You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ga...@apache.org on 2012/12/25 13:52:43 UTC
[1/3] git commit: Fix for CloudStack-648
Updated Branches:
refs/heads/4.0 1434ade39 -> a387fcdd7
refs/heads/master 5b751b2a1 -> 5aefd77f7
Fix for CloudStack-648
Signed-off-by: Gavin Lee <ga...@gmail.com>
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/5aefd77f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/5aefd77f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/5aefd77f
Branch: refs/heads/master
Commit: 5aefd77f774723dd5729324043e62a413f580da8
Parents: 5b751b2
Author: Isaac Chiang <is...@gmail.com>
Authored: Tue Dec 18 09:38:08 2012 +0800
Committer: Gavin Lee <ga...@gmail.com>
Committed: Wed Dec 26 00:00:58 2012 +0800
----------------------------------------------------------------------
api/src/com/cloud/api/response/UserResponse.java | 10 +++++
client/tomcatconf/commands.properties.in | 2 +-
server/src/com/cloud/api/ApiDBUtils.java | 4 ++
server/src/com/cloud/api/ApiResponseHelper.java | 3 +-
ui/scripts/accounts.js | 32 +++++++++--------
ui/scripts/sharedFunctions.js | 16 ++++++++
6 files changed, 50 insertions(+), 17 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/5aefd77f/api/src/com/cloud/api/response/UserResponse.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/api/response/UserResponse.java b/api/src/com/cloud/api/response/UserResponse.java
index 920eb59..b1382e9 100644
--- a/api/src/com/cloud/api/response/UserResponse.java
+++ b/api/src/com/cloud/api/response/UserResponse.java
@@ -69,6 +69,8 @@ public class UserResponse extends BaseResponse {
@SerializedName("accountid") @Param(description="the account ID of the user")
private IdentityProxy accountId = new IdentityProxy("account");
+ @SerializedName("iscallerchilddomain") @Param(description="the boolean value representing if the updating target is in caller's child domain")
+ private boolean isCallerChildDomain;
public Long getId() {
return id.getValue();
@@ -188,4 +190,12 @@ public class UserResponse extends BaseResponse {
public void setAccountId(Long accountId) {
this.accountId.setValue(accountId);
}
+
+ public boolean getIsCallerSubdomain() {
+ return this.isCallerChildDomain;
+ }
+
+ public void setIsCallerChildDomain(boolean isCallerChildDomain) {
+ this.isCallerChildDomain = isCallerChildDomain;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/5aefd77f/client/tomcatconf/commands.properties.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/commands.properties.in b/client/tomcatconf/commands.properties.in
index 437c8d4..e55017c 100755
--- a/client/tomcatconf/commands.properties.in
+++ b/client/tomcatconf/commands.properties.in
@@ -31,7 +31,7 @@ markDefaultZoneForAccount=com.cloud.api.commands.MarkDefaultZoneForAccountCmd;1
#### User commands
createUser=com.cloud.api.commands.CreateUserCmd;3
deleteUser=com.cloud.api.commands.DeleteUserCmd;3
-updateUser=com.cloud.api.commands.UpdateUserCmd;3
+updateUser=com.cloud.api.commands.UpdateUserCmd;15
listUsers=com.cloud.api.commands.ListUsersCmd;7
####lockUser=com.cloud.api.commands.LockUserCmd;7
disableUser=com.cloud.api.commands.DisableUserCmd;7
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/5aefd77f/server/src/com/cloud/api/ApiDBUtils.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiDBUtils.java b/server/src/com/cloud/api/ApiDBUtils.java
index cdd5339..012075c 100755
--- a/server/src/com/cloud/api/ApiDBUtils.java
+++ b/server/src/com/cloud/api/ApiDBUtils.java
@@ -469,6 +469,10 @@ public class ApiDBUtils {
public static DomainVO findDomainByIdIncludingRemoved(Long domainId) {
return _domainDao.findByIdIncludingRemoved(domainId);
}
+
+ public static boolean isChildDomain(long parentId, long childId) {
+ return _domainDao.isChildDomain(parentId, childId);
+ }
public static DomainRouterVO findDomainRouterById(Long routerId) {
return _domainRouterDao.findByIdIncludingRemoved(routerId);
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/5aefd77f/server/src/com/cloud/api/ApiResponseHelper.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java
