From 47de56d665243eb648f10cac5c806e095e03ef75 Mon Sep 17 00:00:00 2001 From: Likitha Shetty Date: Thu, 11 Jul 2013 13:46:25 +0530 Subject: [PATCH] CLOUDSTACK-3447. CLOUDSTACK-3448. Correct the access check on networks in APIs addNicToVM and removeNicFromVM --- server/src/com/cloud/vm/UserVmManagerImpl.java | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java index 53b4b6eaa4c..f95123ee9e1 100755 --- a/server/src/com/cloud/vm/UserVmManagerImpl.java +++ b/server/src/com/cloud/vm/UserVmManagerImpl.java @@ -863,13 +863,7 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Use } // Perform account permission check on network - if (network.getGuestType() != Network.GuestType.Shared) { - // Check account permissions - List networkMap = _networkDao.listBy(caller.getId(), network.getId()); - if ((networkMap == null || networkMap.isEmpty() ) && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) { - throw new PermissionDeniedException("Unable to modify a vm using network with id " + network.getId() + ", permission denied"); - } - } + _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network); //ensure network belongs in zone if (network.getDataCenterId() != vmInstance.getDataCenterId()) { @@ -940,13 +934,7 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Use } // Perform account permission check on network - if (network.getGuestType() != Network.GuestType.Shared) { - // Check account permissions - List networkMap = _networkDao.listBy(caller.getId(), network.getId()); - if ((networkMap == null || networkMap.isEmpty() ) && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) { - throw new PermissionDeniedException("Unable to modify a vm using network with id " + network.getId() + ", permission denied"); - } - } + _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network); boolean nicremoved = false;