From 36c0a4e2c33f59649ff52e3be7a4f181f8defeae Mon Sep 17 00:00:00 2001 From: Prachi Damle Date: Thu, 13 Mar 2014 15:32:38 -0700 Subject: [PATCH] Removed the AccessType.UseNetwork - replaced all referrences by AccessType.UseEntry --- api/src/org/apache/cloudstack/acl/SecurityChecker.java | 1 - .../cloudstack/api/command/user/vm/DeployVMCmd.java | 2 +- server/src/com/cloud/acl/DomainChecker.java | 2 +- server/src/com/cloud/network/IpAddressManagerImpl.java | 8 +++++--- server/src/com/cloud/network/NetworkServiceImpl.java | 4 ++-- server/src/com/cloud/user/AccountManagerImpl.java | 3 ++- server/src/com/cloud/vm/UserVmManagerImpl.java | 6 +++--- .../network/lb/ApplicationLoadBalancerManagerImpl.java | 2 +- 8 files changed, 15 insertions(+), 13 deletions(-) diff --git a/api/src/org/apache/cloudstack/acl/SecurityChecker.java b/api/src/org/apache/cloudstack/acl/SecurityChecker.java index 2889bc85e10..614f604aecb 100644 --- a/api/src/org/apache/cloudstack/acl/SecurityChecker.java +++ b/api/src/org/apache/cloudstack/acl/SecurityChecker.java @@ -32,7 +32,6 @@ public interface SecurityChecker extends Adapter { public enum AccessType { ModifyProject, - UseNetwork, OperateEntry, UseEntry } diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java index 69e079f795c..0235fcc3058 100755 --- a/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java @@ -105,7 +105,7 @@ public class DeployVMCmd extends BaseAsyncCreateCustomIdCmd { private Long domainId; //Network information - @ACL(accessType = AccessType.UseNetwork) + @ACL(accessType = AccessType.UseEntry) @Parameter(name = ApiConstants.NETWORK_IDS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = NetworkResponse.class, description = "list of network ids used by virtual machine. Can't be specified with ipToNetworkList parameter") private List networkIds; diff --git a/server/src/com/cloud/acl/DomainChecker.java b/server/src/com/cloud/acl/DomainChecker.java index 3df71a7da03..cb6921d9fae 100755 --- a/server/src/com/cloud/acl/DomainChecker.java +++ b/server/src/com/cloud/acl/DomainChecker.java @@ -134,7 +134,7 @@ public class DomainChecker extends AdapterBase implements SecurityChecker { } return true; - } else if (entity instanceof Network && accessType != null && accessType == AccessType.UseNetwork) { + } else if (entity instanceof Network && accessType != null && accessType == AccessType.UseEntry) { _networkMgr.checkNetworkPermissions(caller, (Network)entity); } else if (entity instanceof AffinityGroup) { return false; diff --git a/server/src/com/cloud/network/IpAddressManagerImpl.java b/server/src/com/cloud/network/IpAddressManagerImpl.java index 5225e3df85f..9b1f9bd7ed3 100644 --- a/server/src/com/cloud/network/IpAddressManagerImpl.java +++ b/server/src/com/cloud/network/IpAddressManagerImpl.java @@ -1164,7 +1164,8 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage if (zone.getNetworkType() == NetworkType.Advanced) { if (network.getGuestType() == Network.GuestType.Shared) { if (isSharedNetworkOfferingWithServices(network.getNetworkOfferingId())) { - _accountMgr.checkAccess(CallContext.current().getCallingAccount(), AccessType.UseNetwork, false, network); + _accountMgr.checkAccess(CallContext.current().getCallingAccount(), AccessType.UseEntry, false, + network); } else { throw new InvalidParameterValueException("IP can be associated with guest network of 'shared' type only if " + "network services Source Nat, Static Nat, Port Forwarding, Load balancing, firewall are enabled in the network"); @@ -1186,7 +1187,7 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage Network network = _networksDao.findById(networkId); if (network != null) { - _accountMgr.checkAccess(owner, AccessType.UseNetwork, false, network); + _accountMgr.checkAccess(owner, AccessType.UseEntry, false, network); } else { s_logger.debug("Unable to find ip address by id: " + ipId); return null; @@ -1318,7 +1319,8 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage if (zone.getNetworkType() == NetworkType.Advanced) { if (network.getGuestType() == Network.GuestType.Shared) { assert (isSharedNetworkOfferingWithServices(network.getNetworkOfferingId())); - _accountMgr.checkAccess(CallContext.current().getCallingAccount(), AccessType.UseNetwork, false, network); + _accountMgr.checkAccess(CallContext.current().getCallingAccount(), AccessType.UseEntry, false, + network); } } else { _accountMgr.checkAccess(caller, null, true, ipToAssoc); diff --git a/server/src/com/cloud/network/NetworkServiceImpl.java b/server/src/com/cloud/network/NetworkServiceImpl.java