cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From prachida...@apache.org
Subject [2/2] git commit: updated refs/heads/rbac to aba5435
Date Tue, 24 Sep 2013 23:54:52 GMT
Account_Type Refactoring for Root Admin Role

- change the AccountService::isRootAdmin(short) to  isRootAdmin(long accountId);
- Change all callers
- Change all places that check the account.getType() directly to call the AccountManagerImpl.


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/aba54356
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/aba54356
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/aba54356

Branch: refs/heads/rbac
Commit: aba54356d58fcc217b804f51d21e5af69a6b106f
Parents: ddae23c
Author: Prachi Damle <prachi@cloud.com>
Authored: Tue Sep 24 15:30:31 2013 -0700
Committer: Prachi Damle <prachi@cloud.com>
Committed: Tue Sep 24 15:31:09 2013 -0700

----------------------------------------------------------------------
 api/src/com/cloud/user/Account.java             |  7 ------
 api/src/com/cloud/user/AccountService.java      |  2 +-
 .../com/cloud/user/ResourceLimitService.java    |  2 +-
 api/src/org/apache/cloudstack/api/BaseCmd.java  | 10 ---------
 .../BaseListTemplateOrIsoPermissionsCmd.java    |  2 +-
 .../api/command/admin/user/CreateUserCmd.java   |  2 +-
 .../affinitygroup/CreateAffinityGroupCmd.java   |  2 +-
 .../affinitygroup/DeleteAffinityGroupCmd.java   |  2 +-
 .../api/command/user/iso/ListIsosCmd.java       |  8 ++-----
 .../user/resource/UpdateResourceCountCmd.java   |  2 +-
 .../securitygroup/CreateSecurityGroupCmd.java   |  2 +-
 .../command/user/ssh/DeleteSSHKeyPairCmd.java   |  2 +-
 .../command/user/template/ListTemplatesCmd.java |  9 ++------
 .../ratelimit/ApiRateLimitServiceImpl.java      |  2 +-
 .../cloudstack/ratelimit/ApiRateLimitTest.java  |  2 +-
 .../cloud/acl/AffinityGroupAccessChecker.java   |  2 +-
 server/src/com/cloud/acl/DomainChecker.java     | 13 ++++++-----
 server/src/com/cloud/api/ApiDBUtils.java        |  4 ++--
 server/src/com/cloud/api/ApiResponseHelper.java |  5 +++--
 server/src/com/cloud/api/ApiServer.java         |  8 +++----
 .../com/cloud/api/query/QueryManagerImpl.java   |  8 +++----
 .../cloud/api/query/dao/AccountJoinDaoImpl.java | 10 ++++++---
 .../api/query/dao/DataCenterJoinDaoImpl.java    |  6 ++++-
 .../api/query/dao/DomainRouterJoinDaoImpl.java  |  5 ++++-
 .../api/query/dao/TemplateJoinDaoImpl.java      |  7 ++++--
 .../cloud/api/query/dao/UserVmJoinDaoImpl.java  |  6 +++--
 .../cloud/api/query/dao/VolumeJoinDaoImpl.java  |  9 ++++++--
 .../configuration/ConfigurationManagerImpl.java |  4 ++--
 .../deploy/DeploymentPlanningManagerImpl.java   |  2 +-
 .../src/com/cloud/deploy/FirstFitPlanner.java   |  2 +-
 .../com/cloud/network/IpAddressManagerImpl.java |  2 +-
 .../com/cloud/network/NetworkServiceImpl.java   | 12 +++++-----
 .../network/firewall/FirewallManagerImpl.java   |  2 +-
 .../com/cloud/network/vpc/VpcManagerImpl.java   |  2 +-
 .../com/cloud/projects/ProjectManagerImpl.java  |  4 ++--
 .../com/cloud/resource/ResourceManagerImpl.java |  4 ++--
 .../resourcelimit/ResourceLimitManagerImpl.java | 13 ++++++-----
 .../com/cloud/server/ManagementServerImpl.java  | 13 +++--------
 .../com/cloud/servlet/ConsoleProxyServlet.java  |  2 +-
 .../com/cloud/storage/StorageManagerImpl.java   |  7 +++---
 .../com/cloud/storage/VolumeApiServiceImpl.java | 12 +++++-----
 .../storage/snapshot/SnapshotManagerImpl.java   |  2 +-
 .../com/cloud/template/TemplateAdapterBase.java | 15 ++++---------
 .../com/cloud/template/TemplateManagerImpl.java | 23 ++++++++------------
 .../src/com/cloud/usage/UsageServiceImpl.java   |  5 ++++-
 .../src/com/cloud/user/AccountManagerImpl.java  | 17 +++++++++------
 .../src/com/cloud/user/DomainManagerImpl.java   |  2 +-
 server/src/com/cloud/vm/UserVmManagerImpl.java  | 20 ++++++++---------
 .../affinity/AffinityGroupServiceImpl.java      |  6 ++---
 .../com/cloud/user/MockAccountManagerImpl.java  |  2 +-
 50 files changed, 150 insertions(+), 162 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/api/src/com/cloud/user/Account.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/user/Account.java b/api/src/com/cloud/user/Account.java
index 940a0eb..a558cfb 100755
--- a/api/src/com/cloud/user/Account.java
+++ b/api/src/com/cloud/user/Account.java
@@ -24,13 +24,6 @@ import org.apache.cloudstack.api.InternalIdentity;
 
 
 public interface Account extends ControlledEntity, InternalIdentity, Identity {
-    public enum Type {
-        Normal,
-        Admin,
-        DomainAdmin,
-        CustomerCare,
-        Project
-    }
 
     public enum State {
         disabled,

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/api/src/com/cloud/user/AccountService.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/user/AccountService.java b/api/src/com/cloud/user/AccountService.java
index 8153a3f..2101d1e 100755
--- a/api/src/com/cloud/user/AccountService.java
+++ b/api/src/com/cloud/user/AccountService.java
@@ -86,7 +86,7 @@ public interface AccountService {
 
     User getUserIncludingRemoved(long userId);
 
-    boolean isRootAdmin(short accountType);
+    boolean isRootAdmin(long accountId);
 
     User getActiveUserByRegistrationToken(String registrationToken);
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/api/src/com/cloud/user/ResourceLimitService.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/user/ResourceLimitService.java b/api/src/com/cloud/user/ResourceLimitService.java
index bec65d5..b36f053 100644
--- a/api/src/com/cloud/user/ResourceLimitService.java
+++ b/api/src/com/cloud/user/ResourceLimitService.java
@@ -88,7 +88,7 @@ public interface ResourceLimitService {
      * @param type
      * @return
      */
-    public long findCorrectResourceLimitForAccount(short accountType, Long limit, ResourceType type);
+    public long findCorrectResourceLimitForAccount(long accountId, Long limit, ResourceType type);
 
     /**
      * Finds the resource limit for a specified domain and type. If the domain has an infinite limit, will check

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/api/src/org/apache/cloudstack/api/BaseCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/BaseCmd.java b/api/src/org/apache/cloudstack/api/BaseCmd.java
index 781b692..d90fe7c 100644
--- a/api/src/org/apache/cloudstack/api/BaseCmd.java
+++ b/api/src/org/apache/cloudstack/api/BaseCmd.java
@@ -473,16 +473,6 @@ public abstract class BaseCmd {
         return 0;
     }
 
-    public static boolean isAdmin(short accountType) {
-        return ((accountType == Account.ACCOUNT_TYPE_ADMIN) ||
-                (accountType == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) ||
-                (accountType == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) || (accountType == Account.ACCOUNT_TYPE_READ_ONLY_ADMIN));
-    }
-
-    public static boolean isRootAdmin(short accountType) {
-        return ((accountType == Account.ACCOUNT_TYPE_ADMIN));
-    }
-
     public void setFullUrlParams(Map<String, String> map) {
         this.fullUrlParams = map;
     }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/api/src/org/apache/cloudstack/api/BaseListTemplateOrIsoPermissionsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/BaseListTemplateOrIsoPermissionsCmd.java b/api/src/org/apache/cloudstack/api/BaseListTemplateOrIsoPermissionsCmd.java
index 88732ae..caac284 100644
--- a/api/src/org/apache/cloudstack/api/BaseListTemplateOrIsoPermissionsCmd.java
+++ b/api/src/org/apache/cloudstack/api/BaseListTemplateOrIsoPermissionsCmd.java
@@ -81,7 +81,7 @@ public class BaseListTemplateOrIsoPermissionsCmd extends BaseCmd {
         List<String> accountNames = _templateService.listTemplatePermissions(this);
 
         Account account = CallContext.current().getCallingAccount();
-        boolean isAdmin = (isAdmin(account.getType()));
+        boolean isAdmin = (_accountService.isAdmin(account.getType()));
 
         TemplatePermissionsResponse response = _responseGenerator.createTemplatePermissionsResponse(accountNames, id, isAdmin);
         response.setResponseName(getCommandName());

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/api/src/org/apache/cloudstack/api/command/admin/user/CreateUserCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/user/CreateUserCmd.java b/api/src/org/apache/cloudstack/api/command/admin/user/CreateUserCmd.java
index 378d636..ee88c0c 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/user/CreateUserCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/user/CreateUserCmd.java
@@ -121,7 +121,7 @@ public class CreateUserCmd extends BaseCmd {
     @Override
     public long getEntityOwnerId() {
         Account account = CallContext.current().getCallingAccount();
-        if ((account == null) || isAdmin(account.getType())) {
+        if ((account == null) || _accountService.isAdmin(account.getType())) {
             if ((domainId != null) && (accountName != null)) {
                 Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
                 if (userAccount != null) {

