etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-4987: when addNic to vm, don't make account check if the call is made by ROOT admin

This commit is contained in:
Alena Prokharchyk 2014-01-16 13:27:09 -08:00
parent 233f0f618f
commit 9c32605f2b
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
server/src/com/cloud/vm/UserVmManagerImpl.java
View File

@ -987,8 +987,7 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir
throw new InvalidParameterValueException("unable to find a network with id " + networkId);
}
Account vmOwner = _accountMgr.getAccount(vmInstance.getAccountId());
if (vmOwner.getType() != Account.ACCOUNT_TYPE_ADMIN) {
if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
if (!(network.getGuestType() == Network.GuestType.Shared && network.getAclType() == ACLType.Domain)
&& !(network.getAclType() == ACLType.Account && network.getAccountId() == vmInstance.getAccountId())) {
throw new InvalidParameterValueException("only shared network or isolated network with the same account_id can be added to vmId: " + vmId);
@ -2799,8 +2798,8 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir
+ zone.getId());
}
Account vmOwner = _accountMgr.getAccount(accountId);
if (vmOwner.getType() != Account.ACCOUNT_TYPE_ADMIN) {
//relax the check if the caller is admin account
if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
if (!(network.getGuestType() == Network.GuestType.Shared && network.getAclType() == ACLType.Domain)
&& !(network.getAclType() == ACLType.Account && network.getAccountId() == accountId)) {
throw new InvalidParameterValueException("only shared network or isolated network with the same account_id can be added to vm");