.getId());
31173117
} else {
@@ -3251,7 +3251,7 @@ private Pair<List<TemplateJoinVO>, Integer> searchForTemplatesInternal(Long temp
32513251
// if template is not public, perform permission check here
32523252
if (!template.isPublicTemplate() && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
32533253
Account owner = _accountMgr.getAccount(template.getAccountId());
3254-
_accountMgr.checkAccess(caller, null, true, owner);
3254+
_accountMgr.checkAccess(caller, null, owner);
32553255
}
32563256

32573257
// if templateId is specified, then we will just use the id to
@@ -3576,7 +3576,7 @@ public Pair<List<AffinityGroupJoinVO>, Integer> listAffinityGroupsInternal(Long
35763576
throw new InvalidParameterValueException("Unable to list affinity groups for virtual machine instance "
35773577
+ vmId + "; instance not found.");
35783578
}
3579-
_accountMgr.checkAccess(caller, null, true, userVM);
3579+
_accountMgr.checkAccess(caller, null, userVM);
35803580
return listAffinityGroupsByVM(vmId.longValue(), startIndex, pageSize);
35813581
}
35823582

server/src/com/cloud/network/NetworkServiceImpl.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1432,7 +1432,7 @@ public Pair<List<? extends Network>, Integer> searchForNetworks(ListNetworksCmd
14321432
throw new InvalidParameterValueException("Unable to find account " + accountName + " in specified domain");
14331433
}
14341434

1435-
_accountMgr.checkAccess(caller, null, true, owner);
1435+
_accountMgr.checkAccess(caller, null, owner);
14361436
permittedAccounts.add(owner.getId());
14371437
}
14381438
}

server/src/com/cloud/user/AccountManagerImpl.java

Lines changed: 0 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,6 @@
7474
import com.cloud.dc.dao.DedicatedResourceDao;
7575
import com.cloud.domain.Domain;
7676
import com.cloud.domain.DomainVO;
77-
import com.cloud.domain.PartOf;
7877
import com.cloud.domain.dao.DomainDao;
7978
import com.cloud.event.ActionEvent;
8079
import com.cloud.event.ActionEventUtils;
@@ -457,13 +456,6 @@ public void checkAccess(Account caller, Domain domain) throws PermissionDeniedEx
457456
throw new PermissionDeniedException("There's no way to confirm " + caller + " has access to " + domain);
458457
}
459458

460-
@Override
461-
public void checkAccess(Account caller, AccessType accessType, boolean sameOwner, PartOf... entities) throws PermissionDeniedException {
462-
// TODO Auto-generated method stub
463-
464-
//TO BE IMPLEMENTED
465-
466-
}
467459

468460
@Override
469461
public void checkAccess(Account caller, AccessType accessType, ControlledEntity... entities) throws PermissionDeniedException {

server/test/com/cloud/user/MockAccountManagerImpl.java

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,6 @@
3333
import org.apache.cloudstack.api.command.admin.user.UpdateUserCmd;
3434

3535
import com.cloud.domain.Domain;
36-
import com.cloud.domain.PartOf;
3736
import com.cloud.exception.ConcurrentOperationException;
3837
import com.cloud.exception.PermissionDeniedException;
3938
import com.cloud.exception.ResourceUnavailableException;
@@ -220,11 +219,6 @@ public String getName() {
220219
}
221220

222221

223-
@Override
224-
public void checkAccess(Account account, AccessType accessType, boolean sameOwner, PartOf... entities) throws PermissionDeniedException {
225-
// TODO Auto-generated method stub
226-
227-
}
228222

229223
@Override
230224
public UserAccount getUserAccountById(Long userId) {

0 commit comments

Comments
 (0)