You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ro...@apache.org on 2020/09/17 04:51:04 UTC
[cloudstack] branch master updated: server: Handle listProjects API
to list projects with user as members when listAll=true (#4316)
This is an automated email from the ASF dual-hosted git repository.
rohit pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/master by this push:
new 82b6971 server: Handle listProjects API to list projects with user as members when listAll=true (#4316)
82b6971 is described below
commit 82b6971258a2f63360dbd0cb404fcf87669a5327
Author: Pearl Dsilva <pe...@gmail.com>
AuthorDate: Thu Sep 17 10:20:34 2020 +0530
server: Handle listProjects API to list projects with user as members when listAll=true (#4316)
* added defensive checks for avoiding NPE and list projects API fix
* list projects with account name provided to not include users in the account in response
Co-authored-by: Pearl Dsilva <pe...@shapeblue.com>
---
.../main/java/com/cloud/acl/AffinityGroupAccessChecker.java | 2 +-
server/src/main/java/com/cloud/acl/DomainChecker.java | 4 ++++
.../src/main/java/com/cloud/api/query/QueryManagerImpl.java | 10 +++++++---
server/src/main/java/com/cloud/network/NetworkModelImpl.java | 3 +++
.../src/main/java/com/cloud/projects/ProjectManagerImpl.java | 11 ++++++++---
5 files changed, 23 insertions(+), 7 deletions(-)
diff --git a/server/src/main/java/com/cloud/acl/AffinityGroupAccessChecker.java b/server/src/main/java/com/cloud/acl/AffinityGroupAccessChecker.java
index 6106c72..3a648cd 100644
--- a/server/src/main/java/com/cloud/acl/AffinityGroupAccessChecker.java
+++ b/server/src/main/java/com/cloud/acl/AffinityGroupAccessChecker.java
@@ -80,8 +80,8 @@ public class AffinityGroupAccessChecker extends DomainChecker {
//check if the group belongs to a project
User user = CallContext.current().getCallingUser();
ProjectVO project = _projectDao.findByProjectAccountId(group.getAccountId());
- ProjectAccount userProjectAccount = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId());
if (project != null) {
+ ProjectAccount userProjectAccount = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId());
if (userProjectAccount != null) {
if (AccessType.ModifyProject.equals(accessType) && _projectAccountDao.canUserModifyProject(project.getId(), user.getAccountId(), user.getId())) {
return true;
diff --git a/server/src/main/java/com/cloud/acl/DomainChecker.java b/server/src/main/java/com/cloud/acl/DomainChecker.java
index 5fc2b34..24b6b2a 100644
--- a/server/src/main/java/com/cloud/acl/DomainChecker.java
+++ b/server/src/main/java/com/cloud/acl/DomainChecker.java
@@ -61,6 +61,7 @@ import com.cloud.user.AccountService;
import com.cloud.user.User;
import com.cloud.user.dao.AccountDao;
import com.cloud.utils.component.AdapterBase;
+import com.cloud.utils.exception.CloudRuntimeException;
@Component
public class DomainChecker extends AdapterBase implements SecurityChecker {
@@ -199,6 +200,9 @@ public class DomainChecker extends AdapterBase implements SecurityChecker {
private boolean checkOperationPermitted(Account caller, ControlledEntity entity) {
User user = CallContext.current().getCallingUser();
Project project = projectDao.findByProjectAccountId(entity.getAccountId());
+ if (project == null) {
+ throw new CloudRuntimeException("Unable to find project to which the entity belongs to");
+ }
ProjectAccount projectUser = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId());
String apiCommandName = CallContext.current().getApiName();
diff --git a/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java b/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java
index 154a293..b920f47 100644
--- a/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java
+++ b/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java
@@ -1484,15 +1484,19 @@ public class QueryManagerImpl extends MutualExclusiveIdsManagerBase implements Q
}
if (accountId != null) {
- sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ);
+ if (userId == null) {
+ sb.and().op("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ);
+ sb.and("userIdNull", sb.entity().getUserId(), Op.NULL);
+ sb.cp();
+ } else {
+ sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ);
+ }
}
if (userId != null) {
sb.and().op("userId", sb.entity().getUserId(), Op.EQ);
sb.or("userIdNull", sb.entity().getUserId(), Op.NULL);
sb.cp();
- } else {
- sb.and("userIdNull", sb.entity().getUserId(), Op.NULL);
}
SearchCriteria<ProjectJoinVO> sc = sb.create();
diff --git a/server/src/main/java/com/cloud/network/NetworkModelImpl.java b/server/src/main/java/com/cloud/network/NetworkModelImpl.java
index aabcf2b..b6eab90 100644
--- a/server/src/main/java/com/cloud/network/NetworkModelImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkModelImpl.java
@@ -1658,6 +1658,9 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel, Confi
if (owner.getType() != Account.ACCOUNT_TYPE_PROJECT && networkOwner.getType() == Account.ACCOUNT_TYPE_PROJECT) {
User user = CallContext.current().getCallingUser();
Project project = projectDao.findByProjectAccountId(network.getAccountId());
+ if (project == null) {
+ throw new CloudRuntimeException("Unable to find project to which the network belongs to");
+ }
ProjectAccount projectAccountUser = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId());
if (projectAccountUser != null) {
if (!_projectAccountDao.canUserAccessProjectAccount(user.getAccountId(), user.getId(), network.getAccountId())) {
diff --git a/server/src/main/java/com/cloud/projects/ProjectManagerImpl.java b/server/src/main/java/com/cloud/projects/ProjectManagerImpl.java
index 90a27fc..88ad0c2 100644
--- a/server/src/main/java/com/cloud/projects/ProjectManagerImpl.java
+++ b/server/src/main/java/com/cloud/projects/ProjectManagerImpl.java
@@ -239,6 +239,9 @@ public class ProjectManagerImpl extends ManagerBase implements ProjectManager {
}
User user = validateUser(userId, accountId, domainId);
+ if (user != null) {
+ owner = _accountDao.findById(user.getAccountId());
+ }
//do resource limit check
_resourceLimitMgr.checkResourceLimit(owner, ResourceType.project);
@@ -559,9 +562,11 @@ public class ProjectManagerImpl extends ManagerBase implements ProjectManager {
}
User user = CallContext.current().getCallingUser();
ProjectVO project = _projectDao.findByProjectAccountId(accountId);
- ProjectAccount userProjectAccount = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId());
- if (userProjectAccount != null) {
- return _projectAccountDao.canUserAccessProjectAccount(user.getAccountId(), user.getId(), accountId);
+ if (project != null) {
+ ProjectAccount userProjectAccount = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId());
+ if (userProjectAccount != null) {
+ return _projectAccountDao.canUserAccessProjectAccount(user.getAccountId(), user.getId(), accountId);
+ }
}
return _projectAccountDao.canAccessProjectAccount(caller.getId(), accountId);
}