From 452c7f4d1a0f572e19f8765f5a98550d0dec9377 Mon Sep 17 00:00:00 2001 From: abhishek Date: Fri, 5 Nov 2010 13:23:44 -0700 Subject: [PATCH] bug 7002: adding a check to ensure the account specific vlan added, is within the domain tree of the zone for which the vlan is being added for (whether it is a child domain or not) status 7002: resolved fixed --- .../com/cloud/configuration/ConfigurationManagerImpl.java | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java index 5c1c25328cb..178e35a6df2 100644 --- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java +++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java @@ -73,6 +73,7 @@ import com.cloud.exception.ConcurrentOperationException; import com.cloud.exception.InsufficientAddressCapacityException; import com.cloud.exception.InsufficientCapacityException; import com.cloud.exception.InvalidParameterValueException; +import com.cloud.exception.PermissionDeniedException; import com.cloud.hypervisor.Hypervisor.HypervisorType; import com.cloud.network.NetworkManager; import com.cloud.network.dao.IPAddressDao; @@ -1388,6 +1389,12 @@ public class ConfigurationManagerImpl implements ConfigurationManager { if (zoneId == null || ((zone = _zoneDao.findById(zoneId)) == null)) { throw new InvalidParameterValueException("Please specify a valid zone."); } + + //check if the account's domain is a child of the zone's domain, for adding vlan ip ranges + if(domainId != null && !_domainDao.isChildDomain(zone.getDomainId(), domainId)){ + //this is for account specific case, as domainId != null + throw new PermissionDeniedException("The account associated with specific domain id:"+domainId+" doesn't have permissions to add vlan ip ranges for the zone:"+zone.getId()); + } boolean associateIpRangeToAccount = false; if (vlanType.equals(VlanType.VirtualNetwork)) {