cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chipchild...@apache.org
Subject [1/2] git commit: updated refs/heads/4.1 to 9b15a47
Date Wed, 17 Apr 2013 17:29:19 GMT
Updated Branches:
  refs/heads/4.1 2c501d196 -> 9b15a4719


Fix CLOUDSTACK-1894 User is not able to deploy VMs in a project[permission denied to access
the guest network)

Signed-off-by: Mice Xia <mice_xia@tcloudcomputing.com>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/abbe8ce7
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/abbe8ce7
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/abbe8ce7

Branch: refs/heads/4.1
Commit: abbe8ce71fdd96220bc0c7abfb08f7ea00fcb1d0
Parents: 2c501d1
Author: Mice Xia <mice_xia@tcloudcomputing.com>
Authored: Tue Apr 16 09:39:22 2013 +0800
Committer: Chip Childers <chip.childers@gmail.com>
Committed: Wed Apr 17 18:22:27 2013 +0100

----------------------------------------------------------------------
 server/src/com/cloud/network/NetworkModelImpl.java |   20 ++++++++++++---
 1 files changed, 16 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/abbe8ce7/server/src/com/cloud/network/NetworkModelImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/NetworkModelImpl.java b/server/src/com/cloud/network/NetworkModelImpl.java
old mode 100644
new mode 100755
index d39214a..018f1dc
--- a/server/src/com/cloud/network/NetworkModelImpl.java
+++ b/server/src/com/cloud/network/NetworkModelImpl.java
@@ -88,7 +88,9 @@ import com.cloud.offerings.NetworkOfferingServiceMapVO;
 import com.cloud.offerings.NetworkOfferingVO;
 import com.cloud.offerings.dao.NetworkOfferingDao;
 import com.cloud.offerings.dao.NetworkOfferingServiceMapDao;
+import com.cloud.projects.dao.ProjectAccountDao;
 import com.cloud.user.Account;
+import com.cloud.user.AccountVO;
 import com.cloud.user.DomainManager;
 import com.cloud.user.dao.AccountDao;
 import com.cloud.utils.component.AdapterBase;
@@ -177,7 +179,8 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel
{
     PrivateIpDao _privateIpDao;
     @Inject
     UserIpv6AddressDao _ipv6Dao;
-
+    @Inject
+    private ProjectAccountDao _projectAccountDao;
 
     private final HashMap<String, NetworkOfferingVO> _systemNetworks = new HashMap<String,
NetworkOfferingVO>(5);
     static Long _privateOfferingId = null;
@@ -1461,9 +1464,18 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel
{
     public void checkNetworkPermissions(Account owner, Network network) {
         // Perform account permission check
         if (network.getGuestType() != Network.GuestType.Shared) {
-            List<NetworkVO> networkMap = _networksDao.listBy(owner.getId(), network.getId());
-            if (networkMap == null || networkMap.isEmpty()) {
-                throw new PermissionDeniedException("Unable to use network with id= " + network.getId()
+ ", permission denied");
+            AccountVO networkOwner = _accountDao.findById(network.getAccountId());
+            if(networkOwner == null)
+                throw new PermissionDeniedException("Unable to use network with id= " + network.getId()
+ ", network does not have an owner");
+            if(owner.getType() != Account.ACCOUNT_TYPE_PROJECT && networkOwner.getType()
== Account.ACCOUNT_TYPE_PROJECT){
+                if(!_projectAccountDao.canAccessProjectAccount(owner.getAccountId(), network.getAccountId())){
+                    throw new PermissionDeniedException("Unable to use network with id= "
+ network.getId() + ", permission denied");
+                }
+            }else{
+                List<NetworkVO> networkMap = _networksDao.listBy(owner.getId(), network.getId());
+                if (networkMap == null || networkMap.isEmpty()) {
+                    throw new PermissionDeniedException("Unable to use network with id= "
+ network.getId() + ", permission denied");
+                }
             }
         } else {
             if (!isNetworkAvailableInDomain(network.getId(), owner.getDomainId())) {


Mime
View raw message