etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

server: create network owner check access fix 

Signed-off-by: Abhishek Kumar <abhishek.kumar@shapeblue.com>
This commit is contained in:
Abhishek Kumar 2019-04-22 15:50:40 +05:30 committed by Abhishek Kumar
parent 5598618527
commit 7c7237eec1
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
server/src/main/java/com/cloud/network/NetworkServiceImpl.java
View File

@ -1058,7 +1058,13 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService {
}
throw ex;
}
_accountMgr.checkAccess(caller, ntwkOff, _dcDao.findById(zoneId));
Account owner = null;
if ((cmd.getAccountName() != null && domainId != null) || cmd.getProjectId() != null) {
owner = _accountMgr.finalizeOwner(caller, cmd.getAccountName(), domainId, cmd.getProjectId());
} else {
owner = caller;
}
// validate physical network and zone
// Check if physical network exists
@ -1083,6 +1089,8 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService {
throw new InvalidParameterValueException("Specified zone id was not found");
}
_accountMgr.checkAccess(owner, ntwkOff, zone);
if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getId())) {
// See DataCenterVO.java
PermissionDeniedException ex = new PermissionDeniedException("Cannot perform this operation since specified Zone is currently disabled");
@ -1151,12 +1159,6 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService {
} else if (subdomainAccess != null) {
throw new InvalidParameterValueException("Parameter subDomainAccess can be specified only with aclType=Domain");
}
Account owner = null;
if ((cmd.getAccountName() != null && domainId != null) || cmd.getProjectId() != null) {
owner = _accountMgr.finalizeOwner(caller, cmd.getAccountName(), domainId, cmd.getProjectId());
} else {
owner = caller;
}
boolean ipv4 = true, ipv6 = false;
if (startIP != null) {
@ -2017,7 +2019,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService {
}
_accountMgr.checkAccess(callerAccount, null, true, network);
_accountMgr.checkAccess(callerAccount, offering, _dcDao.findById(network.getDataCenterId()));
_accountMgr.checkAccess(_accountMgr.getActiveAccountById(network.getAccountId()), offering, _dcDao.findById(network.getDataCenterId()));
if (name != null) {
network.setName(name);