From 8709323affc50eb3d75d638916a4fcef2fa17d06 Mon Sep 17 00:00:00 2001 From: Kristijan Mitrovic Date: Fri, 11 Sep 2020 11:46:48 +0200 Subject: [PATCH] Add comments about account sync restrictions --- .../service/account/StandardSyncAccountService.java | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/bubble-server/src/main/java/bubble/service/account/StandardSyncAccountService.java b/bubble-server/src/main/java/bubble/service/account/StandardSyncAccountService.java index aaaa0057..b0397107 100644 --- a/bubble-server/src/main/java/bubble/service/account/StandardSyncAccountService.java +++ b/bubble-server/src/main/java/bubble/service/account/StandardSyncAccountService.java @@ -56,6 +56,11 @@ public class StandardSyncAccountService implements SyncAccountService { if (installType == AnsibleInstallType.sage) { // changing account on sage, notify all bubbles launched by user that have syncAccount == true + // sync account: sage -> node(s) + // Note that a non-admin person can change only his own account on sage node, while admin can change any + // account. In both cases, the change should be synced through the nodes, so even for non-admin account, the + // sync should be done here. + for (BubbleNetwork network : networkDAO.findByAccount(account.getUuid())) { if (network.getState() != BubbleNetworkState.running) continue; if (!network.syncAccount()) continue; @@ -70,6 +75,11 @@ public class StandardSyncAccountService implements SyncAccountService { } } else if (installType == AnsibleInstallType.node) { + // sync account: node -> sage + // On sage there's just a single account related to this node - the node's network owner's account. So only + // that account should be synced in this case. It doesn't matter if somebody already changed this account + // to be non-admin (TODO strange situation and maybe it should be tested if it is forbidden already) + if (account.getUuid().equals(thisNetwork.getAccount())) { log.info("sync: not syncing non-owner account from node to sage"); return;