You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bh...@apache.org on 2015/03/13 10:32:52 UTC
[2/9] git commit: updated refs/heads/4.5 to b79f13c
Error message exposes domain Id when deployVirtualMachine() is attempted on a shared network to which the user doesnot have access to.
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/0d36f2e4
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/0d36f2e4
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/0d36f2e4
Branch: refs/heads/4.5
Commit: 0d36f2e4b520ecc85342ab8660e5547f675db12a
Parents: bfcdbec
Author: Min Chen <mi...@citrix.com>
Authored: Wed Sep 17 15:34:12 2014 -0700
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Fri Mar 13 12:47:56 2015 +0530
----------------------------------------------------------------------
server/src/com/cloud/acl/AffinityGroupAccessChecker.java | 9 ++++++++-
server/src/com/cloud/network/NetworkModelImpl.java | 6 +++++-
2 files changed, 13 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0d36f2e4/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/acl/AffinityGroupAccessChecker.java b/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
index 7bcecf0..57f7b37 100644
--- a/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
+++ b/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
@@ -28,9 +28,11 @@ import org.apache.cloudstack.affinity.AffinityGroup;
import org.apache.cloudstack.affinity.AffinityGroupService;
import org.apache.cloudstack.affinity.dao.AffinityGroupDomainMapDao;
+import com.cloud.domain.DomainVO;
import com.cloud.exception.PermissionDeniedException;
import com.cloud.user.Account;
import com.cloud.user.AccountManager;
+import com.cloud.utils.exception.CloudRuntimeException;
@Component
@Local(value = SecurityChecker.class)
@@ -58,7 +60,12 @@ public class AffinityGroupAccessChecker extends DomainChecker {
if (group.getAclType() == ACLType.Domain) {
if (!_affinityGroupService.isAffinityGroupAvailableInDomain(group.getId(), caller.getDomainId())) {
- throw new PermissionDeniedException("Affinity group is not available in domain id=" + caller.getDomainId());
+ DomainVO callerDomain = _domainDao.findById(caller.getDomainId());
+ if (callerDomain == null) {
+ throw new CloudRuntimeException("cannot check permission on account " + caller.getAccountName() + " whose domain does not exist");
+ }
+
+ throw new PermissionDeniedException("Affinity group is not available in domain id=" + callerDomain.getUuid());
} else {
return true;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0d36f2e4/server/src/com/cloud/network/NetworkModelImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/NetworkModelImpl.java b/server/src/com/cloud/network/NetworkModelImpl.java
index 6088212..ff525e0 100755
--- a/server/src/com/cloud/network/NetworkModelImpl.java
+++ b/server/src/com/cloud/network/NetworkModelImpl.java
@@ -1592,8 +1592,12 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel {
} else {
if (!isNetworkAvailableInDomain(network.getId(), owner.getDomainId())) {
+ DomainVO ownerDomain = _domainDao.findById(owner.getDomainId());
+ if (ownerDomain == null) {
+ throw new CloudRuntimeException("cannot check permission on account " + owner.getAccountName() + " whose domain does not exist");
+ }
throw new PermissionDeniedException("Shared network id=" + ((NetworkVO)network).getUuid() + " is not available in domain id=" +
- owner.getDomainId());
+ ownerDomain.getUuid());
}
}
}