bug 11965: check the user state on the Services layer, not in the VmManager as VmManager can be called not only from the API, but also by internal methods - HA for instance - and in this case we shouldn't care about the account state

11965 status: resolved fixed

Also fixed gson serialization error in account response

api/src/com/cloud/api/response/AccountResponse.java

@@ -110,8 +110,8 @@ public class AccountResponse extends BaseResponse {
     @SerializedName(ApiConstants.NETWORK_DOMAIN) @Param(description="the network domain")
     private String networkDomain;
     
-    @SerializedName(ApiConstants.ACCOUNT_DETAILS) @Param(description="details fro the account")
-    private Map details;
+    @SerializedName(ApiConstants.ACCOUNT_DETAILS) @Param(description="details for the account")
+    private Map<String, String> details;
 
     public Long getId() {
         return id.getValue();

server/src/com/cloud/vm/UserVmManagerImpl.java

@@ -2318,6 +2318,11 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
             Long diskSize, List<NetworkVO> networkList, List<Long> securityGroupIdList, String group, String userData, String sshKeyPair, HypervisorType hypervisor, Account caller, Map<Long, String> requestedIps, String defaultNetworkIp, String keyboard) throws InsufficientCapacityException, ResourceUnavailableException, ConcurrentOperationException, StorageUnavailableException, ResourceAllocationException {
 
         _accountMgr.checkAccess(caller, null, owner);
+        
+        if (owner.getState() == Account.State.disabled) {
+            throw new PermissionDeniedException("The owner of vm to deploy is disabled: " + owner);
+        }
+        
         long accountId = owner.getId();
 
         assert !(requestedIps != null && defaultNetworkIp != null) : "requestedIp list and defaultNetworkIp should never be specified together";
@@ -2645,16 +2650,6 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
         Map<String, String> details = _vmDetailsDao.findDetails(vm.getId());
         vm.setDetails(details);
 
-        Account owner = _accountDao.findById(vm.getAccountId());
-
-        if (owner == null) {
-            throw new PermissionDeniedException("The owner of " + vm + " does not exist: " + vm.getAccountId());
-        }
-
-        if (owner.getState() == Account.State.disabled) {
-            throw new PermissionDeniedException("The owner of " + vm + " is disabled: " + vm.getAccountId());
-        }
-
         if (vm.getIsoId() != null) {
             String isoPath = null;
 
@@ -2851,15 +2846,26 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
 
         // if account is removed, return error
         if (caller != null && caller.getRemoved() != null) {
-            throw new PermissionDeniedException("The account " + caller.getId() + " is removed");
+            throw new InvalidParameterValueException("The account " + caller.getId() + " is removed");
         }
-
+        
         UserVmVO vm = _vmDao.findById(vmId);
         if (vm == null) {
             throw new InvalidParameterValueException("unable to find a virtual machine with id " + vmId);
         }
 
         _accountMgr.checkAccess(caller, null, vm);
+        
+        Account owner = _accountDao.findById(vm.getAccountId());
+
+        if (owner == null) {
+            throw new InvalidParameterValueException("The owner of " + vm + " does not exist: " + vm.getAccountId());
+        }
+
+        if (owner.getState() == Account.State.disabled) {
+            throw new PermissionDeniedException("The owner of " + vm + " is disabled: " + vm.getAccountId());
+        }
+        
         UserVO user = _userDao.findById(userId);
 
         //check if vm is security group enabled
@@ -3508,6 +3514,15 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
         if (vm == null) {
             throw new InvalidParameterValueException("Cann not find VM with ID " + vmId);
         }
+        
+        Account owner = _accountDao.findById(vm.getAccountId());
+        if (owner == null) {
+            throw new InvalidParameterValueException("The owner of " + vm + " does not exist: " + vm.getAccountId());
+        }
+
+        if (owner.getState() == Account.State.disabled) {
+            throw new PermissionDeniedException("The owner of " + vm + " is disabled: " + vm.getAccountId());
+        }
 
         if (vm.getState() != VirtualMachine.State.Running && vm.getState() != VirtualMachine.State.Stopped) {
             throw new CloudRuntimeException("Vm " + vmId + " currently in " + vm.getState() + " state, restore vm can only execute when VM in Running or Stopped");

server/src/com/cloud/vm/VirtualMachineManagerImpl.java

@@ -129,7 +129,6 @@ import com.cloud.user.User;
 import com.cloud.user.dao.AccountDao;
 import com.cloud.user.dao.UserDao;
 import com.cloud.uservm.UserVm;
-import com.cloud.utils.DateUtil;
 import com.cloud.utils.Journal;
 import com.cloud.utils.NumbersUtil;
 import com.cloud.utils.Pair;