server: vpc offering check access fix

Signed-off-by: Abhishek Kumar <abhishek.kumar@shapeblue.com>
2019-04-23 11:09:28 +05:30 · 2019-04-23 11:09:28 +05:30 · b749fe18bd
parent 15efa1b88d
commit b749fe18bd
2 changed files with 9 additions and 8 deletions
--- a/server/src/main/java/com/cloud/acl/DomainChecker.java
+++ b/server/src/main/java/com/cloud/acl/DomainChecker.java
@ -35,6 +35,7 @@ import com.cloud.exception.PermissionDeniedException;
 import com.cloud.network.Network;
 import com.cloud.network.NetworkModel;
 import com.cloud.network.vpc.VpcOffering;
+import com.cloud.network.vpc.dao.VpcOfferingDetailsDao;
 import com.cloud.offering.DiskOffering;
 import com.cloud.offering.NetworkOffering;
 import com.cloud.offering.ServiceOffering;
@ -77,7 +78,7 @@ public class DomainChecker extends AdapterBase implements SecurityChecker {
    @Inject
    NetworkOfferingDetailsDao networkOfferingDetailsDao;
    @Inject
-    NetworkOfferingDetailsDao vpcOfferingDetailsDao;
+    VpcOfferingDetailsDao vpcOfferingDetailsDao;

    protected DomainChecker() {
        super();
@ -273,11 +274,11 @@ public class DomainChecker extends AdapterBase implements SecurityChecker {
                    || account.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN
                    || _accountService.isDomainAdmin(account.getId())
                    || account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
-                final List<Long> doDomainIds = networkOfferingDetailsDao.findDomainIds(nof.getId());
-                if (doDomainIds.isEmpty()) {
+                final List<Long> noDomainIds = networkOfferingDetailsDao.findDomainIds(nof.getId());
+                if (noDomainIds.isEmpty()) {
                    isAccess = true;
                } else {
-                    for (Long domainId : doDomainIds) {
+                    for (Long domainId : noDomainIds) {
                        if (_domainDao.isChildDomain(domainId, account.getDomainId())) {
                            isAccess = true;
                            break;
@ -311,11 +312,11 @@ public class DomainChecker extends AdapterBase implements SecurityChecker {
                    || account.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN
                    || _accountService.isDomainAdmin(account.getId())
                    || account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
-                final List<Long> doDomainIds = vpcOfferingDetailsDao.findDomainIds(vof.getId());
-                if (doDomainIds.isEmpty()) {
+                final List<Long> voDomainIds = vpcOfferingDetailsDao.findDomainIds(vof.getId());
+                if (voDomainIds.isEmpty()) {
                    isAccess = true;
                } else {
-                    for (Long domainId : doDomainIds) {
+                    for (Long domainId : voDomainIds) {
                        if (_domainDao.isChildDomain(domainId, account.getDomainId())) {
                            isAccess = true;
                            break;
--- a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
@ -921,7 +921,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis

        // Validate vpc offering
        final VpcOfferingVO vpcOff = _vpcOffDao.findById(vpcOffId);
-        _accountMgr.checkAccess(caller, vpcOff, _dcDao.findById(zoneId));
+        _accountMgr.checkAccess(owner, vpcOff, _dcDao.findById(zoneId));
        if (vpcOff == null || vpcOff.getState() != State.Enabled) {
            final InvalidParameterValueException ex = new InvalidParameterValueException("Unable to find vpc offering in " + State.Enabled + " state by specified id");
            if (vpcOff == null) {