Update list snappolicy & backup schedule logic to list only those that belong to a proj or for root admin those that belong to it, unless listall & projid is passed

Author: Pearl1594

api/src/main/java/org/apache/cloudstack/api/command/user/backup/ListBackupScheduleCmd.java

@@ -24,7 +24,7 @@
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
+import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
 import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.ServerApiException;
 import org.apache.cloudstack.api.response.BackupScheduleResponse;
@@ -47,7 +47,7 @@
         description = "List backup schedule of a VM",
         responseObject = BackupScheduleResponse.class, since = "4.14.0",
         authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User})
-public class ListBackupScheduleCmd extends BaseListDomainResourcesCmd {
+public class ListBackupScheduleCmd extends BaseListProjectAndAccountResourcesCmd {
 
     @Inject
     BackupManager backupManager;

api/src/main/java/org/apache/cloudstack/api/command/user/snapshot/ListSnapshotPoliciesCmd.java

@@ -23,7 +23,7 @@
 
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
+import org.apache.cloudstack.api.BaseListProjectAndAccountResourcesCmd;
 import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.response.ListResponse;
 import org.apache.cloudstack.api.response.SnapshotPolicyResponse;
@@ -34,7 +34,7 @@
 
 @APICommand(name = "listSnapshotPolicies", description = "Lists snapshot policies.", responseObject = SnapshotPolicyResponse.class,
         requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
-public class ListSnapshotPoliciesCmd extends BaseListDomainResourcesCmd {
+public class ListSnapshotPoliciesCmd extends BaseListProjectAndAccountResourcesCmd {
 
 
     /////////////////////////////////////////////////////

server/src/main/java/com/cloud/storage/snapshot/SnapshotManagerImpl.java

@@ -1393,41 +1393,32 @@ public Pair<List<? extends SnapshotPolicy>, Integer> listSnapshotPolicies(ListSn
         Long volumeId = cmd.getVolumeId();
         Long id = cmd.getId();
         Account caller = CallContext.current().getCallingAccount();
-        boolean isRootAdmin = _accountMgr.isRootAdmin(caller.getId());
         List<Long> permittedAccounts = new ArrayList<>();
-        Long domainId = null;
-        Boolean isRecursive = null;
-        ListProjectResourcesCriteria listProjectResourcesCriteria = null;
 
+        // Verify parameters
         if (volumeId != null) {
             VolumeVO volume = _volsDao.findById(volumeId);
             if (volume != null) {
                 _accountMgr.checkAccess(CallContext.current().getCallingAccount(), null, true, volume);
             }
         }
 
-        if (!isRootAdmin) {
-            Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject =
-                    new Ternary<>(cmd.getDomainId(), cmd.isRecursive(), null);
-            _accountMgr.buildACLSearchParameters(caller, id, null, null, permittedAccounts, domainIdRecursiveListProject, cmd.listAll(), false);
-            domainId = domainIdRecursiveListProject.first();
-            isRecursive = domainIdRecursiveListProject.second();
-            listProjectResourcesCriteria = domainIdRecursiveListProject.third();
-        }
+        Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject =
+                new Ternary<>(cmd.getDomainId(), cmd.isRecursive(), null);
+        _accountMgr.buildACLSearchParameters(caller, id, cmd.getAccountName(), cmd.getProjectId(), permittedAccounts, domainIdRecursiveListProject, cmd.listAll(), false);
+        Long domainId = domainIdRecursiveListProject.first();
+        Boolean isRecursive = domainIdRecursiveListProject.second();
+        ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third();
+
         Filter searchFilter = new Filter(SnapshotPolicyVO.class, "id", false, cmd.getStartIndex(), cmd.getPageSizeVal());
         SearchBuilder<SnapshotPolicyVO> policySearch = _snapshotPolicyDao.createSearchBuilder();
-
-        if (!isRootAdmin) {
-            _accountMgr.buildACLSearchBuilder(policySearch, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
-        }
+        _accountMgr.buildACLSearchBuilder(policySearch, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
 
         policySearch.and("id", policySearch.entity().getId(), SearchCriteria.Op.EQ);
         policySearch.and("volumeId", policySearch.entity().getVolumeId(), SearchCriteria.Op.EQ);
 
         SearchCriteria<SnapshotPolicyVO> sc = policySearch.create();
-        if (!isRootAdmin) {
-            _accountMgr.buildACLSearchCriteria(sc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
-        }
+        _accountMgr.buildACLSearchCriteria(sc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
 
         if (volumeId != null) {
             sc.setParameters("volumeId", volumeId);

server/src/main/java/org/apache/cloudstack/backup/BackupManagerImpl.java

@@ -654,31 +654,25 @@ public List<BackupSchedule> listBackupSchedules(ListBackupScheduleCmd cmd) {
             accountManager.checkAccess(CallContext.current().getCallingAccount(), null, true, vm);
         }
 
-        if (!isRootAdmin) {
-            Ternary<Long, Boolean, Project.ListProjectResourcesCriteria> domainIdRecursiveListProject =
-                    new Ternary<>(cmd.getDomainId(), cmd.isRecursive(), null);
-            accountManager.buildACLSearchParameters(caller, id, null, null, permittedAccounts, domainIdRecursiveListProject, true, false);
-            domainId = domainIdRecursiveListProject.first();
-            isRecursive = domainIdRecursiveListProject.second();
-            listProjectResourcesCriteria = domainIdRecursiveListProject.third();
-        }
+        Ternary<Long, Boolean, Project.ListProjectResourcesCriteria> domainIdRecursiveListProject =
+                new Ternary<>(cmd.getDomainId(), cmd.isRecursive(), null);
+        accountManager.buildACLSearchParameters(caller, id, cmd.getAccountName(), cmd.getProjectId(), permittedAccounts, domainIdRecursiveListProject, true, false);
+        domainId = domainIdRecursiveListProject.first();
+        isRecursive = domainIdRecursiveListProject.second();
+        listProjectResourcesCriteria = domainIdRecursiveListProject.third();
 
         Filter searchFilter = new Filter(BackupScheduleVO.class, "id", false, null, null);
         SearchBuilder<BackupScheduleVO> searchBuilder = backupScheduleDao.createSearchBuilder();
 
-        if (!isRootAdmin) {
-            accountManager.buildACLSearchBuilder(searchBuilder, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
-        }
+        accountManager.buildACLSearchBuilder(searchBuilder, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
 
         searchBuilder.and("id", searchBuilder.entity().getId(), SearchCriteria.Op.EQ);
         if (vmId != null) {
             searchBuilder.and("vmId", searchBuilder.entity().getVmId(), SearchCriteria.Op.EQ);
         }
 
         SearchCriteria<BackupScheduleVO> sc = searchBuilder.create();
-        if (!isRootAdmin) {
-            accountManager.buildACLSearchCriteria(sc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
-        }
+        accountManager.buildACLSearchCriteria(sc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
 
         if (id != null) {
             sc.setParameters("id", id);