> On Sept. 24, 2012, 6:12 p.m., Alex Huang wrote: > > Does this need to go into 4.0? > > Rohit Yadav wrote: > Yes, as per fix version on > https://issues.apache.org/jira/browse/CLOUDSTACK-84 > But, whatever you advise.
This fix will break the following case: * have removed account. The removed account has some detached volume and user vm that weren't cleaned up yet * As ROOT admin, attach account's volume to account's vm. The patch makes it possible while we should allow just LISTING the resources belonging to the removed account, but never allow to manipulate/create/delete them. We have to think about some other fix. As far as I remember, account/domain checkers are never called when we do list commands through the API as we always do Joins with account table instead of running account check on each and every object returned with the list response. - Alena ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/7168/#review11841 ----------------------------------------------------------- On Sept. 19, 2012, 3:38 p.m., Rohit Yadav wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/7168/ > ----------------------------------------------------------- > > (Updated Sept. 19, 2012, 3:38 p.m.) > > > Review request for cloudstack, Abhinandan Prateek, Kishan Kavala, Nitin > Mehta, Alena Prokharchyk, and Alex Huang. > > > Description > ------- > > Domain ACL information should be valid even if account entry is marked > removed. Patch fixes how account is obtained based on accountId, it > finds among those entries which are marked deleted. > > In case of project deletion, the project is marked removed first and > then each of its elements are cleared/cleaned/deleted. While deleting > network and router it failed because ACL only checks accounts which are > not marked deleted. > > Download original patch and git am <patch>: > http://patchbin.baagi.org/p?id=40pdym > > > This addresses bug CLOUDSTACK-84. > > > Diffs > ----- > > server/src/com/cloud/acl/DomainChecker.java 6bc2cd3 > server/src/com/cloud/user/dao/AccountDao.java 3b7fa66 > server/src/com/cloud/user/dao/AccountDaoImpl.java 7300bb1 > > Diff: https://reviews.apache.org/r/7168/diff/ > > > Testing > ------- > > > Thanks, > > Rohit Yadav > >
