Merge branch 'quota-enable-list-quota-for-disabled-quota-accounts' into '4.18.0.0-scclouds'

Permitir que contas com o _plugin_ Quota desabilitado continuem acessando as APIs do Quota

Closes apache#1686

See merge request scclouds/scclouds!710

Author: Daniel Augusto Veronezi Salvador

api/src/main/java/org/apache/cloudstack/api/BaseCmd.java

@@ -380,9 +380,10 @@ public Map<String, String> getFullUrlParams() {
     }
 
     /**
-     * Method intended to execute command's specific permissions and parameters. Should be overwritten by any class who needs specific validation.
+     * To be overwritten by any class who needs specific validation
      */
-    public void validateCommandSpecificPermissionsAndParameters(final Map<String, String> params){
+    public void validateSpecificParameters(final Map<String, String> params){
+        // To be overwritten by any class who needs specific validation
     }
 
     /**

api/src/main/java/org/apache/cloudstack/api/BaseListCmd.java

@@ -118,8 +118,8 @@ public Long getStartIndex() {
     }
 
     @Override
-    public void validateCommandSpecificPermissionsAndParameters(final Map<String, String> params){
-        super.validateCommandSpecificPermissionsAndParameters(params);
+    public void validateSpecificParameters(final Map<String, String> params){
+        super.validateSpecificParameters(params);
 
         final Object pageSizeObj = params.get(ApiConstants.PAGE_SIZE);
         Long pageSize = null;

framework/config/src/main/java/org/apache/cloudstack/framework/config/PluginAccessConfigs.java

@@ -18,9 +18,11 @@
 package org.apache.cloudstack.quota.constant;
 
 import org.apache.cloudstack.framework.config.ConfigKey;
-import org.apache.cloudstack.framework.config.PluginAccessConfigs;
 
-public interface QuotaConfig extends PluginAccessConfigs {
+public interface QuotaConfig {
+
+    public static final ConfigKey<Boolean> QuotaPluginEnabled = new ConfigKey<Boolean>("Advanced", Boolean.class, "quota.enable.service", "false",
+            "Indicates whether Quota plugin is enabled or not.", true);
 
     public static final ConfigKey<String> QuotaEnableEnforcement = new ConfigKey<String>("Advanced", String.class, "quota.enable.enforcement", "false",
             "Enable the usage quota enforcement, i.e. on true when exceeding quota the respective account will be locked.", true);

framework/quota/src/main/java/org/apache/cloudstack/quota/constant/QuotaConfig.java

@@ -24,7 +24,6 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-import java.util.stream.Collectors;
 
 import javax.inject.Inject;
 
@@ -43,7 +42,6 @@
 import org.apache.cloudstack.api.response.ApiParameterResponse;
 import org.apache.cloudstack.api.response.ApiResponseResponse;
 import org.apache.cloudstack.api.response.ListResponse;
-import org.apache.cloudstack.framework.config.PluginAccessConfigs;
 import org.apache.cloudstack.utils.reflectiontostringbuilderutils.ReflectionToStringBuilderUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.log4j.Logger;
@@ -68,8 +66,6 @@ public class ApiDiscoveryServiceImpl extends ComponentLifecycleBase implements A
     List<PluggableService> _services = null;
     protected static Map<String, ApiDiscoveryResponse> s_apiNameDiscoveryResponseMap = null;
 
-    List<String> quotaCmdList;
-
     @Inject
     AccountService accountService;
 
@@ -88,9 +84,6 @@ public boolean start() {
             Set<Class<?>> cmdClasses = new LinkedHashSet<Class<?>>();
             for (PluggableService service : _services) {
                 s_logger.debug(String.format("getting api commands of service: %s", service.getClass().getName()));
-                if (service.getClass().getSimpleName().equals("QuotaServiceImpl") && PluginAccessConfigs.QuotaPluginEnabled.value()) {
-                    quotaCmdList = service.getCommands().parallelStream().map(cmdClass -> cmdClass.getAnnotation(APICommand.class).name()).collect(Collectors.toList());
-                }
                 cmdClasses.addAll(service.getCommands());
             }
             cmdClasses.addAll(this.getCommands());
@@ -254,25 +247,13 @@ public ListResponse<? extends BaseResponse> listApis(User user, String name) {
         List<ApiDiscoveryResponse> responseList = new ArrayList<>();
         List<String> apisAllowed = new ArrayList<>(s_apiNameDiscoveryResponseMap.keySet());
 
-        if (user == null) {
+        if (user == null)
             return null;
-        }
-
-        Account account = accountService.getAccount(user.getAccountId());
-        if (account == null) {
-            throw new PermissionDeniedException(String.format("The account with id [%s] for user [%s] is null.", user.getAccountId(), user));
-        }
 
         if (name != null) {
             if (!s_apiNameDiscoveryResponseMap.containsKey(name))
                 return null;
 
