You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by mi...@apache.org on 2013/04/12 09:44:10 UTC
git commit: updated refs/heads/master to cbcb83b
Updated Branches:
refs/heads/master 7fb63be6e -> cbcb83b08
fix CLOUDSTACK-1894 User is not able to deploy VMs in a project[permission denied to access the guest network)
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/cbcb83b0
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/cbcb83b0
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/cbcb83b0
Branch: refs/heads/master
Commit: cbcb83b086f4a87aa0703e18a03938b808ed044f
Parents: 7fb63be
Author: Mice Xia <mi...@tcloudcomputing.com>
Authored: Fri Apr 12 14:57:56 2013 +0800
Committer: Mice Xia <mi...@tcloudcomputing.com>
Committed: Fri Apr 12 15:39:36 2013 +0800
----------------------------------------------------------------------
server/src/com/cloud/network/NetworkModelImpl.java | 21 ++++++++++++---
1 files changed, 17 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/cbcb83b0/server/src/com/cloud/network/NetworkModelImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/NetworkModelImpl.java b/server/src/com/cloud/network/NetworkModelImpl.java
old mode 100644
new mode 100755
index 4c13c91..b82f90c
--- a/server/src/com/cloud/network/NetworkModelImpl.java
+++ b/server/src/com/cloud/network/NetworkModelImpl.java
@@ -88,7 +88,9 @@ import com.cloud.offerings.NetworkOfferingServiceMapVO;
import com.cloud.offerings.NetworkOfferingVO;
import com.cloud.offerings.dao.NetworkOfferingDao;
import com.cloud.offerings.dao.NetworkOfferingServiceMapDao;
+import com.cloud.projects.dao.ProjectAccountDao;
import com.cloud.user.Account;
+import com.cloud.user.AccountVO;
import com.cloud.user.DomainManager;
import com.cloud.user.dao.AccountDao;
import com.cloud.utils.component.AdapterBase;
@@ -178,7 +180,8 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel {
UserIpv6AddressDao _ipv6Dao;
@Inject
NicSecondaryIpDao _nicSecondaryIpDao;;
-
+ @Inject
+ private ProjectAccountDao _projectAccountDao;
private final HashMap<String, NetworkOfferingVO> _systemNetworks = new HashMap<String, NetworkOfferingVO>(5);
static Long _privateOfferingId = null;
@@ -1472,10 +1475,20 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel {
public void checkNetworkPermissions(Account owner, Network network) {
// Perform account permission check
if (network.getGuestType() != Network.GuestType.Shared) {
- List<NetworkVO> networkMap = _networksDao.listBy(owner.getId(), network.getId());
- if (networkMap == null || networkMap.isEmpty()) {
- throw new PermissionDeniedException("Unable to use network with id= " + network.getUuid() + ", permission denied");
+ AccountVO networkOwner = _accountDao.findById(network.getAccountId());
+ if(networkOwner == null)
+ throw new PermissionDeniedException("Unable to use network with id= " + network.getId() + ", network does not have an owner");
+ if(owner.getType() != Account.ACCOUNT_TYPE_PROJECT && networkOwner.getType() == Account.ACCOUNT_TYPE_PROJECT){
+ if(!_projectAccountDao.canAccessProjectAccount(owner.getAccountId(), network.getAccountId())){
+ throw new PermissionDeniedException("Unable to use network with id= " + network.getId() + ", permission denied");
+ }
+ }else{
+ List<NetworkVO> networkMap = _networksDao.listBy(owner.getId(), network.getId());
+ if (networkMap == null || networkMap.isEmpty()) {
+ throw new PermissionDeniedException("Unable to use network with id= " + network.getId() + ", permission denied");
+ }
}
+
} else {
if (!isNetworkAvailableInDomain(network.getId(), owner.getDomainId())) {
throw new PermissionDeniedException("Shared network id=" + network.getUuid() + " is not available in domain id=" + owner.getDomainId());