Return-Path: X-Original-To: apmail-cloudstack-commits-archive@www.apache.org Delivered-To: apmail-cloudstack-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 75AF410792 for ; Mon, 16 Dec 2013 12:41:42 +0000 (UTC) Received: (qmail 64367 invoked by uid 500); 16 Dec 2013 12:41:39 -0000 Delivered-To: apmail-cloudstack-commits-archive@cloudstack.apache.org Received: (qmail 64283 invoked by uid 500); 16 Dec 2013 12:41:33 -0000 Mailing-List: contact commits-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list commits@cloudstack.apache.org Received: (qmail 64269 invoked by uid 99); 16 Dec 2013 12:41:31 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 16 Dec 2013 12:41:31 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 7FCD290720A; Mon, 16 Dec 2013 12:41:31 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: kishan@apache.org To: commits@cloudstack.apache.org Date: Mon, 16 Dec 2013 12:41:31 -0000 Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: [1/2] git commit: updated refs/heads/4.3 to e2805b8 Updated Branches: refs/heads/4.3 6b7ea7f90 -> e2805b802 refs/heads/master 7cac5aa9f -> 3a3fec3cb CLOUDSTACK-5145 : Added permission checks while deleting network ACLs Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/e2805b80 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/e2805b80 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/e2805b80 Branch: refs/heads/4.3 Commit: e2805b802cb7eb82bf885199e0bd289bcb599167 Parents: 6b7ea7f Author: Kishan Kavala Authored: Mon Dec 16 17:50:08 2013 +0530 Committer: Kishan Kavala Committed: Mon Dec 16 17:50:08 2013 +0530 ---------------------------------------------------------------------- server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java | 8 ++++++++ 1 file changed, 8 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e2805b80/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java b/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java index e91af57..6677338 100644 --- a/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java +++ b/server/src/com/cloud/network/vpc/NetworkACLServiceImpl.java @@ -582,6 +582,14 @@ public class NetworkACLServiceImpl extends ManagerBase implements NetworkACLServ public boolean revokeNetworkACLItem(long ruleId) { NetworkACLItemVO aclItem = _networkACLItemDao.findById(ruleId); if(aclItem != null){ + NetworkACL acl = _networkAclMgr.getNetworkACL(aclItem.getAclId()); + + Vpc vpc = _entityMgr.findById(Vpc.class, acl.getVpcId()); + + Account caller = CallContext.current().getCallingAccount(); + + _accountMgr.checkAccess(caller, null, true, vpc); + if((aclItem.getAclId() == NetworkACL.DEFAULT_ALLOW) || (aclItem.getAclId() == NetworkACL.DEFAULT_DENY)){ throw new InvalidParameterValueException("ACL Items in default ACL cannot be deleted"); }