From 586febd4c1b6330876b1be6a3f03f34af43db517 Mon Sep 17 00:00:00 2001 From: Alena Prokharchyk Date: Mon, 28 Nov 2011 09:56:27 -0800 Subject: [PATCH] bug 11965: check the user state on the Services layer, not in the VmManager as VmManager can be called not only from the API, but also by internal methods - HA for instance - and in this case we shouldn't care about the account state 11965 status: resolved fixed Also fixed gson serialization error in account response --- .../cloud/api/response/AccountResponse.java | 4 +- .../src/com/cloud/vm/UserVmManagerImpl.java | 39 +++++++++++++------ .../cloud/vm/VirtualMachineManagerImpl.java | 1 - 3 files changed, 29 insertions(+), 15 deletions(-) diff --git a/api/src/com/cloud/api/response/AccountResponse.java b/api/src/com/cloud/api/response/AccountResponse.java index d739b0e190f..aba2974ce72 100755 --- a/api/src/com/cloud/api/response/AccountResponse.java +++ b/api/src/com/cloud/api/response/AccountResponse.java @@ -110,8 +110,8 @@ public class AccountResponse extends BaseResponse { @SerializedName(ApiConstants.NETWORK_DOMAIN) @Param(description="the network domain") private String networkDomain; - @SerializedName(ApiConstants.ACCOUNT_DETAILS) @Param(description="details fro the account") - private Map details; + @SerializedName(ApiConstants.ACCOUNT_DETAILS) @Param(description="details for the account") + private Map details; public Long getId() { return id.getValue(); diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java index e0290855b8f..5def8ae2bc8 100755 --- a/server/src/com/cloud/vm/UserVmManagerImpl.java +++ b/server/src/com/cloud/vm/UserVmManagerImpl.java @@ -2318,6 +2318,11 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager Long diskSize, List networkList, List securityGroupIdList, String group, String userData, String sshKeyPair, HypervisorType hypervisor, Account caller, Map requestedIps, String defaultNetworkIp, String keyboard) throws InsufficientCapacityException, ResourceUnavailableException, ConcurrentOperationException, StorageUnavailableException, ResourceAllocationException { _accountMgr.checkAccess(caller, null, owner); + + if (owner.getState() == Account.State.disabled) { + throw new PermissionDeniedException("The owner of vm to deploy is disabled: " + owner); + } + long accountId = owner.getId(); assert !(requestedIps != null && defaultNetworkIp != null) : "requestedIp list and defaultNetworkIp should never be specified together"; @@ -2645,16 +2650,6 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager Map details = _vmDetailsDao.findDetails(vm.getId()); vm.setDetails(details); - Account owner = _accountDao.findById(vm.getAccountId()); - - if (owner == null) { - throw new PermissionDeniedException("The owner of " + vm + " does not exist: " + vm.getAccountId()); - } - - if (owner.getState() == Account.State.disabled) { - throw new PermissionDeniedException("The owner of " + vm + " is disabled: " + vm.getAccountId()); - } - if (vm.getIsoId() != null) { String isoPath = null; @@ -2851,15 +2846,26 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager // if account is removed, return error if (caller != null && caller.getRemoved() != null) { - throw new PermissionDeniedException("The account " + caller.getId() + " is removed"); + throw new InvalidParameterValueException("The account " + caller.getId() + " is removed"); } - + UserVmVO vm = _vmDao.findById(vmId); if (vm == null) { throw new InvalidParameterValueException("unable to find a virtual machine with id " + vmId); } _accountMgr.checkAccess(caller, null, vm); + + Account owner = _accountDao.findById(vm.getAccountId()); + + if (owner == null) { + throw new InvalidParameterValueException("The owner of " + vm + " does not exist: " + vm.getAccountId()); + } + + if (owner.getState() == Account.State.disabled) { + throw new PermissionDeniedException("The owner of " + vm + " is disabled: " + vm.getAccountId()); + } + UserVO user = _userDao.findById(userId); //check if vm is security group enabled @@ -3508,6 +3514,15 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager if (vm == null) { throw new InvalidParameterValueException("Cann not find VM with ID " + vmId); } + + Account owner = _accountDao.findById(vm.getAccountId()); + if (owner == null) { + throw new InvalidParameterValueException("The owner of " + vm + " does not exist: " + vm.getAccountId()); + } + + if (owner.getState() == Account.State.disabled) { + throw new PermissionDeniedException("The owner of " + vm + " is disabled: " + vm.getAccountId()); + } if (vm.getState() != VirtualMachine.State.Running && vm.getState() != VirtualMachine.State.Stopped) { throw new CloudRuntimeException("Vm " + vmId + " currently in " + vm.getState() + " state, restore vm can only execute when VM in Running or Stopped"); diff --git a/server/src/com/cloud/vm/VirtualMachineManagerImpl.java b/server/src/com/cloud/vm/VirtualMachineManagerImpl.java index d063b92fb4a..773e4a7415b 100755 --- a/server/src/com/cloud/vm/VirtualMachineManagerImpl.java +++ b/server/src/com/cloud/vm/VirtualMachineManagerImpl.java @@ -129,7 +129,6 @@ import com.cloud.user.User; import com.cloud.user.dao.AccountDao; import com.cloud.user.dao.UserDao; import com.cloud.uservm.UserVm; -import com.cloud.utils.DateUtil; import com.cloud.utils.Journal; import com.cloud.utils.NumbersUtil; import com.cloud.utils.Pair;