From 4a1ebb3fa56addb0f2ab011c92d2d22dc3fc8327 Mon Sep 17 00:00:00 2001
From: Wei Zhou <weizhou@apache.org>
Date: Thu, 3 Feb 2022 12:14:11 +0100
Subject: [PATCH] server: allow normal users to create isolated network without
 source nat (#5920)

---
 .../com/cloud/network/NetworkServiceImpl.java | 19 +++++++------------
 1 file changed, 7 insertions(+), 12 deletions(-)

diff --git a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
index de13cd7b3e4..53dabc46214 100644
--- a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
@@ -1360,9 +1360,8 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C
 
         performBasicPrivateVlanChecks(vlanId, secondaryVlanId, privateVlanType);
 
-        // Regular user can create Guest Isolated Source Nat enabled network or L2 network only
-        if (_accountMgr.isNormalUser(caller.getId())) {
-            validateNetworkOfferingForRegularUser(ntwkOff);
+        if (!_accountMgr.isRootAdmin(caller.getId())) {
+            validateNetworkOfferingForNonRootAdminUser(ntwkOff);
         }
 
         // Don't allow to specify vlan if the caller is not ROOT admin
@@ -1454,20 +1453,16 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C
         return network;
     }
 
-    private void validateNetworkOfferingForRegularUser(NetworkOfferingVO ntwkOff) {
+    private void validateNetworkOfferingForNonRootAdminUser(NetworkOfferingVO ntwkOff) {
         if (ntwkOff.getTrafficType() != TrafficType.Guest) {
-            throw new InvalidParameterValueException("Regular users can only create a Guest network");
+            throw new InvalidParameterValueException("This user can only create a Guest network");
         }
-        if (ntwkOff.getGuestType() == GuestType.Isolated && areServicesSupportedByNetworkOffering(ntwkOff.getId(), Service.SourceNat)) {
-            s_logger.debug(String.format("Creating a network from network offerings having traffic type [%s] and network type [%s] with a service [%s] enabled.",
-                    TrafficType.Guest, GuestType.Isolated, Service.SourceNat.getName()));
-        } else if (ntwkOff.getGuestType() == GuestType.L2) {
+        if (ntwkOff.getGuestType() == GuestType.L2 || ntwkOff.getGuestType() == GuestType.Isolated) {
             s_logger.debug(String.format("Creating a network from network offerings having traffic type [%s] and network type [%s].",
-                    TrafficType.Guest, GuestType.L2));
+                    TrafficType.Guest, ntwkOff.getGuestType()));
         } else {
             throw new InvalidParameterValueException(
-                    String.format("Regular users can only create an %s network with a service [%s] enabled, or a %s network.",
-                            GuestType.Isolated, Service.SourceNat.getName(), GuestType.L2));
+                    String.format("This user can only create an %s network or a %s network.", GuestType.Isolated, GuestType.L2));
         }
     }