etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix CLOUDSTACK-2989 normal user are allowed to create isolated network offerings with vlan assignments 

1) only root admin can list network offering with specifyVlan=true
2) only root admin can create network with specifyVlan=true
This commit is contained in:
Mice Xia 2013-06-14 14:54:20 +08:00
parent b2111e46b7
commit 7663684981
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
server/src/com/cloud/configuration/ConfigurationManagerImpl.java
View File

@ -4162,8 +4162,11 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati
sc.addAnd("isDefault", SearchCriteria.Op.EQ, isDefault);
}
if (specifyVlan != null) {
// only root admin can list network offering with specifyVlan = true
if (specifyVlan != null && caller.getType() == Account.ACCOUNT_TYPE_ADMIN) {
sc.addAnd("specifyVlan", SearchCriteria.Op.EQ, specifyVlan);
}else{
specifyVlan = false;
}
if (availability != null) {

6
server/src/com/cloud/network/NetworkServiceImpl.java
View File

@ -1202,9 +1202,9 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService {
+ Network.GuestType.Isolated + " with a service " + Service.SourceNat.getName() + " enabled");
}
// Don't allow to specify vlan if the caller is a regular user
if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL && (ntwkOff.getSpecifyVlan() || vlanId != null)) {
throw new InvalidParameterValueException("Regular user is not allowed to specify vlanId");
// Don't allow to specify vlan if the caller is not ROOT admin
if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN && (ntwkOff.getSpecifyVlan() || vlanId != null)) {
throw new InvalidParameterValueException("Only ROOT admin is allowed to specify vlanId");
}
if (ipv4) {