You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by da...@apache.org on 2023/01/10 13:16:30 UTC
[cloudstack] branch main updated: Allow domain admins to inform tags when creating offerings (#7052)
This is an automated email from the ASF dual-hosted git repository.
dahn pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/main by this push:
new 9cfebdf6e56 Allow domain admins to inform tags when creating offerings (#7052)
9cfebdf6e56 is described below
commit 9cfebdf6e56a905f8453f644d34bd415ba1fe9ba
Author: João Jandre <48...@users.noreply.github.com>
AuthorDate: Tue Jan 10 10:16:22 2023 -0300
Allow domain admins to inform tags when creating offerings (#7052)
---
.../cloud/configuration/ConfigurationService.java | 3 ++
...AccountAllowedToCreateOfferingsWithTagsCmd.java | 56 ++++++++++++++++++++++
.../admin/offering/UpdateDiskOfferingCmd.java | 2 -
.../admin/offering/UpdateServiceOfferingCmd.java | 3 --
...ntAllowedToCreateOfferingsWithTagsResponse.java | 34 +++++++++++++
.../resources/META-INF/db/schema-41720to41800.sql | 6 +++
.../configuration/ConfigurationManagerImpl.java | 30 ++++++++++--
.../com/cloud/server/ManagementServerImpl.java | 2 +
.../cloud/vpc/MockConfigurationManagerImpl.java | 6 +++
ui/src/views/offering/AddComputeOffering.vue | 24 ++++++++--
ui/src/views/offering/AddDiskOffering.vue | 23 +++++++--
11 files changed, 172 insertions(+), 17 deletions(-)
diff --git a/api/src/main/java/com/cloud/configuration/ConfigurationService.java b/api/src/main/java/com/cloud/configuration/ConfigurationService.java
index d5a50684c20..1b94e94ed52 100644
--- a/api/src/main/java/com/cloud/configuration/ConfigurationService.java
+++ b/api/src/main/java/com/cloud/configuration/ConfigurationService.java
@@ -33,6 +33,7 @@ import org.apache.cloudstack.api.command.admin.offering.CreateDiskOfferingCmd;
import org.apache.cloudstack.api.command.admin.offering.CreateServiceOfferingCmd;
import org.apache.cloudstack.api.command.admin.offering.DeleteDiskOfferingCmd;
import org.apache.cloudstack.api.command.admin.offering.DeleteServiceOfferingCmd;
+import org.apache.cloudstack.api.command.admin.offering.IsAccountAllowedToCreateOfferingsWithTagsCmd;
import org.apache.cloudstack.api.command.admin.offering.UpdateDiskOfferingCmd;
import org.apache.cloudstack.api.command.admin.offering.UpdateServiceOfferingCmd;
import org.apache.cloudstack.api.command.admin.pod.DeletePodCmd;
@@ -371,4 +372,6 @@ public interface ConfigurationService {
List<? extends PortableIpRange> listPortableIpRanges(ListPortableIpRangesCmd cmd);
List<? extends PortableIp> listPortableIps(long id);
+
+ Boolean isAccountAllowedToCreateOfferingsWithTags(IsAccountAllowedToCreateOfferingsWithTagsCmd cmd);
}
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/admin/offering/IsAccountAllowedToCreateOfferingsWithTagsCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/admin/offering/IsAccountAllowedToCreateOfferingsWithTagsCmd.java
new file mode 100644
index 00000000000..e94bff1fce8
--- /dev/null
+++ b/api/src/main/java/org/apache/cloudstack/api/command/admin/offering/IsAccountAllowedToCreateOfferingsWithTagsCmd.java
@@ -0,0 +1,56 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.admin.offering;
+
+
+import com.cloud.user.Account;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.response.AccountResponse;
+import org.apache.cloudstack.api.response.IsAccountAllowedToCreateOfferingsWithTagsResponse;
+
+@APICommand(name = "isAccountAllowedToCreateOfferingsWithTags", description = "Return true if the specified account is allowed to create offerings with tags.",
+ responseObject = IsAccountAllowedToCreateOfferingsWithTagsResponse.class, requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
