cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bfede...@apache.org
Subject [16/20] git commit: updated refs/heads/ui-vpc-redesign to 59a9984
Date Wed, 15 May 2013 17:19:21 GMT
CLOUDSTACK-2134 updated acl checks for aquiring nic secondary ip


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/36a312d4
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/36a312d4
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/36a312d4

Branch: refs/heads/ui-vpc-redesign
Commit: 36a312d4b24908cad107c2ae351c2c686890b995
Parents: f893aa8
Author: Jayapal <jayapalreddy.uradi@citrix.com>
Authored: Thu Apr 25 12:56:38 2013 +0530
Committer: Murali Reddy <muralimmreddy@gmail.com>
Committed: Wed May 15 18:08:15 2013 +0530

----------------------------------------------------------------------
 .../src/com/cloud/network/NetworkServiceImpl.java  |   49 ++++++++-------
 1 files changed, 27 insertions(+), 22 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/36a312d4/server/src/com/cloud/network/NetworkServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/NetworkServiceImpl.java b/server/src/com/cloud/network/NetworkServiceImpl.java
index d3ef320..5f51a30 100755
--- a/server/src/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/com/cloud/network/NetworkServiceImpl.java
@@ -610,18 +610,7 @@ public class NetworkServiceImpl extends ManagerBase implements  NetworkService
{
             throw new InvalidParameterValueException("Invalid network id is given");
         }
 
-        Network network = _networksDao.findById(networkId);
-        if (network == null) {
-            throw new InvalidParameterValueException("Invalid network id is given");
-        }
-        accountId = network.getAccountId();
-        domainId = network.getDomainId();
-
-        // Validate network offering
-        NetworkOfferingVO ntwkOff = _networkOfferingDao.findById(network.getNetworkOfferingId());
-
-        // verify permissions
-        _accountMgr.checkAccess(ipOwner, null, true, network);
+        Account caller = UserContext.current().getCaller();
 
         //check whether the nic belongs to user vm.
         NicVO nicVO = _nicDao.findById(nicId);
@@ -633,6 +622,25 @@ public class NetworkServiceImpl extends ManagerBase implements  NetworkService
{
             throw new InvalidParameterValueException("The nic is not belongs to user vm");
         }
 
+        Nic nic = _nicDao.findById(nicId);
+        VirtualMachine vm = _userVmDao.findById(nicVO.getInstanceId());
+        if (vm == null) {
+            throw new InvalidParameterValueException("There is no vm with the nic");
+        }
+        // verify permissions
+        _accountMgr.checkAccess(ipOwner, null, true, vm);
+
+
+        Network network = _networksDao.findById(networkId);
+        if (network == null) {
+            throw new InvalidParameterValueException("Invalid network id is given");
+        }
+        accountId = network.getAccountId();
+        domainId = network.getDomainId();
+
+        // Validate network offering
+        NetworkOfferingVO ntwkOff = _networkOfferingDao.findById(network.getNetworkOfferingId());
+
         DataCenter dc = _dcDao.findById(network.getDataCenterId());
         Long id = nicVO.getInstanceId();
 
@@ -649,14 +657,7 @@ public class NetworkServiceImpl extends ManagerBase implements  NetworkService
{
                 throw new InvalidParameterValueException("Allocating guest ip for nic failed");
             }
         } else if (dc.getNetworkType() == NetworkType.Basic || ntwkOff.getGuestType()  ==
Network.GuestType.Shared) {
-            Account caller = UserContext.current().getCaller();
-            long callerUserId = UserContext.current().getCallerUserId();
-            _accountMgr.checkAccess(caller, SecurityChecker.AccessType.UseNetwork, false,
network);
             //handle the basic networks here
-            VirtualMachine vm = _userVmDao.findById(nicVO.getInstanceId());
-            if (vm == null) {
-                throw new InvalidParameterValueException("There is no vm with the nic");
-            }
             VMInstanceVO vmi = (VMInstanceVO)vm;
             Long podId = vmi.getPodIdToDeployIn();
             if (podId == null) {
@@ -718,6 +719,13 @@ public class NetworkServiceImpl extends ManagerBase implements  NetworkService
{
             throw new InvalidParameterValueException("Unable to find ip address by id");
         }
 
+        VirtualMachine vm = _userVmDao.findById(secIpVO.getVmId());
+        if (vm == null) {
+            throw new InvalidParameterValueException("There is no vm with the nic");
+        }
+        // verify permissions
+        _accountMgr.checkAccess(caller, null, true, vm);
+
         Network network = _networksDao.findById(secIpVO.getNetworkId());
 
         if (network == null) {
@@ -727,9 +735,6 @@ public class NetworkServiceImpl extends ManagerBase implements  NetworkService
{
         // Validate network offering
         NetworkOfferingVO ntwkOff = _networkOfferingDao.findById(network.getNetworkOfferingId());
 
-        // verify permissions
-        _accountMgr.checkAccess(caller, null, true, network);
-
         Long nicId = secIpVO.getNicId();
         s_logger.debug("ip id = " + ipAddressId + " nic id = " + nicId);
         //check is this the last secondary ip for NIC


Mime
View raw message