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/api/src/org/apache/cloudstack/api/command/user/affinitygroup/CreateAffinityGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/affinitygroup/CreateAffinityGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/affinitygroup/CreateAffinityGroupCmd.java
index 59b9f17..2723539 100644
--- a/api/src/org/apache/cloudstack/api/command/user/affinitygroup/CreateAffinityGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/affinitygroup/CreateAffinityGroupCmd.java
@@ -96,7 +96,7 @@ public class CreateAffinityGroupCmd extends BaseAsyncCreateCmd {
     @Override
     public long getEntityOwnerId() {
         Account account = CallContext.current().getCallingAccount();
-        if ((account == null) || isAdmin(account.getType())) {
+        if ((account == null) || _accountService.isAdmin(account.getType())) {
             if ((domainId != null) && (accountName != null)) {
                 Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
                 if (userAccount != null) {

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/api/src/org/apache/cloudstack/api/command/user/affinitygroup/DeleteAffinityGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/affinitygroup/DeleteAffinityGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/affinitygroup/DeleteAffinityGroupCmd.java
index 0fa8b2b..df9626a 100644
--- a/api/src/org/apache/cloudstack/api/command/user/affinitygroup/DeleteAffinityGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/affinitygroup/DeleteAffinityGroupCmd.java
@@ -102,7 +102,7 @@ public class DeleteAffinityGroupCmd extends BaseAsyncCmd {
     @Override
     public long getEntityOwnerId() {
         Account account = CallContext.current().getCallingAccount();
-        if ((account == null) || isAdmin(account.getType())) {
+        if ((account == null) || _accountService.isAdmin(account.getType())) {
             if ((domainId != null) && (accountName != null)) {
                 Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
                 if (userAccount != null) {

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/api/src/org/apache/cloudstack/api/command/user/iso/ListIsosCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/iso/ListIsosCmd.java b/api/src/org/apache/cloudstack/api/command/user/iso/ListIsosCmd.java
index c3f558b..a1fece5 100644
--- a/api/src/org/apache/cloudstack/api/command/user/iso/ListIsosCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/iso/ListIsosCmd.java
@@ -16,10 +16,6 @@
 // under the License.
 package org.apache.cloudstack.api.command.user.iso;
 
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Set;
-
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiCommandJobType;
 import org.apache.cloudstack.api.ApiConstants;
@@ -34,7 +30,6 @@ import org.apache.log4j.Logger;
 
 import com.cloud.template.VirtualMachineTemplate.TemplateFilter;
 import com.cloud.user.Account;
-import com.cloud.utils.Pair;
 
 @APICommand(name = "listIsos", description="Lists all available ISO files.", responseObject=TemplateResponse.class)
 public class ListIsosCmd extends BaseListTaggedResourcesCmd {
@@ -119,7 +114,8 @@ public class ListIsosCmd extends BaseListTaggedResourcesCmd {
     public boolean listInReadyState() {
         Account account = CallContext.current().getCallingAccount();
         // It is account specific if account is admin type and domainId and accountName are not null
-        boolean isAccountSpecific = (account == null || isAdmin(account.getType())) && (getAccountName() != null) && (getDomainId() != null);
+        boolean isAccountSpecific = (account == null || _accountService.isAdmin(account.getType()))
+                && (getAccountName() != null) && (getDomainId() != null);
         // Show only those that are downloaded.
         TemplateFilter templateFilter = TemplateFilter.valueOf(getIsoFilter());
         boolean onlyReady = (templateFilter == TemplateFilter.featured) || (templateFilter == TemplateFilter.selfexecutable) || (templateFilter == TemplateFilter.sharedexecutable)

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/api/src/org/apache/cloudstack/api/command/user/resource/UpdateResourceCountCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/resource/UpdateResourceCountCmd.java b/api/src/org/apache/cloudstack/api/command/user/resource/UpdateResourceCountCmd.java
index 9c726d1..a21a1f0 100644
--- a/api/src/org/apache/cloudstack/api/command/user/resource/UpdateResourceCountCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/resource/UpdateResourceCountCmd.java
@@ -101,7 +101,7 @@ public class UpdateResourceCountCmd extends BaseCmd {
     @Override
     public long getEntityOwnerId() {
         Account account = CallContext.current().getCallingAccount();
-        if ((account == null) || isAdmin(account.getType())) {
+        if ((account == null) || _accountService.isAdmin(account.getType())) {
             if ((domainId != null) && (accountName != null)) {
                 Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
                 if (userAccount != null) {

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/api/src/org/apache/cloudstack/api/command/user/securitygroup/CreateSecurityGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/securitygroup/CreateSecurityGroupCmd.java b/api/src/org/apache/cloudstack/api/command/user/securitygroup/CreateSecurityGroupCmd.java
index 2d7396e..d1658b4 100644
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/CreateSecurityGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/CreateSecurityGroupCmd.java
@@ -93,7 +93,7 @@ public class CreateSecurityGroupCmd extends BaseCmd {
     @Override
     public long getEntityOwnerId() {
         Account account = CallContext.current().getCallingAccount();
-        if ((account == null) || isAdmin(account.getType())) {
+        if ((account == null) || _accountService.isAdmin(account.getType())) {
             if ((domainId != null) && (accountName != null)) {
                 Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
                 if (userAccount != null) {

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/api/src/org/apache/cloudstack/api/command/user/ssh/DeleteSSHKeyPairCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/ssh/DeleteSSHKeyPairCmd.java b/api/src/org/apache/cloudstack/api/command/user/ssh/DeleteSSHKeyPairCmd.java
index eb2d237..0b3999f 100644
--- a/api/src/org/apache/cloudstack/api/command/user/ssh/DeleteSSHKeyPairCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/ssh/DeleteSSHKeyPairCmd.java
@@ -92,7 +92,7 @@ public class DeleteSSHKeyPairCmd extends BaseCmd {
     @Override
     public long getEntityOwnerId() {
         Account account = CallContext.current().getCallingAccount();
-        if ((account == null) || isAdmin(account.getType())) {
+        if ((account == null) || _accountService.isAdmin(account.getType())) {
             if ((domainId != null) && (accountName != null)) {
                 Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
                 if (userAccount != null) {

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/api/src/org/apache/cloudstack/api/command/user/template/ListTemplatesCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/template/ListTemplatesCmd.java b/api/src/org/apache/cloudstack/api/command/user/template/ListTemplatesCmd.java
index 4b34909..30960f1 100644
--- a/api/src/org/apache/cloudstack/api/command/user/template/ListTemplatesCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/template/ListTemplatesCmd.java
@@ -16,10 +16,6 @@
 // under the License.
 package org.apache.cloudstack.api.command.user.template;
 
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Set;
-
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiCommandJobType;
 import org.apache.cloudstack.api.ApiConstants;
@@ -27,7 +23,6 @@ import org.apache.cloudstack.api.BaseListTaggedResourcesCmd;
 import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.response.ListResponse;
 import org.apache.cloudstack.api.response.TemplateResponse;
-import org.apache.cloudstack.api.response.VolumeResponse;
 import org.apache.cloudstack.api.response.ZoneResponse;
 import org.apache.cloudstack.context.CallContext;
 
@@ -35,7 +30,6 @@ import org.apache.log4j.Logger;
 
 import com.cloud.template.VirtualMachineTemplate.TemplateFilter;
 import com.cloud.user.Account;
-import com.cloud.utils.Pair;
 
 @APICommand(name = "listTemplates", description="List all public, private, and privileged templates.", responseObject=TemplateResponse.class)
 public class ListTemplatesCmd extends BaseListTaggedResourcesCmd {
@@ -98,7 +92,8 @@ public class ListTemplatesCmd extends BaseListTaggedResourcesCmd {
 
         Account account = CallContext.current().getCallingAccount();
         // It is account specific if account is admin type and domainId and accountName are not null
-        boolean isAccountSpecific = (account == null || isAdmin(account.getType())) && (getAccountName() != null) && (getDomainId() != null);
+        boolean isAccountSpecific = (account == null || _accountService.isAdmin(account.getType()))
+                && (getAccountName() != null) && (getDomainId() != null);
         // Show only those that are downloaded.
         TemplateFilter templateFilter = TemplateFilter.valueOf(getTemplateFilter());
         boolean onlyReady = (templateFilter == TemplateFilter.featured) || (templateFilter == TemplateFilter.selfexecutable) || (templateFilter == TemplateFilter.sharedexecutable)

