You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by al...@apache.org on 2014/01/16 20:12:10 UTC
git commit: updated refs/heads/4.3 to c375ec6
Updated Branches:
refs/heads/4.3 e2364cfca -> c375ec62e
CLOUDSTACK-4987: when addNic to vm, don't make account check if the vm belongs to ROOT admin
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/c375ec62
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/c375ec62
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/c375ec62
Branch: refs/heads/4.3
Commit: c375ec62e2bc48b17b4ebac5479c295ec89a5f9a
Parents: e2364cf
Author: Alena Prokharchyk <al...@citrix.com>
Authored: Thu Jan 16 10:58:40 2014 -0800
Committer: Alena Prokharchyk <al...@citrix.com>
Committed: Thu Jan 16 11:12:35 2014 -0800
----------------------------------------------------------------------
server/src/com/cloud/vm/UserVmManagerImpl.java | 31 +++++++++++++--------
1 file changed, 20 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c375ec62/server/src/com/cloud/vm/UserVmManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java
index 792cf77..a3dbcb7 100755
--- a/server/src/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/com/cloud/vm/UserVmManagerImpl.java
@@ -34,10 +34,6 @@ import javax.ejb.Local;
import javax.inject.Inject;
import javax.naming.ConfigurationException;
-import com.cloud.capacity.Capacity;
-import org.apache.commons.codec.binary.Base64;
-import org.apache.log4j.Logger;
-
import org.apache.cloudstack.acl.ControlledEntity.ACLType;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.affinity.AffinityGroupService;
@@ -83,6 +79,8 @@ import org.apache.cloudstack.managed.context.ManagedContextRunnable;
import org.apache.cloudstack.storage.datastore.db.PrimaryDataStoreDao;
import org.apache.cloudstack.storage.datastore.db.StoragePoolVO;
import org.apache.cloudstack.storage.to.TemplateObjectTO;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.log4j.Logger;
import com.cloud.agent.AgentManager;
import com.cloud.agent.api.Answer;
@@ -102,6 +100,7 @@ import com.cloud.alert.AlertManager;
import com.cloud.api.ApiDBUtils;
import com.cloud.api.query.dao.UserVmJoinDao;
import com.cloud.api.query.vo.UserVmJoinVO;
+import com.cloud.capacity.Capacity;
import com.cloud.capacity.CapacityManager;
import com.cloud.configuration.Config;
import com.cloud.configuration.ConfigurationManager;
@@ -125,6 +124,7 @@ import com.cloud.domain.dao.DomainDao;
import com.cloud.event.ActionEvent;
import com.cloud.event.EventTypes;
import com.cloud.event.UsageEventUtils;
+import com.cloud.event.UsageEventVO;
import com.cloud.event.dao.UsageEventDao;
import com.cloud.exception.AgentUnavailableException;
import com.cloud.exception.CloudException;
@@ -269,7 +269,6 @@ import com.cloud.vm.snapshot.VMSnapshot;
import com.cloud.vm.snapshot.VMSnapshotManager;
import com.cloud.vm.snapshot.VMSnapshotVO;
import com.cloud.vm.snapshot.dao.VMSnapshotDao;
-import com.cloud.event.UsageEventVO;
@Local(value = { UserVmManager.class, UserVmService.class })
public class UserVmManagerImpl extends ManagerBase implements UserVmManager, VirtualMachineGuru, UserVmService, Configurable {
@@ -987,10 +986,15 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir
if(network == null) {
throw new InvalidParameterValueException("unable to find a network with id " + networkId);
}
- if (!(network.getGuestType() == Network.GuestType.Shared && network.getAclType() == ACLType.Domain)
- && !(network.getAclType() == ACLType.Account && network.getAccountId() == vmInstance.getAccountId())) {
- throw new InvalidParameterValueException("only shared network or isolated network with the same account_id can be added to vmId: " + vmId);
+
+ Account vmOwner = _accountMgr.getAccount(vmInstance.getAccountId());
+ if (vmOwner.getType() != Account.ACCOUNT_TYPE_ADMIN) {
+ if (!(network.getGuestType() == Network.GuestType.Shared && network.getAclType() == ACLType.Domain)
+ && !(network.getAclType() == ACLType.Account && network.getAccountId() == vmInstance.getAccountId())) {
+ throw new InvalidParameterValueException("only shared network or isolated network with the same account_id can be added to vmId: " + vmId);
+ }
}
+
List<NicVO> allNics = _nicDao.listByVmId(vmInstance.getId());
for(NicVO nic : allNics){
if(nic.getNetworkId() == network.getId())
@@ -2794,10 +2798,15 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir
+ network.getId() + " doesn't belong to zone "
+ zone.getId());
}
- if (!(network.getGuestType() == Network.GuestType.Shared && network.getAclType() == ACLType.Domain)
- && !(network.getAclType() == ACLType.Account && network.getAccountId() == accountId)) {
- throw new InvalidParameterValueException("only shared network or isolated network with the same account_id can be added to vm");
+
+ Account vmOwner = _accountMgr.getAccount(accountId);
+ if (vmOwner.getType() != Account.ACCOUNT_TYPE_ADMIN) {
+ if (!(network.getGuestType() == Network.GuestType.Shared && network.getAclType() == ACLType.Domain)
+ && !(network.getAclType() == ACLType.Account && network.getAccountId() == accountId)) {
+ throw new InvalidParameterValueException("only shared network or isolated network with the same account_id can be added to vm");
+ }
}
+
IpAddresses requestedIpPair = null;
if (requestedIps != null && !requestedIps.isEmpty()) {
requestedIpPair = requestedIps.get(network.getId());