Updated Branches: refs/heads/rbac 00ad19601 -> 21dc2bef2
Fix getEntityOwnerId for CreateAclGroupCmd and CreateAclRoleCmd. Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/21dc2bef Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/21dc2bef Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/21dc2bef Branch: refs/heads/rbac Commit: 21dc2bef2a2dcf9d0a27c328acbb1d9391922780 Parents: 00ad196 Author: Min Chen <[email protected]> Authored: Fri Oct 11 20:56:46 2013 -0700 Committer: Min Chen <[email protected]> Committed: Fri Oct 11 20:56:46 2013 -0700 ---------------------------------------------------------------------- .../api/command/admin/acl/CreateAclGroupCmd.java | 4 ++-- .../api/command/admin/acl/CreateAclRoleCmd.java | 4 ++-- .../org/apache/cloudstack/acl/AclServiceImpl.java | 18 ++++++++++-------- 3 files changed, 14 insertions(+), 12 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/21dc2bef/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java index a4bf4b3..11f6c39 100644 --- a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java +++ b/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java @@ -28,10 +28,10 @@ import org.apache.cloudstack.api.Parameter; import org.apache.cloudstack.api.ServerApiException; import org.apache.cloudstack.api.response.AclGroupResponse; import org.apache.cloudstack.api.response.DomainResponse; +import org.apache.cloudstack.context.CallContext; import com.cloud.event.EventTypes; import com.cloud.exception.ResourceAllocationException; -import com.cloud.user.Account; @APICommand(name = "createAclGroup", responseObject = AclGroupResponse.class, description = "Creates an acl group") public class CreateAclGroupCmd extends BaseAsyncCreateCmd { @@ -82,7 +82,7 @@ public class CreateAclGroupCmd extends BaseAsyncCreateCmd { @Override public long getEntityOwnerId() { - return Account.ACCOUNT_ID_SYSTEM; + return CallContext.current().getCallingAccount().getId(); } @Override http://git-wip-us.apache.org/repos/asf/cloudstack/blob/21dc2bef/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java index 05afbca..5663ac5 100644 --- a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java +++ b/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java @@ -29,10 +29,10 @@ import org.apache.cloudstack.api.Parameter; import org.apache.cloudstack.api.ServerApiException; import org.apache.cloudstack.api.response.AclRoleResponse; import org.apache.cloudstack.api.response.DomainResponse; +import org.apache.cloudstack.context.CallContext; import com.cloud.event.EventTypes; import com.cloud.exception.ResourceAllocationException; -import com.cloud.user.Account; @APICommand(name = "createAclRole", responseObject = AclRoleResponse.class, description = "Creates an acl role") public class CreateAclRoleCmd extends BaseAsyncCreateCmd { @@ -90,7 +90,7 @@ public class CreateAclRoleCmd extends BaseAsyncCreateCmd { @Override public long getEntityOwnerId() { - return Account.ACCOUNT_ID_SYSTEM; + return CallContext.current().getCallingAccount().getId(); } @Override http://git-wip-us.apache.org/repos/asf/cloudstack/blob/21dc2bef/server/src/org/apache/cloudstack/acl/AclServiceImpl.java ---------------------------------------------------------------------- diff --git a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java index f879d2b..ccd3bf0 100644 --- a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java +++ b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java @@ -113,9 +113,12 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager { @ActionEvent(eventType = EventTypes.EVENT_ACL_ROLE_CREATE, eventDescription = "Creating Acl Role", create = true) public AclRole createAclRole(Long domainId, String aclRoleName, String description, Long parentRoleId) { Account caller = CallContext.current().getCallingAccount(); + if (domainId == null) { + domainId = caller.getDomainId(); + } if (!_accountMgr.isRootAdmin(caller.getAccountId())) { // domain admin can only create role for his domain - if (domainId != null && caller.getDomainId() != domainId.longValue()) { + if (caller.getDomainId() != domainId.longValue()) { throw new PermissionDeniedException("Can't create acl role in domain " + domainId + ", permission denied"); } } @@ -130,9 +133,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager { Transaction txn = Transaction.currentTxn(); txn.start(); AclRoleVO rvo = new AclRoleVO(aclRoleName, description); - if (domainId != null) { - rvo.setDomainId(domainId); - } + rvo.setDomainId(domainId); AclRole role = _aclRoleDao.persist(rvo); if (parentRoleId != null) { // copy parent role permissions @@ -472,9 +473,12 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager { @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_CREATE, eventDescription = "Creating Acl Group", create = true) public AclGroup createAclGroup(Long domainId, String aclGroupName, String description) { Account caller = CallContext.current().getCallingAccount(); + if (domainId == null) { + domainId = caller.getDomainId(); // use caller's domain id + } if (!_accountMgr.isRootAdmin(caller.getAccountId())) { // domain admin can only create role for his domain - if (domainId != null && caller.getDomainId() != domainId.longValue()) { + if (caller.getDomainId() != domainId.longValue()) { throw new PermissionDeniedException("Can't create acl group in domain " + domainId + ", permission denied"); } } @@ -486,9 +490,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager { + " already exisits for domain " + domainId); } AclGroupVO rvo = new AclGroupVO(aclGroupName, description); - if (domainId != null) { - rvo.setDomainId(domainId); - } + rvo.setDomainId(domainId); return _aclGroupDao.persist(rvo); }
