From 0d36f2e4b520ecc85342ab8660e5547f675db12a Mon Sep 17 00:00:00 2001
From: Min Chen <min.chen@citrix.com>
Date: Wed, 17 Sep 2014 15:34:12 -0700
Subject: [PATCH] Error message exposes domain Id when deployVirtualMachine()
 is attempted on a shared network to which the user doesnot have access to.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
---
 server/src/com/cloud/acl/AffinityGroupAccessChecker.java | 9 ++++++++-
 server/src/com/cloud/network/NetworkModelImpl.java       | 6 +++++-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/server/src/com/cloud/acl/AffinityGroupAccessChecker.java b/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
index 7bcecf0e115..57f7b37cc08 100644
--- a/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
+++ b/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
@@ -28,9 +28,11 @@ import org.apache.cloudstack.affinity.AffinityGroup;
 import org.apache.cloudstack.affinity.AffinityGroupService;
 import org.apache.cloudstack.affinity.dao.AffinityGroupDomainMapDao;
 
+import com.cloud.domain.DomainVO;
 import com.cloud.exception.PermissionDeniedException;
 import com.cloud.user.Account;
 import com.cloud.user.AccountManager;
+import com.cloud.utils.exception.CloudRuntimeException;
 
 @Component
 @Local(value = SecurityChecker.class)
@@ -58,7 +60,12 @@ public class AffinityGroupAccessChecker extends DomainChecker {
 
             if (group.getAclType() == ACLType.Domain) {
                 if (!_affinityGroupService.isAffinityGroupAvailableInDomain(group.getId(), caller.getDomainId())) {
-                    throw new PermissionDeniedException("Affinity group is not available in domain id=" + caller.getDomainId());
+                    DomainVO callerDomain = _domainDao.findById(caller.getDomainId());
+                    if (callerDomain == null) {
+                        throw new CloudRuntimeException("cannot check permission on account " + caller.getAccountName() + " whose domain does not exist");
+                    }
+
+                    throw new PermissionDeniedException("Affinity group is not available in domain id=" + callerDomain.getUuid());
                 } else {
                     return true;
                 }
diff --git a/server/src/com/cloud/network/NetworkModelImpl.java b/server/src/com/cloud/network/NetworkModelImpl.java
index 60882124fcc..ff525e09388 100755
--- a/server/src/com/cloud/network/NetworkModelImpl.java
+++ b/server/src/com/cloud/network/NetworkModelImpl.java
@@ -1592,8 +1592,12 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel {
 
         } else {
             if (!isNetworkAvailableInDomain(network.getId(), owner.getDomainId())) {
+                DomainVO ownerDomain = _domainDao.findById(owner.getDomainId());
+                if (ownerDomain == null) {
+                    throw new CloudRuntimeException("cannot check permission on account " + owner.getAccountName() + " whose domain does not exist");
+                }
                 throw new PermissionDeniedException("Shared network id=" + ((NetworkVO)network).getUuid() + " is not available in domain id=" +
-                    owner.getDomainId());
+                        ownerDomain.getUuid());
             }
         }
     }