You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Alena Prokharchyk <al...@citrix.com> on 2012/10/05 21:00:02 UTC
Re: Review Request: CLOUDSTACK-84: FIX NPE error in listRouter etc. after
deleting a user project.
> On Sept. 24, 2012, 6:12 p.m., Alex Huang wrote:
> > Does this need to go into 4.0?
>
> Rohit Yadav wrote:
> Yes, as per fix version on https://issues.apache.org/jira/browse/CLOUDSTACK-84
> But, whatever you advise.
This fix will break the following case:
* have removed account. The removed account has some detached volume and user vm that weren't cleaned up yet
* As ROOT admin, attach account's volume to account's vm. The patch makes it possible while we should allow just LISTING the resources belonging to the removed account, but never allow to manipulate/create/delete them.
We have to think about some other fix. As far as I remember, account/domain checkers are never called when we do list commands through the API as we always do Joins with account table instead of running account check on each and every object returned with the list response.
- Alena
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/7168/#review11841
-----------------------------------------------------------
On Sept. 19, 2012, 3:38 p.m., Rohit Yadav wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/7168/
> -----------------------------------------------------------
>
> (Updated Sept. 19, 2012, 3:38 p.m.)
>
>
> Review request for cloudstack, Abhinandan Prateek, Kishan Kavala, Nitin Mehta, Alena Prokharchyk, and Alex Huang.
>
>
> Description
> -------
>
> Domain ACL information should be valid even if account entry is marked
> removed. Patch fixes how account is obtained based on accountId, it
> finds among those entries which are marked deleted.
>
> In case of project deletion, the project is marked removed first and
> then each of its elements are cleared/cleaned/deleted. While deleting
> network and router it failed because ACL only checks accounts which are
> not marked deleted.
>
> Download original patch and git am <patch>: http://patchbin.baagi.org/p?id=40pdym
>
>
> This addresses bug CLOUDSTACK-84.
>
>
> Diffs
> -----
>
> server/src/com/cloud/acl/DomainChecker.java 6bc2cd3
> server/src/com/cloud/user/dao/AccountDao.java 3b7fa66
> server/src/com/cloud/user/dao/AccountDaoImpl.java 7300bb1
>
> Diff: https://reviews.apache.org/r/7168/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Rohit Yadav
>
>