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/plugins/api/rate-limit/src/org/apache/cloudstack/ratelimit/ApiRateLimitServiceImpl.java
----------------------------------------------------------------------
diff --git a/plugins/api/rate-limit/src/org/apache/cloudstack/ratelimit/ApiRateLimitServiceImpl.java b/plugins/api/rate-limit/src/org/apache/cloudstack/ratelimit/ApiRateLimitServiceImpl.java
index 1e32e84..1540ef4 100644
--- a/plugins/api/rate-limit/src/org/apache/cloudstack/ratelimit/ApiRateLimitServiceImpl.java
+++ b/plugins/api/rate-limit/src/org/apache/cloudstack/ratelimit/ApiRateLimitServiceImpl.java
@@ -156,7 +156,7 @@ public class ApiRateLimitServiceImpl extends AdapterBase implements APIChecker,
         }
         Long accountId = user.getAccountId();
         Account account = _accountService.getAccount(accountId);
-        if ( _accountService.isRootAdmin(account.getType())){
+        if (_accountService.isRootAdmin(account.getId())) {
             // no API throttling on root admin
             return true;
         }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/plugins/api/rate-limit/test/org/apache/cloudstack/ratelimit/ApiRateLimitTest.java
----------------------------------------------------------------------
diff --git a/plugins/api/rate-limit/test/org/apache/cloudstack/ratelimit/ApiRateLimitTest.java b/plugins/api/rate-limit/test/org/apache/cloudstack/ratelimit/ApiRateLimitTest.java
index 8d31b9d..03c9bdb 100644
--- a/plugins/api/rate-limit/test/org/apache/cloudstack/ratelimit/ApiRateLimitTest.java
+++ b/plugins/api/rate-limit/test/org/apache/cloudstack/ratelimit/ApiRateLimitTest.java
@@ -70,7 +70,7 @@ public class ApiRateLimitTest {
 	    testAccount = acct;
 
 	    when(_accountService.getAccount(5L)).thenReturn(testAccount);
-	    when(_accountService.isRootAdmin(Account.ACCOUNT_TYPE_NORMAL)).thenReturn(false);
+        when(_accountService.isRootAdmin(5L)).thenReturn(false);
 	}
 
     @Before

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/acl/AffinityGroupAccessChecker.java b/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
index bc1e631..9df52ae 100644
--- a/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
+++ b/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
@@ -51,7 +51,7 @@ public class AffinityGroupAccessChecker extends DomainChecker {
 
             if (_affinityGroupService.isAdminControlledGroup(group)) {
                 if (accessType != null && accessType == AccessType.ModifyEntry
-                        && !_accountMgr.isRootAdmin(caller.getType())) {
+                        && !_accountMgr.isRootAdmin(caller.getId())) {
                     throw new PermissionDeniedException(caller + " does not have permission to operate with resource "
                             + entity);
                 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/acl/DomainChecker.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/acl/DomainChecker.java b/server/src/com/cloud/acl/DomainChecker.java
index 7b47bae..a65e77b 100755
--- a/server/src/com/cloud/acl/DomainChecker.java
+++ b/server/src/com/cloud/acl/DomainChecker.java
@@ -41,6 +41,7 @@ import com.cloud.storage.LaunchPermissionVO;
 import com.cloud.storage.dao.LaunchPermissionDao;
 import com.cloud.template.VirtualMachineTemplate;
 import com.cloud.user.Account;
+import com.cloud.user.AccountService;
 import com.cloud.user.User;
 import com.cloud.user.dao.AccountDao;
 import com.cloud.utils.component.AdapterBase;
@@ -57,6 +58,8 @@ public class DomainChecker extends AdapterBase implements SecurityChecker {
     @Inject NetworkModel _networkMgr;
     @Inject
     private DedicatedResourceDao _dedicatedDao;
+    @Inject
+    AccountService _accountService;
     
     protected DomainChecker() {
         super();
@@ -97,7 +100,7 @@ public class DomainChecker extends AdapterBase implements SecurityChecker {
             Account owner = _accountDao.findById(template.getAccountId());
             // validate that the template is usable by the account
             if (!template.isPublicTemplate()) {
-                if (BaseCmd.isRootAdmin(caller.getType()) || (owner.getId() == caller.getId())) {
+                if (_accountService.isRootAdmin(caller.getId()) || (owner.getId() == caller.getId())) {
                     return true;
                 }
                 //special handling for the project case
@@ -114,7 +117,7 @@ public class DomainChecker extends AdapterBase implements SecurityChecker {
             } else {
                 // Domain admin and regular user can delete/modify only templates created by them
                 if (accessType != null && accessType == AccessType.ModifyEntry) {
-                    if (!BaseCmd.isRootAdmin(caller.getType()) && owner.getId() != caller.getId()) {
+                    if (!_accountService.isRootAdmin(caller.getId()) && owner.getId() != caller.getId()) {
                         // For projects check if the caller account can access the project account
                         if (owner.getType() != Account.ACCOUNT_TYPE_PROJECT || !(_projectMgr.canAccessProjectAccount(caller, owner.getId()))) {
                             throw new PermissionDeniedException("Domain Admin and regular users can modify only their own Public templates");
@@ -164,7 +167,7 @@ public class DomainChecker extends AdapterBase implements SecurityChecker {
 			return true;
         } else {
 			//admin has all permissions
-            if (account.getType() == Account.ACCOUNT_TYPE_ADMIN) {
+            if (_accountService.isRootAdmin(account.getId())) {
 				return true;
 			}		
 			//if account is normal user or domain admin
@@ -200,7 +203,7 @@ public class DomainChecker extends AdapterBase implements SecurityChecker {
 			return true;
         } else {
 			//admin has all permissions
-            if (account.getType() == Account.ACCOUNT_TYPE_ADMIN) {
+            if (_accountService.isRootAdmin(account.getId())) {
 				return true;
 			}		
 			//if account is normal user or domain admin
@@ -236,7 +239,7 @@ public class DomainChecker extends AdapterBase implements SecurityChecker {
 			return true;
         } else {
 			//admin has all permissions
-            if (account.getType() == Account.ACCOUNT_TYPE_ADMIN) {
+            if (_accountService.isRootAdmin(account.getId())) {
 				return true;
 			}		
 			//if account is normal user

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/api/ApiDBUtils.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiDBUtils.java b/server/src/com/cloud/api/ApiDBUtils.java
index 6539289..1afa902 100755
--- a/server/src/com/cloud/api/ApiDBUtils.java
+++ b/server/src/com/cloud/api/ApiDBUtils.java
@@ -696,8 +696,8 @@ public class ApiDBUtils {
         return _resourceLimitMgr.findCorrectResourceLimitForAccount(account, type);
     }
 
-    public static long findCorrectResourceLimit(Long limit, short accountType, ResourceType type) {
-        return _resourceLimitMgr.findCorrectResourceLimitForAccount(accountType, limit, type);
+    public static long findCorrectResourceLimit(Long limit, long accountId, ResourceType type) {
+        return _resourceLimitMgr.findCorrectResourceLimitForAccount(accountId, limit, type);
     }
 
     public static long getResourceCount(ResourceType type, long accountId) {

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/api/ApiResponseHelper.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java
index 1ba55bf..f698c2e 100755
--- a/server/src/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/com/cloud/api/ApiResponseHelper.java
@@ -681,7 +681,7 @@ public class ApiResponseHelper implements ResponseGenerator {
 
         // show this info to admin only
         Account account = CallContext.current().getCallingAccount();
-        if (account.getType() == Account.ACCOUNT_TYPE_ADMIN) {
+        if (_accountMgr.isRootAdmin(account.getId())) {
             VlanVO vl = ApiDBUtils.findVlanById(ipAddr.getVlanId());
             if (vl != null) {
                 ipResponse.setVlanId(vl.getUuid());
@@ -2176,7 +2176,8 @@ public class ApiResponseHelper implements ResponseGenerator {
         response.setReservedIpRange(reservation);
 
         // return vlan information only to Root admin
-        if (network.getBroadcastUri() != null && CallContext.current().getCallingAccount().getType() == Account.ACCOUNT_TYPE_ADMIN) {
+        if (network.getBroadcastUri() != null
+                && _accountMgr.isRootAdmin(CallContext.current().getCallingAccount().getId())) {
             String broadcastUri = network.getBroadcastUri().toString();
             response.setBroadcastUri(broadcastUri);
             String vlan = "N/A";

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/api/ApiServer.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java
index 550626f..1a93e9a 100755
--- a/server/src/com/cloud/api/ApiServer.java
+++ b/server/src/com/cloud/api/ApiServer.java
@@ -409,7 +409,7 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
         } catch (InsufficientCapacityException ex){
             s_logger.info(ex.getMessage());
             String errorMsg = ex.getMessage();
-            if (CallContext.current().getCallingAccount().getType() != Account.ACCOUNT_TYPE_ADMIN){
+            if (!_accountMgr.isRootAdmin(CallContext.current().getCallingAccount().getId())) {
                 // hide internal details to non-admin user for security reason
                 errorMsg = BaseCmd.USER_ERROR_MESSAGE;
             }
@@ -420,7 +420,7 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
         } catch (ResourceUnavailableException ex){
             s_logger.info(ex.getMessage());
             String errorMsg = ex.getMessage();
-            if (CallContext.current().getCallingAccount().getType() != Account.ACCOUNT_TYPE_ADMIN){
+            if (!_accountMgr.isRootAdmin(CallContext.current().getCallingAccount().getId())) {
                 // hide internal details to non-admin user for security reason
                 errorMsg = BaseCmd.USER_ERROR_MESSAGE;
             }
@@ -431,7 +431,7 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
         } catch (Exception ex){
             s_logger.error("unhandled exception executing api command: " + ((command == null) ? "null" : command[0]), ex);
             String errorMsg = ex.getMessage();
-            if (CallContext.current().getCallingAccount().getType() != Account.ACCOUNT_TYPE_ADMIN){
+            if (!_accountMgr.isRootAdmin(CallContext.current().getCallingAccount().getId())) {
                 // hide internal details to non-admin user for security reason
                 errorMsg = BaseCmd.USER_ERROR_MESSAGE;
             }
@@ -565,7 +565,7 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
             List<? extends AsyncJob> jobs = null;
 
             // list all jobs for ROOT admin
-            if (account.getType() == Account.ACCOUNT_TYPE_ADMIN) {
+            if (_accountMgr.isRootAdmin(account.getId())) {
                 jobs = _asyncMgr.findInstancePendingAsyncJobs(command.getInstanceType().toString(), null);
             } else {
                 jobs = _asyncMgr.findInstancePendingAsyncJobs(command.getInstanceType().toString(), account.getId());