-            if (account.getType() != Account.Type.ADMIN && PluginAccessConfigs.QuotaPluginEnabled.value() &&
-                !PluginAccessConfigs.QuotaAccountEnabled.valueIn(user.getAccountId()) && quotaCmdList.parallelStream().anyMatch(name::equalsIgnoreCase)) {
-
-                return null;
-            }
-
             for (APIChecker apiChecker : _apiAccessCheckers) {
                 try {
                     apiChecker.checkAccess(user, name);
@@ -284,6 +265,11 @@ public ListResponse<? extends BaseResponse> listApis(User user, String name) {
             responseList.add(s_apiNameDiscoveryResponseMap.get(name));
 
         } else {
+            Account account = accountService.getAccount(user.getAccountId());
+            if (account == null) {
+                throw new PermissionDeniedException(String.format("The account with id [%s] for user [%s] is null.", user.getAccountId(), user));
+            }
+
             final Role role = roleService.findRole(account.getRoleId());
             if (role == null || role.getId() < 1L) {
                 throw new PermissionDeniedException(String.format("The account [%s] has role null or unknown.",
@@ -294,11 +280,6 @@ public ListResponse<? extends BaseResponse> listApis(User user, String name) {
                 s_logger.info(String.format("Account [%s] is Root Admin, all APIs are allowed.",
                         ReflectionToStringBuilderUtils.reflectOnlySelectedFields(account, "accountName", "uuid")));
             } else {
-                if (PluginAccessConfigs.QuotaPluginEnabled.value() && !PluginAccessConfigs.QuotaAccountEnabled.valueIn(user.getAccountId())) {
-                    apisAllowed.removeAll(quotaCmdList);
-                    apisAllowed.add("quotaIsEnabled");
-                }
-
                 for (APIChecker apiChecker : _apiAccessCheckers) {
                     apisAllowed = apiChecker.getApisAllowedToUser(role, user, apisAllowed);
                 }

plugins/api/discovery/src/main/java/org/apache/cloudstack/discovery/ApiDiscoveryServiceImpl.java

@@ -22,9 +22,9 @@
 
 import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.user.Account;
-import org.apache.log4j.Logger;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseCmd;
 import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.response.AccountResponse;
 import org.apache.cloudstack.api.response.DomainResponse;
@@ -35,9 +35,8 @@
 import org.apache.cloudstack.quota.QuotaService;
 
 @APICommand(name = "quotaBalance", responseObject = QuotaStatementItemResponse.class, description = "Create quota balance statements for the account.", since = "4.7.0",
-    requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
-public class QuotaBalanceCmd extends QuotaBaseCmd {
-    public static final Logger s_logger = Logger.getLogger(QuotaBalanceCmd.class);
+requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
+public class QuotaBalanceCmd extends BaseCmd {
 
     @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "Account's name for which statement will be generated. Deprecated, please use " +
             ApiConstants.ACCOUNT_ID + " instead.")

plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaBalanceCmd.java

@@ -28,9 +28,9 @@
 public abstract class QuotaBaseCmd extends BaseCmd {
 
     @Override
-    public void validateCommandSpecificPermissionsAndParameters(final Map<String, String> params) {
+    public void validateSpecificParameters(final Map<String, String> params) {
         validateQuotaAccountEnabled(this);
-        super.validateCommandSpecificPermissionsAndParameters(params);
+        super.validateSpecificParameters(params);
     }
 
     public static void validateQuotaAccountEnabled(BaseCmd cmd) {
@@ -40,7 +40,7 @@ public static void validateQuotaAccountEnabled(BaseCmd cmd) {
             return;
         }
 
-        if (!QuotaConfig.QuotaPluginEnabled.value() || !QuotaConfig.QuotaAccountEnabled.valueIn(caller.getAccountId())){
+        if (!QuotaConfig.QuotaPluginEnabled.value()){
             throw new UnavailableCommandException(String.format("The API [%s] is not available for account %s.", cmd.getActualCommandName(),
                     ReflectionToStringBuilderUtils.reflectOnlySelectedFields(caller, "accountName", "uuid")));
         }

plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaBaseCmd.java

@@ -30,7 +30,7 @@
 
 @APICommand(name = QuotaConfigureEmailCmd.API_NAME, responseObject = QuotaConfigureEmailResponse.class, description = "Configure a quota email template", since = "4.16.0.11",
         requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
-public class QuotaConfigureEmailCmd extends QuotaBaseCmd {
+public class QuotaConfigureEmailCmd extends BaseCmd {
 
     public static final String API_NAME = "quotaConfigureEmail";
 

plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaBaseListCmd.java

@@ -21,6 +21,7 @@
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseCmd;
 import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.ServerApiException;
 import org.apache.cloudstack.api.response.AccountResponse;
@@ -36,7 +37,7 @@
 import java.util.Date;
 
 @APICommand(name = "quotaCredits", responseObject = QuotaCreditsResponse.class, description = "Add +-credits to an account", since = "4.7.0", requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
-public class QuotaCreditsCmd extends QuotaBaseCmd {
+public class QuotaCreditsCmd extends BaseCmd {
 
     @Inject
     QuotaResponseBuilder _responseBuilder;