fix CLOUDSTACK-1894 User is not able to deploy VMs in a project[permission denied to access the guest network)
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/cbcb83b0 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/cbcb83b0 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/cbcb83b0 Branch: refs/heads/cisco-vnmc-api-integration Commit: cbcb83b086f4a87aa0703e18a03938b808ed044f Parents: 7fb63be Author: Mice Xia <mice_...@tcloudcomputing.com> Authored: Fri Apr 12 14:57:56 2013 +0800 Committer: Mice Xia <mice_...@tcloudcomputing.com> Committed: Fri Apr 12 15:39:36 2013 +0800 ---------------------------------------------------------------------- server/src/com/cloud/network/NetworkModelImpl.java | 21 ++++++++++++--- 1 files changed, 17 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/cbcb83b0/server/src/com/cloud/network/NetworkModelImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/NetworkModelImpl.java b/server/src/com/cloud/network/NetworkModelImpl.java old mode 100644 new mode 100755 index 4c13c91..b82f90c --- a/server/src/com/cloud/network/NetworkModelImpl.java +++ b/server/src/com/cloud/network/NetworkModelImpl.java @@ -88,7 +88,9 @@ import com.cloud.offerings.NetworkOfferingServiceMapVO; import com.cloud.offerings.NetworkOfferingVO; import com.cloud.offerings.dao.NetworkOfferingDao; import com.cloud.offerings.dao.NetworkOfferingServiceMapDao; +import com.cloud.projects.dao.ProjectAccountDao; import com.cloud.user.Account; +import com.cloud.user.AccountVO; import com.cloud.user.DomainManager; import com.cloud.user.dao.AccountDao; import com.cloud.utils.component.AdapterBase; @@ -178,7 +180,8 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel { UserIpv6AddressDao _ipv6Dao; @Inject NicSecondaryIpDao _nicSecondaryIpDao;; - + @Inject + private ProjectAccountDao _projectAccountDao; private final HashMap<String, NetworkOfferingVO> _systemNetworks = new HashMap<String, NetworkOfferingVO>(5); static Long _privateOfferingId = null; @@ -1472,10 +1475,20 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel { public void checkNetworkPermissions(Account owner, Network network) { // Perform account permission check if (network.getGuestType() != Network.GuestType.Shared) { - List<NetworkVO> networkMap = _networksDao.listBy(owner.getId(), network.getId()); - if (networkMap == null || networkMap.isEmpty()) { - throw new PermissionDeniedException("Unable to use network with id= " + network.getUuid() + ", permission denied"); + AccountVO networkOwner = _accountDao.findById(network.getAccountId()); + if(networkOwner == null) + throw new PermissionDeniedException("Unable to use network with id= " + network.getId() + ", network does not have an owner"); + if(owner.getType() != Account.ACCOUNT_TYPE_PROJECT && networkOwner.getType() == Account.ACCOUNT_TYPE_PROJECT){ + if(!_projectAccountDao.canAccessProjectAccount(owner.getAccountId(), network.getAccountId())){ + throw new PermissionDeniedException("Unable to use network with id= " + network.getId() + ", permission denied"); + } + }else{ + List<NetworkVO> networkMap = _networksDao.listBy(owner.getId(), network.getId()); + if (networkMap == null || networkMap.isEmpty()) { + throw new PermissionDeniedException("Unable to use network with id= " + network.getId() + ", permission denied"); + } } + } else { if (!isNetworkAvailableInDomain(network.getId(), owner.getDomainId())) { throw new PermissionDeniedException("Shared network id=" + network.getUuid() + " is not available in domain id=" + owner.getDomainId());
