Remove useless global setting

Author: davidjumani

api/src/main/java/org/apache/cloudstack/query/QueryService.java

@@ -98,9 +98,6 @@ public interface QueryService {
             "user.vm.denied.details", "rootdisksize, cpuOvercommitRatio, memoryOvercommitRatio, Message.ReservedCapacityFreed.Flag",
             "Determines whether users can view certain VM settings. When set to empty, default value used is: rootdisksize, cpuOvercommitRatio, memoryOvercommitRatio, Message.ReservedCapacityFreed.Flag.", true);
 
-    static final ConfigKey<String> DomainAdminAllowListedConfigurations = new ConfigKey<String>("Advanced", String.class,
-            "domain.admin.allowlisted.config", "", "Determines which domain and account level configurations the domain admin is able to change", true);
-
     static final ConfigKey<String> UserVMReadOnlyDetails = new ConfigKey<String>("Advanced", String.class,
             "user.vm.readonly.details", "dataDiskController, rootDiskController",
             "List of read-only VM settings/details as comma separated string", true);

server/src/main/java/com/cloud/api/query/QueryManagerImpl.java

@@ -4260,6 +4260,6 @@ public String getConfigComponentName() {
 
     @Override
     public ConfigKey<?>[] getConfigKeys() {
-        return new ConfigKey<?>[] {AllowUserViewDestroyedVM, UserVMDeniedDetails, UserVMReadOnlyDetails, SortKeyAscending, AllowUserViewAllDomainAccounts, DomainAdminAllowListedConfigurations};
+        return new ConfigKey<?>[] {AllowUserViewDestroyedVM, UserVMDeniedDetails, UserVMReadOnlyDetails, SortKeyAscending, AllowUserViewAllDomainAccounts};
     }
 }

server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java

@@ -802,23 +802,16 @@ public Configuration updateConfiguration(final UpdateCfgCmd cmd) throws InvalidP
         final Long storagepoolId = cmd.getStoragepoolId();
         final Long accountId = cmd.getAccountId();
         final Long imageStoreId = cmd.getImageStoreId();
-        final Long domainId = cmd.getDomainId();
+        Long domainId = cmd.getDomainId();
         CallContext.current().setEventDetails(" Name: " + name + " New Value: " + (name.toLowerCase().contains("password") ? "*****" : value == null ? "" : value));
         // check if config value exists
         final ConfigurationVO config = _configDao.findByName(name);
         String catergory = null;
 
         final Account caller = CallContext.current().getCallingAccount();
         if (_accountMgr.isDomainAdmin(caller.getId())) {
-            if (domainId == null) {
-                throw new PermissionDeniedException("Domain admins can change only domain level configurations");
-            }
-
-            final List<String> domainAdminWhitelistConfigs = Stream.of(QueryService.DomainAdminAllowListedConfigurations.value().split(","))
-                    .map(item -> (item).trim())
-                    .collect(Collectors.toList());
-            if (!domainAdminWhitelistConfigs.contains(name)) {
-                throw new PermissionDeniedException("Domain admins can not change this configuration");
+            if (accountId == null && domainId == null) {
+                domainId = caller.getDomainId();
             }
         }
 

server/src/main/java/com/cloud/server/ManagementServerImpl.java

@@ -1975,15 +1975,17 @@ public Pair<List<? extends Configuration>, Integer> searchForConfigurations(fina
         final Long clusterId = cmd.getClusterId();
         final Long storagepoolId = cmd.getStoragepoolId();
         final Long accountId = cmd.getAccountId();
-        final Long domainId = cmd.getDomainId();
         final Long imageStoreId = cmd.getImageStoreId();
+        Long domainId = cmd.getDomainId();
         String scope = null;
         Long id = null;
         int paramCountCheck = 0;
 
         final Account caller = CallContext.current().getCallingAccount();
-        if (_accountMgr.isDomainAdmin(caller.getId()) && domainId == null) {
-            throw new PermissionDeniedException("Domain admins can view only domain level configurations");
+        if (_accountMgr.isDomainAdmin(caller.getId())) {
+            if (accountId == null && domainId == null) {
+                domainId = caller.getDomainId();
+            }
         }
 
         if (zoneId != null) {
@@ -2054,21 +2056,10 @@ public Pair<List<? extends Configuration>, Integer> searchForConfigurations(fina
 
         final Pair<List<ConfigurationVO>, Integer> result = _configDao.searchAndCount(sc, searchFilter);
 
-        List<ConfigurationVO> configs = result.first();
-
-        if (_accountMgr.isDomainAdmin(caller.getId())) {
-            final List<String> domainAdminWhitelistConfigs = Stream.of(QueryService.DomainAdminAllowListedConfigurations.value().split(","))
-                .map(item -> (item).trim())
-                .collect(Collectors.toList());
-            configs = configs.stream()
-                .filter(item -> domainAdminWhitelistConfigs.contains(item.getName()))
-                .collect(Collectors.toList());
-        }
-
         if (scope != null && !scope.isEmpty()) {
             // Populate values corresponding the resource id
             final List<ConfigurationVO> configVOList = new ArrayList<ConfigurationVO>();
-            for (final ConfigurationVO param : configs) {
+            for (final ConfigurationVO param : result.first()) {
                 final ConfigurationVO configVo = _configDao.findByName(param.getName());
                 if (configVo != null) {
                     final ConfigKey<?> key = _configDepot.get(param.getName());
@@ -2086,7 +2077,7 @@ public Pair<List<? extends Configuration>, Integer> searchForConfigurations(fina
             return new Pair<List<? extends Configuration>, Integer>(configVOList, configVOList.size());
         }
 
-        return new Pair<List<? extends Configuration>, Integer>(configs, result.second());
+        return new Pair<List<? extends Configuration>, Integer>(result.first(), result.second());
     }
 
     @Override

ui/src/config/section/account.js

@@ -49,7 +49,7 @@ export default {
     {
       name: 'settings',
       component: () => import('@/components/view/SettingsTab.vue'),
-      show: (record, route, user) => { return ['Admin'].includes(user.roletype) }
+      show: (record, route, user) => { return ['Admin', 'DomainAdmin'].includes(user.roletype) }
     }
   ],
   actions: [

ui/src/config/section/config.js

@@ -19,7 +19,7 @@ export default {
   name: 'config',
   title: 'label.configuration',
   icon: 'setting',
-  permission: ['listConfigurations'],
+  permission: ['listConfigurations', 'listInfrastructure'],
   children: [
     {
       name: 'globalsetting',

ui/src/config/section/domain.js

@@ -53,7 +53,7 @@ export default {
     {
       name: 'settings',
       component: () => import('@/components/view/SettingsTab.vue'),
-      show: (record, route, user) => { return ['Admin'].includes(user.roletype) }
+      show: (record, route, user) => { return ['Admin', 'DomainAdmin'].includes(user.roletype) }
     }, {
       name: 'comments',
       component: () => import('@/components/view/AnnotationsTab.vue')