Perform security check for deleteNetwork inside the management server method instead of api command itself

api/src/com/cloud/api/commands/DeleteNetworkCmd.java

@@ -26,7 +26,6 @@ import com.cloud.api.Implementation;
 import com.cloud.api.Parameter;
 import com.cloud.api.ServerApiException;
 import com.cloud.api.response.SuccessResponse;
-import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.user.UserContext;
 
 @Implementation(description="Deletes a network", responseObject=SuccessResponse.class)
@@ -62,12 +61,7 @@ public class DeleteNetworkCmd extends BaseCmd{
     
     @Override
     public void execute(){
-        //Don't allow to delete network via api call when it has vms assigned to it
-        int nicCount = _networkService.getActiveNicsInNetwork(id);
-        if (nicCount > 0) {
-            throw new InvalidParameterValueException("Unable to remove the network id=" + id + " as it has active Nics.");
-        }
-        UserContext.current().setEventDetails("Network Id: "+id);
+        UserContext.current().setEventDetails("Network Id: " + id);
         boolean result = _networkService.deleteNetwork(id);
         if (result) {
             SuccessResponse response = new SuccessResponse(getCommandName());

server/src/com/cloud/network/NetworkManager.java

@@ -174,6 +174,6 @@ public interface NetworkManager extends NetworkService {
     
     boolean applyIpAssociations(Network network, boolean continueOnError) throws ResourceUnavailableException;
 
-    boolean deleteNetworkInternal(long networkId);
+    boolean deleteNetworkInternal(long networkId, long userId);
 
 }

server/src/com/cloud/network/NetworkManagerImpl.java

@@ -1660,13 +1660,13 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
 
     @Override
     @ActionEvent (eventType=EventTypes.EVENT_NETWORK_DELETE, eventDescription="deleting network")
-    public boolean deleteNetwork(long networkId) throws InvalidParameterValueException, PermissionDeniedException {
-        return deleteNetworkInternal(networkId);
-    }
-    
-    @Override
-    @DB
-    public boolean deleteNetworkInternal(long networkId) throws InvalidParameterValueException, PermissionDeniedException {
+    public boolean deleteNetwork(long networkId) throws InvalidParameterValueException, PermissionDeniedException {   
+        //Don't allow to delete network via api call when it has vms assigned to it
+        int nicCount = getActiveNicsInNetwork(networkId);
+        if (nicCount > 0) {
+            throw new InvalidParameterValueException("Unable to remove the network id=" + networkId + " as it has active Nics.");
+        }
+        
         Long userId = UserContext.current().getCallerUserId();
         Account caller = UserContext.current().getCaller();
 
@@ -1685,7 +1685,13 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
             Account owner = _accountMgr.getAccount(network.getAccountId());
             _accountMgr.checkAccess(caller, owner);
         }
-
+        
+        return deleteNetworkInternal(networkId, userId);
+    }
+    
+    @Override
+    @DB
+    public boolean deleteNetworkInternal(long networkId, long userId) throws InvalidParameterValueException, PermissionDeniedException {
         return this.destroyNetwork(networkId, userId);
     }
 

server/src/com/cloud/user/AccountManagerImpl.java

@@ -863,7 +863,7 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag
             List<NetworkVO> networks = _networkDao.listByOwner(accountId);
             if (networks != null) {
                 for (NetworkVO network : networks) {
-                    if (!_networkMgr.deleteNetworkInternal(network.getId())) {
+                    if (!_networkMgr.deleteNetworkInternal(network.getId(), callerUserId)) {
                         s_logger.warn("Unable to destroy network " + network + " as a part of account id=" + accountId +" cleanup.");
                         accountCleanupNeeded = true;
                         networksDeleted = false;