+public class IsAccountAllowedToCreateOfferingsWithTagsCmd extends BaseCmd {
+
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AccountResponse.class, description = "Account UUID")
+ private Long id;
+
+ @Override
+ public void execute() {
+ Boolean isAllowed = _configService.isAccountAllowedToCreateOfferingsWithTags(this);
+ IsAccountAllowedToCreateOfferingsWithTagsResponse response = new IsAccountAllowedToCreateOfferingsWithTagsResponse(isAllowed);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ }
+
+ public Long getId() {
+ return id;
+ }
+
+ @Override
+ public String getCommandName() {
+ return "isaccountallowedtocreateofferingswithtagsresponse";
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM;
+ }
+}
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/admin/offering/UpdateDiskOfferingCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/admin/offering/UpdateDiskOfferingCmd.java
index fe7ac869dbb..1d5898ea4a0 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/admin/offering/UpdateDiskOfferingCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/admin/offering/UpdateDiskOfferingCmd.java
@@ -19,7 +19,6 @@ package org.apache.cloudstack.api.command.admin.offering;
import java.util.ArrayList;
import java.util.List;
-import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandResourceType;
import org.apache.cloudstack.api.ApiConstants;
@@ -82,7 +81,6 @@ public class UpdateDiskOfferingCmd extends BaseCmd {
@Parameter(name = ApiConstants.TAGS,
type = CommandType.STRING,
description = "comma-separated list of tags for the disk offering, tags should match with existing storage pool tags",
- authorized = {RoleType.Admin},
since = "4.15")
private String tags;
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/admin/offering/UpdateServiceOfferingCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/admin/offering/UpdateServiceOfferingCmd.java
index 68f40df60fc..d86564a60c6 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/admin/offering/UpdateServiceOfferingCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/admin/offering/UpdateServiceOfferingCmd.java
@@ -19,7 +19,6 @@ package org.apache.cloudstack.api.command.admin.offering;
import java.util.ArrayList;
import java.util.List;
-import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandResourceType;
import org.apache.cloudstack.api.ApiConstants;
@@ -76,14 +75,12 @@ public class UpdateServiceOfferingCmd extends BaseCmd {
@Parameter(name = ApiConstants.STORAGE_TAGS,
type = CommandType.STRING,
description = "comma-separated list of tags for the service offering, tags should match with existing storage pool tags",
- authorized = {RoleType.Admin},
since = "4.16")
private String storageTags;
@Parameter(name = ApiConstants.HOST_TAGS,
type = CommandType.STRING,
description = "the host tag for this service offering.",
- authorized = {RoleType.Admin},
since = "4.16")
private String hostTags;
diff --git a/api/src/main/java/org/apache/cloudstack/api/response/IsAccountAllowedToCreateOfferingsWithTagsResponse.java b/api/src/main/java/org/apache/cloudstack/api/response/IsAccountAllowedToCreateOfferingsWithTagsResponse.java
new file mode 100644
index 00000000000..5c763c2058a
--- /dev/null
+++ b/api/src/main/java/org/apache/cloudstack/api/response/IsAccountAllowedToCreateOfferingsWithTagsResponse.java
@@ -0,0 +1,34 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.response;
+
+import com.cloud.serializer.Param;
+import com.google.gson.annotations.SerializedName;
+import org.apache.cloudstack.api.BaseResponse;
+
+public class IsAccountAllowedToCreateOfferingsWithTagsResponse extends BaseResponse {
+
+ @SerializedName("isallowed")
+ @Param(description = "is domain admin allowed to create offerings with tags")
