----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/7965/ -----------------------------------------------------------
Review request for cloudstack. Summary (updated) ----------------- Fix for CLOUDSTACK-436 ui issue Description (updated) ------- Notice : We encountered error: "short SHA1 418fe36 is ambiguous. fatal: Not a valid object name 418fe36" when trying to upload the patch file. So we choose to use "Add file" function to upload the patch file. Please review the attached patch file instead of the main patch file asked when creating the review request. This patch is to fix the CLOUDSTACK-436 issue described in https://issues.apache.org/jira/browse/CLOUDSTACK-436 has following features : 1. A Cloudstack user(no matter which role he/she is using ) can modify its own password (Self modification). 2. Domain admin can change it's domain user's password including sub-domain admins and sub-domain users 3. Domain admin in same domain and with same level cannot change each others password This patch will introduce the side effects as following: 1. Every user can invoke "updateUser" api call once they got their own keys. The updateUser access control will be the same to all its possible parameters (email, firstname, etc.) not only password. 2. Currently an user can only do password modification with UI restriction. Diffs ----- Diff: https://reviews.apache.org/r/7965/diff/ Testing (updated) ------- Api Call Testing : 1. Test if domain admin can change it's password 2. Test if domain admin can change same domain users' password 3. Test if domain admin can change sub domain admin's password 4. Test if domain admin can change sub domain user's password 5. Test if domain admin cannot change same domain admin's password in same account (same domain level) 6. Test if domain admin cannot change same domain admin's password in different account (same domain level) 7. Test if domain admin cannot change the root admin's password 8. Test if domain admin cannot change other domain admin's password 9. Test if domain admin cannot change other domain users' password 10. Test if domain user can change it's password 11. Test if domain user cannot change domain user's password in same account 12. Test if domain user cannot change domain user's password in different account 13. Test if domain user cannot change domain admin's password 14. Test if domain user cannot change root admin's password Api Call Side-effect Testing : a. Test if domain admin can change it's information (email) b. Test if domain admin can change same domain users' information (email) c. Test if domain admin can change sub domain admin's information (email) d. Test if domain admin can change sub domain user's information (email) e. Test if domain admin cannot change same domain admin's information (email) in same account (same domain level) f. Test if domain admin cannot change same domain admin's information (email) in different account (same domain level) g. Test if domain admin cannot change the root admin's information (email) h. Test if domain admin cannot change other domain admin's information (email) i. Test if domain admin cannot change other domain users' information (email) j. Test if domain user can change it's information (email) k. Test if domain user cannot change domain users information (email) in same account l. Test if domain user cannot change domain users information (email) in different account m. Test if domain user cannot change domain admin's information (email) n. Test if domain user cannot change root admin's information (email) UI Testing : A. Test if domain admin can change it's password B. Test if domain admin can change same domain users' password C. Test if domain admin can change sub domain admin's password D. Test if domain admin can change sub domain user's password E. Test if domain admin cannot change same domain admin's password in same account (same domain level) F. Test if domain admin cannot change same domain admin's password in different account (same domain level) G. Test if domain user can change it's password H. Test if domain user cannot change domain users in same account I. Test if domain user cannot change domain users in different account Thanks, Isaac Chiang
