diff --git a/api/src/com/cloud/api/commands/CreateSnapshotCmd.java b/api/src/com/cloud/api/commands/CreateSnapshotCmd.java index 7ed9f7810e5..4186072d003 100755 --- a/api/src/com/cloud/api/commands/CreateSnapshotCmd.java +++ b/api/src/com/cloud/api/commands/CreateSnapshotCmd.java @@ -106,21 +106,16 @@ public class CreateSnapshotCmd extends BaseAsyncCreateCmd { @Override public long getEntityOwnerId() { - Long volumeId = getVolumeId(); - Long accountId = null; - - Volume volume = _entityMgr.findById(Volume.class, volumeId); - if (volume != null) { - accountId = volume.getAccountId(); - } else { + + Volume volume = _entityMgr.findById(Volume.class, getVolumeId()); + if (volume == null) { throw new InvalidParameterValueException("Unable to find volume by id=" + volumeId); } - - Account account = _accountService.getAccount(accountId); + Account account = _accountService.getAccount(volume.getAccountId()); //Can create templates for enabled projects/accounts only if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) { - Project project = _projectService.findByProjectAccountId(accountId); + Project project = _projectService.findByProjectAccountId(volume.getAccountId()); if (project.getState() != Project.State.Active) { throw new PermissionDeniedException("Can't add resources to the project id=" + project.getId() + " in state=" + project.getState() + " as it's no longer active"); } @@ -128,7 +123,7 @@ public class CreateSnapshotCmd extends BaseAsyncCreateCmd { throw new PermissionDeniedException("The owner of template is disabled: " + account); } - return accountId; + return volume.getAccountId(); } @Override diff --git a/api/src/com/cloud/api/commands/CreateSnapshotPolicyCmd.java b/api/src/com/cloud/api/commands/CreateSnapshotPolicyCmd.java index 23bfa1f0ca8..6052ab115df 100644 --- a/api/src/com/cloud/api/commands/CreateSnapshotPolicyCmd.java +++ b/api/src/com/cloud/api/commands/CreateSnapshotPolicyCmd.java @@ -27,6 +27,9 @@ import com.cloud.api.Implementation; import com.cloud.api.Parameter; import com.cloud.api.ServerApiException; import com.cloud.api.response.SnapshotPolicyResponse; +import com.cloud.exception.InvalidParameterValueException; +import com.cloud.exception.PermissionDeniedException; +import com.cloud.projects.Project; import com.cloud.storage.Volume; import com.cloud.storage.snapshot.SnapshotPolicy; import com.cloud.user.Account; @@ -100,16 +103,27 @@ public class CreateSnapshotPolicyCmd extends BaseCmd { @Override public long getEntityOwnerId() { Volume volume = _entityMgr.findById(Volume.class, getVolumeId()); - if (volume != null) { - return volume.getAccountId(); + if (volume == null) { + throw new InvalidParameterValueException("Unable to find volume by id=" + volumeId); } - - return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked + + Account account = _accountService.getAccount(volume.getAccountId()); + //Can create templates for enabled projects/accounts only + if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) { + Project project = _projectService.findByProjectAccountId(volume.getAccountId()); + if (project.getState() != Project.State.Active) { + throw new PermissionDeniedException("Can't add resources to the project id=" + project.getId() + " in state=" + project.getState() + " as it's no longer active"); + } + } else if (account.getState() == Account.State.disabled) { + throw new PermissionDeniedException("The owner of template is disabled: " + account); + } + + return volume.getAccountId(); } @Override public void execute(){ - SnapshotPolicy result = _snapshotService.createPolicy(this); + SnapshotPolicy result = _snapshotService.createPolicy(this, _accountService.getAccount(getEntityOwnerId())); if (result != null) { SnapshotPolicyResponse response = _responseGenerator.createSnapshotPolicyResponse(result); response.setResponseName(getCommandName()); diff --git a/api/src/com/cloud/storage/snapshot/SnapshotService.java b/api/src/com/cloud/storage/snapshot/SnapshotService.java index 1d8da9b8ca0..dbe84151034 100644 --- a/api/src/com/cloud/storage/snapshot/SnapshotService.java +++ b/api/src/com/cloud/storage/snapshot/SnapshotService.java @@ -54,9 +54,10 @@ public interface SnapshotService { * * @param cmd * the command that + * @param policyOwner TODO * @return the newly created snapshot policy if success, null otherwise */ - SnapshotPolicy createPolicy(CreateSnapshotPolicyCmd cmd); + SnapshotPolicy createPolicy(CreateSnapshotPolicyCmd cmd, Account policyOwner); /** * Get the recurring snapshots scheduled for this volume currently along with the time at which they are scheduled diff --git a/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java b/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java index 226feb7c672..4fe9b0a4526 100755 --- a/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java +++ b/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java @@ -1126,7 +1126,7 @@ public class SnapshotManagerImpl implements SnapshotManager, SnapshotService, Ma @Override @DB - public SnapshotPolicyVO createPolicy(CreateSnapshotPolicyCmd cmd) { + public SnapshotPolicyVO createPolicy(CreateSnapshotPolicyCmd cmd, Account policyOwner) { Long volumeId = cmd.getVolumeId(); VolumeVO volume = _volsDao.findById(cmd.getVolumeId()); if (volume == null) { @@ -1139,7 +1139,7 @@ public class SnapshotManagerImpl implements SnapshotManager, SnapshotService, Ma throw new InvalidParameterValueException("VolumeId: " + volumeId + " is not in " + Volume.State.Ready + " state but " + volume.getState() + ". Cannot take snapshot."); } - if ( volume.getTemplateId() != null ) { + if (volume.getTemplateId() != null ) { VMTemplateVO template = _templateDao.findById(volume.getTemplateId()); if( template != null && template.getTemplateType() == Storage.TemplateType.SYSTEM ) { throw new InvalidParameterValueException("VolumeId: " + volumeId + " is for System VM , Creating snapshot against System VM volumes is not supported");