+ private Boolean isAllowed;
+
+
+ public IsAccountAllowedToCreateOfferingsWithTagsResponse(Boolean isAllowed) {
+ this.isAllowed = isAllowed;
+ setObjectName("isallowed");
+ }
+}
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-41720to41800.sql b/engine/schema/src/main/resources/META-INF/db/schema-41720to41800.sql
index c3a18ec7e2d..18985eb0ab6 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-41720to41800.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-41720to41800.sql
@@ -997,3 +997,9 @@ BEGIN
DECLARE CONTINUE HANDLER FOR 1061 BEGIN END; SET @ddl = CONCAT('ALTER TABLE ', in_table_name); SET @ddl = CONCAT(@ddl, ' ', ' ADD KEY ') ; SET @ddl = CONCAT(@ddl, ' ', in_index_name); SET @ddl = CONCAT(@ddl, ' ', in_key_definition); PREPARE stmt FROM @ddl; EXECUTE stmt; DEALLOCATE PREPARE stmt; END;
CALL `cloud`.`IDEMPOTENT_ADD_KEY`('i_user_ip_address_state','user_ip_address', '(state)');
+
+-- Add permission for domain admins to call isAccountAllowedToCreateOfferingsWithTags API
+
+INSERT INTO `cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`)
+SELECT UUID(), `roles`.`id`, 'isAccountAllowedToCreateOfferingsWithTags', 'ALLOW'
+FROM `cloud`.`roles` WHERE `role_type` = 'DomainAdmin';
diff --git a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
index 0edc96acf4f..e073323c10e 100644
--- a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -69,6 +69,7 @@ import org.apache.cloudstack.api.command.admin.offering.CreateDiskOfferingCmd;
import org.apache.cloudstack.api.command.admin.offering.CreateServiceOfferingCmd;
import org.apache.cloudstack.api.command.admin.offering.DeleteDiskOfferingCmd;
import org.apache.cloudstack.api.command.admin.offering.DeleteServiceOfferingCmd;
+import org.apache.cloudstack.api.command.admin.offering.IsAccountAllowedToCreateOfferingsWithTagsCmd;
import org.apache.cloudstack.api.command.admin.offering.UpdateDiskOfferingCmd;
import org.apache.cloudstack.api.command.admin.offering.UpdateServiceOfferingCmd;
import org.apache.cloudstack.api.command.admin.pod.DeletePodCmd;
@@ -484,6 +485,9 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati
public static final ConfigKey<Boolean> MIGRATE_VM_ACROSS_CLUSTERS = new ConfigKey<Boolean>(Boolean.class, "migrate.vm.across.clusters", "Advanced", "false",
"Indicates whether the VM can be migrated to different cluster if no host is found in same cluster",true, ConfigKey.Scope.Zone, null);
+ public static final ConfigKey<Boolean> ALLOW_DOMAIN_ADMINS_TO_CREATE_TAGGED_OFFERINGS = new ConfigKey<>(Boolean.class, "allow.domain.admins.to.create.tagged.offerings", "Advanced",
+ "false", "Allow domain admins to create offerings with tags.", true, ConfigKey.Scope.Account, null);
+
private static final String IOPS_READ_RATE = "IOPS Read";
private static final String IOPS_WRITE_RATE = "IOPS Write";
private static final String BYTES_READ_RATE = "Bytes Read";
@@ -3082,8 +3086,8 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati
if (filteredDomainIds.isEmpty()) {
throw new InvalidParameterValueException(String.format("Unable to create public service offering by admin: %s because it is domain-admin", user.getUuid()));
}
- if (tags != null || hostTag != null) {
- throw new InvalidParameterValueException(String.format("Unable to create service offering with storage tags or host tags by admin: %s because it is domain-admin", user.getUuid()));
+ if (!org.apache.commons.lang3.StringUtils.isAllBlank(tags, hostTag) && !ALLOW_DOMAIN_ADMINS_TO_CREATE_TAGGED_OFFERINGS.valueIn(account.getAccountId())) {
+ throw new InvalidParameterValueException(String.format("User [%s] is unable to create service offerings with storage tags or host tags.", user.getUuid()));
}
