[jira] [Commented] (CLOUDSTACK-9971) Bugfix/listaccounts parameter consistency

Wed, 03 Jan 2018 03:30:55 -0800 

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-9971?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16309515#comment-16309515
 ] 

ASF subversion and git services commented on CLOUDSTACK-9971:
-------------------------------------------------------------

Commit 000ee36224feb81fb86da2ffebb812f4d3d1e35a in cloudstack's branch 
refs/heads/master from [~dcarbone]
[ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=000ee36 ]

CLOUDSTACK-9971: Bugfix/listaccounts parameter consistency (#2156)

Ran into an issue today where we passed both the "id" and "domainid" parameters 
into "listAccounts" and received a response despite the account id passed not 
belonging to the domainid passed.

Allow usage of "domainid" AND "id" in "listAccounts"
- Adding "AccountDoa::findActiveAccountById"
- Adding "AccountDaoImpl::findActiveAccountById"
- Removing seemingly pointless "listForDomain" parameter
- Updating "typeNEQ" value from "5" to "Account.ACCOUNT_TYPE_PROJECT"
  (which is "5")
- Only attempt to load domain for "path" query parameter once

"searchForAccountsInternal" input validation logic pseudo-code:
  - If "domainid" set, check immediately
  - If "id" not set:
    - and user is admin and "listall" is true
      - if "domainid" not set, use caller domain id
      - force "isrecursive" true
    - else use caller account id
  - Else if "domainid" and "name" set
    - verify existence of account and that user has access
  - Else:
    - if "domainid" not set, locate account by "id"
    - else, locate account by "id" and "domainid"
    - verify account found and caller has access rights

> Bugfix/listaccounts parameter consistency
> -----------------------------------------
>
>                 Key: CLOUDSTACK-9971
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9971
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>            Reporter: Daniel Carbone
>            Priority: Minor
>
> Ran into an issue where we passed both the "id" and "domainid" parameters 
> into "listAccounts" and received a response despite the account id passed not 
> belonging to the domainid passed.
> This PR aims to correct this issue, along with a few other small updates.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to