accountObj.getId() + " and caller is a normal user"); } else if (_accountMgr.isDomainAdmin(accountObj.getId()) || accountObj.getType() == Account.ACCOUNT_TYPE_READ_ONLY_ADMIN) { if(s_logger.isDebugEnabled()) {
@Override public boolean canAccessProjectAccount(Account caller, long accountId) { //ROOT admin always can access the project if (_accountMgr.isRootAdmin(caller.getId())) { return true; } else if (_accountMgr.isDomainAdmin(caller.getId())) { Account owner = _accountMgr.getAccount(accountId); _accountMgr.checkAccess(caller, _domainDao.findById(owner.getDomainId())); return true; } return _projectAccountDao.canAccessProjectAccount(caller.getId(), accountId); }
@Override public boolean canModifyProjectAccount(Account caller, long accountId) { //ROOT admin always can access the project if (_accountMgr.isRootAdmin(caller.getId())) { return true; } else if (_accountMgr.isDomainAdmin(caller.getId())) { Account owner = _accountMgr.getAccount(accountId); _accountMgr.checkAccess(caller, _domainDao.findById(owner.getDomainId())); return true; } return _projectAccountDao.canModifyProjectAccount(caller.getId(), accountId); }
} else if (_accountMgr.isDomainAdmin(account.getId()) || account.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) {
&& !_accountMgr.isDomainAdmin(caller.getId())) { // only
if ((caller.getAccountId() == accountId.longValue()) && (_accountMgr.isDomainAdmin(caller.getId()) || caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN)) {
@Override public AsyncJobResponse queryJobResult(final QueryAsyncJobResultCmd cmd) { final Account caller = CallContext.current().getCallingAccount(); final AsyncJob job = _entityMgr.findByIdIncludingRemoved(AsyncJob.class, cmd.getId()); if (job == null) { throw new InvalidParameterValueException("Unable to find a job by id " + cmd.getId()); } final User userJobOwner = _accountMgr.getUserIncludingRemoved(job.getUserId()); final Account jobOwner = _accountMgr.getAccount(userJobOwner.getAccountId()); //check permissions if (_accountMgr.isNormalUser(caller.getId())) { //regular user can see only jobs he owns if (caller.getId() != jobOwner.getId()) { throw new PermissionDeniedException("Account " + caller + " is not authorized to see job id=" + job.getId()); } } else if (_accountMgr.isDomainAdmin(caller.getId())) { _accountMgr.checkAccess(caller, null, true, jobOwner); } return createAsyncJobResponse(_jobMgr.queryJob(cmd.getId(), true)); }
if ((_accountMgr.isNormalUser(account.getId()) || _accountMgr.isDomainAdmin(account.getId())) || account.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) { if (isRecursive) { // domain + all sub-domains if (account.getType() == Account.ACCOUNT_TYPE_NORMAL) {
if ((_accountMgr.isNormalUser(caller.getId()) || _accountMgr.isDomainAdmin(caller.getId())) || caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) {
} else if (_accountMgr.isDomainAdmin(caller.getId()) || (isRecursive && !listAll)) { DomainVO domain = _domainDao.findById(caller.getDomainId()); path = domain.getPath();