Re: [PR] list only own zones for resource admin [cloudstack]

Wed, 23 Jul 2025 00:46:56 -0700 


sureshanaparti commented on code in PR #11087:
URL: https://github.com/apache/cloudstack/pull/11087#discussion_r2224706026


##########
server/src/main/java/com/cloud/api/query/QueryManagerImpl.java:
##########
@@ -668,25 +618,21 @@ public ListResponse<UserResponse> 
searchForUsers(ResponseView responseView, List
             responseView = ResponseView.Full;
         }
         List<UserResponse> userResponses = 
ViewResponseHelper.createUserResponse(responseView, 
CallContext.current().getCallingAccount().getDomainId(),
-                result.first().toArray(new 
UserAccountJoinVO[result.first().size()]));
+                result.first().toArray(new UserAccountJoinVO[0]));
         response.setResponses(userResponses, result.second());
         return response;
     }
 
     public ListResponse<UserResponse> searchForUsers(Long domainId, boolean 
recursive) throws PermissionDeniedException {
         Account caller = CallContext.current().getCallingAccount();
 
-        List<Long> permittedAccounts = new ArrayList<Long>();
+        List<Long> permittedAccounts = new ArrayList<>();
 
         boolean listAll = true;
         Long id = null;
 
         if (caller.getType() == Account.Type.NORMAL) {
-            long currentId = CallContext.current().getCallingUser().getId();
-            if (id != null && currentId != id.longValue()) {
-                throw new PermissionDeniedException("Calling user is not 
authorized to see the user requested by id");
-            }

Review Comment:
   this check ^^^ already done before?



##########
server/src/main/java/com/cloud/api/query/QueryManagerImpl.java:
##########
@@ -668,25 +618,21 @@ public ListResponse<UserResponse> 
searchForUsers(ResponseView responseView, List
             responseView = ResponseView.Full;
         }
         List<UserResponse> userResponses = 
ViewResponseHelper.createUserResponse(responseView, 
CallContext.current().getCallingAccount().getDomainId(),
-                result.first().toArray(new 
UserAccountJoinVO[result.first().size()]));
+                result.first().toArray(new UserAccountJoinVO[0]));
         response.setResponses(userResponses, result.second());
         return response;
     }
 
     public ListResponse<UserResponse> searchForUsers(Long domainId, boolean 
recursive) throws PermissionDeniedException {
         Account caller = CallContext.current().getCallingAccount();
 
-        List<Long> permittedAccounts = new ArrayList<Long>();
+        List<Long> permittedAccounts = new ArrayList<>();
 
         boolean listAll = true;
         Long id = null;
 
         if (caller.getType() == Account.Type.NORMAL) {
-            long currentId = CallContext.current().getCallingUser().getId();
-            if (id != null && currentId != id.longValue()) {
-                throw new PermissionDeniedException("Calling user is not 
authorized to see the user requested by id");
-            }
-            id = currentId;

Review Comment:
   this check already done before?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to