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/api/query/QueryManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/QueryManagerImpl.java b/server/src/com/cloud/api/query/QueryManagerImpl.java
index 3bf929a..79a4252 100644
--- a/server/src/com/cloud/api/query/QueryManagerImpl.java
+++ b/server/src/com/cloud/api/query/QueryManagerImpl.java
@@ -2234,7 +2234,7 @@ public class QueryManagerImpl extends ManagerBase implements QueryService {
         // if a domainId is provided, we just return the disk offering
         // associated with this domain
         if (domainId != null) {
-            if (account.getType() == Account.ACCOUNT_TYPE_ADMIN || isPermissible(account.getDomainId(), domainId)) {
+            if (_accountMgr.isRootAdmin(account.getId()) || isPermissible(account.getDomainId(), domainId)) {
                 // check if the user's domain == do's domain || user's domain is
                 // a child of so's domain for non-root users
                 sc.addAnd("domainId", SearchCriteria.Op.EQ, domainId);
@@ -2355,14 +2355,14 @@ public class QueryManagerImpl extends ManagerBase implements QueryService {
         Boolean isSystem = cmd.getIsSystem();
         String vmTypeStr = cmd.getSystemVmType();
 
-        if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN && isSystem) {
+        if (!_accountMgr.isRootAdmin(caller.getId()) && isSystem) {
             throw new InvalidParameterValueException("Only ROOT admins can access system's offering");
         }
 
         // Keeping this logic consistent with domain specific zones
         // if a domainId is provided, we just return the so associated with this
         // domain
-        if (domainId != null && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
+        if (domainId != null && !_accountMgr.isRootAdmin(caller.getId())) {
             // check if the user's domain == so's domain || user's domain is a
             // child of so's domain
             if (!isPermissible(caller.getDomainId(), domainId)) {
@@ -2761,7 +2761,7 @@ public class QueryManagerImpl extends ManagerBase implements QueryService {
             }
 
             // if template is not public, perform permission check here
-            if (!template.isPublicTemplate() && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
+            if (!template.isPublicTemplate() && !_accountMgr.isRootAdmin(caller.getId())) {
                 Account owner = _accountMgr.getAccount(template.getAccountId());
                 _accountMgr.checkAccess(caller, null, true, owner);
             }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/api/query/dao/AccountJoinDaoImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/dao/AccountJoinDaoImpl.java b/server/src/com/cloud/api/query/dao/AccountJoinDaoImpl.java
index edbd3ae..4244974 100644
--- a/server/src/com/cloud/api/query/dao/AccountJoinDaoImpl.java
+++ b/server/src/com/cloud/api/query/dao/AccountJoinDaoImpl.java
@@ -19,6 +19,7 @@ package com.cloud.api.query.dao;
 import java.util.List;
 
 import javax.ejb.Local;
+import javax.inject.Inject;
 
 import org.apache.cloudstack.api.response.AccountResponse;
 import org.apache.cloudstack.api.response.ResourceLimitAndCountResponse;
@@ -32,6 +33,7 @@ import com.cloud.api.query.vo.AccountJoinVO;
 import com.cloud.api.query.vo.UserAccountJoinVO;
 import com.cloud.configuration.Resource.ResourceType;
 import com.cloud.user.Account;
+import com.cloud.user.AccountManager;
 import com.cloud.utils.db.GenericDaoBase;
 import com.cloud.utils.db.SearchBuilder;
 import com.cloud.utils.db.SearchCriteria;
@@ -42,6 +44,8 @@ public class AccountJoinDaoImpl extends GenericDaoBase<AccountJoinVO, Long> impl
     public static final Logger s_logger = Logger.getLogger(AccountJoinDaoImpl.class);
 
     private SearchBuilder<AccountJoinVO> acctIdSearch;
+    @Inject
+    public AccountManager _accountMgr;
 
     protected AccountJoinDaoImpl() {
 
@@ -69,11 +73,11 @@ public class AccountJoinDaoImpl extends GenericDaoBase<AccountJoinVO, Long> impl
         accountResponse.setBytesReceived(account.getBytesReceived());
         accountResponse.setBytesSent(account.getBytesSent());
 
-        boolean accountIsAdmin = (account.getType() == Account.ACCOUNT_TYPE_ADMIN);
+        boolean accountIsAdmin = (_accountMgr.isRootAdmin(account.getId()));
         setResourceLimits(account, accountIsAdmin, accountResponse);
         
         //get resource limits for projects
-        long projectLimit = ApiDBUtils.findCorrectResourceLimit(account.getProjectLimit(), account.getType(), ResourceType.project);
+        long projectLimit = ApiDBUtils.findCorrectResourceLimit(account.getProjectLimit(), account.getId(), ResourceType.project);
         String projectLimitDisplay = (accountIsAdmin || projectLimit == -1) ? "Unlimited" : String.valueOf(projectLimit);
         long projectTotal = (account.getProjectTotal() == null) ? 0 : account.getProjectTotal();
         String projectAvail = (accountIsAdmin || projectLimit == -1) ? "Unlimited" : String.valueOf(projectLimit - projectTotal);
@@ -103,7 +107,7 @@ public class AccountJoinDaoImpl extends GenericDaoBase<AccountJoinVO, Long> impl
     @Override
     public void setResourceLimits(AccountJoinVO account, boolean accountIsAdmin, ResourceLimitAndCountResponse response) {
         // Get resource limits and counts
-        long vmLimit = ApiDBUtils.findCorrectResourceLimit(account.getVmLimit(), account.getType(), ResourceType.user_vm);
+        long vmLimit = ApiDBUtils.findCorrectResourceLimit(account.getVmLimit(), account.getId(), ResourceType.user_vm);
         String vmLimitDisplay = (accountIsAdmin || vmLimit == -1) ? "Unlimited" : String.valueOf(vmLimit);
         long vmTotal = (account.getVmTotal() == null) ? 0 : account.getVmTotal();
         String vmAvail = (accountIsAdmin || vmLimit == -1) ? "Unlimited" : String.valueOf(vmLimit - vmTotal);

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/api/query/dao/DataCenterJoinDaoImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/dao/DataCenterJoinDaoImpl.java b/server/src/com/cloud/api/query/dao/DataCenterJoinDaoImpl.java
index edceb26..63bf563 100644
--- a/server/src/com/cloud/api/query/dao/DataCenterJoinDaoImpl.java
+++ b/server/src/com/cloud/api/query/dao/DataCenterJoinDaoImpl.java
@@ -19,6 +19,7 @@ package com.cloud.api.query.dao;
 import java.util.List;
 
 import javax.ejb.Local;
+import javax.inject.Inject;
 
 import org.apache.log4j.Logger;
 
@@ -31,6 +32,7 @@ import org.apache.cloudstack.api.response.ZoneResponse;
 import org.apache.cloudstack.context.CallContext;
 
 import com.cloud.user.Account;
+import com.cloud.user.AccountManager;
 import com.cloud.utils.db.GenericDaoBase;
 import com.cloud.utils.db.SearchBuilder;
 import com.cloud.utils.db.SearchCriteria;
@@ -44,6 +46,8 @@ public class DataCenterJoinDaoImpl extends GenericDaoBase<DataCenterJoinVO, Long
 
 
     private SearchBuilder<DataCenterJoinVO> dofIdSearch;
+    @Inject
+    public AccountManager _accountMgr;
 
     protected DataCenterJoinDaoImpl() {
 
@@ -70,7 +74,7 @@ public class DataCenterJoinDaoImpl extends GenericDaoBase<DataCenterJoinVO, Long
             zoneResponse.setDescription(dataCenter.getDescription());
         }
 
-        if ((account == null) || (account.getType() == Account.ACCOUNT_TYPE_ADMIN)) {
+        if ((account == null) || (_accountMgr.isRootAdmin(account.getId()))) {
             zoneResponse.setDns1(dataCenter.getDns1());
             zoneResponse.setDns2(dataCenter.getDns2());
             zoneResponse.setIp6Dns1(dataCenter.getIp6Dns1());

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/api/query/dao/DomainRouterJoinDaoImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/dao/DomainRouterJoinDaoImpl.java b/server/src/com/cloud/api/query/dao/DomainRouterJoinDaoImpl.java
index 42965bc..2f536d4 100644
--- a/server/src/com/cloud/api/query/dao/DomainRouterJoinDaoImpl.java
+++ b/server/src/com/cloud/api/query/dao/DomainRouterJoinDaoImpl.java
@@ -35,6 +35,7 @@ import com.cloud.network.Networks.TrafficType;
 import com.cloud.network.router.VirtualRouter;
 import com.cloud.network.router.VirtualRouter.Role;
 import com.cloud.user.Account;
+import com.cloud.user.AccountManager;
 import com.cloud.utils.db.GenericDaoBase;
 import com.cloud.utils.db.SearchBuilder;
 import com.cloud.utils.db.SearchCriteria;
@@ -46,6 +47,8 @@ public class DomainRouterJoinDaoImpl extends GenericDaoBase<DomainRouterJoinVO,
 
     @Inject
     private ConfigurationDao  _configDao;
+    @Inject
+    public AccountManager _accountMgr;
 
     private final SearchBuilder<DomainRouterJoinVO> vrSearch;
 
