You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bf...@apache.org on 2012/12/27 22:48:16 UTC

[25/32] git commit: Fix for CloudStack-648

Fix for CloudStack-648

Signed-off-by: Gavin Lee <ga...@gmail.com>


Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/5aefd77f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/5aefd77f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/5aefd77f

Branch: refs/heads/ui-plugins
Commit: 5aefd77f774723dd5729324043e62a413f580da8
Parents: 5b751b2
Author: Isaac Chiang <is...@gmail.com>
Authored: Tue Dec 18 09:38:08 2012 +0800
Committer: Gavin Lee <ga...@gmail.com>
Committed: Wed Dec 26 00:00:58 2012 +0800

----------------------------------------------------------------------
 api/src/com/cloud/api/response/UserResponse.java |   10 +++++
 client/tomcatconf/commands.properties.in         |    2 +-
 server/src/com/cloud/api/ApiDBUtils.java         |    4 ++
 server/src/com/cloud/api/ApiResponseHelper.java  |    3 +-
 ui/scripts/accounts.js                           |   32 +++++++++--------
 ui/scripts/sharedFunctions.js                    |   16 ++++++++
 6 files changed, 50 insertions(+), 17 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/5aefd77f/api/src/com/cloud/api/response/UserResponse.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/api/response/UserResponse.java b/api/src/com/cloud/api/response/UserResponse.java
index 920eb59..b1382e9 100644
--- a/api/src/com/cloud/api/response/UserResponse.java
+++ b/api/src/com/cloud/api/response/UserResponse.java
@@ -69,6 +69,8 @@ public class UserResponse extends BaseResponse {
     @SerializedName("accountid") @Param(description="the account ID of the user")
     private IdentityProxy accountId = new IdentityProxy("account");
 
+    @SerializedName("iscallerchilddomain") @Param(description="the boolean value representing if the updating target is in caller's child domain")
+    private boolean isCallerChildDomain;
     
     public Long getId() {
         return id.getValue();
@@ -188,4 +190,12 @@ public class UserResponse extends BaseResponse {
     public void setAccountId(Long accountId) {
         this.accountId.setValue(accountId);
     }
+    
+    public boolean getIsCallerSubdomain() {
+    	return this.isCallerChildDomain;
+    }
+    
+    public void setIsCallerChildDomain(boolean isCallerChildDomain) {
+    	this.isCallerChildDomain = isCallerChildDomain;
+    }
 }

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/5aefd77f/client/tomcatconf/commands.properties.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/commands.properties.in b/client/tomcatconf/commands.properties.in
index 437c8d4..e55017c 100755
--- a/client/tomcatconf/commands.properties.in
+++ b/client/tomcatconf/commands.properties.in
@@ -31,7 +31,7 @@ markDefaultZoneForAccount=com.cloud.api.commands.MarkDefaultZoneForAccountCmd;1
 #### User commands
 createUser=com.cloud.api.commands.CreateUserCmd;3
 deleteUser=com.cloud.api.commands.DeleteUserCmd;3
-updateUser=com.cloud.api.commands.UpdateUserCmd;3
+updateUser=com.cloud.api.commands.UpdateUserCmd;15
 listUsers=com.cloud.api.commands.ListUsersCmd;7
 ####lockUser=com.cloud.api.commands.LockUserCmd;7
 disableUser=com.cloud.api.commands.DisableUserCmd;7

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/5aefd77f/server/src/com/cloud/api/ApiDBUtils.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiDBUtils.java b/server/src/com/cloud/api/ApiDBUtils.java
index cdd5339..012075c 100755
--- a/server/src/com/cloud/api/ApiDBUtils.java
+++ b/server/src/com/cloud/api/ApiDBUtils.java
@@ -469,6 +469,10 @@ public class ApiDBUtils {
     public static DomainVO findDomainByIdIncludingRemoved(Long domainId) {
         return _domainDao.findByIdIncludingRemoved(domainId);
     }
+    
+    public static boolean isChildDomain(long parentId, long childId) {
+    	return _domainDao.isChildDomain(parentId, childId);
+    }
 
     public static DomainRouterVO findDomainRouterById(Long routerId) {
         return _domainRouterDao.findByIdIncludingRemoved(routerId);

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/5aefd77f/server/src/com/cloud/api/ApiResponseHelper.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java
index a574710..8f9837f 100755
--- a/server/src/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/com/cloud/api/ApiResponseHelper.java
@@ -423,6 +423,7 @@ public class ApiResponseHelper implements ResponseGenerator {
     
