cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bhais...@apache.org
Subject [1/9] git commit: updated refs/heads/master to 6c71d3b
Date Fri, 13 Mar 2015 09:33:44 GMT
Repository: cloudstack
Updated Branches:
  refs/heads/master 3d411dc61 -> 6c71d3bae


Error message exposes domain Id when deployVirtualMachine() is attempted on a shared network
to which the user doesnot have access to.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit 0d36f2e4b520ecc85342ab8660e5547f675db12a)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/6ccb9b1f
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/6ccb9b1f
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/6ccb9b1f

Branch: refs/heads/master
Commit: 6ccb9b1fc3c7be9cbb314aee7afb499169a891c0
Parents: 5608982
Author: Min Chen <min.chen@citrix.com>
Authored: Wed Sep 17 15:34:12 2014 -0700
Committer: Rohit Yadav <rohit.yadav@shapeblue.com>
Committed: Fri Mar 13 15:02:26 2015 +0530

----------------------------------------------------------------------
 server/src/com/cloud/acl/AffinityGroupAccessChecker.java | 9 ++++++++-
 server/src/com/cloud/network/NetworkModelImpl.java       | 6 +++++-
 2 files changed, 13 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6ccb9b1f/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/acl/AffinityGroupAccessChecker.java b/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
index 7bcecf0..57f7b37 100644
--- a/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
+++ b/server/src/com/cloud/acl/AffinityGroupAccessChecker.java
@@ -28,9 +28,11 @@ import org.apache.cloudstack.affinity.AffinityGroup;
 import org.apache.cloudstack.affinity.AffinityGroupService;
 import org.apache.cloudstack.affinity.dao.AffinityGroupDomainMapDao;
 
+import com.cloud.domain.DomainVO;
 import com.cloud.exception.PermissionDeniedException;
 import com.cloud.user.Account;
 import com.cloud.user.AccountManager;
+import com.cloud.utils.exception.CloudRuntimeException;
 
 @Component
 @Local(value = SecurityChecker.class)
@@ -58,7 +60,12 @@ public class AffinityGroupAccessChecker extends DomainChecker {
 
             if (group.getAclType() == ACLType.Domain) {
                 if (!_affinityGroupService.isAffinityGroupAvailableInDomain(group.getId(),
caller.getDomainId())) {
-                    throw new PermissionDeniedException("Affinity group is not available
in domain id=" + caller.getDomainId());
+                    DomainVO callerDomain = _domainDao.findById(caller.getDomainId());
+                    if (callerDomain == null) {
+                        throw new CloudRuntimeException("cannot check permission on account
" + caller.getAccountName() + " whose domain does not exist");
+                    }
+
+                    throw new PermissionDeniedException("Affinity group is not available
in domain id=" + callerDomain.getUuid());
                 } else {
                     return true;
                 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6ccb9b1f/server/src/com/cloud/network/NetworkModelImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/NetworkModelImpl.java b/server/src/com/cloud/network/NetworkModelImpl.java
index 4db7141..178796b 100644
--- a/server/src/com/cloud/network/NetworkModelImpl.java
+++ b/server/src/com/cloud/network/NetworkModelImpl.java
@@ -1598,8 +1598,12 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel
{
 
         } else {
             if (!isNetworkAvailableInDomain(network.getId(), owner.getDomainId())) {
+                DomainVO ownerDomain = _domainDao.findById(owner.getDomainId());
+                if (ownerDomain == null) {
+                    throw new CloudRuntimeException("cannot check permission on account "
+ owner.getAccountName() + " whose domain does not exist");
+                }
                 throw new PermissionDeniedException("Shared network id=" + ((NetworkVO)network).getUuid()
+ " is not available in domain id=" +
-                    owner.getDomainId());
+                        ownerDomain.getUuid());
             }
         }
     }


Mime
View raw message