@@ -78,7 +81,7 @@ public class DomainRouterJoinDaoImpl extends GenericDaoBase<DomainRouterJoinVO,
         routerResponse.setRedundantState(router.getRedundantState().toString());
 
         if (caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN
-                || caller.getType() == Account.ACCOUNT_TYPE_ADMIN) {
+                || _accountMgr.isRootAdmin(caller.getId())) {
             if (router.getHostId() != null) {
                 routerResponse.setHostId(router.getHostUuid());
                 routerResponse.setHostName(router.getHostName());

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/api/query/dao/TemplateJoinDaoImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/dao/TemplateJoinDaoImpl.java b/server/src/com/cloud/api/query/dao/TemplateJoinDaoImpl.java
index 468fb83..3511613 100644
--- a/server/src/com/cloud/api/query/dao/TemplateJoinDaoImpl.java
+++ b/server/src/com/cloud/api/query/dao/TemplateJoinDaoImpl.java
@@ -44,6 +44,7 @@ import com.cloud.storage.VMTemplateHostVO;
 import com.cloud.storage.VMTemplateStorageResourceAssoc.Status;
 import com.cloud.template.VirtualMachineTemplate;
 import com.cloud.user.Account;
+import com.cloud.user.AccountService;
 import com.cloud.utils.db.GenericDaoBase;
 import com.cloud.utils.db.SearchBuilder;
 import com.cloud.utils.db.SearchCriteria;
@@ -59,6 +60,8 @@ public class TemplateJoinDaoImpl extends GenericDaoBase<TemplateJoinVO, Long> im
 
     @Inject
     private ConfigurationDao  _configDao;
+    @Inject
+    public AccountService _accountService;
 
     private final SearchBuilder<TemplateJoinVO> tmpltIdPairSearch;
 
@@ -99,7 +102,7 @@ public class TemplateJoinDaoImpl extends GenericDaoBase<TemplateJoinVO, Long> im
     private String getTemplateStatus(TemplateJoinVO template){
         boolean isAdmin = false;
         Account caller = CallContext.current().getCallingAccount();
-        if ((caller == null) || BaseCmd.isAdmin(caller.getType())) {
+        if ((caller == null) || _accountService.isAdmin(caller.getType())) {
             isAdmin = true;
         }
 
@@ -319,7 +322,7 @@ public class TemplateJoinDaoImpl extends GenericDaoBase<TemplateJoinVO, Long> im
 
         Account caller = CallContext.current().getCallingAccount();
         boolean isAdmin = false;
-        if ((caller == null) || BaseCmd.isAdmin(caller.getType())) {
+        if ((caller == null) || _accountService.isAdmin(caller.getType())) {
             isAdmin = true;
         }
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/api/query/dao/UserVmJoinDaoImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/dao/UserVmJoinDaoImpl.java b/server/src/com/cloud/api/query/dao/UserVmJoinDaoImpl.java
index 7fe3c1d..f2af38d 100644
--- a/server/src/com/cloud/api/query/dao/UserVmJoinDaoImpl.java
+++ b/server/src/com/cloud/api/query/dao/UserVmJoinDaoImpl.java
@@ -41,6 +41,7 @@ import com.cloud.api.query.vo.ResourceTagJoinVO;
 import com.cloud.api.query.vo.UserVmJoinVO;
 import com.cloud.hypervisor.Hypervisor.HypervisorType;
 import com.cloud.user.Account;
+import com.cloud.user.AccountManager;
 import com.cloud.uservm.UserVm;
 import com.cloud.utils.db.GenericDaoBase;
 import com.cloud.utils.db.SearchBuilder;
@@ -56,7 +57,8 @@ public class UserVmJoinDaoImpl extends GenericDaoBase<UserVmJoinVO, Long> implem
 
     @Inject
     private ConfigurationDao  _configDao;
-
+    @Inject
+    public AccountManager _accountMgr;
     private final SearchBuilder<UserVmJoinVO> VmDetailSearch;
     private final SearchBuilder<UserVmJoinVO> activeVmByIsoSearch;
 
@@ -121,7 +123,7 @@ public class UserVmJoinDaoImpl extends GenericDaoBase<UserVmJoinVO, Long> implem
         }
         userVmResponse.setZoneId(userVm.getDataCenterUuid());
         userVmResponse.setZoneName(userVm.getDataCenterName());
-        if ((caller == null) || (caller.getType() == Account.ACCOUNT_TYPE_ADMIN)) {
+        if ((caller == null) || (_accountMgr.isRootAdmin(caller.getId()))) {
             userVmResponse.setInstanceName(userVm.getInstanceName());
             userVmResponse.setHostId(userVm.getHostUuid());
             userVmResponse.setHostName(userVm.getHostName());

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/api/query/dao/VolumeJoinDaoImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/dao/VolumeJoinDaoImpl.java b/server/src/com/cloud/api/query/dao/VolumeJoinDaoImpl.java
index df6e583..5ca168c 100644
--- a/server/src/com/cloud/api/query/dao/VolumeJoinDaoImpl.java
+++ b/server/src/com/cloud/api/query/dao/VolumeJoinDaoImpl.java
@@ -39,6 +39,8 @@ import com.cloud.storage.VMTemplateHostVO;
 import com.cloud.storage.VMTemplateStorageResourceAssoc.Status;
 import com.cloud.storage.Volume;
 import com.cloud.user.Account;
+import com.cloud.user.AccountManager;
+import com.cloud.user.AccountService;
 import com.cloud.utils.db.GenericDaoBase;
 import com.cloud.utils.db.SearchBuilder;
 import com.cloud.utils.db.SearchCriteria;
@@ -51,6 +53,8 @@ public class VolumeJoinDaoImpl extends GenericDaoBase<VolumeJoinVO, Long> implem
 
     @Inject
     private ConfigurationDao  _configDao;
+    @Inject
+    public AccountManager _accountMgr;
 
     private final SearchBuilder<VolumeJoinVO> volSearch;
 
@@ -114,7 +118,8 @@ public class VolumeJoinDaoImpl extends GenericDaoBase<VolumeJoinVO, Long> implem
             volResponse.setSize(volume.getVolumeStoreSize());
             volResponse.setCreated(volume.getCreatedOnStore());
 
-            if (caller.getType() == Account.ACCOUNT_TYPE_ADMIN || caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN)
+            if (_accountMgr.isRootAdmin(caller.getId())
+                    || caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN)
                 volResponse.setHypervisor(ApiDBUtils.getHypervisorTypeFromFormat(volume.getFormat()).toString());
             if (volume.getDownloadState() != Status.DOWNLOADED) {
                 String volumeStatus = "Processing";
@@ -171,7 +176,7 @@ public class VolumeJoinDaoImpl extends GenericDaoBase<VolumeJoinVO, Long> implem
         }
         
         // return hypervisor and storage pool info for ROOT and Resource domain only
-        if (caller.getType() == Account.ACCOUNT_TYPE_ADMIN || caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) {   
+        if (_accountMgr.isRootAdmin(caller.getId()) || caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) {
             if (volume.getState() != Volume.State.UploadOp && volume.getHypervisorType() != null) {
                 volResponse.setHypervisor(volume.getHypervisorType().toString());
             }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
index 3c77958..0c7374e 100755
--- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -1234,7 +1234,7 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati
         DataCenterVO zone = _zoneDao.findById(zoneId);
         Account account = CallContext.current().getCallingAccount();
         if (Grouping.AllocationState.Disabled == zone.getAllocationState()
-                && !_accountMgr.isRootAdmin(account.getType())) {
+                && !_accountMgr.isRootAdmin(account.getId())) {
             throw new PermissionDeniedException("Cannot perform this operation, Zone is currently disabled: " + zoneId);
         }
 
@@ -2565,7 +2565,7 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati
         // Check if zone is enabled
         Account caller = CallContext.current().getCallingAccount();
         if (Grouping.AllocationState.Disabled == zone.getAllocationState()
-                && !_accountMgr.isRootAdmin(caller.getType())) {
+                && !_accountMgr.isRootAdmin(caller.getId())) {
             throw new PermissionDeniedException("Cannot perform this operation, Zone is currently disabled: " + zoneId);
         }
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/deploy/DeploymentPlanningManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/deploy/DeploymentPlanningManagerImpl.java b/server/src/com/cloud/deploy/DeploymentPlanningManagerImpl.java
index 8cd44f4..e1d5cb1 100644
--- a/server/src/com/cloud/deploy/DeploymentPlanningManagerImpl.java
+++ b/server/src/com/cloud/deploy/DeploymentPlanningManagerImpl.java
@@ -1220,7 +1220,7 @@ public class DeploymentPlanningManagerImpl extends ManagerBase implements Deploy
     private boolean isRootAdmin(ReservationContext reservationContext) {
         if (reservationContext != null) {
             if (reservationContext.getAccount() != null) {
-                return _accountMgr.isRootAdmin(reservationContext.getAccount().getType());
+                return _accountMgr.isRootAdmin(reservationContext.getAccount().getId());
             } else {
                 return false;
             }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/deploy/FirstFitPlanner.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/deploy/FirstFitPlanner.java b/server/src/com/cloud/deploy/FirstFitPlanner.java
index 64b1124..150cfd3 100755
--- a/server/src/com/cloud/deploy/FirstFitPlanner.java
+++ b/server/src/com/cloud/deploy/FirstFitPlanner.java
@@ -468,7 +468,7 @@ public class FirstFitPlanner extends PlannerBase implements DeploymentClusterPla
     private boolean isRootAdmin(ReservationContext reservationContext) {
         if(reservationContext != null){
             if(reservationContext.getAccount() != null){
-                return _accountMgr.isRootAdmin(reservationContext.getAccount().getType());
+                return _accountMgr.isRootAdmin(reservationContext.getAccount().getId());
             }else{
                 return false;
             }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/network/IpAddressManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/IpAddressManagerImpl.java b/server/src/com/cloud/network/IpAddressManagerImpl.java
index 805821e..4c49247 100644
--- a/server/src/com/cloud/network/IpAddressManagerImpl.java
+++ b/server/src/com/cloud/network/IpAddressManagerImpl.java
@@ -983,7 +983,7 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage
         VlanType vlanType = VlanType.VirtualNetwork;
         boolean assign = false;
 
