From aa6dddc778ae693d57affa90404d1b75f2a0b1f0 Mon Sep 17 00:00:00 2001
From: Alena Prokharchyk <alena.prokharchyk@citrix.com>
Date: Thu, 16 Jan 2014 10:58:40 -0800
Subject: [PATCH] CLOUDSTACK-4987: when addNic to vm, don't make account check
 if the vm belongs to ROOT admin

---
 .../src/com/cloud/vm/UserVmManagerImpl.java   | 22 ++++++++++++++-----
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java
index e9cccc4fe36..5a4cea4446d 100755
--- a/server/src/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/com/cloud/vm/UserVmManagerImpl.java
@@ -965,10 +965,15 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir
         if (network == null) {
             throw new InvalidParameterValueException("unable to find a network with id " + networkId);
         }
-        if (!(network.getGuestType() == Network.GuestType.Shared && network.getAclType() == ACLType.Domain)
-                && !(network.getAclType() == ACLType.Account && network.getAccountId() == vmInstance.getAccountId())) {
-            throw new InvalidParameterValueException("only shared network or isolated network with the same account_id can be added to vmId: " + vmId);
+
+        Account vmOwner = _accountMgr.getAccount(vmInstance.getAccountId());
+        if (vmOwner.getType() != Account.ACCOUNT_TYPE_ADMIN) {
+            if (!(network.getGuestType() == Network.GuestType.Shared && network.getAclType() == ACLType.Domain)
+                    && !(network.getAclType() == ACLType.Account && network.getAccountId() == vmInstance.getAccountId())) {
+                throw new InvalidParameterValueException("only shared network or isolated network with the same account_id can be added to vmId: " + vmId);
+            }
         }
+
         List<NicVO> allNics = _nicDao.listByVmId(vmInstance.getId());
         for (NicVO nic : allNics) {
             if (nic.getNetworkId() == network.getId())
@@ -2632,10 +2637,15 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir
             if (network.getDataCenterId() != zone.getId()) {
                 throw new InvalidParameterValueException("Network id=" + network.getId() + " doesn't belong to zone " + zone.getId());
             }
-            if (!(network.getGuestType() == Network.GuestType.Shared && network.getAclType() == ACLType.Domain)
-                    && !(network.getAclType() == ACLType.Account && network.getAccountId() == accountId)) {
-                throw new InvalidParameterValueException("only shared network or isolated network with the same account_id can be added to vm");
+
+            Account vmOwner = _accountMgr.getAccount(accountId);
+            if (vmOwner.getType() != Account.ACCOUNT_TYPE_ADMIN) {
+                if (!(network.getGuestType() == Network.GuestType.Shared && network.getAclType() == ACLType.Domain)
+                        && !(network.getAclType() == ACLType.Account && network.getAccountId() == accountId)) {
+                    throw new InvalidParameterValueException("only shared network or isolated network with the same account_id can be added to vm");
+                }
             }
+
             IpAddresses requestedIpPair = null;
             if (requestedIps != null && !requestedIps.isEmpty()) {
                 requestedIpPair = requestedIps.get(network.getId());