From 9c32605f2b877134df4b512dea4ea8c4fa8e65e9 Mon Sep 17 00:00:00 2001
From: Alena Prokharchyk <alena.prokharchyk@citrix.com>
Date: Thu, 16 Jan 2014 13:27:09 -0800
Subject: [PATCH]     CLOUDSTACK-4987: when addNic to vm, don't make account
 check if the call is made by ROOT admin

---
 server/src/com/cloud/vm/UserVmManagerImpl.java | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java
index a3dbcb77568..ea38d12ee51 100755
--- a/server/src/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/com/cloud/vm/UserVmManagerImpl.java
@@ -987,8 +987,7 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir
             throw new InvalidParameterValueException("unable to find a network with id " + networkId);
         }
 
-        Account vmOwner = _accountMgr.getAccount(vmInstance.getAccountId());
-        if (vmOwner.getType() != Account.ACCOUNT_TYPE_ADMIN) {
+        if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
             if (!(network.getGuestType() == Network.GuestType.Shared && network.getAclType() == ACLType.Domain)
                     && !(network.getAclType() == ACLType.Account && network.getAccountId() == vmInstance.getAccountId())) {
                 throw new InvalidParameterValueException("only shared network or isolated network with the same account_id can be added to vmId: " + vmId);
@@ -2799,8 +2798,8 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir
                         + zone.getId());
             }
 
-            Account vmOwner = _accountMgr.getAccount(accountId);
-            if (vmOwner.getType() != Account.ACCOUNT_TYPE_ADMIN) {
+            //relax the check if the caller is admin account
+            if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
                 if (!(network.getGuestType() == Network.GuestType.Shared && network.getAclType() == ACLType.Domain)
                         && !(network.getAclType() == ACLType.Account && network.getAccountId() == accountId)) {
                     throw new InvalidParameterValueException("only shared network or isolated network with the same account_id can be added to vm");