You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2021/02/24 10:24:24 UTC
[GitHub] [cloudstack] shwstppr commented on a change in pull request #4717: Added recursive fetch of child domains for listUsageRecords API call
shwstppr commented on a change in pull request #4717:
URL: https://github.com/apache/cloudstack/pull/4717#discussion_r581825811
##########
File path: api/src/main/java/org/apache/cloudstack/api/command/admin/usage/ListUsageRecordsCmd.java
##########
@@ -85,6 +85,10 @@
@Parameter(name = ApiConstants.OLD_FORMAT, type = CommandType.BOOLEAN, description = "Flag to enable description rendered in old format which uses internal database IDs instead of UUIDs. False by default.")
private Boolean oldFormat;
+ @Parameter(name = ApiConstants.IS_RECURSIVE, type = CommandType.BOOLEAN,
+ description = "Specify if usage records should be fetched recursively per domain.")
Review comment:
@Spaceman1984 you may add the `since` key here
##########
File path: server/src/main/java/com/cloud/usage/UsageServiceImpl.java
##########
@@ -216,6 +216,31 @@ public boolean generateUsageRecords(GenerateUsageRecordsCmd cmd) {
s_logger.debug("Account details not available. Using userContext accountId: " + accountId);
}
+ // Check if a domain admin is allowed to access the requested account info.
+ if (_accountService.isDomainAdmin(caller.getId()) && accountId != null){
+ long accountDomainId = _accountDao.getDomainIdForGivenAccountId(accountId);
+ long callerDomainId = caller.getDomainId();
+ boolean matchFound = false;
+
+ if (callerDomainId == accountDomainId) {
+ matchFound = true;
+ } else {
+ // Check if the account is in a child domain of this domain admin.
+ List<DomainVO> childDomains = _domainDao.findAllChildren(_domainDao.findById(caller.getDomainId()).getPath(), caller.getDomainId());
+
+ for (DomainVO domainVO: childDomains) {
+ if (accountDomainId == domainVO.getId()) {
Review comment:
@Spaceman1984 can we use checkAccess method to simplify checking accountId domain access?
`void checkAccess(Account account, Domain domain) throws PermissionDeniedException;`
##########
File path: server/src/main/java/com/cloud/usage/UsageServiceImpl.java
##########
@@ -248,7 +273,17 @@ public boolean generateUsageRecords(GenerateUsageRecordsCmd cmd) {
sc.addAnd("domainId", SearchCriteria.Op.IN, domainIds.toArray());
}
- if (domainId != null) {
+ if (cmd.isRecursive() && domainId != null){
+ SearchCriteria<DomainVO> sdc = _domainDao.createSearchCriteria();
+ sdc.addOr("path", SearchCriteria.Op.LIKE, _domainDao.findById(domainId).getPath() + "%");
+ List<DomainVO> domains = _domainDao.search(sdc, null);
+ List<Long> domainIds = new ArrayList<Long>();
+ for (DomainVO domain : domains)
+ domainIds.add(domain.getId());
+ sc.addAnd("domainId", SearchCriteria.Op.IN, domainIds.toArray());
+ }
+
+ if (!cmd.isRecursive() && domainId != null) {
Review comment:
Will this add two different AND conditions when,
Caller = Domain Admin
isRecursive = False
domainId = ID of a child domain
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org