-        if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getType())) {
+        if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getId())) {
             // zone is of type DataCenter. See DataCenterVO.java.
             PermissionDeniedException ex = new PermissionDeniedException("Cannot perform this operation, " + "Zone is currently disabled");
             ex.addProxyObject(zone.getUuid(), "zoneId");

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/network/NetworkServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/NetworkServiceImpl.java b/server/src/com/cloud/network/NetworkServiceImpl.java
index 06c9526..aa14a1d 100755
--- a/server/src/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/com/cloud/network/NetworkServiceImpl.java
@@ -1018,7 +1018,7 @@ public class NetworkServiceImpl extends ManagerBase implements  NetworkService {
         }
 
         if(displayNetwork != null){
-            if(!_accountMgr.isRootAdmin(caller.getType())){
+            if(!_accountMgr.isRootAdmin(caller.getId())){
                 throw new PermissionDeniedException("Only admin allowed to update displaynetwork parameter");
             }
         }else{
@@ -1030,7 +1030,7 @@ public class NetworkServiceImpl extends ManagerBase implements  NetworkService {
             throw new InvalidParameterValueException("Specified zone id was not found");
         }
 
-        if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getType())) {
+        if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getId())) {
             // See DataCenterVO.java
             PermissionDeniedException ex = new PermissionDeniedException("Cannot perform this operation since specified Zone is currently disabled");
             ex.addProxyObject(zone.getUuid(), "zoneId");
@@ -1194,13 +1194,13 @@ public class NetworkServiceImpl extends ManagerBase implements  NetworkService {
         }
 
         // Don't allow to specify vlan if the caller is not ROOT admin
-        if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN && (ntwkOff.getSpecifyVlan() || vlanId != null)) {
+        if (!_accountMgr.isRootAdmin(caller.getId()) && (ntwkOff.getSpecifyVlan() || vlanId != null)) {
             throw new InvalidParameterValueException("Only ROOT admin is allowed to specify vlanId");
         }
 
         if (ipv4) {
         	// For non-root admins check cidr limit - if it's allowed by global config value
-        	if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN && cidr != null) {
+            if (!_accountMgr.isRootAdmin(caller.getId()) && cidr != null) {
 
         		String[] cidrPair = cidr.split("\\/");
         		int cidrSize = Integer.valueOf(cidrPair[1]);
@@ -1307,7 +1307,7 @@ public class NetworkServiceImpl extends ManagerBase implements  NetworkService {
             		ip6Gateway, ip6Cidr, displayNetwork, isolatedPvlan);
         }
 
-        if (caller.getType() == Account.ACCOUNT_TYPE_ADMIN && createVlan) {
+        if (_accountMgr.isRootAdmin(caller.getId()) && createVlan) {
             // Create vlan ip range
             _configMgr.createVlanAndPublicIpRange(pNtwk.getDataCenterId(), network.getId(), physicalNetworkId,
                     false, null, startIP, endIP, gateway, netmask, vlanId, null, startIPv6, endIPv6, ip6Gateway, ip6Cidr);
@@ -1960,7 +1960,7 @@ public class NetworkServiceImpl extends ManagerBase implements  NetworkService {
         }
 
         if(displayNetwork != null){
-            if(!_accountMgr.isRootAdmin(callerAccount.getType())){
+            if (!_accountMgr.isRootAdmin(callerAccount.getId())) {
                 throw new PermissionDeniedException("Only admin allowed to update displaynetwork parameter");
             }
             network.setDisplayNetwork(displayNetwork);

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
index 773c2c8..195f93e 100644
--- a/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
+++ b/server/src/com/cloud/network/firewall/FirewallManagerImpl.java
@@ -695,7 +695,7 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
             throw new InvalidParameterValueException("Unable to find " + ruleId + " having purpose " + Purpose.Firewall);
         }
 
-        if (rule.getType() == FirewallRuleType.System && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
+        if (rule.getType() == FirewallRuleType.System && !_accountMgr.isRootAdmin(caller.getId())) {
             throw new InvalidParameterValueException("Only root admin can delete the system wide firewall rule");
         }
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/network/vpc/VpcManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/com/cloud/network/vpc/VpcManagerImpl.java
index a07b9ef..6d3223e 100644
--- a/server/src/com/cloud/network/vpc/VpcManagerImpl.java
+++ b/server/src/com/cloud/network/vpc/VpcManagerImpl.java
@@ -612,7 +612,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis
             throw new InvalidParameterValueException("Can't find zone by id specified");
         }
         
-        if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getType())) {
+        if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getId())) {
             // See DataCenterVO.java
             PermissionDeniedException ex = new PermissionDeniedException("Cannot perform this operation since specified Zone is currently disabled");
             ex.addProxyObject(zone.getUuid(), "zoneId");

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/projects/ProjectManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/projects/ProjectManagerImpl.java b/server/src/com/cloud/projects/ProjectManagerImpl.java
index edcdf3f..b4987cb 100755
--- a/server/src/com/cloud/projects/ProjectManagerImpl.java
+++ b/server/src/com/cloud/projects/ProjectManagerImpl.java
@@ -417,7 +417,7 @@ public class ProjectManagerImpl extends ManagerBase implements ProjectManager {
     @Override
     public boolean canAccessProjectAccount(Account caller, long accountId) {
         //ROOT admin always can access the project
-        if (caller.getType() == Account.ACCOUNT_TYPE_ADMIN) {
+        if (_accountMgr.isRootAdmin(caller.getId())) {
             return true;
         } else if (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) {
             Account owner = _accountMgr.getAccount(accountId);
@@ -431,7 +431,7 @@ public class ProjectManagerImpl extends ManagerBase implements ProjectManager {
     @Override
     public boolean canModifyProjectAccount(Account caller, long accountId) {
         //ROOT admin always can access the project
-        if (caller.getType() == Account.ACCOUNT_TYPE_ADMIN) {
+        if (_accountMgr.isRootAdmin(caller.getId())) {
             return true;
         } else if (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) {
             Account owner = _accountMgr.getAccount(accountId);

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/resource/ResourceManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/resource/ResourceManagerImpl.java b/server/src/com/cloud/resource/ResourceManagerImpl.java
index 76d7cf9..b36e03a 100755
--- a/server/src/com/cloud/resource/ResourceManagerImpl.java
+++ b/server/src/com/cloud/resource/ResourceManagerImpl.java
@@ -368,7 +368,7 @@ public class ResourceManagerImpl extends ManagerBase implements ResourceManager,
         }
 
         Account account = CallContext.current().getCallingAccount();
-        if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(account.getType())) {
+        if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(account.getId())) {
             PermissionDeniedException ex = new PermissionDeniedException("Cannot perform this operation, Zone with specified id is currently disabled");
             ex.addProxyObject(zone.getUuid(), "dcId");
             throw ex;
@@ -591,7 +591,7 @@ public class ResourceManagerImpl extends ManagerBase implements ResourceManager,
         }
 
         Account account = CallContext.current().getCallingAccount();
-        if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(account.getType())) {
+        if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(account.getId())) {
             PermissionDeniedException ex = new PermissionDeniedException("Cannot perform this operation, Zone with specified id is currently disabled");
             ex.addProxyObject(zone.getUuid(), "dcId");
             throw ex;

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java b/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
index 376e943..c0d3cb9 100755
--- a/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
+++ b/server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
@@ -263,7 +263,7 @@ public class ResourceLimitManagerImpl extends ManagerBase implements ResourceLim
         long max = Resource.RESOURCE_UNLIMITED; // if resource limit is not found, then we treat it as unlimited
 
         // No limits for Root Admin accounts
-        if (_accountMgr.isRootAdmin(account.getType())) {
+        if (_accountMgr.isRootAdmin(account.getId())) {
             return max;
         }
 
@@ -293,15 +293,16 @@ public class ResourceLimitManagerImpl extends ManagerBase implements ResourceLim
     }
 
     @Override
-    public long findCorrectResourceLimitForAccount(short accountType, Long limit, ResourceType type) {
+    public long findCorrectResourceLimitForAccount(long accountId, Long limit, ResourceType type) {
 
         long max = Resource.RESOURCE_UNLIMITED; // if resource limit is not found, then we treat it as unlimited
 
         // No limits for Root Admin accounts
-        if (_accountMgr.isRootAdmin(accountType)) {
+        if (_accountMgr.isRootAdmin(accountId)) {
             return max;
         }
 
+        Account account = _accountDao.findById(accountId);
 
         // Check if limit is configured for account
         if (limit != null) {
@@ -309,7 +310,7 @@ public class ResourceLimitManagerImpl extends ManagerBase implements ResourceLim
         } else {
             // If the account has an no limit set, then return global default account limits
             Long value = null;
-            if (accountType == Account.ACCOUNT_TYPE_PROJECT) {
+            if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
                 value = projectResourceLimitMap.get(type);
             } else {
                 value = accountResourceLimitMap.get(type);
@@ -366,7 +367,7 @@ public class ResourceLimitManagerImpl extends ManagerBase implements ResourceLim
         Project project = null;
 