index 9185d848248..9238a1e8ce7 100755 --- a/server/src/com/cloud/network/NetworkServiceImpl.java +++ b/server/src/com/cloud/network/NetworkServiceImpl.java @@ -535,7 +535,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService { // if shared network in the advanced zone, then check the caller against the network for 'AccessType.UseNetwork' if (zone.getNetworkType() == NetworkType.Advanced) { if (isSharedNetworkOfferingWithServices(network.getNetworkOfferingId())) { - _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network); + _accountMgr.checkAccess(caller, AccessType.UseEntry, false, network); if (s_logger.isDebugEnabled()) { s_logger.debug("Associate IP address called by the user " + callerUserId + " account " + ipOwner.getId()); } @@ -578,7 +578,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService { // if shared network in the advanced zone, then check the caller against the network for 'AccessType.UseNetwork' if (zone.getNetworkType() == NetworkType.Advanced) { if (isSharedNetworkOfferingWithServices(network.getNetworkOfferingId())) { - _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network); + _accountMgr.checkAccess(caller, AccessType.UseEntry, false, network); if (s_logger.isDebugEnabled()) { s_logger.debug("Associate IP address called by the user " + callerUserId + " account " + ipOwner.getId()); } diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java index 1b68b0c76a9..f0d129a3cee 100755 --- a/server/src/com/cloud/user/AccountManagerImpl.java +++ b/server/src/com/cloud/user/AccountManagerImpl.java @@ -91,6 +91,7 @@ import com.cloud.exception.PermissionDeniedException; import com.cloud.exception.ResourceUnavailableException; import com.cloud.network.IpAddress; import com.cloud.network.IpAddressManager; +import com.cloud.network.Network; import com.cloud.network.VpnUserVO; import com.cloud.network.as.AutoScaleManager; import com.cloud.network.dao.AccountGuestVlanMapDao; @@ -490,7 +491,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M domainId = account != null ? account.getDomainId() : -1; } if (entity.getAccountId() != -1 && domainId != -1 && !(entity instanceof VirtualMachineTemplate) && - !(accessType != null && accessType == AccessType.UseNetwork) && !(entity instanceof AffinityGroup)) { + !(entity instanceof Network && accessType != null && accessType == AccessType.UseEntry) && !(entity instanceof AffinityGroup)) { List toBeChecked = domains.get(entity.getDomainId()); // for templates, we don't have to do cross domains check if (toBeChecked == null) { diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java index e7c0c8d2b8f..0e4fb5ec56d 100755 --- a/server/src/com/cloud/vm/UserVmManagerImpl.java +++ b/server/src/com/cloud/vm/UserVmManagerImpl.java @@ -987,7 +987,7 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir } // Perform account permission check on network - _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network); + _accountMgr.checkAccess(caller, AccessType.UseEntry, false, network); //ensure network belongs in zone if (network.getDataCenterId() != vmInstance.getDataCenterId()) { @@ -1061,7 +1061,7 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir } // Perform account permission check on network - _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network); + _accountMgr.checkAccess(caller, AccessType.UseEntry, false, network); boolean nicremoved = false; @@ -2336,7 +2336,7 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir // Perform account permission check if (network.getAclType() == ACLType.Account) { - _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network); + _accountMgr.checkAccess(caller, AccessType.UseEntry, false, network); } networkList.add(network); } diff --git a/server/src/org/apache/cloudstack/network/lb/ApplicationLoadBalancerManagerImpl.java b/server/src/org/apache/cloudstack/network/lb/ApplicationLoadBalancerManagerImpl.java index 1f3e0d28d26..73bf0d2a38b 100644 --- a/server/src/org/apache/cloudstack/network/lb/ApplicationLoadBalancerManagerImpl.java +++ b/server/src/org/apache/cloudstack/network/lb/ApplicationLoadBalancerManagerImpl.java @@ -114,7 +114,7 @@ public class ApplicationLoadBalancerManagerImpl extends ManagerBase implements A } Account caller = CallContext.current().getCallingAccount(); - _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, guestNtwk); + _accountMgr.checkAccess(caller, AccessType.UseEntry, false, guestNtwk); Network sourceIpNtwk = _networkModel.getNetwork(sourceIpNetworkId); if (sourceIpNtwk == null) {