etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-4987: when addNic to vm, don't make account check if the call is made by ROOT admin

This commit is contained in:
Alena Prokharchyk 2014-01-16 13:27:09 -08:00
parent 3b8e5bdc86
commit 47fd67b7fa
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
server/src/com/cloud/vm/UserVmManagerImpl.java
View File

@ -966,8 +966,7 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir
throw new InvalidParameterValueException("unable to find a network with id " + networkId);
}
Account vmOwner = _accountMgr.getAccount(vmInstance.getAccountId());
if (vmOwner.getType() != Account.ACCOUNT_TYPE_ADMIN) {
if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
if (!(network.getGuestType() == Network.GuestType.Shared && network.getAclType() == ACLType.Domain)
&& !(network.getAclType() == ACLType.Account && network.getAccountId() == vmInstance.getAccountId())) {
throw new InvalidParameterValueException("only shared network or isolated network with the same account_id can be added to vmId: " + vmId);
@ -2638,8 +2637,8 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir
throw new InvalidParameterValueException("Network id=" + network.getId() + " doesn't belong to zone " + zone.getId());
}
Account vmOwner = _accountMgr.getAccount(accountId);
if (vmOwner.getType() != Account.ACCOUNT_TYPE_ADMIN) {
//relax the check if the caller is admin account
if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
if (!(network.getGuestType() == Network.GuestType.Shared && network.getAclType() == ACLType.Domain)
&& !(network.getAclType() == ACLType.Account && network.getAccountId() == accountId)) {
throw new InvalidParameterValueException("only shared network or isolated network with the same account_id can be added to vm");