     @Override
     public UserResponse createUserResponse(UserAccount user) {
+    	Account account = UserContext.current().getCaller();
         UserResponse userResponse = new UserResponse();
         userResponse.setAccountName(user.getAccountName());
         userResponse.setAccountType(user.getType());
@@ -439,8 +440,8 @@ public class ApiResponseHelper implements ResponseGenerator {
         userResponse.setApiKey(user.getApiKey());
         userResponse.setSecretKey(user.getSecretKey());
         userResponse.setAccountId((user.getAccountId()));
+        userResponse.setIsCallerChildDomain(ApiDBUtils.isChildDomain(account.getDomainId(), user.getDomainId()));
         userResponse.setObjectName("user");
-
         return userResponse;
     }
 

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/5aefd77f/ui/scripts/accounts.js
----------------------------------------------------------------------
diff --git a/ui/scripts/accounts.js b/ui/scripts/accounts.js
index 324c5f5..ba741a4 100644
--- a/ui/scripts/accounts.js
+++ b/ui/scripts/accounts.js
@@ -1248,22 +1248,20 @@
     if (jsonObj.state == 'Destroyed') return [];
 
     if(isAdmin()) {
-		  allowedActions.push("edit"); //updating networkdomain is allowed on any account, including system-generated default admin account 
-      if(!(jsonObj.domain == "ROOT" && jsonObj.name == "admin" && jsonObj.accounttype == 1)) { //if not system-generated default admin account    
-        if(jsonObj.state == "enabled") {
-          allowedActions.push("disable");
-          allowedActions.push("lock");
-        }
-        else if(jsonObj.state == "disabled" || jsonObj.state == "locked") {
-          allowedActions.push("enable");
+        allowedActions.push("edit"); //updating networkdomain is allowed on any account, including system-generated default admin account 
+        if(!(jsonObj.domain == "ROOT" && jsonObj.name == "admin" && jsonObj.accounttype == 1)) { //if not system-generated default admin account    
+            if(jsonObj.state == "enabled") {
+                allowedActions.push("disable");
+                allowedActions.push("lock");
+            } else if(jsonObj.state == "disabled" || jsonObj.state == "locked") {
+                allowedActions.push("enable");
+            }
+            allowedActions.push("remove");
         }
-        allowedActions.push("remove");
-      }
-			allowedActions.push("updateResourceCount");
-    }		
-		else if(isDomainAdmin()) {
-      allowedActions.push("updateResourceCount");
-		}	
+        allowedActions.push("updateResourceCount");
+    } else if(isDomainAdmin()) {
+        allowedActions.push("updateResourceCount");
+    }
     return allowedActions;
   }
 
@@ -1281,6 +1279,10 @@
           allowedActions.push("enable");
         allowedActions.push("remove");
       }
+    } else {
+        if(isSelfOrChildDomainUser(jsonObj.username, jsonObj.accounttype, jsonObj.domainid, jsonObj.iscallerchilddomain)) {
+            allowedActions.push("changePassword");
+        }
     }
     return allowedActions;
   }

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/5aefd77f/ui/scripts/sharedFunctions.js
----------------------------------------------------------------------
diff --git a/ui/scripts/sharedFunctions.js b/ui/scripts/sharedFunctions.js
index 961c973..eb78ad1 100644
--- a/ui/scripts/sharedFunctions.js
+++ b/ui/scripts/sharedFunctions.js
@@ -158,6 +158,22 @@ function isUser() {
   return (g_role == 0);
 }
 
+function isSelfOrChildDomainUser(username, useraccounttype, userdomainid, iscallerchilddomain) {
+	if(username == g_username) { //is self
+        return true;
+    } else if(isDomainAdmin()
+        && iscallerchilddomain
+        && (useraccounttype == 0)) { //domain admin to user
+        return true;
+	} else if(isDomainAdmin()
+        && iscallerchilddomain 
+		&& (userdomainid != g_domainid) ) { //domain admin to subdomain admin and user
+        return true;
+    } else {
+        return false;
+    } 
+}
+
 // FUNCTION: Handles AJAX error callbacks.  You can pass in an optional function to
 // handle errors that are not already handled by this method.
 function handleError(XMLHttpResponse, handleErrorCallback) {