for (Long domainId : filteredDomainIds) {
if (!_domainDao.isChildDomain(account.getDomainId(), domainId)) {
@@ -3387,6 +3391,9 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati
throw new InvalidParameterValueException(String.format("Unable to update service offering: %s to a public offering by user: %s because it is domain-admin", offeringHandle.getUuid(), user.getUuid()));
}
}
+ if (!org.apache.commons.lang3.StringUtils.isAllBlank(hostTags, storageTags) && !ALLOW_DOMAIN_ADMINS_TO_CREATE_TAGGED_OFFERINGS.valueIn(account.getAccountId())) {
+ throw new InvalidParameterValueException(String.format("User [%s] is unable to update storage tags or host tags.", user.getUuid()));
+ }
List<Long> nonChildDomains = new ArrayList<>();
for (Long domainId : existingDomainIds) {
if (!_domainDao.isChildDomain(account.getDomainId(), domainId)) {
@@ -3548,8 +3555,8 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati
if (filteredDomainIds.isEmpty()) {
throw new InvalidParameterValueException(String.format("Unable to create public disk offering by admin: %s because it is domain-admin", user.getUuid()));
}
- if (tags != null) {
- throw new InvalidParameterValueException(String.format("Unable to create disk offering with storage tags by admin: %s because it is domain-admin", user.getUuid()));
+ if (StringUtils.isNotBlank(tags) && !ALLOW_DOMAIN_ADMINS_TO_CREATE_TAGGED_OFFERINGS.valueIn(account.getAccountId())) {
+ throw new InvalidParameterValueException(String.format("User [%s] is unable to create disk offerings with storage tags.", user.getUuid()));
}
for (Long domainId : filteredDomainIds) {
if (domainId == null || !_domainDao.isChildDomain(account.getDomainId(), domainId)) {
@@ -3844,6 +3851,10 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati
throw new InvalidParameterValueException(String.format("Unable to update disk offering: %s to a public offering by user: %s because it is domain-admin", diskOfferingHandle.getUuid(), user.getUuid()));
}
}
+ if (StringUtils.isNotBlank(tags) && !ALLOW_DOMAIN_ADMINS_TO_CREATE_TAGGED_OFFERINGS.valueIn(account.getAccountId())) {
+ throw new InvalidParameterValueException(String.format("User [%s] is unable to update disk offering tags.", user.getUuid()));
+ }
+
List<Long> nonChildDomains = new ArrayList<>();
for (Long domainId : existingDomainIds) {
if (!_domainDao.isChildDomain(account.getDomainId(), domainId)) {
@@ -7518,6 +7529,15 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati
return _secChecker;
}
+
+ @Override
+ public Boolean isAccountAllowedToCreateOfferingsWithTags(IsAccountAllowedToCreateOfferingsWithTagsCmd cmd) {
+ Account caller = CallContext.current().getCallingAccount();
+ Account targetAccount = _accountMgr.getAccount(cmd.getId());
+ _accountMgr.checkAccess(caller, null, true, targetAccount);
+ return ALLOW_DOMAIN_ADMINS_TO_CREATE_TAGGED_OFFERINGS.valueIn(cmd.getId());
+ }
+
@Inject
public void setSecChecker(final List<SecurityChecker> secChecker) {
_secChecker = secChecker;
@@ -7533,7 +7553,7 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati
return new ConfigKey<?>[] {SystemVMUseLocalStorage, IOPS_MAX_READ_LENGTH, IOPS_MAX_WRITE_LENGTH,
BYTES_MAX_READ_LENGTH, BYTES_MAX_WRITE_LENGTH, ADD_HOST_ON_SERVICE_RESTART_KVM, SET_HOST_DOWN_TO_MAINTENANCE, VM_SERVICE_OFFERING_MAX_CPU_CORES,
VM_SERVICE_OFFERING_MAX_RAM_SIZE, VM_USERDATA_MAX_LENGTH, MIGRATE_VM_ACROSS_CLUSTERS,
- ENABLE_ACCOUNT_SETTINGS_FOR_DOMAIN, ENABLE_DOMAIN_SETTINGS_FOR_CHILD_DOMAIN
+ ENABLE_ACCOUNT_SETTINGS_FOR_DOMAIN, ENABLE_DOMAIN_SETTINGS_FOR_CHILD_DOMAIN, ALLOW_DOMAIN_ADMINS_TO_CREATE_TAGGED_OFFERINGS
};
}
diff --git a/server/src/main/java/com/cloud/server/ManagementServerImpl.java b/server/src/main/java/com/cloud/server/ManagementServerImpl.java
