diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index fe69e0406d0..83f0f1277a5 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -2109,7 +2109,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag @Override @DB public boolean destroyNetwork(long networkId, ReservationContext context) { - Account callerAccount = _accountMgr.getAccount(context.getCaller().getAccountId()); + Account caller = _accountMgr.getAccount(context.getCaller().getAccountId()); NetworkVO network = _networksDao.findById(networkId); if (network == null) { @@ -2146,7 +2146,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag boolean success = true; - if (!cleanupNetworkResources(networkId, callerAccount, context.getCaller().getId())) { + if (!cleanupNetworkResources(networkId, caller, context.getCaller().getId())) { s_logger.warn("Unable to delete network id=" + networkId + ": failed to cleanup network resources"); return false; } diff --git a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java index 41c2228b5e3..4b44fd02688 100644 --- a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java +++ b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java @@ -428,8 +428,7 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma throw new InvalidParameterValueException("Unable to find " + ruleId + " having purpose " + Purpose.Firewall); } - _accountMgr.checkAccess(caller, null, rule); - + _accountMgr.checkAccess(caller, null, rule); revokeRule(rule, caller, userId, false); @@ -456,9 +455,6 @@ public class FirewallManagerImpl implements FirewallService, FirewallManager, Ma @Override @DB public void revokeRule(FirewallRuleVO rule, Account caller, long userId, boolean needUsageEvent) { - if (caller != null) { - _accountMgr.checkAccess(caller, null, rule); - } Transaction txn = Transaction.currentTxn(); boolean generateUsageEvent = false; diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java index 3289b155738..95f089bf1f9 100755 --- a/server/src/com/cloud/server/ManagementServerImpl.java +++ b/server/src/com/cloud/server/ManagementServerImpl.java @@ -3077,16 +3077,14 @@ public class ManagementServerImpl implements ManagementServer { } } - { - // delete users which will also delete accounts and release resources for those accounts - SearchCriteria sc = _accountDao.createSearchCriteria(); - sc.addAnd("domainId", SearchCriteria.Op.EQ, domainId); - List accounts = _accountDao.search(sc, null); - for (AccountVO account : accounts) { - success = (success && _accountMgr.deleteAccount(account, UserContext.current().getCallerUserId(), UserContext.current().getCaller())); - if (!success) { - s_logger.warn("Failed to cleanup account id=" + account.getId() + " as a part of domain cleanup"); - } + // delete users which will also delete accounts and release resources for those accounts + SearchCriteria sc = _accountDao.createSearchCriteria(); + sc.addAnd("domainId", SearchCriteria.Op.EQ, domainId); + List accounts = _accountDao.search(sc, null); + for (AccountVO account : accounts) { + success = (success && _accountMgr.deleteAccount(account, UserContext.current().getCallerUserId(), UserContext.current().getCaller())); + if (!success) { + s_logger.warn("Failed to cleanup account id=" + account.getId() + " as a part of domain cleanup"); } } diff --git a/server/src/com/cloud/template/TemplateManagerImpl.java b/server/src/com/cloud/template/TemplateManagerImpl.java index 71946ff080e..04f2f1f1e4e 100755 --- a/server/src/com/cloud/template/TemplateManagerImpl.java +++ b/server/src/com/cloud/template/TemplateManagerImpl.java @@ -635,7 +635,10 @@ public class TemplateManagerImpl implements TemplateManager, Manager, TemplateSe public boolean delete(long userId, long templateId, Long zoneId) { VMTemplateVO template = _tmpltDao.findById(templateId); if (template == null || template.getRemoved() != null) { - throw new InvalidParameterValueException("Please specify a valid template."); + if (s_logger.isDebugEnabled()) { + s_logger.debug("The template id=" + templateId + " either doesn't exist or already removed, so not deleting it"); + } + return true; } TemplateAdapter adapter = getAdapter(template.getHypervisorType()); diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java index 95e5d47e2b5..4a79f56bde7 100755 --- a/server/src/com/cloud/user/AccountManagerImpl.java +++ b/server/src/com/cloud/user/AccountManagerImpl.java @@ -894,6 +894,13 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag @Override public void checkAccess(Account caller, Domain domain) throws PermissionDeniedException { + if (caller.getId() == Account.ACCOUNT_ID_SYSTEM) { + //no need to make permission checks if the system makes the call + if (s_logger.isTraceEnabled()) { + s_logger.trace("No need to make permission check for System account, returning true"); + } + return; + } for (SecurityChecker checker : _securityCheckers) { if (checker.checkAccess(caller, domain)) { if (s_logger.isDebugEnabled()) { @@ -910,6 +917,14 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag @Override public void checkAccess(Account caller, AccessType accessType, ControlledEntity... entities) { HashMap> domains = new HashMap>(); + + if (caller.getId() == Account.ACCOUNT_ID_SYSTEM) { + //no need to make permission checks if the system makes the call + if (s_logger.isTraceEnabled()) { + s_logger.trace("No need to make permission check for System account, returning true"); + } + return; + } for (ControlledEntity entity : entities) { long domainId = entity.getDomainId();