You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by al...@apache.org on 2012/07/04 02:35:29 UTC

[7/50] [abbrv] git commit: CS-15300: Domain Admin accounts now respect the limits imposed on the domain just as a regular account. Signed-off-by: Nitin Mehta

CS-15300: Domain Admin accounts now respect the limits imposed on the domain just as a regular account.
Signed-off-by: Nitin Mehta<ni...@citrix.com>


Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/c8bbf04c
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/c8bbf04c
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/c8bbf04c

Branch: refs/heads/vpc
Commit: c8bbf04c81649919e3c128be42a9500ba47a8766
Parents: 0449ae3
Author: Deepti Dohare <de...@citrix.com>
Authored: Tue Jul 3 04:33:02 2012 +0530
Committer: U-nitin-PC\nitin <nitin@nitin-PC.(none)>
Committed: Tue Jul 3 04:35:53 2012 +0530

----------------------------------------------------------------------
 .../resourcelimit/ResourceLimitManagerImpl.java    |   27 +++++++++-----
 1 files changed, 17 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/c8bbf04c/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java b/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
index a32bc80..b285d2c 100755
--- a/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
+++ b/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
@@ -210,12 +210,12 @@ public class ResourceLimitManagerImpl implements ResourceLimitService, Manager {
     public long findCorrectResourceLimitForAccount(Account account, ResourceType type) {
 
         long max = Resource.RESOURCE_UNLIMITED; // if resource limit is not found, then we treat it as unlimited
-        
-        //no limits for Admin accounts
-        if (_accountMgr.isAdmin(account.getType())) {
+
+        // No limits for Root Admin accounts
+        if (_accountMgr.isRootAdmin(account.getType())) {
             return max;
         }
-        
+
         ResourceLimitVO limit = _resourceLimitDao.findByOwnerIdAndType(account.getId(), ResourceOwnerType.Account, type);
 
         // Check if limit is configured for account
@@ -277,8 +277,8 @@ public class ResourceLimitManagerImpl implements ResourceLimitService, Manager {
         long numResources = ((count.length == 0) ? 1 : count[0]);
         Project project = null;
 
-        // Don't place any limits on system or admin accounts
-        if (_accountMgr.isAdmin(account.getType())) {
+        // Don't place any limits on system or root admin accounts
+        if (_accountMgr.isRootAdmin(account.getType())) {
             return;
         }
 
@@ -510,10 +510,17 @@ public class ResourceLimitManagerImpl implements ResourceLimitService, Manager {
             if (account.getId() == Account.ACCOUNT_ID_SYSTEM) {
                 throw new InvalidParameterValueException("Can't update system account");
             }
-            
-            //only Unlimited value is accepted if account is Admin
-            if (_accountMgr.isAdmin(account.getType()) && max.shortValue() != ResourceLimit.RESOURCE_UNLIMITED) {
-                throw new InvalidParameterValueException("Only " + ResourceLimit.RESOURCE_UNLIMITED + " limit is supported for Admin accounts");
+
+            //only Unlimited value is accepted if account is  Root Admin
+            if (_accountMgr.isRootAdmin(account.getType()) && max.shortValue() != ResourceLimit.RESOURCE_UNLIMITED) {
+                throw new InvalidParameterValueException("Only " + ResourceLimit.RESOURCE_UNLIMITED + " limit is supported for Root Admin accounts");
+            }
+
+            if ((caller.getAccountId() == accountId.longValue()) &&
+                (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN ||
+                caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN)) {
+                // If the admin is trying to update his own account, disallow.
+                throw new PermissionDeniedException("Unable to update resource limit for his own account " + accountId + ", permission denied");
             }
 
             if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) {