You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ah...@apache.org on 2013/07/04 02:57:37 UTC
[04/10] git commit: updated refs/heads/vmsync to 3ecc52a
CLOUDSTACK-3347: fixed project deletion for project's owned template
Conflicts:
server/src/com/cloud/template/TemplateAdapterBase.java
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/d8560281
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/d8560281
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/d8560281
Branch: refs/heads/vmsync
Commit: d8560281a4ffc2cf934b3f673bcd7b6f1a8b9429
Parents: 0a241b8
Author: Alena Prokharchyk <al...@citrix.com>
Authored: Wed Jul 3 13:40:32 2013 -0700
Committer: Alena Prokharchyk <al...@citrix.com>
Committed: Wed Jul 3 13:48:06 2013 -0700
----------------------------------------------------------------------
.../com/cloud/template/TemplateAdapterBase.java | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d8560281/server/src/com/cloud/template/TemplateAdapterBase.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/template/TemplateAdapterBase.java b/server/src/com/cloud/template/TemplateAdapterBase.java
index c5d4a6b..fce2506 100755
--- a/server/src/com/cloud/template/TemplateAdapterBase.java
+++ b/server/src/com/cloud/template/TemplateAdapterBase.java
@@ -25,8 +25,8 @@ import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.command.user.iso.DeleteIsoCmd;
import org.apache.cloudstack.api.command.user.iso.RegisterIsoCmd;
import org.apache.cloudstack.api.command.user.template.DeleteTemplateCmd;
-import org.apache.cloudstack.api.command.user.template.RegisterTemplateCmd;
import org.apache.cloudstack.api.command.user.template.ExtractTemplateCmd;
+import org.apache.cloudstack.api.command.user.template.RegisterTemplateCmd;
import org.apache.cloudstack.engine.subsystem.api.storage.DataStore;
import org.apache.cloudstack.engine.subsystem.api.storage.DataStoreManager;
import org.apache.cloudstack.storage.datastore.db.TemplateDataStoreDao;
@@ -46,6 +46,7 @@ import com.cloud.exception.ResourceAllocationException;
import com.cloud.host.dao.HostDao;
import com.cloud.hypervisor.Hypervisor.HypervisorType;
import com.cloud.org.Grouping;
+import com.cloud.projects.ProjectManager;
import com.cloud.server.ConfigurationServer;
import com.cloud.storage.GuestOS;
import com.cloud.storage.Storage.ImageFormat;
@@ -86,8 +87,9 @@ public abstract class TemplateAdapterBase extends AdapterBase implements Templat
protected @Inject ResourceLimitService _resourceLimitMgr;
protected @Inject DataStoreManager storeMgr;
@Inject TemplateManager templateMgr;
- @Inject ConfigurationServer _configServer;
-
+ @Inject ConfigurationServer _configServer;
+ @Inject ProjectManager _projectMgr;
+
@Override
public boolean stop() {
return true;
@@ -289,9 +291,16 @@ public abstract class TemplateAdapterBase extends AdapterBase implements Templat
if ((template != null)
&& (!template.isPublicTemplate() && (account.getId() != template.getAccountId()) && (template.getTemplateType() != TemplateType.PERHOST))) {
- throw new PermissionDeniedException(msg + ". Permission denied.");
+ //special handling for the project case
+ Account owner = _accountMgr.getAccount(template.getAccountId());
+ if (owner.getType() == Account.ACCOUNT_TYPE_PROJECT) {
+ if (!_projectMgr.canAccessProjectAccount(account, owner.getId())) {
+ throw new PermissionDeniedException(msg + ". Permission denied. The caller can't access project's template");
+ }
+ } else {
+ throw new PermissionDeniedException(msg + ". Permission denied.");
+ }
}
-
} else {
if ((vmInstanceCheck != null) && !_domainDao.isChildDomain(account.getDomainId(), vmInstanceCheck.getDomainId())) {
throw new PermissionDeniedException(msg + ". Permission denied.");