apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-12-15 18:12:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix CLOUDSTACK-1894 User is not able to deploy VMs in a project[permission denied to access the guest network)

Browse Source
This commit is contained in:
Mice Xia 2013-04-12 14:57:56 +08:00
parent 7fb63be6e1
commit cbcb83b086
1 changed files with 17 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
server/src/com/cloud/network/NetworkModelImpl.java Normal file → Executable file
View File

@ -88,7 +88,9 @@ import com.cloud.offerings.NetworkOfferingServiceMapVO;
import com.cloud.offerings.NetworkOfferingVO;
import com.cloud.offerings.dao.NetworkOfferingDao;
import com.cloud.offerings.dao.NetworkOfferingServiceMapDao;
import com.cloud.projects.dao.ProjectAccountDao;
import com.cloud.user.Account;
import com.cloud.user.AccountVO;
import com.cloud.user.DomainManager;
import com.cloud.user.dao.AccountDao;
import com.cloud.utils.component.AdapterBase;
@ -178,7 +180,8 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel {
UserIpv6AddressDao _ipv6Dao;
@Inject
NicSecondaryIpDao _nicSecondaryIpDao;;
@Inject
private ProjectAccountDao _projectAccountDao;
private final HashMap<String, NetworkOfferingVO> _systemNetworks = new HashMap<String, NetworkOfferingVO>(5);
static Long _privateOfferingId = null;
@ -1472,10 +1475,20 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel {
public void checkNetworkPermissions(Account owner, Network network) {
// Perform account permission check
if (network.getGuestType() != Network.GuestType.Shared) {
List<NetworkVO> networkMap = _networksDao.listBy(owner.getId(), network.getId());
if (networkMap == null || networkMap.isEmpty()) {
throw new PermissionDeniedException("Unable to use network with id= " + network.getUuid() + ", permission denied");
AccountVO networkOwner = _accountDao.findById(network.getAccountId());
if(networkOwner == null)
throw new PermissionDeniedException("Unable to use network with id= " + network.getId() + ", network does not have an owner");
if(owner.getType() != Account.ACCOUNT_TYPE_PROJECT && networkOwner.getType() == Account.ACCOUNT_TYPE_PROJECT){
if(!_projectAccountDao.canAccessProjectAccount(owner.getAccountId(), network.getAccountId())){
throw new PermissionDeniedException("Unable to use network with id= " + network.getId() + ", permission denied");
}
}else{
List<NetworkVO> networkMap = _networksDao.listBy(owner.getId(), network.getId());
if (networkMap == null || networkMap.isEmpty()) {
throw new PermissionDeniedException("Unable to use network with id= " + network.getId() + ", permission denied");
}
}
} else {
if (!isNetworkAvailableInDomain(network.getId(), owner.getDomainId())) {
throw new PermissionDeniedException("Shared network id=" + network.getUuid() + " is not available in domain id=" + owner.getDomainId());