You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ni...@apache.org on 2012/07/03 01:09:04 UTC
git commit: CS-15300: Domain Admin accounts now respect the limits
imposed on the domain just as a regular account. Signed-off-by: Nitin
Mehta
Updated Branches:
refs/heads/master 0449ae37f -> c8bbf04c8
CS-15300: Domain Admin accounts now respect the limits imposed on the domain just as a regular account.
Signed-off-by: Nitin Mehta<ni...@citrix.com>
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/c8bbf04c
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/c8bbf04c
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/c8bbf04c
Branch: refs/heads/master
Commit: c8bbf04c81649919e3c128be42a9500ba47a8766
Parents: 0449ae3
Author: Deepti Dohare <de...@citrix.com>
Authored: Tue Jul 3 04:33:02 2012 +0530
Committer: U-nitin-PC\nitin <nitin@nitin-PC.(none)>
Committed: Tue Jul 3 04:35:53 2012 +0530
----------------------------------------------------------------------
.../resourcelimit/ResourceLimitManagerImpl.java | 27 +++++++++-----
1 files changed, 17 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/c8bbf04c/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java b/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
index a32bc80..b285d2c 100755
--- a/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
+++ b/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
@@ -210,12 +210,12 @@ public class ResourceLimitManagerImpl implements ResourceLimitService, Manager {
public long findCorrectResourceLimitForAccount(Account account, ResourceType type) {
long max = Resource.RESOURCE_UNLIMITED; // if resource limit is not found, then we treat it as unlimited
-
- //no limits for Admin accounts
- if (_accountMgr.isAdmin(account.getType())) {
+
+ // No limits for Root Admin accounts
+ if (_accountMgr.isRootAdmin(account.getType())) {
return max;
}
-
+
ResourceLimitVO limit = _resourceLimitDao.findByOwnerIdAndType(account.getId(), ResourceOwnerType.Account, type);
// Check if limit is configured for account
@@ -277,8 +277,8 @@ public class ResourceLimitManagerImpl implements ResourceLimitService, Manager {
long numResources = ((count.length == 0) ? 1 : count[0]);
Project project = null;
- // Don't place any limits on system or admin accounts
- if (_accountMgr.isAdmin(account.getType())) {
+ // Don't place any limits on system or root admin accounts
+ if (_accountMgr.isRootAdmin(account.getType())) {
return;
}
@@ -510,10 +510,17 @@ public class ResourceLimitManagerImpl implements ResourceLimitService, Manager {
if (account.getId() == Account.ACCOUNT_ID_SYSTEM) {
throw new InvalidParameterValueException("Can't update system account");
}
-
- //only Unlimited value is accepted if account is Admin
- if (_accountMgr.isAdmin(account.getType()) && max.shortValue() != ResourceLimit.RESOURCE_UNLIMITED) {
- throw new InvalidParameterValueException("Only " + ResourceLimit.RESOURCE_UNLIMITED + " limit is supported for Admin accounts");
+
+ //only Unlimited value is accepted if account is Root Admin
+ if (_accountMgr.isRootAdmin(account.getType()) && max.shortValue() != ResourceLimit.RESOURCE_UNLIMITED) {
+ throw new InvalidParameterValueException("Only " + ResourceLimit.RESOURCE_UNLIMITED + " limit is supported for Root Admin accounts");
+ }
+
+ if ((caller.getAccountId() == accountId.longValue()) &&
+ (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN ||
+ caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN)) {
+ // If the admin is trying to update his own account, disallow.
+ throw new PermissionDeniedException("Unable to update resource limit for his own account " + accountId + ", permission denied");
}
if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) {