index 5ba1195750b..5fc34659992 100644
--- a/server/src/main/java/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/main/java/com/cloud/server/ManagementServerImpl.java
@@ -356,6 +356,7 @@ import org.apache.cloudstack.api.command.admin.offering.CreateDiskOfferingCmd;
import org.apache.cloudstack.api.command.admin.offering.CreateServiceOfferingCmd;
import org.apache.cloudstack.api.command.admin.offering.DeleteDiskOfferingCmd;
import org.apache.cloudstack.api.command.admin.offering.DeleteServiceOfferingCmd;
+import org.apache.cloudstack.api.command.admin.offering.IsAccountAllowedToCreateOfferingsWithTagsCmd;
import org.apache.cloudstack.api.command.admin.offering.UpdateDiskOfferingCmd;
import org.apache.cloudstack.api.command.admin.offering.UpdateServiceOfferingCmd;
import org.apache.cloudstack.api.command.admin.outofbandmanagement.ChangeOutOfBandManagementPasswordCmd;
@@ -3269,6 +3270,7 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
cmdList.add(CreateServiceOfferingCmd.class);
cmdList.add(DeleteDiskOfferingCmd.class);
cmdList.add(DeleteServiceOfferingCmd.class);
+ cmdList.add(IsAccountAllowedToCreateOfferingsWithTagsCmd.class);
cmdList.add(UpdateDiskOfferingCmd.class);
cmdList.add(UpdateServiceOfferingCmd.class);
cmdList.add(CreatePodCmd.class);
diff --git a/server/src/test/java/com/cloud/vpc/MockConfigurationManagerImpl.java b/server/src/test/java/com/cloud/vpc/MockConfigurationManagerImpl.java
index 55944d67efa..088f4e67e8f 100644
--- a/server/src/test/java/com/cloud/vpc/MockConfigurationManagerImpl.java
+++ b/server/src/test/java/com/cloud/vpc/MockConfigurationManagerImpl.java
@@ -38,6 +38,7 @@ import org.apache.cloudstack.api.command.admin.offering.CreateDiskOfferingCmd;
import org.apache.cloudstack.api.command.admin.offering.CreateServiceOfferingCmd;
import org.apache.cloudstack.api.command.admin.offering.DeleteDiskOfferingCmd;
import org.apache.cloudstack.api.command.admin.offering.DeleteServiceOfferingCmd;
+import org.apache.cloudstack.api.command.admin.offering.IsAccountAllowedToCreateOfferingsWithTagsCmd;
import org.apache.cloudstack.api.command.admin.offering.UpdateDiskOfferingCmd;
import org.apache.cloudstack.api.command.admin.offering.UpdateServiceOfferingCmd;
import org.apache.cloudstack.api.command.admin.pod.DeletePodCmd;
@@ -451,6 +452,11 @@ public class MockConfigurationManagerImpl extends ManagerBase implements Configu
return null;// TODO Auto-generated method stub
}
+ @Override
+ public Boolean isAccountAllowedToCreateOfferingsWithTags(IsAccountAllowedToCreateOfferingsWithTagsCmd cmd) {
+ return null;
+ }
+
/* (non-Javadoc)
* @see com.cloud.utils.component.Manager#configure(java.lang.String, java.util.Map)
*/
diff --git a/ui/src/views/offering/AddComputeOffering.vue b/ui/src/views/offering/AddComputeOffering.vue
index b9461bad15a..637eab0d692 100644
--- a/ui/src/views/offering/AddComputeOffering.vue
+++ b/ui/src/views/offering/AddComputeOffering.vue
@@ -153,7 +153,7 @@
</a-row>
<a-row :gutter="12">
<a-col :md="12" :lg="12">
- <a-form-item v-if="isAdmin()" name="hosttags" ref="hosttags">
+ <a-form-item v-if="isAdmin() || isDomainAdminAllowedToInformTags" name="hosttags" ref="hosttags">
<template #label>
<tooltip-label :title="$t('label.hosttags')" :tooltip="apiParams.hosttags.description"/>
</template>
@@ -508,7 +508,7 @@
</a-form-item>
</a-col>
<a-col :md="12" :lg="12">
- <a-form-item v-if="isAdmin()" name="storagetags" ref="storagetags">
+ <a-form-item v-if="isAdmin() || isDomainAdminAllowedToInformTags" name="storagetags" ref="storagetags">
<template #label>
<tooltip-label :title="$t('label.storagetags')" :tooltip="apiParams.tags.description"/>
</template>
@@ -522,7 +522,7 @@
}"
:loading="storageTagLoading"
