Skip to content

Commit

Permalink
Merge pull request #742 from MissionCriticalCloud/fix/project-ids-sho…
Browse files Browse the repository at this point in the history 
…w-all

Only allow projectId -1 to Root Admin
  • Loading branch information
Boris Schrijver authored Jun 29, 2018
2 parents 942a014 + bb9e6b2 commit 680d2ff
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 42 deletions.
76 changes: 34 additions & 42 deletions cosmic-client/src/main/webapp/scripts/instances.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -355,51 +355,43 @@
});
}

$.when(
$.ajax({
url: createURL('listVirtualMachines'),
async: true,
data: data,
error: function (XMLHttpResponse) {
cloudStack.dialog.notice({
message: parseXMLHttpResponse(XMLHttpResponse)
});
args.response.error();
}
}),
$.ajax({
url: createURL('listVirtualMachines&projectid=-1'),
async: true,
data: data,
error: function (XMLHttpResponse) {
cloudStack.dialog.notice({
message: parseXMLHttpResponse(XMLHttpResponse)
$.ajax({
url: createURL('listVirtualMachines'),
async: true,
data: data,
error: function (XMLHttpResponse) {
cloudStack.dialog.notice({
message: parseXMLHttpResponse(XMLHttpResponse)
});
args.response.error();
},
success: function (json) {
var items = json.listvirtualmachinesresponse.virtualmachine;
if (args.context.projects == null && isAdmin()) {
$.ajax({
url: createURL('listVirtualMachines&projectid=-1'),
async: true,
data: data,
error: function (XMLHttpResponse) {
cloudStack.dialog.notice({
message: parseXMLHttpResponse(XMLHttpResponse)
});
args.response.error();
},
success: function (json) {
var pitems = json.listvirtualmachinesresponse.virtualmachine;
if (pitems) {
args.response.success({
data: pitems
});
}
}
});
args.response.error();
}
})).done(function (jsonvm, jsonvmp) {
var items = jsonvm[0].listvirtualmachinesresponse.virtualmachine;
if (args.context.projects == null && isAdmin()) {
var pitems = jsonvmp[0].listvirtualmachinesresponse.virtualmachine;
if (pitems) {
if (items) {
items.push(pitems[0]);
} else {
items = pitems;
}
}
}
if (items) {
$.each(items, function (idx, vm) {
if (vm.nic && vm.nic.length > 0 && vm.nic[0].ipaddress) {
items[idx].ipaddress = vm.nic[0].ipaddress;
}
args.response.success({
data: items
});
}
args.response.success({
data: items
});
});
}});
},

detailView: {
Expand Down
10 changes: 10 additions & 0 deletions cosmic-core/api/src/main/java/com/cloud/api/BaseListProjectAndAccountResourcesCmd.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
package com.cloud.api;

import com.cloud.api.response.ProjectResponse;
import com.cloud.context.CallContext;
import com.cloud.legacymodel.exceptions.PermissionDeniedException;
import com.cloud.legacymodel.user.Account;

public abstract class BaseListProjectAndAccountResourcesCmd extends BaseListAccountResourcesCmd implements IBaseListProjectAndAccountResourcesCmd {

Expand All @@ -9,6 +12,13 @@ public abstract class BaseListProjectAndAccountResourcesCmd extends BaseListAcco

@Override
public Long getProjectId() {
// Only allow root admin to see all project resources
final Account caller = CallContext.current().getCallingAccount();
if (projectId != null) {
if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN && projectId == -1L) {
throw new PermissionDeniedException("Not allowed to access this project");
}
}
return projectId;
}
}

0 comments on commit 680d2ff

Please # to comment.