DaanHoogland commented on code in PR #7153:
URL: https://github.com/apache/cloudstack/pull/7153#discussion_r1180042689
##########
server/src/main/java/com/cloud/api/ApiResponseHelper.java:
##########
@@ -2534,7 +2534,12 @@ public NetworkResponse
createNetworkResponse(ResponseView view, Network network)
if (network.getVpcId() != null) {
Vpc vpc = ApiDBUtils.findVpcById(network.getVpcId());
if (vpc != null) {
- response.setVpcId(vpc.getUuid());
+ try {
+
_accountMgr.checkAccess(CallContext.current().getCallingAccount(), null, false,
vpc);
+ response.setVpcId(vpc.getUuid());
+ } catch (PermissionDeniedException e){
+ s_logger.debug("Not setting the vpcId to the response
because the caller does not have access to the VPC");
+ }
Review Comment:
Can you extract this as a separate method?
##########
server/src/main/java/com/cloud/network/IpAddressManagerImpl.java:
##########
@@ -1476,7 +1476,8 @@ public IPAddressVO associateIPToGuestNetwork(long ipId,
long networkId, boolean
// - if shared network in Advanced zone
// - and it belongs to the system
if (network.getAccountId() != owner.getId()) {
- if (zone.getNetworkType() != NetworkType.Basic &&
!(zone.getNetworkType() == NetworkType.Advanced && network.getGuestType() ==
Network.GuestType.Shared)) {
+ if (zone.getNetworkType() != NetworkType.Basic &&
+ !(zone.getNetworkType() == NetworkType.Advanced &&
network.getGuestType() == Network.GuestType.Shared ||
network.getVpcId().equals(ipToAssoc.getVpcId()))) {
Review Comment:
So if `network.getVpcId().equals(ipToAssoc.getVpcId())` we should throw an
exception! Can you explain?
##########
server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java:
##########
@@ -1764,9 +1764,14 @@ public void doInTransactionWithoutResult(final
TransactionStatus status) {
}
}
- // 4) vpc and network should belong to the same owner
- if (vpc.getAccountId() != networkOwner.getId()) {
- throw new InvalidParameterValueException("Vpc " + vpc
+ " owner is different from the network owner " + networkOwner);
+ // 4) Vpc's account should be able to access network
owner's account
+ Account vpcaccount =
_accountMgr.getAccount(vpc.getAccountId());
+ try {
+ _accountMgr.checkAccess(vpcaccount, null, false,
networkOwner);
+ }
+ catch (PermissionDeniedException e) {
+ s_logger.error(e.getMessage());
+ throw new
InvalidParameterValueException(String.format("VPC owner does not have access to
account [%s].", networkOwner.getAccountName()));
Review Comment:
can you extract this as a method?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
