From 2ceea80a1ddf8c0ef970efde8a030b2efa261c4b Mon Sep 17 00:00:00 2001
From: Min Chen <min.chen@citrix.com>
Date: Mon, 14 Oct 2013 16:32:13 -0700
Subject: [PATCH] CLOUDSTACK-4862:Admin cannot delete shared network scoped to
 user account.

---
 .../src/com/cloud/network/element/VirtualRouterElement.java | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/server/src/com/cloud/network/element/VirtualRouterElement.java b/server/src/com/cloud/network/element/VirtualRouterElement.java
index 13096b81033..783886ae4c6 100755
--- a/server/src/com/cloud/network/element/VirtualRouterElement.java
+++ b/server/src/com/cloud/network/element/VirtualRouterElement.java
@@ -75,6 +75,7 @@ import com.cloud.network.rules.StaticNat;
 import com.cloud.offering.NetworkOffering;
 import com.cloud.offerings.NetworkOfferingVO;
 import com.cloud.offerings.dao.NetworkOfferingDao;
+import com.cloud.user.Account;
 import com.cloud.user.AccountManager;
 import com.cloud.uservm.UserVm;
 import com.cloud.utils.Pair;
@@ -663,8 +664,11 @@ public class VirtualRouterElement extends AdapterBase implements VirtualRouterEl
             return true;
         }
         boolean result = true;
+        // NOTE that we need to pass caller account to destroyRouter, otherwise it will fail permission check there. Context passed in from deleteNetwork is the network account, 
+        // not caller account
+        Account callerAccount = _accountMgr.getAccount(context.getCaller().getAccountId());        
         for (DomainRouterVO router : routers) {
-            result = result && (_routerMgr.destroyRouter(router.getId(), context.getAccount(), context.getCaller().getId()) != null);
+            result = result && (_routerMgr.destroyRouter(router.getId(), callerAccount, context.getCaller().getId()) != null);
         }
         return result;
     }