etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-2659 Advanced Zone - during VM deployment need to check network permissions for shared account-specific guest networks too 

Changes:
- Check network permissions for account specific shared networks as well
- Changes to error to include network uuid instead of id
This commit is contained in:
Prachi Damle 2013-05-23 22:57:13 -07:00
parent 704471e6de
commit 51cf797d5e
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
server/src/com/cloud/network/NetworkModelImpl.java
View File

@ -32,6 +32,7 @@ import javax.ejb.Local;
import javax.inject.Inject;
import javax.naming.ConfigurationException;
import org.apache.cloudstack.acl.ControlledEntity.ACLType;
import org.apache.cloudstack.lb.dao.ApplicationLoadBalancerRuleDao;
import org.apache.log4j.Logger;
import org.springframework.stereotype.Component;
@ -1488,24 +1489,25 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel {
@Override
public void checkNetworkPermissions(Account owner, Network network) {
// Perform account permission check
if (network.getGuestType() != Network.GuestType.Shared) {
if (network.getGuestType() != Network.GuestType.Shared
|| (network.getGuestType() == Network.GuestType.Shared && network.getAclType() == ACLType.Account)) {
AccountVO networkOwner = _accountDao.findById(network.getAccountId());
if(networkOwner == null)
throw new PermissionDeniedException("Unable to use network with id= " + network.getId() + ", network does not have an owner");
throw new PermissionDeniedException("Unable to use network with id= " + ((network != null)? ((NetworkVO)network).getUuid() : "") + ", network does not have an owner");
if(owner.getType() != Account.ACCOUNT_TYPE_PROJECT && networkOwner.getType() == Account.ACCOUNT_TYPE_PROJECT){
if(!_projectAccountDao.canAccessProjectAccount(owner.getAccountId(), network.getAccountId())){
throw new PermissionDeniedException("Unable to use network with id= " + network.getId() + ", permission denied");
throw new PermissionDeniedException("Unable to use network with id= " + ((network != null)? ((NetworkVO)network).getUuid() : "") + ", permission denied");
}
}else{
List<NetworkVO> networkMap = _networksDao.listBy(owner.getId(), network.getId());
if (networkMap == null || networkMap.isEmpty()) {
throw new PermissionDeniedException("Unable to use network with id= " + network.getId() + ", permission denied");
throw new PermissionDeniedException("Unable to use network with id= " + ((network != null)? ((NetworkVO)network).getUuid() : "") + ", permission denied");
}
}
} else {
if (!isNetworkAvailableInDomain(network.getId(), owner.getDomainId())) {
throw new PermissionDeniedException("Shared network id=" + network.getUuid() + " is not available in domain id=" + owner.getDomainId());
throw new PermissionDeniedException("Shared network id=" + ((network != null)? ((NetworkVO)network).getUuid() : "") + " is not available in domain id=" + owner.getDomainId());
}
}
}