index a574710..8f9837f 100755
--- a/server/src/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/com/cloud/api/ApiResponseHelper.java
@@ -423,6 +423,7 @@ public class ApiResponseHelper implements ResponseGenerator {
@Override
public UserResponse createUserResponse(UserAccount user) {
+ Account account = UserContext.current().getCaller();
UserResponse userResponse = new UserResponse();
userResponse.setAccountName(user.getAccountName());
userResponse.setAccountType(user.getType());
@@ -439,8 +440,8 @@ public class ApiResponseHelper implements ResponseGenerator {
userResponse.setApiKey(user.getApiKey());
userResponse.setSecretKey(user.getSecretKey());
userResponse.setAccountId((user.getAccountId()));
+ userResponse.setIsCallerChildDomain(ApiDBUtils.isChildDomain(account.getDomainId(), user.getDomainId()));
userResponse.setObjectName("user");
-
return userResponse;
}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/5aefd77f/ui/scripts/accounts.js
----------------------------------------------------------------------
diff --git a/ui/scripts/accounts.js b/ui/scripts/accounts.js
index 324c5f5..ba741a4 100644
--- a/ui/scripts/accounts.js
+++ b/ui/scripts/accounts.js
@@ -1248,22 +1248,20 @@
if (jsonObj.state == 'Destroyed') return [];
if(isAdmin()) {
- allowedActions.push("edit"); //updating networkdomain is allowed on any account, including system-generated default admin account
- if(!(jsonObj.domain == "ROOT" && jsonObj.name == "admin" && jsonObj.accounttype == 1)) { //if not system-generated default admin account
- if(jsonObj.state == "enabled") {
- allowedActions.push("disable");
- allowedActions.push("lock");
- }
- else if(jsonObj.state == "disabled" || jsonObj.state == "locked") {
- allowedActions.push("enable");
+ allowedActions.push("edit"); //updating networkdomain is allowed on any account, including system-generated default admin account
+ if(!(jsonObj.domain == "ROOT" && jsonObj.name == "admin" && jsonObj.accounttype == 1)) { //if not system-generated default admin account
+ if(jsonObj.state == "enabled") {
+ allowedActions.push("disable");
+ allowedActions.push("lock");
+ } else if(jsonObj.state == "disabled" || jsonObj.state == "locked") {
+ allowedActions.push("enable");
+ }
+ allowedActions.push("remove");
}
- allowedActions.push("remove");
- }
- allowedActions.push("updateResourceCount");
- }
- else if(isDomainAdmin()) {
- allowedActions.push("updateResourceCount");
- }
+ allowedActions.push("updateResourceCount");
+ } else if(isDomainAdmin()) {
+ allowedActions.push("updateResourceCount");
+ }
return allowedActions;
}
@@ -1281,6 +1279,10 @@
allowedActions.push("enable");
allowedActions.push("remove");
}
+ } else {
+ if(isSelfOrChildDomainUser(jsonObj.username, jsonObj.accounttype, jsonObj.domainid, jsonObj.iscallerchilddomain)) {
+ allowedActions.push("changePassword");
+ }
}
return allowedActions;
}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/5aefd77f/ui/scripts/sharedFunctions.js
----------------------------------------------------------------------
diff --git a/ui/scripts/sharedFunctions.js b/ui/scripts/sharedFunctions.js
index 961c973..eb78ad1 100644
--- a/ui/scripts/sharedFunctions.js
+++ b/ui/scripts/sharedFunctions.js
@@ -158,6 +158,22 @@ function isUser() {
return (g_role == 0);
}
+function isSelfOrChildDomainUser(username, useraccounttype, userdomainid, iscallerchilddomain) {
+ if(username == g_username) { //is self
+ return true;
+ } else if(isDomainAdmin()
+ && iscallerchilddomain
+ && (useraccounttype == 0)) { //domain admin to user
+ return true;
+ } else if(isDomainAdmin()
+ && iscallerchilddomain
+ && (userdomainid != g_domainid) ) { //domain admin to subdomain admin and user
+ return true;
+ } else {
+ return false;
+ }
+}
+
// FUNCTION: Handles AJAX error callbacks. You can pass in an optional function to
// handle errors that are not already handled by this method.
function handleError(XMLHttpResponse, handleErrorCallback) {