[GitHub] [cloudstack] hsato03 commented on a diff in pull request #7974: Fix templates and ISOs listing pagination

Tue, 26 Sep 2023 14:43:29 -0700 


hsato03 commented on code in PR #7974:
URL: https://github.com/apache/cloudstack/pull/7974#discussion_r1337812593


##########
server/src/main/java/com/cloud/api/query/QueryManagerImpl.java:
##########
@@ -3782,11 +3781,62 @@ else if (!template.isPublicTemplate() && 
caller.getType() != Account.Type.ADMIN)
             }
         }
 
+        applyPublicTemplateSharingRestrictions(sc, caller);
+
         return templateChecks(isIso, hypers, tags, name, keyword, hyperType, 
onlyReady, bootable, zoneId, showDomr, caller,
                 showRemovedTmpl, parentTemplateId, showUnique, searchFilter, 
sc);
 
     }
 
+    /**
+     * If the caller is not a root admin, restricts the search to return only 
public templates from the domain which
+     * the caller belongs to and domains with the setting 
'share.public.templates.with.other.domains' enabled.
+     */
+    protected void 
applyPublicTemplateSharingRestrictions(SearchCriteria<TemplateJoinVO> sc, 
Account caller) {
+        if (caller.getType() == Account.Type.ADMIN) {
+            s_logger.debug(String.format("Account [%s] is a root admin. 
Therefore, it has access to all public templates.", caller));
+            return;
+        }
+
+        List<TemplateJoinVO> publicTemplates = 
_templateJoinDao.listPublicTemplates();
+
+        Set<Long> unsharableDomainIds = new HashSet<>();
+        for (TemplateJoinVO template : publicTemplates) {
+            
addDomainIdToSetIfDomainDoesNotShareTemplates(template.getDomainId(), caller, 
unsharableDomainIds);
+        }
+
+        if (!unsharableDomainIds.isEmpty()) {
+            s_logger.info(String.format("The public templates belonging to the 
domains [%s] will not be listed to account [%s] as they have the configuration 
[%s] marked as 'false'.", unsharableDomainIds, caller, 
QueryService.SharePublicTemplatesWithOtherDomains.key()));
+            sc.addAnd("domainId", SearchCriteria.Op.NOTIN, 
unsharableDomainIds.toArray());
+        }
+    }
+
+    /**
+     * Adds the provided domain ID the set if the domain does not share 
templates with the account. That is, if:

Review Comment:
   ```suggestion
        * Adds the provided domain ID to the set if the domain does not share 
templates with the account. That is, if:
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to