Return-Path: X-Original-To: apmail-cloudstack-commits-archive@www.apache.org Delivered-To: apmail-cloudstack-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 19A0CDBFD for ; Thu, 16 May 2013 18:21:47 +0000 (UTC) Received: (qmail 58721 invoked by uid 500); 16 May 2013 18:21:31 -0000 Delivered-To: apmail-cloudstack-commits-archive@cloudstack.apache.org Received: (qmail 58682 invoked by uid 500); 16 May 2013 18:21:31 -0000 Mailing-List: contact commits-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list commits@cloudstack.apache.org Received: (qmail 58574 invoked by uid 99); 16 May 2013 18:21:31 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 May 2013 18:21:31 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 4D6A114F8F; Thu, 16 May 2013 18:21:31 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: prachidamle@apache.org To: commits@cloudstack.apache.org Date: Thu, 16 May 2013 18:22:21 -0000 Message-Id: In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [56/68] [abbrv] git commit: updated refs/heads/planner_reserve to ed8ff40 CLOUDSTACK-2134 updated acl checks for aquiring nic secondary ip Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/36a312d4 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/36a312d4 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/36a312d4 Branch: refs/heads/planner_reserve Commit: 36a312d4b24908cad107c2ae351c2c686890b995 Parents: f893aa8 Author: Jayapal Authored: Thu Apr 25 12:56:38 2013 +0530 Committer: Murali Reddy Committed: Wed May 15 18:08:15 2013 +0530 ---------------------------------------------------------------------- .../src/com/cloud/network/NetworkServiceImpl.java | 49 ++++++++------- 1 files changed, 27 insertions(+), 22 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/36a312d4/server/src/com/cloud/network/NetworkServiceImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/NetworkServiceImpl.java b/server/src/com/cloud/network/NetworkServiceImpl.java index d3ef320..5f51a30 100755 --- a/server/src/com/cloud/network/NetworkServiceImpl.java +++ b/server/src/com/cloud/network/NetworkServiceImpl.java @@ -610,18 +610,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService { throw new InvalidParameterValueException("Invalid network id is given"); } - Network network = _networksDao.findById(networkId); - if (network == null) { - throw new InvalidParameterValueException("Invalid network id is given"); - } - accountId = network.getAccountId(); - domainId = network.getDomainId(); - - // Validate network offering - NetworkOfferingVO ntwkOff = _networkOfferingDao.findById(network.getNetworkOfferingId()); - - // verify permissions - _accountMgr.checkAccess(ipOwner, null, true, network); + Account caller = UserContext.current().getCaller(); //check whether the nic belongs to user vm. NicVO nicVO = _nicDao.findById(nicId); @@ -633,6 +622,25 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService { throw new InvalidParameterValueException("The nic is not belongs to user vm"); } + Nic nic = _nicDao.findById(nicId); + VirtualMachine vm = _userVmDao.findById(nicVO.getInstanceId()); + if (vm == null) { + throw new InvalidParameterValueException("There is no vm with the nic"); + } + // verify permissions + _accountMgr.checkAccess(ipOwner, null, true, vm); + + + Network network = _networksDao.findById(networkId); + if (network == null) { + throw new InvalidParameterValueException("Invalid network id is given"); + } + accountId = network.getAccountId(); + domainId = network.getDomainId(); + + // Validate network offering + NetworkOfferingVO ntwkOff = _networkOfferingDao.findById(network.getNetworkOfferingId()); + DataCenter dc = _dcDao.findById(network.getDataCenterId()); Long id = nicVO.getInstanceId(); @@ -649,14 +657,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService { throw new InvalidParameterValueException("Allocating guest ip for nic failed"); } } else if (dc.getNetworkType() == NetworkType.Basic || ntwkOff.getGuestType() == Network.GuestType.Shared) { - Account caller = UserContext.current().getCaller(); - long callerUserId = UserContext.current().getCallerUserId(); - _accountMgr.checkAccess(caller, SecurityChecker.AccessType.UseNetwork, false, network); //handle the basic networks here - VirtualMachine vm = _userVmDao.findById(nicVO.getInstanceId()); - if (vm == null) { - throw new InvalidParameterValueException("There is no vm with the nic"); - } VMInstanceVO vmi = (VMInstanceVO)vm; Long podId = vmi.getPodIdToDeployIn(); if (podId == null) { @@ -718,6 +719,13 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService { throw new InvalidParameterValueException("Unable to find ip address by id"); } + VirtualMachine vm = _userVmDao.findById(secIpVO.getVmId()); + if (vm == null) { + throw new InvalidParameterValueException("There is no vm with the nic"); + } + // verify permissions + _accountMgr.checkAccess(caller, null, true, vm); + Network network = _networksDao.findById(secIpVO.getNetworkId()); if (network == null) { @@ -727,9 +735,6 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService { // Validate network offering NetworkOfferingVO ntwkOff = _networkOfferingDao.findById(network.getNetworkOfferingId()); - // verify permissions - _accountMgr.checkAccess(caller, null, true, network); - Long nicId = secIpVO.getNicId(); s_logger.debug("ip id = " + ipAddressId + " nic id = " + nicId); //check is this the last secondary ip for NIC