etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-5145 : Added permission checks while deleting network ACLs

This commit is contained in:
Kishan Kavala 2013-12-16 17:50:08 +05:30
parent 6b7ea7f90d
commit e2805b802c
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
View File

@ -582,6 +582,14 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ
public boolean revokeNetworkACLItem(long ruleId) {
NetworkACLItemVO aclItem = _networkACLItemDao.findById(ruleId);
if(aclItem != null){
NetworkACL acl = _networkAclMgr.getNetworkACL(aclItem.getAclId());
Vpc vpc = _entityMgr.findById(Vpc.class, acl.getVpcId());
Account caller = CallContext.current().getCallingAccount();
_accountMgr.checkAccess(caller, null, true, vpc);
if((aclItem.getAclId() == NetworkACL.DEFAULT_ALLOW) || (aclItem.getAclId() == NetworkACL.DEFAULT_DENY)){
throw new InvalidParameterValueException("ACL Items in default ACL cannot be deleted");
}