diff --git a/server/src/main/java/com/cloud/acl/DomainChecker.java b/server/src/main/java/com/cloud/acl/DomainChecker.java index 4395c647528..2858334b35a 100644 --- a/server/src/main/java/com/cloud/acl/DomainChecker.java +++ b/server/src/main/java/com/cloud/acl/DomainChecker.java @@ -35,6 +35,7 @@ import com.cloud.exception.PermissionDeniedException; import com.cloud.network.Network; import com.cloud.network.NetworkModel; import com.cloud.network.vpc.VpcOffering; +import com.cloud.network.vpc.dao.VpcOfferingDetailsDao; import com.cloud.offering.DiskOffering; import com.cloud.offering.NetworkOffering; import com.cloud.offering.ServiceOffering; @@ -77,7 +78,7 @@ public class DomainChecker extends AdapterBase implements SecurityChecker { @Inject NetworkOfferingDetailsDao networkOfferingDetailsDao; @Inject - NetworkOfferingDetailsDao vpcOfferingDetailsDao; + VpcOfferingDetailsDao vpcOfferingDetailsDao; protected DomainChecker() { super(); @@ -273,11 +274,11 @@ public class DomainChecker extends AdapterBase implements SecurityChecker { || account.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN || _accountService.isDomainAdmin(account.getId()) || account.getType() == Account.ACCOUNT_TYPE_PROJECT) { - final List doDomainIds = networkOfferingDetailsDao.findDomainIds(nof.getId()); - if (doDomainIds.isEmpty()) { + final List noDomainIds = networkOfferingDetailsDao.findDomainIds(nof.getId()); + if (noDomainIds.isEmpty()) { isAccess = true; } else { - for (Long domainId : doDomainIds) { + for (Long domainId : noDomainIds) { if (_domainDao.isChildDomain(domainId, account.getDomainId())) { isAccess = true; break; @@ -311,11 +312,11 @@ public class DomainChecker extends AdapterBase implements SecurityChecker { || account.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN || _accountService.isDomainAdmin(account.getId()) || account.getType() == Account.ACCOUNT_TYPE_PROJECT) { - final List doDomainIds = vpcOfferingDetailsDao.findDomainIds(vof.getId()); - if (doDomainIds.isEmpty()) { + final List voDomainIds = vpcOfferingDetailsDao.findDomainIds(vof.getId()); + if (voDomainIds.isEmpty()) { isAccess = true; } else { - for (Long domainId : doDomainIds) { + for (Long domainId : voDomainIds) { if (_domainDao.isChildDomain(domainId, account.getDomainId())) { isAccess = true; break; diff --git a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java index a249ab94322..46d53843b21 100644 --- a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java +++ b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java @@ -921,7 +921,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis // Validate vpc offering final VpcOfferingVO vpcOff = _vpcOffDao.findById(vpcOffId); - _accountMgr.checkAccess(caller, vpcOff, _dcDao.findById(zoneId)); + _accountMgr.checkAccess(owner, vpcOff, _dcDao.findById(zoneId)); if (vpcOff == null || vpcOff.getState() != State.Enabled) { final InvalidParameterValueException ex = new InvalidParameterValueException("Unable to find vpc offering in " + State.Enabled + " state by specified id"); if (vpcOff == null) {