fix: domain resource domain share to system when non_default_domain_p…

…rojects off
yunionio · Jul 23, 2020 · 671d202 · 671d202
1 parent 7e629b3
commit 671d202
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 2 deletions.
diff --git a/pkg/cloudcommon/db/infraresource.go b/pkg/cloudcommon/db/infraresource.go
@@ -22,6 +22,7 @@ import (
 	"yunion.io/x/sqlchemy"
 
 	"yunion.io/x/onecloud/pkg/apis"
+	"yunion.io/x/onecloud/pkg/cloudcommon/consts"
 	"yunion.io/x/onecloud/pkg/httperrors"
 	"yunion.io/x/onecloud/pkg/mcclient"
 	"yunion.io/x/onecloud/pkg/util/rbacutils"
@@ -248,6 +249,15 @@ func (model *SInfrasResourceBase) SaveSharedInfo(src apis.TOwnerSource, ctx cont
 }
 
 func (model *SInfrasResourceBase) SyncShareState(ctx context.Context, userCred mcclient.TokenCredential, shareInfo apis.SAccountShareInfo) {
+	if !consts.GetNonDefaultDomainProjects() {
+		if model.PublicSrc != string(apis.OWNER_SOURCE_LOCAL) {
+			model.SaveSharedInfo(apis.OWNER_SOURCE_CLOUD, ctx, userCred, apis.SShareInfo{
+				IsPublic:    true,
+				PublicScope: rbacutils.ScopeSystem,
+			})
+		}
+		return
+	}
 	si := shareInfo.GetDomainShareInfo()
 	if model.PublicSrc != string(apis.OWNER_SOURCE_LOCAL) {
 		model.SaveSharedInfo(apis.OWNER_SOURCE_CLOUD, ctx, userCred, si)

diff --git a/pkg/cloudcommon/db/sharablebase.go b/pkg/cloudcommon/db/sharablebase.go
@@ -195,8 +195,10 @@ func SharableManagerValidateCreateData(
 				input.PublicScope = "" // string(rbacutils.ScopeNone)
 			}
 		} else {
-			input.IsPublic = nil
-			input.PublicScope = string(rbacutils.ScopeNone)
+			// if non_default_domain_projects turned off, all domain resources shared to system
+			input.IsPublic = &isPublic
+			input.PublicScope = string(rbacutils.ScopeSystem)
+			reqScope = rbacutils.ScopeSystem
 		}
 	default:
 		return input, errors.Wrap(httperrors.ErrInputParameter, "the resource is not sharable")
@@ -494,6 +496,11 @@ func SharablePerformPrivate(model ISharableBaseModel, ctx context.Context, userC
 		return nil
 	}
 
+	resourceScope := model.GetModelManager().ResourceScope()
+	if resourceScope == rbacutils.ScopeDomain && !consts.GetNonDefaultDomainProjects() {
+		return errors.Wrap(httperrors.ErrForbidden, "not allow to private domain resource")
+	}
+
 	requireIds := model.GetRequiredSharedDomainIds()
 	if len(requireIds) == 0 {
 		return errors.Wrap(httperrors.ErrForbidden, "require to be shared to system")