You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cloudstack.apache.org by ki...@apache.org on 2013/12/16 13:41:31 UTC

[1/2] git commit: updated refs/heads/4.3 to e2805b8

Updated Branches:
  refs/heads/4.3 6b7ea7f90 -> e2805b802
  refs/heads/master 7cac5aa9f -> 3a3fec3cb


CLOUDSTACK-5145 : Added permission checks while deleting network ACLs


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/e2805b80
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/e2805b80
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/e2805b80

Branch: refs/heads/4.3
Commit: e2805b802cb7eb82bf885199e0bd289bcb599167
Parents: 6b7ea7f
Author: Kishan Kavala <ki...@cloud.com>
Authored: Mon Dec 16 17:50:08 2013 +0530
Committer: Kishan Kavala <ki...@cloud.com>
Committed: Mon Dec 16 17:50:08 2013 +0530

----------------------------------------------------------------------
 server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java | 8 ++++++++
 1 file changed, 8 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e2805b80/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java b/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
index e91af57..6677338 100644
--- a/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
@@ -582,6 +582,14 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ
     public boolean revokeNetworkACLItem(long ruleId) {
         NetworkACLItemVO aclItem = _networkACLItemDao.findById(ruleId);
         if(aclItem != null){
+            NetworkACL acl = _networkAclMgr.getNetworkACL(aclItem.getAclId());
+
+            Vpc vpc = _entityMgr.findById(Vpc.class, acl.getVpcId());
+
+            Account caller = CallContext.current().getCallingAccount();
+
+            _accountMgr.checkAccess(caller, null, true, vpc);
+
             if((aclItem.getAclId() == NetworkACL.DEFAULT_ALLOW) || (aclItem.getAclId() == NetworkACL.DEFAULT_DENY)){
                 throw new InvalidParameterValueException("ACL Items in default ACL cannot be deleted");
             }

[2/2] git commit: updated refs/heads/master to 3a3fec3

Posted by ki...@apache.org.

CLOUDSTACK-5145 : Added permission checks while deleting network ACLs

Conflicts:
	server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/3a3fec3c
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/3a3fec3c
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/3a3fec3c

Branch: refs/heads/master
Commit: 3a3fec3cb6bb4f9a008370ea02279d286654b01a
Parents: 7cac5aa
Author: Kishan Kavala <ki...@cloud.com>
Authored: Mon Dec 16 17:50:08 2013 +0530
Committer: Kishan Kavala <ki...@cloud.com>
Committed: Mon Dec 16 18:02:43 2013 +0530

----------------------------------------------------------------------
 .../com/cloud/network/vpc/NetworkACLServiceImpl.java   | 13 +++++++++++++
 1 file changed, 13 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/3a3fec3c/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java b/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
index fbcd461..f316999 100644
--- a/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
+++ b/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java
@@ -579,8 +579,21 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ
     @Override
     public boolean revokeNetworkACLItem(long ruleId) {
         NetworkACLItemVO aclItem = _networkACLItemDao.findById(ruleId);
+<<<<<<< HEAD
         if (aclItem != null) {
             if ((aclItem.getAclId() == NetworkACL.DEFAULT_ALLOW) || (aclItem.getAclId() == NetworkACL.DEFAULT_DENY)) {
+=======
+        if(aclItem != null){
+            NetworkACL acl = _networkAclMgr.getNetworkACL(aclItem.getAclId());
+
+            Vpc vpc = _entityMgr.findById(Vpc.class, acl.getVpcId());
+
+            Account caller = CallContext.current().getCallingAccount();
+
+            _accountMgr.checkAccess(caller, null, true, vpc);
+
+            if((aclItem.getAclId() == NetworkACL.DEFAULT_ALLOW) || (aclItem.getAclId() == NetworkACL.DEFAULT_DENY)){
+>>>>>>> e2805b8... CLOUDSTACK-5145 : Added permission checks while deleting network ACLs
                 throw new InvalidParameterValueException("ACL Items in default ACL cannot be deleted");
             }
         }