diff --git a/server/src/com/cloud/network/NetworkServiceImpl.java b/server/src/com/cloud/network/NetworkServiceImpl.java index d5034597f4f..4eb620c4243 100755 --- a/server/src/com/cloud/network/NetworkServiceImpl.java +++ b/server/src/com/cloud/network/NetworkServiceImpl.java @@ -490,6 +490,9 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService { accountId = network.getAccountId(); domainId = network.getDomainId(); + // Validate network offering + NetworkOfferingVO ntwkOff = _networkOfferingDao.findById(network.getNetworkOfferingId()); + // verify permissions _accountMgr.checkAccess(ipOwner, null, true, network); @@ -518,7 +521,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService { } catch (InsufficientAddressCapacityException e) { throw new InvalidParameterValueException("Allocating guest ip for nic failed"); } - } else if (dc.getNetworkType() == NetworkType.Basic) { + } else if (dc.getNetworkType() == NetworkType.Basic || ntwkOff.getGuestType() == Network.GuestType.Shared) { Account caller = UserContext.current().getCaller(); long callerUserId = UserContext.current().getCallerUserId(); _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network); @@ -546,14 +549,6 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService { s_logger.error("Allocating ip to guest nic " + nicId + " failed"); return null; } - } else if (isSharedNetworkOfferingWithServices(network.getNetworkOfferingId()) && zone.getNetworkType() == NetworkType.Advanced) { - // if shared network in the advanced zone, then check the caller against the network for 'AccessType.UseNetwork' - Account caller = UserContext.current().getCaller(); - long callerUserId = UserContext.current().getCallerUserId(); - _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network); - if (s_logger.isDebugEnabled()) { - s_logger.debug("Associate IP address called by the user " + callerUserId + " account " + ipOwner.getId()); - } } else { s_logger.error("AddIpToVMNic is not supported in this network..."); return null; @@ -594,6 +589,13 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService { Network network = _networksDao.findById(secIpVO.getNetworkId()); + if (network == null) { + throw new InvalidParameterValueException("Invalid network id is given"); + } + + // Validate network offering + NetworkOfferingVO ntwkOff = _networkOfferingDao.findById(network.getNetworkOfferingId()); + // verify permissions _accountMgr.checkAccess(caller, null, true, network); @@ -627,7 +629,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService { s_logger.debug("VM nic IP " + secondaryIp + " is associated with the static NAT rule public IP address id " + publicIpVO.getId()); throw new InvalidParameterValueException("Can' remove the ip " + secondaryIp + "is associate with static NAT rule public IP address id " + publicIpVO.getId()); } - } else if (dc.getNetworkType() == NetworkType.Basic) { + } else if (dc.getNetworkType() == NetworkType.Basic || ntwkOff.getGuestType() == Network.GuestType.Shared) { IPAddressVO ip = _ipAddressDao.findByIpAndNetworkId(secIpVO.getNetworkId(), secIpVO.getIp4Address()); if (ip != null) { Transaction txn = Transaction.currentTxn(); @@ -636,7 +638,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService { _ipAddressDao.unassignIpAddress(ip.getId()); txn.commit(); } - } else if (isSharedNetworkOfferingWithServices(network.getNetworkOfferingId()) && dc.getNetworkType() == NetworkType.Advanced) { + } else { throw new InvalidParameterValueException("Not supported for this network now"); }