harikrishna-patnala commented on code in PR #11587:
URL: https://github.com/apache/cloudstack/pull/11587#discussion_r2342864455
##########
api/src/main/java/org/apache/cloudstack/api/command/user/backup/ListBackupScheduleCmd.java:
##########
@@ -60,10 +59,15 @@ public class ListBackupScheduleCmd extends BaseCmd {
@Parameter(name = ApiConstants.VIRTUAL_MACHINE_ID,
type = CommandType.UUID,
entityType = UserVmResponse.class,
- required = true,
description = "ID of the VM")
private Long vmId;
+ @Parameter(name = ApiConstants.ID,
Review Comment:
since param please
##########
server/src/main/java/com/cloud/storage/snapshot/SnapshotManagerImpl.java:
##########
@@ -1388,28 +1389,48 @@ protected boolean deletePolicy(Long policyId) {
}
@Override
- public Pair<List<? extends SnapshotPolicy>, Integer>
listPoliciesforVolume(ListSnapshotPoliciesCmd cmd) {
+ public Pair<List<? extends SnapshotPolicy>, Integer>
listSnapshotPolicies(ListSnapshotPoliciesCmd cmd) {
Long volumeId = cmd.getVolumeId();
- boolean display = cmd.isDisplay();
Long id = cmd.getId();
- Pair<List<SnapshotPolicyVO>, Integer> result = null;
- // TODO - Have a better way of doing this.
- if (id != null) {
- result = _snapshotPolicyDao.listAndCountById(id, display, null);
- if (result != null && result.first() != null &&
!result.first().isEmpty()) {
- SnapshotPolicyVO snapshotPolicy = result.first().get(0);
- volumeId = snapshotPolicy.getVolumeId();
- }
+ Account caller = CallContext.current().getCallingAccount();
+ boolean isRootAdmin = _accountMgr.isRootAdmin(caller.getId());
+ List<Long> permittedAccounts = new ArrayList<>();
+ Long domainId = null;
+ Boolean isRecursive = null;
+ ListProjectResourcesCriteria listProjectResourcesCriteria = null;
+
+ if (!isRootAdmin) {
+ Ternary<Long, Boolean, ListProjectResourcesCriteria>
domainIdRecursiveListProject =
+ new Ternary<>(cmd.getDomainId(), cmd.isRecursive(), null);
+ _accountMgr.buildACLSearchParameters(caller, id, null, null,
permittedAccounts, domainIdRecursiveListProject, cmd.listAll(), false);
+ domainId = domainIdRecursiveListProject.first();
+ isRecursive = domainIdRecursiveListProject.second();
+ listProjectResourcesCriteria =
domainIdRecursiveListProject.third();
}
- VolumeVO volume = _volsDao.findById(volumeId);
- if (volume == null) {
- throw new InvalidParameterValueException("Unable to find a volume
with id " + volumeId);
+ Filter searchFilter = new Filter(SnapshotPolicyVO.class, "id", false,
cmd.getStartIndex(), cmd.getPageSizeVal());
+ SearchBuilder<SnapshotPolicyVO> policySearch =
_snapshotPolicyDao.createSearchBuilder();
+
+ if (!isRootAdmin) {
+ _accountMgr.buildACLSearchBuilder(policySearch, domainId,
isRecursive, permittedAccounts, listProjectResourcesCriteria);
}
- _accountMgr.checkAccess(CallContext.current().getCallingAccount(),
null, true, volume);
Review Comment:
do we still need this check @Pearl1594 ? I see buildACLSearchParameters()
method is enabling only on permittedAccounts, but what if a permitted account
tries to access volume information which it does not belongs to that account !
or am I missing anything
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
