update checks

Pearl1594 · Pearl1594 · commit 845a4542285c · 2025-12-09T13:04:28.000-05:00
diff --git a/api/src/main/java/org/apache/cloudstack/acl/SecurityChecker.java b/api/src/main/java/org/apache/cloudstack/acl/SecurityChecker.java
@@ -148,7 +148,5 @@ boolean checkAccess(Account caller, AccessType accessType, String action, Contro
 
     boolean checkAccess(Account account, VpcOffering vof, DataCenter zone) throws PermissionDeniedException;
 
-    default boolean checkAccess(Account account, BackupOffering bof) throws PermissionDeniedException {
-        return true;
-    }
+    boolean checkAccess(Account account, BackupOffering bof) throws PermissionDeniedException;
 }
diff --git a/engine/schema/src/main/java/org/apache/cloudstack/backup/BackupOfferingVO.java b/engine/schema/src/main/java/org/apache/cloudstack/backup/BackupOfferingVO.java
@@ -17,6 +17,8 @@
 
 package org.apache.cloudstack.backup;
 
+import org.apache.cloudstack.utils.reflectiontostringbuilderutils.ReflectionToStringBuilderUtils;
+
 import java.util.Date;
 import java.util.UUID;
 
@@ -131,4 +133,9 @@ public void setDescription(String description) {
     public Date getCreated() {
         return created;
     }
+
+    @Override
+    public String toString() {
+        return String.format("Backup offering %s.", ReflectionToStringBuilderUtils.reflectOnlySelectedFields(this, "id", "name", "uuid"));
+    }
 }
diff --git a/server/src/main/java/org/apache/cloudstack/backup/BackupManagerImpl.java b/server/src/main/java/org/apache/cloudstack/backup/BackupManagerImpl.java
@@ -539,7 +539,11 @@ public boolean assignVMToBackupOffering(Long vmId, Long offeringId) {
             throw new CloudRuntimeException("Provided backup offering does not exist");
         }
 
-        accountManager.checkAccess(CallContext.current().getCallingAccount(), offering);
+        Account owner = accountManager.getAccount(vm.getAccountId());
+        if (owner == null) {
+            throw new CloudRuntimeException("Unable to find the owner of the VM");
+        }
+        accountManager.checkAccess(owner, offering);
 
         final BackupProvider backupProvider = getBackupProvider(offering.getProvider());
         if (backupProvider == null) {
@@ -602,8 +606,6 @@ public boolean removeVMFromBackupOffering(final Long vmId, final boolean forced)
             throw new CloudRuntimeException("No previously configured backup offering found for the VM");
         }
 
-        accountManager.checkAccess(CallContext.current().getCallingAccount(), offering);
-
         final BackupProvider backupProvider = getBackupProvider(offering.getProvider());
         if (backupProvider == null) {
             throw new CloudRuntimeException("Failed to get the backup provider for the zone, please contact the administrator");
@@ -867,7 +869,6 @@ public boolean createBackup(CreateBackupCmd cmd, Object job) throws ResourceAllo
         if (offering == null) {
             throw new CloudRuntimeException("VM backup offering not found");
         }
-        accountManager.checkAccess(caller, offering);
 
         final BackupProvider backupProvider = getBackupProvider(offering.getProvider());
         if (backupProvider == null) {
diff --git a/server/src/test/java/com/cloud/acl/DomainCheckerTest.java b/server/src/test/java/com/cloud/acl/DomainCheckerTest.java
@@ -189,7 +189,6 @@ public void testBackupOfferingAccessDomainAdmin() {
         AccountVO owner = Mockito.mock(AccountVO.class);
         Mockito.when(_accountService.isDomainAdmin(domainAdmin.getId())).thenReturn(true);
         Mockito.when(domainAdmin.getDomainId()).thenReturn(10L);
-        Mockito.when(owner.getDomainId()).thenReturn(101L);
         Mockito.when(_domainDao.isChildDomain(100L, 10L)).thenReturn(true);
         Mockito.when(backupOfferingDetailsDao.findDomainIds(backupOfferingVO.getId())).thenReturn(Collections.singletonList(100L));
 
@@ -204,7 +203,6 @@ public void testBackupOfferingAccessNoAccess() {
         BackupOfferingVO backupOfferingVO = Mockito.mock(BackupOfferingVO.class);
         Mockito.when(_accountService.isRootAdmin(normalUser.getId())).thenReturn(false);
         Mockito.when(_accountService.isDomainAdmin(normalUser.getId())).thenReturn(false);
-        Mockito.when(backupOfferingDetailsDao.findDomainIds(backupOfferingVO.getId())).thenReturn(Collections.singletonList(100L));
 
         boolean hasAccess = domainChecker.checkAccess(normalUser, backupOfferingVO);
         Assert.assertFalse(hasAccess);
diff --git a/server/src/test/java/org/apache/cloudstack/backup/BackupManagerTest.java b/server/src/test/java/org/apache/cloudstack/backup/BackupManagerTest.java
@@ -1155,6 +1155,8 @@ public void testAssignVMToBackupOffering() {
         VMInstanceVO vm = mock(VMInstanceVO.class);
         when(vm.getId()).thenReturn(vmId);
         BackupOfferingVO offering = mock(BackupOfferingVO.class);
+        Account owner = mock(Account.class);
+
 
         overrideBackupFrameworkConfigValue();
 
@@ -1165,6 +1167,8 @@ public void testAssignVMToBackupOffering() {
         when(vm.getBackupOfferingId()).thenReturn(null);
         when(offering.getProvider()).thenReturn("testbackupprovider");
         when(backupProvider.assignVMToBackupOffering(vm, offering)).thenReturn(true);
+        when(vm.getAccountId()).thenReturn(3L);
+        when(accountManager.getAccount(vm.getAccountId())).thenReturn(owner);
         when(vmInstanceDao.update(1L, vm)).thenReturn(true);
 
         try (MockedStatic<UsageEventUtils> ignored2 = Mockito.mockStatic(UsageEventUtils.class)) {

Original file line number	Diff line number	Diff line change
`@@ -148,7 +148,5 @@ boolean checkAccess(Account caller, AccessType accessType, String action, Contro`
`148`	`148`
`149`	`149`	`boolean checkAccess(Account account, VpcOffering vof, DataCenter zone) throws PermissionDeniedException;`
`150`	`150`
`151`		`- default boolean checkAccess(Account account, BackupOffering bof) throws PermissionDeniedException {`
`152`		`- return true;`
`153`		`- }`
	`151`	`+ boolean checkAccess(Account account, BackupOffering bof) throws PermissionDeniedException;`
`154`	`152`	`}`