From 6a9d6f8796949a2de97c9fd55af2a88a6f143e24 Mon Sep 17 00:00:00 2001
From: Prachi Damle <prachi@cloud.com>
Date: Fri, 28 Mar 2014 18:53:18 -0700
Subject: [PATCH] RoleBasedEntityAccessChecker should skip Project resources.
 IAM does not support Projects yet.

---
 .../cloudstack/iam/RoleBasedEntityAccessChecker.java       | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
index 3ab3749123c..bcc483fc090 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
@@ -81,6 +81,12 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
             throw new InvalidParameterValueException("Entity and action cannot be both NULL in checkAccess!");
         }
 
+        // if a Project entity, skip
+        Account entityAccount = _accountService.getAccount(entity.getAccountId());
+        if (entityAccount != null && entityAccount.getType() == Account.ACCOUNT_TYPE_PROJECT) {
+            return false;
+        }
+
         String entityType = null;
         if (entity.getEntityType() != null) {
             entityType = entity.getEntityType().getSimpleName();
@@ -128,6 +134,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
 
         if (!policies.isEmpty()) { // Since we reach this point, none of the
                                    // roles granted access
+
             if (s_logger.isDebugEnabled()) {
                 s_logger.debug("Account " + caller + " does not have permission to access resource " + entity
                         + " for access type: " + accessType);