From 3a3fec3cb6bb4f9a008370ea02279d286654b01a Mon Sep 17 00:00:00 2001
From: Kishan Kavala <kishan@cloud.com>
Date: Mon, 16 Dec 2013 17:50:08 +0530
Subject: [PATCH] CLOUDSTACK-5145 : Added permission checks while deleting
 network ACLs

Conflicts:
	server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
---
 .../cloud/network/vpc/NetworkACLServiceImpl.java    | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java b/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
index fbcd461b759..f316999d4ea 100644
--- a/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
@@ -579,8 +579,21 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ
     @Override
     public boolean revokeNetworkACLItem(long ruleId) {
         NetworkACLItemVO aclItem = _networkACLItemDao.findById(ruleId);
+<<<<<<< HEAD
         if (aclItem != null) {
             if ((aclItem.getAclId() == NetworkACL.DEFAULT_ALLOW) || (aclItem.getAclId() == NetworkACL.DEFAULT_DENY)) {
+=======
+        if(aclItem != null){
+            NetworkACL acl = _networkAclMgr.getNetworkACL(aclItem.getAclId());
+
+            Vpc vpc = _entityMgr.findById(Vpc.class, acl.getVpcId());
+
+            Account caller = CallContext.current().getCallingAccount();
+
+            _accountMgr.checkAccess(caller, null, true, vpc);
+
+            if((aclItem.getAclId() == NetworkACL.DEFAULT_ALLOW) || (aclItem.getAclId() == NetworkACL.DEFAULT_DENY)){
+>>>>>>> e2805b8... CLOUDSTACK-5145 : Added permission checks while deleting network ACLs
                 throw new InvalidParameterValueException("ACL Items in default ACL cannot be deleted");
             }
         }