diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java index a4bf4b31f0b..11f6c39315a 100644 --- a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java +++ b/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java @@ -28,10 +28,10 @@ import org.apache.cloudstack.api.Parameter; import org.apache.cloudstack.api.ServerApiException; import org.apache.cloudstack.api.response.AclGroupResponse; import org.apache.cloudstack.api.response.DomainResponse; +import org.apache.cloudstack.context.CallContext; import com.cloud.event.EventTypes; import com.cloud.exception.ResourceAllocationException; -import com.cloud.user.Account; @APICommand(name = "createAclGroup", responseObject = AclGroupResponse.class, description = "Creates an acl group") public class CreateAclGroupCmd extends BaseAsyncCreateCmd { @@ -82,7 +82,7 @@ public class CreateAclGroupCmd extends BaseAsyncCreateCmd { @Override public long getEntityOwnerId() { - return Account.ACCOUNT_ID_SYSTEM; + return CallContext.current().getCallingAccount().getId(); } @Override diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java index 05afbcafdca..5663ac52a49 100644 --- a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java +++ b/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java @@ -29,10 +29,10 @@ import org.apache.cloudstack.api.Parameter; import org.apache.cloudstack.api.ServerApiException; import org.apache.cloudstack.api.response.AclRoleResponse; import org.apache.cloudstack.api.response.DomainResponse; +import org.apache.cloudstack.context.CallContext; import com.cloud.event.EventTypes; import com.cloud.exception.ResourceAllocationException; -import com.cloud.user.Account; @APICommand(name = "createAclRole", responseObject = AclRoleResponse.class, description = "Creates an acl role") public class CreateAclRoleCmd extends BaseAsyncCreateCmd { @@ -90,7 +90,7 @@ public class CreateAclRoleCmd extends BaseAsyncCreateCmd { @Override public long getEntityOwnerId() { - return Account.ACCOUNT_ID_SYSTEM; + return CallContext.current().getCallingAccount().getId(); } @Override diff --git a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java index f879d2b5552..ccd3bf0c27a 100644 --- a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java +++ b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java @@ -113,9 +113,12 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager { @ActionEvent(eventType = EventTypes.EVENT_ACL_ROLE_CREATE, eventDescription = "Creating Acl Role", create = true) public AclRole createAclRole(Long domainId, String aclRoleName, String description, Long parentRoleId) { Account caller = CallContext.current().getCallingAccount(); + if (domainId == null) { + domainId = caller.getDomainId(); + } if (!_accountMgr.isRootAdmin(caller.getAccountId())) { // domain admin can only create role for his domain - if (domainId != null && caller.getDomainId() != domainId.longValue()) { + if (caller.getDomainId() != domainId.longValue()) { throw new PermissionDeniedException("Can't create acl role in domain " + domainId + ", permission denied"); } } @@ -130,9 +133,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager { Transaction txn = Transaction.currentTxn(); txn.start(); AclRoleVO rvo = new AclRoleVO(aclRoleName, description); - if (domainId != null) { - rvo.setDomainId(domainId); - } + rvo.setDomainId(domainId); AclRole role = _aclRoleDao.persist(rvo); if (parentRoleId != null) { // copy parent role permissions @@ -472,9 +473,12 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager { @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_CREATE, eventDescription = "Creating Acl Group", create = true) public AclGroup createAclGroup(Long domainId, String aclGroupName, String description) { Account caller = CallContext.current().getCallingAccount(); + if (domainId == null) { + domainId = caller.getDomainId(); // use caller's domain id + } if (!_accountMgr.isRootAdmin(caller.getAccountId())) { // domain admin can only create role for his domain - if (domainId != null && caller.getDomainId() != domainId.longValue()) { + if (caller.getDomainId() != domainId.longValue()) { throw new PermissionDeniedException("Can't create acl group in domain " + domainId + ", permission denied"); } } @@ -486,9 +490,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager { + " already exisits for domain " + domainId); } AclGroupVO rvo = new AclGroupVO(aclGroupName, description); - if (domainId != null) { - rvo.setDomainId(domainId); - } + rvo.setDomainId(domainId); return _aclGroupDao.persist(rvo); }