You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by al...@apache.org on 2013/07/03 22:57:54 UTC
git commit: updated refs/heads/master-6-17-stable to 5ca08ff
Updated Branches:
refs/heads/master-6-17-stable 80a41e83b -> 5ca08ff9e
CLOUDSTACK-3347: fixed project deletion for project's owned template
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/5ca08ff9
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/5ca08ff9
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/5ca08ff9
Branch: refs/heads/master-6-17-stable
Commit: 5ca08ff9e8302b1efa156a178243abb6ddb950c9
Parents: 80a41e8
Author: Alena Prokharchyk <al...@citrix.com>
Authored: Wed Jul 3 13:40:32 2013 -0700
Committer: Alena Prokharchyk <al...@citrix.com>
Committed: Wed Jul 3 13:41:02 2013 -0700
----------------------------------------------------------------------
.../src/com/cloud/template/TemplateAdapterBase.java | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5ca08ff9/server/src/com/cloud/template/TemplateAdapterBase.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/template/TemplateAdapterBase.java b/server/src/com/cloud/template/TemplateAdapterBase.java
index ef32b6b..172a9db 100755
--- a/server/src/com/cloud/template/TemplateAdapterBase.java
+++ b/server/src/com/cloud/template/TemplateAdapterBase.java
@@ -25,8 +25,8 @@ import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.command.user.iso.DeleteIsoCmd;
import org.apache.cloudstack.api.command.user.iso.RegisterIsoCmd;
import org.apache.cloudstack.api.command.user.template.DeleteTemplateCmd;
-import org.apache.cloudstack.api.command.user.template.RegisterTemplateCmd;
import org.apache.cloudstack.api.command.user.template.ExtractTemplateCmd;
+import org.apache.cloudstack.api.command.user.template.RegisterTemplateCmd;
import org.apache.cloudstack.engine.subsystem.api.storage.DataStore;
import org.apache.cloudstack.engine.subsystem.api.storage.DataStoreManager;
import org.apache.cloudstack.engine.subsystem.api.storage.DataStoreRole;
@@ -46,6 +46,7 @@ import com.cloud.exception.ResourceAllocationException;
import com.cloud.host.dao.HostDao;
import com.cloud.hypervisor.Hypervisor.HypervisorType;
import com.cloud.org.Grouping;
+import com.cloud.projects.ProjectManager;
import com.cloud.server.ConfigurationServer;
import com.cloud.storage.GuestOS;
import com.cloud.storage.Storage.ImageFormat;
@@ -86,6 +87,7 @@ public abstract class TemplateAdapterBase extends AdapterBase implements Templat
protected @Inject DataStoreManager storeMgr;
@Inject TemplateManager templateMgr;
@Inject ConfigurationServer _configServer;
+ @Inject ProjectManager _projectMgr;
@Override
public boolean stop() {
@@ -299,9 +301,16 @@ public abstract class TemplateAdapterBase extends AdapterBase implements Templat
if ((template != null)
&& (!template.isPublicTemplate() && (account.getId() != template.getAccountId()) && (template.getTemplateType() != TemplateType.PERHOST))) {
- throw new PermissionDeniedException(msg + ". Permission denied.");
+ //special handling for the project case
+ Account owner = _accountMgr.getAccount(template.getAccountId());
+ if (owner.getType() == Account.ACCOUNT_TYPE_PROJECT) {
+ if (!_projectMgr.canAccessProjectAccount(account, owner.getId())) {
+ throw new PermissionDeniedException(msg + ". Permission denied. The caller can't access project's template");
+ }
+ } else {
+ throw new PermissionDeniedException(msg + ". Permission denied.");
+ }
}
-
} else {
if ((vmInstanceCheck != null) && !_domainDao.isChildDomain(account.getDomainId(), vmInstanceCheck.getDomainId())) {
throw new PermissionDeniedException(msg + ". Permission denied.");