diff --git a/api/src/main/java/org/apache/cloudstack/query/QueryService.java b/api/src/main/java/org/apache/cloudstack/query/QueryService.java index ac29dff23a63..e8fd0b8a9773 100644 --- a/api/src/main/java/org/apache/cloudstack/query/QueryService.java +++ b/api/src/main/java/org/apache/cloudstack/query/QueryService.java @@ -88,6 +88,10 @@ public interface QueryService { static final ConfigKey AllowUserViewDestroyedVM = new ConfigKey("Advanced", Boolean.class, "allow.user.view.destroyed.vm", "false", "Determines whether users can view their destroyed or expunging vm ", true, ConfigKey.Scope.Account); + static final ConfigKey UserVMBlacklistedDetails = new ConfigKey("Advanced", String.class, + "user.vm.blacklisted.details", "rootdisksize, cpuOvercommitRatio, memoryOvercommitRatio, Message.ReservedCapacityFreed.Flag", + "Determines whether users can view certain VM settings", true); + ListResponse searchForUsers(ListUsersCmd cmd) throws PermissionDeniedException; ListResponse searchForEvents(ListEventsCmd cmd); diff --git a/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java b/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java index 91e0466d9dbb..e16527733996 100644 --- a/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java +++ b/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java @@ -3714,6 +3714,6 @@ public String getConfigComponentName() { @Override public ConfigKey[] getConfigKeys() { - return new ConfigKey[] {AllowUserViewDestroyedVM}; + return new ConfigKey[] {AllowUserViewDestroyedVM, UserVMBlacklistedDetails}; } } diff --git a/server/src/main/java/com/cloud/api/query/dao/UserVmJoinDaoImpl.java b/server/src/main/java/com/cloud/api/query/dao/UserVmJoinDaoImpl.java index 58d5e493d6d8..9b7577696823 100644 --- a/server/src/main/java/com/cloud/api/query/dao/UserVmJoinDaoImpl.java +++ b/server/src/main/java/com/cloud/api/query/dao/UserVmJoinDaoImpl.java @@ -42,6 +42,7 @@ import com.cloud.api.ApiDBUtils; import com.cloud.api.ApiResponseHelper; +import com.cloud.api.query.QueryManagerImpl; import com.cloud.api.query.vo.UserVmJoinVO; import com.cloud.gpu.GPU; import com.cloud.service.ServiceOfferingDetailsVO; @@ -305,12 +306,20 @@ public UserVmResponse newUserVmResponse(ResponseView view, String objectName, Us // set resource details map // Allow passing details to end user - List vmDetails = _userVmDetailsDao.listDetails(userVm.getId()); + // Honour the display field and only return if display is set to true + List vmDetails = _userVmDetailsDao.listDetails(userVm.getId(), true); if (vmDetails != null) { Map resourceDetails = new HashMap(); for (UserVmDetailVO userVmDetailVO : vmDetails) { resourceDetails.put(userVmDetailVO.getName(), userVmDetailVO.getValue()); } + // Remove blacklisted settings if user is not admin + if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN) { + String[] userVmSettingsToHide = QueryManagerImpl.UserVMBlacklistedDetails.value().split(","); + for (String key : userVmSettingsToHide) { + resourceDetails.remove(key.trim()); + } + } userVmResponse.setDetails(resourceDetails); }