:placeholder="apiParams.tags.description"
- v-if="isAdmin()">
+ v-if="isAdmin() || isDomainAdminAllowedToInformTags">
<a-select-option v-for="opt in storageTags" :key="opt">
{{ opt }}
</a-select-option>
@@ -590,6 +590,7 @@ import { isAdmin } from '@/role'
import { mixinForm } from '@/utils/mixin'
import ResourceIcon from '@/components/view/ResourceIcon'
import TooltipLabel from '@/components/widgets/TooltipLabel'
+import store from '@/store'
export default {
name: 'AddServiceOffering',
@@ -662,7 +663,8 @@ export default {
diskOfferingLoading: false,
diskOfferings: [],
selectedDiskOfferingId: '',
- qosType: ''
+ qosType: '',
+ isDomainAdminAllowedToInformTags: false
}
},
beforeCreate () {
@@ -761,6 +763,11 @@ export default {
if (isAdmin()) {
this.fetchStorageTagData()
this.fetchDeploymentPlannerData()
+ } else if (this.isDomainAdmin()) {
+ this.checkIfDomainAdminIsAllowedToInformTag()
+ if (this.isDomainAdminAllowedToInformTags) {
+ this.fetchStorageTagData()
+ }
}
this.fetchDiskOfferings()
},
@@ -792,6 +799,15 @@ export default {
isAdmin () {
return isAdmin()
},
+ isDomainAdmin () {
+ return ['DomainAdmin'].includes(this.$store.getters.userInfo.roletype)
+ },
+ checkIfDomainAdminIsAllowedToInformTag () {
+ const params = { id: store.getters.userInfo.accountid }
+ api('isAccountAllowedToCreateOfferingsWithTags', params).then(json => {
+ this.isDomainAdminAllowedToInformTags = json.isaccountallowedtocreateofferingswithtagsresponse.isallowed.isallowed
+ })
+ },
arrayHasItems (array) {
return array !== null && array !== undefined && Array.isArray(array) && array.length > 0
},
diff --git a/ui/src/views/offering/AddDiskOffering.vue b/ui/src/views/offering/AddDiskOffering.vue
index afa881c3c0d..880eae5135c 100644
--- a/ui/src/views/offering/AddDiskOffering.vue
+++ b/ui/src/views/offering/AddDiskOffering.vue
@@ -197,7 +197,7 @@
</a-radio-button>
</a-radio-group>
</a-form-item>
- <a-form-item v-if="isAdmin()" name="tags" ref="tags">
+ <a-form-item v-if="isAdmin() || isDomainAdminAllowedToInformTags" name="tags" ref="tags">
<template #label>
<tooltip-label :title="$t('label.storagetags')" :tooltip="apiParams.tags.description"/>
</template>
@@ -211,7 +211,7 @@
}"
:loading="storageTagLoading"
:placeholder="apiParams.tags.description"
- v-if="isAdmin()">
+ v-if="isAdmin() || isDomainAdminAllowedToInformTags">
<a-select-option v-for="(opt) in storageTags" :key="opt">
{{ opt }}
</a-select-option>
@@ -301,6 +301,7 @@ import { isAdmin } from '@/role'
import { mixinForm } from '@/utils/mixin'
import ResourceIcon from '@/components/view/ResourceIcon'
import TooltipLabel from '@/components/widgets/TooltipLabel'
+import store from '@/store'
export default {
name: 'AddDiskOffering',
@@ -323,7 +324,8 @@ export default {
zoneLoading: false,
loading: false,
disksizestrictness: false,
- encryptdisk: false
+ encryptdisk: false,
+ isDomainAdminAllowedToInformTags: false
}
},
beforeCreate () {
@@ -388,10 +390,25 @@ export default {
if (isAdmin()) {
this.fetchStorageTagData()
}
+ if (this.isDomainAdmin()) {
+ this.checkIfDomainAdminIsAllowedToInformTag()
+ if (this.isDomainAdminAllowedToInformTags) {
+ this.fetchStorageTagData()
+ }
+ }
+ },
+ isDomainAdmin () {
+ return ['DomainAdmin'].includes(this.$store.getters.userInfo.roletype)
},
isAdmin () {
return isAdmin()
},
+ checkIfDomainAdminIsAllowedToInformTag () {
+ const params = { id: store.getters.userInfo.accountid }
+ api('isAccountAllowedToCreateOfferingsWithTags', params).then(json => {
+ this.isDomainAdminAllowedToInformTags = json.isaccountallowedtocreateofferingswithtagsresponse.isallowed.isallowed
+ })
+ },
arrayHasItems (array) {
return array !== null && array !== undefined && Array.isArray(array) && array.length > 0
},