         // Don't place any limits on system or root admin accounts
-        if (_accountMgr.isRootAdmin(account.getType())) {
+        if (_accountMgr.isRootAdmin(account.getId())) {
             return;
         }
 
@@ -605,7 +606,7 @@ public class ResourceLimitManagerImpl extends ManagerBase implements ResourceLim
             }
 
             //only Unlimited value is accepted if account is  Root Admin
-            if (_accountMgr.isRootAdmin(account.getType()) && max.shortValue() != ResourceLimit.RESOURCE_UNLIMITED) {
+            if (_accountMgr.isRootAdmin(account.getId()) && max.shortValue() != ResourceLimit.RESOURCE_UNLIMITED) {
                 throw new InvalidParameterValueException("Only " + ResourceLimit.RESOURCE_UNLIMITED + " limit is supported for Root Admin accounts");
             }
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/server/ManagementServerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java
index c0a52f7..824b313 100755
--- a/server/src/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/com/cloud/server/ManagementServerImpl.java
@@ -1030,7 +1030,7 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
     listHostsForMigrationOfVM(Long vmId, Long startIndex, Long pageSize) {
         // access check - only root admin can migrate VM
         Account caller = CallContext.current().getCallingAccount();
-        if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
+        if (!_accountMgr.isRootAdmin(caller.getId())) {
             if (s_logger.isDebugEnabled()) {
                 s_logger.debug("Caller is not a root admin, permission denied to migrate the VM");
             }
@@ -1240,7 +1240,7 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
     public Pair<List<? extends StoragePool>, List<? extends StoragePool>> listStoragePoolsForMigrationOfVolume(Long volumeId) {
         // Access check - only root administrator can migrate volumes.
         Account caller = CallContext.current().getCallingAccount();
-        if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
+        if (!_accountMgr.isRootAdmin(caller.getId())) {
             if (s_logger.isDebugEnabled()) {
                 s_logger.debug("Caller is not a root admin, permission denied to migrate the volume");
             }
@@ -1826,7 +1826,7 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
         _accountMgr.checkAccess(account, AccessType.ModifyEntry, true, template);
 
         if(cmd.isRoutingType() != null){
-            if(!_accountService.isRootAdmin(account.getType())){
+            if (!_accountService.isRootAdmin(account.getId())) {
                 throw new PermissionDeniedException("Parameter isrouting can only be specified by a Root Admin, permission denied");
             }
         }
@@ -2477,13 +2477,6 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
 
     }
 
-    public static boolean isAdmin(short accountType) {
-        return ((accountType == Account.ACCOUNT_TYPE_ADMIN) || (accountType == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN)
-                || (accountType == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) || (accountType == Account.ACCOUNT_TYPE_READ_ONLY_ADMIN));
-    }
-
-
-
     @Override
     public List<Class<?>> getCommands() {
         List<Class<?>> cmdList = new ArrayList<Class<?>>();

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/servlet/ConsoleProxyServlet.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/servlet/ConsoleProxyServlet.java b/server/src/com/cloud/servlet/ConsoleProxyServlet.java
index e01d959..3665486 100644
--- a/server/src/com/cloud/servlet/ConsoleProxyServlet.java
+++ b/server/src/com/cloud/servlet/ConsoleProxyServlet.java
@@ -465,7 +465,7 @@ public class ConsoleProxyServlet extends HttpServlet {
         }
 
         // root admin can access anything
-        if(accountObj.getType() == Account.ACCOUNT_TYPE_ADMIN)
+        if (_accountMgr.isRootAdmin(accountObj.getId()))
             return true;
 
         switch(vm.getType())

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/storage/StorageManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/storage/StorageManagerImpl.java b/server/src/com/cloud/storage/StorageManagerImpl.java
index 8417066..9bbfe98 100755
--- a/server/src/com/cloud/storage/StorageManagerImpl.java
+++ b/server/src/com/cloud/storage/StorageManagerImpl.java
@@ -631,7 +631,7 @@ public class StorageManagerImpl extends ManagerBase implements StorageManager, C
         }
         // Check if zone is disabled
         Account account = CallContext.current().getCallingAccount();
-        if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(account.getType())) {
+        if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(account.getId())) {
             throw new PermissionDeniedException("Cannot perform this operation, Zone is currently disabled: " + zoneId);
         }
 
@@ -1675,7 +1675,8 @@ public class StorageManagerImpl extends ManagerBase implements StorageManager, C
             }
 
             Account account = CallContext.current().getCallingAccount();
-            if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(account.getType())) {
+            if (Grouping.AllocationState.Disabled == zone.getAllocationState()
+                    && !_accountMgr.isRootAdmin(account.getId())) {
                 PermissionDeniedException ex = new PermissionDeniedException(
                         "Cannot perform this operation, Zone with specified id is currently disabled");
                 ex.addProxyObject(zone.getUuid(), "dcId");
@@ -1828,7 +1829,7 @@ public class StorageManagerImpl extends ManagerBase implements StorageManager, C
         }
 
         Account account = CallContext.current().getCallingAccount();
-        if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(account.getType())) {
+        if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(account.getId())) {
             PermissionDeniedException ex = new PermissionDeniedException(
                     "Cannot perform this operation, Zone with specified id is currently disabled");
             ex.addProxyObject(zone.getUuid(), "dcId");

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/storage/VolumeApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/storage/VolumeApiServiceImpl.java b/server/src/com/cloud/storage/VolumeApiServiceImpl.java
index cc99589..dbcb961 100644
--- a/server/src/com/cloud/storage/VolumeApiServiceImpl.java
+++ b/server/src/com/cloud/storage/VolumeApiServiceImpl.java
@@ -360,7 +360,7 @@ public class VolumeApiServiceImpl extends ManagerBase implements VolumeApiServic
         }
 
         // Check if zone is disabled
-        if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getType())) {
+        if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getId())) {
             throw new PermissionDeniedException("Cannot perform this operation, Zone is currently disabled: " + zoneId);
         }
 
@@ -572,7 +572,7 @@ public class VolumeApiServiceImpl extends ManagerBase implements VolumeApiServic
         if (displayVolumeEnabled == null) {
             displayVolumeEnabled = true;
         } else {
-            if (!_accountMgr.isRootAdmin(caller.getType())) {
+            if (!_accountMgr.isRootAdmin(caller.getId())) {
                 throw new PermissionDeniedException("Cannot update parameter displayvolume, only admin permitted ");
             }
         }
@@ -587,7 +587,7 @@ public class VolumeApiServiceImpl extends ManagerBase implements VolumeApiServic
         }
 
         // Check if zone is disabled
-        if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getType())) {
+        if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getId())) {
             throw new PermissionDeniedException("Cannot perform this operation, Zone is currently disabled: " + zoneId);
         }
 
@@ -1352,7 +1352,7 @@ public class VolumeApiServiceImpl extends ManagerBase implements VolumeApiServic
             throw new InvalidParameterValueException("Can't find zone by id " + volume.getDataCenterId());
         }
 
-        if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getType())) {
+        if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getId())) {
             throw new PermissionDeniedException("Cannot perform this operation, Zone is currently disabled: " + zone.getName());
         }
 
@@ -1383,7 +1383,7 @@ public class VolumeApiServiceImpl extends ManagerBase implements VolumeApiServic
         String mode = cmd.getMode();
         Account account = CallContext.current().getCallingAccount();
 
-        if (!_accountMgr.isRootAdmin(account.getType()) && ApiDBUtils.isExtractionDisabled()) {
+        if (!_accountMgr.isRootAdmin(account.getId()) && ApiDBUtils.isExtractionDisabled()) {
             throw new PermissionDeniedException("Extraction has been disabled by admin");
         }
 
@@ -1421,7 +1421,7 @@ public class VolumeApiServiceImpl extends ManagerBase implements VolumeApiServic
                 // we allow extraction of all ISO based
                 // volumes
                 boolean isExtractable = template.isExtractable() && template.getTemplateType() != Storage.TemplateType.SYSTEM;
-                if (!isExtractable && account != null && account.getType() != Account.ACCOUNT_TYPE_ADMIN) {
+                if (!isExtractable && account != null && !_accountMgr.isRootAdmin(account.getId())) {
                     // Global admins are always allowed to extract
                     PermissionDeniedException ex = new PermissionDeniedException("The volume with specified volumeId is not allowed to be extracted");
                     ex.addProxyObject(volume.getUuid(), "volumeId");

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java b/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java
index a884b95..69ed16e 100755
--- a/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java
+++ b/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java
@@ -764,7 +764,7 @@ public class SnapshotManagerImpl extends ManagerBase implements SnapshotManager,
         long accountLimit = _resourceLimitMgr.findCorrectResourceLimitForAccount(owner, ResourceType.snapshot);
         long domainLimit = _resourceLimitMgr.findCorrectResourceLimitForDomain(_domainMgr.getDomain(owner.getDomainId()), ResourceType.snapshot);
         int max = cmd.getMaxSnaps().intValue();
-        if (owner.getType() != Account.ACCOUNT_TYPE_ADMIN && ((accountLimit != -1 && max > accountLimit) || (domainLimit != -1 && max > domainLimit))) {
+        if (!_accountMgr.isRootAdmin(owner.getId())&& ((accountLimit != -1 && max > accountLimit) || (domainLimit != -1 && max > domainLimit))) {
         	String message = "domain/account";
         	if (owner.getType() == Account.ACCOUNT_TYPE_PROJECT) {
         		message = "domain/project";

