You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by li...@apache.org on 2013/07/11 10:25:57 UTC

git commit: updated refs/heads/master to 47de56d

Updated Branches:
  refs/heads/master 33376f145 -> 47de56d66


CLOUDSTACK-3447. CLOUDSTACK-3448.
Correct the access check on networks in APIs addNicToVM and removeNicFromVM


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/47de56d6
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/47de56d6
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/47de56d6

Branch: refs/heads/master
Commit: 47de56d665243eb648f10cac5c806e095e03ef75
Parents: 33376f1
Author: Likitha Shetty <li...@citrix.com>
Authored: Thu Jul 11 13:46:25 2013 +0530
Committer: Likitha Shetty <li...@citrix.com>
Committed: Thu Jul 11 13:50:11 2013 +0530

----------------------------------------------------------------------
 server/src/com/cloud/vm/UserVmManagerImpl.java | 16 ++--------------
 1 file changed, 2 insertions(+), 14 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/47de56d6/server/src/com/cloud/vm/UserVmManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java
index 53b4b6e..f95123e 100755
--- a/server/src/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/com/cloud/vm/UserVmManagerImpl.java
@@ -863,13 +863,7 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Use
         }
 
         // Perform account permission check on network
-        if (network.getGuestType() != Network.GuestType.Shared) {
-            // Check account permissions
-            List<NetworkVO> networkMap = _networkDao.listBy(caller.getId(), network.getId());
-            if ((networkMap == null || networkMap.isEmpty() ) && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
-                throw new PermissionDeniedException("Unable to modify a vm using network with id " + network.getId() + ", permission denied");
-            }
-        }
+        _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network);
 
         //ensure network belongs in zone
         if (network.getDataCenterId() != vmInstance.getDataCenterId()) {
@@ -940,13 +934,7 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Use
         }
 
         // Perform account permission check on network
-        if (network.getGuestType() != Network.GuestType.Shared) {
-            // Check account permissions
-            List<NetworkVO> networkMap = _networkDao.listBy(caller.getId(), network.getId());
-            if ((networkMap == null || networkMap.isEmpty() ) && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
-                throw new PermissionDeniedException("Unable to modify a vm using network with id " + network.getId() + ", permission denied");
-            }
-        }
+        _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network);
 
         boolean nicremoved = false;