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/template/TemplateAdapterBase.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/template/TemplateAdapterBase.java b/server/src/com/cloud/template/TemplateAdapterBase.java
index a0d4c77..9485b2a 100755
--- a/server/src/com/cloud/template/TemplateAdapterBase.java
+++ b/server/src/com/cloud/template/TemplateAdapterBase.java
@@ -95,13 +95,6 @@ public abstract class TemplateAdapterBase extends AdapterBase implements Templat
         return true;
     }
 
-    private static boolean isAdmin(short accountType) {
-        return ((accountType == Account.ACCOUNT_TYPE_ADMIN) ||
-                (accountType == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) ||
-                (accountType == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) ||
-                (accountType == Account.ACCOUNT_TYPE_READ_ONLY_ADMIN));
-    }
-
     @Override
     public TemplateProfile prepare(boolean isIso, Long userId, String name, String displayText, Integer bits,
             Boolean passwordEnabled, Boolean requiresHVM, String url, Boolean isPublic, Boolean featured,
@@ -158,7 +151,7 @@ public abstract class TemplateAdapterBase extends AdapterBase implements Templat
             sshkeyEnabled = Boolean.FALSE;
         }
 
-        boolean isAdmin = _accountDao.findById(templateOwner.getId()).getType() == Account.ACCOUNT_TYPE_ADMIN;
+        boolean isAdmin = _accountMgr.isRootAdmin(templateOwner.getId());
 
         if (!isAdmin && zoneId == null) {
             throw new InvalidParameterValueException("Please specify a valid zone Id.");
@@ -191,7 +184,7 @@ public abstract class TemplateAdapterBase extends AdapterBase implements Templat
 
         _resourceLimitMgr.checkResourceLimit(templateOwner, ResourceType.template);
 
-        if (templateOwner.getType() != Account.ACCOUNT_TYPE_ADMIN && zoneId == null) {
+        if (!_accountMgr.isRootAdmin(templateOwner.getId()) && zoneId == null) {
             throw new IllegalArgumentException("Only admins can create templates in all zones");
         }
 
@@ -202,7 +195,7 @@ public abstract class TemplateAdapterBase extends AdapterBase implements Templat
                 throw new IllegalArgumentException("Please specify a valid zone.");
             }
             Account caller = CallContext.current().getCallingAccount();
-            if(Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getType())){
+            if(Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getId())){
                 throw new PermissionDeniedException("Cannot perform this operation, Zone is currently disabled: "+ zoneId );
             }
         }
@@ -298,7 +291,7 @@ public abstract class TemplateAdapterBase extends AdapterBase implements Templat
             throws PermissionDeniedException {
 
         if (account != null) {
-            if (!isAdmin(account.getType())) {
+            if (!_accountMgr.isAdmin(account.getType())) {
                 if ((vmInstanceCheck != null) && (account.getId() != vmInstanceCheck.getAccountId())) {
                     throw new PermissionDeniedException(msg + ". Permission denied.");
                 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/template/TemplateManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/template/TemplateManagerImpl.java b/server/src/com/cloud/template/TemplateManagerImpl.java
index e11ac0d..a1e20b9 100755
--- a/server/src/com/cloud/template/TemplateManagerImpl.java
+++ b/server/src/com/cloud/template/TemplateManagerImpl.java
@@ -334,12 +334,12 @@ public class TemplateManagerImpl extends ManagerBase implements TemplateManager,
     public VirtualMachineTemplate registerTemplate(RegisterTemplateCmd cmd) throws URISyntaxException, ResourceAllocationException {
         Account account = CallContext.current().getCallingAccount();
         if (cmd.getTemplateTag() != null) {
-            if (!_accountService.isRootAdmin(account.getType())) {
+            if (!_accountService.isRootAdmin(account.getId())) {
                 throw new PermissionDeniedException("Parameter templatetag can only be specified by a Root Admin, permission denied");
             }
         }
         if(cmd.isRoutingType() != null){
-            if(!_accountService.isRootAdmin(account.getType())){
+            if (!_accountService.isRootAdmin(account.getId())) {
                 throw new PermissionDeniedException("Parameter isrouting can only be specified by a Root Admin, permission denied");
             }
         }
@@ -422,7 +422,7 @@ public class TemplateManagerImpl extends ManagerBase implements TemplateManager,
         }
         eventId = eventId == null ? 0 : eventId;
 
-        if (!_accountMgr.isRootAdmin(caller.getType()) && _disableExtraction) {
+        if (!_accountMgr.isRootAdmin(caller.getId()) && _disableExtraction) {
             throw new PermissionDeniedException("Extraction has been disabled by admin");
         }
 
@@ -453,7 +453,7 @@ public class TemplateManagerImpl extends ManagerBase implements TemplateManager,
             throw new IllegalArgumentException("Please specify a valid zone.");
         }
 
-        if (!_accountMgr.isRootAdmin(caller.getType()) && !template.isExtractable()) {
+        if (!_accountMgr.isRootAdmin(caller.getId()) && !template.isExtractable()) {
             throw new InvalidParameterValueException("Unable to extract template id=" + templateId + " as it's not extractable");
         }
 
@@ -1248,7 +1248,7 @@ public class TemplateManagerImpl extends ManagerBase implements TemplateManager,
             updatedTemplate.setFeatured(isFeatured.booleanValue());
         }
 
-        if (isExtractable != null && caller.getType() == Account.ACCOUNT_TYPE_ADMIN) {// Only
+        if (isExtractable != null && _accountMgr.isRootAdmin(caller.getId())) {// Only
             // ROOT
             // admins
             // allowed
@@ -1258,7 +1258,7 @@ public class TemplateManagerImpl extends ManagerBase implements TemplateManager,
             // powerful
             // attribute
             updatedTemplate.setExtractable(isExtractable.booleanValue());
-        } else if (isExtractable != null && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
+        } else if (isExtractable != null && !_accountMgr.isRootAdmin(caller.getId())) {
             throw new InvalidParameterValueException("Only ROOT admins are allowed to modify this attribute.");
         }
 
@@ -1438,18 +1438,13 @@ public class TemplateManagerImpl extends ManagerBase implements TemplateManager,
         }
     }
 
-    private static boolean isAdmin(short accountType) {
-        return ((accountType == Account.ACCOUNT_TYPE_ADMIN) || (accountType == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN)
-                || (accountType == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) || (accountType == Account.ACCOUNT_TYPE_READ_ONLY_ADMIN));
-    }
-
     @Override
     @ActionEvent(eventType = EventTypes.EVENT_TEMPLATE_CREATE, eventDescription = "creating template", create = true)
     public VMTemplateVO createPrivateTemplateRecord(CreateTemplateCmd cmd, Account templateOwner) throws ResourceAllocationException {
         Long userId = CallContext.current().getCallingUserId();
 
         Account caller = CallContext.current().getCallingAccount();
-        boolean isAdmin = (isAdmin(caller.getType()));
+        boolean isAdmin = (_accountMgr.isAdmin(caller.getType()));
 
         _accountMgr.checkAccess(caller, null, true, templateOwner);
 
@@ -1459,7 +1454,7 @@ public class TemplateManagerImpl extends ManagerBase implements TemplateManager,
         }
 
         if (cmd.getTemplateTag() != null) {
-            if (!_accountService.isRootAdmin(caller.getType())) {
+            if (!_accountService.isRootAdmin(caller.getId())) {
                 throw new PermissionDeniedException("Parameter templatetag can only be specified by a Root Admin, permission denied");
             }
         }
@@ -1722,7 +1717,7 @@ public class TemplateManagerImpl extends ManagerBase implements TemplateManager,
         // do a permission check
         _accountMgr.checkAccess(account, AccessType.ModifyEntry, true, template);
         if(cmd.isRoutingType() != null){
-            if(!_accountService.isRootAdmin(account.getType())){
+            if (!_accountService.isRootAdmin(account.getId())) {
                 throw new PermissionDeniedException("Parameter isrouting can only be specified by a Root Admin, permission denied");
             }
         }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/aba54356/server/src/com/cloud/usage/UsageServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/usage/UsageServiceImpl.java b/server/src/com/cloud/usage/UsageServiceImpl.java
index 2ffb01d..c96e036 100755
--- a/server/src/com/cloud/usage/UsageServiceImpl.java
+++ b/server/src/com/cloud/usage/UsageServiceImpl.java
@@ -47,6 +47,7 @@ import com.cloud.projects.ProjectManager;
 import com.cloud.usage.dao.UsageDao;
 import com.cloud.usage.dao.UsageJobDao;
 import com.cloud.user.Account;
+import com.cloud.user.AccountService;
 import com.cloud.user.AccountVO;
 import com.cloud.user.dao.AccountDao;
 import com.cloud.utils.component.Manager;
@@ -69,6 +70,8 @@ public class UsageServiceImpl extends ManagerBase implements UsageService, Manag
     @Inject private ConfigurationDao _configDao;
     @Inject private ProjectManager _projectMgr;
     private TimeZone _usageTimezone;
+    @Inject
+    private AccountService _accountService;
 
     public UsageServiceImpl() {
     }
@@ -156,7 +159,7 @@ public class UsageServiceImpl extends ManagerBase implements UsageService, Manag
             accountId = caller.getId();
             //List records for all the accounts if the caller account is of type admin. 
             //If account_id or account_name is explicitly mentioned, list records for the specified account only even if the caller is of type admin
-            if(caller.getType() == Account.ACCOUNT_TYPE_ADMIN){
+            if (_accountService.isRootAdmin(caller.getId())) {
                 isAdmin = true;
             }
             s_logger.debug("Account details not available. Using userContext accountId: " + accountId);


Mime
View raw message