_accountMgr.checkAccess(accountObj, null, true, vm); } catch (PermissionDeniedException ex) { if (_accountMgr.isNormalUser(accountObj.getId())) { if (s_logger.isDebugEnabled()) { s_logger.debug("VM access is denied. VM owner account " + vm.getAccountId() + " does not match the account id in session " +
@Override public boolean deleteEvents(final DeleteEventsCmd cmd) { final Account caller = getCaller(); final List<Long> ids = cmd.getIds(); boolean result = true; List<Long> permittedAccountIds = new ArrayList<Long>(); if (_accountMgr.isNormalUser(caller.getId()) || caller.getType() == Account.ACCOUNT_TYPE_PROJECT) { permittedAccountIds.add(caller.getId()); } else { final DomainVO domain = _domainDao.findById(caller.getDomainId()); final List<Long> permittedDomainIds = _domainDao.getDomainChildrenIds(domain.getPath()); permittedAccountIds = _accountDao.getAccountIdsForDomains(permittedDomainIds); } final List<EventVO> events = _eventDao.listToArchiveOrDeleteEvents(ids, cmd.getType(), cmd.getStartDate(), cmd.getEndDate(), permittedAccountIds); final ControlledEntity[] sameOwnerEvents = events.toArray(new ControlledEntity[events.size()]); _accountMgr.checkAccess(CallContext.current().getCallingAccount(), null, false, sameOwnerEvents); if (ids != null && events.size() < ids.size()) { result = false; return result; } for (final EventVO event : events) { _eventDao.remove(event.getId()); } return result; }
private void checkResourceAccessible(Long accountId, Long domainId, String exceptionMessage) { Account caller = CallContext.current().getCallingAccount(); if (Objects.equals(domainId, -1)) { throw new CloudRuntimeException("Invalid DomainId: -1"); } if (accountId != null) { _accountMgr.checkAccess(caller, null, false, _accountMgr.getAccount(accountId)); } else if (domainId != null && !_accountMgr.isNormalUser(caller.getId())) { //check permissions; _accountMgr.checkAccess(caller, _domainMgr.getDomain(domainId)); } else { throw new PermissionDeniedException(exceptionMessage); } }
if (_accountMgr.isNormalUser(account.getId())) { } else if (_accountMgr.isNormalUser(account.getId())) {
if (_accountMgr.isNormalUser(caller.getId()) && !_allowUserToCreateProject) { throw new PermissionDeniedException("Regular user is not permitted to create a project");
if ((isSystem == null || _accountMgr.isNormalUser(caller.getId())) && id == null) { isSystem = false;
@Override public AsyncJobResponse queryJobResult(final QueryAsyncJobResultCmd cmd) { final Account caller = CallContext.current().getCallingAccount(); final AsyncJob job = _entityMgr.findByIdIncludingRemoved(AsyncJob.class, cmd.getId()); if (job == null) { throw new InvalidParameterValueException("Unable to find a job by id " + cmd.getId()); } final User userJobOwner = _accountMgr.getUserIncludingRemoved(job.getUserId()); final Account jobOwner = _accountMgr.getAccount(userJobOwner.getAccountId()); //check permissions if (_accountMgr.isNormalUser(caller.getId())) { //regular user can see only jobs he owns if (caller.getId() != jobOwner.getId()) { throw new PermissionDeniedException("Account " + caller + " is not authorized to see job id=" + job.getId()); } } else if (_accountMgr.isDomainAdmin(caller.getId())) { _accountMgr.checkAccess(caller, null, true, jobOwner); } return createAsyncJobResponse(_jobMgr.queryJob(cmd.getId(), true)); }
if ((_accountMgr.isNormalUser(account.getId()) || _accountMgr.isDomainAdmin(account.getId())) || account.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) { if (isRecursive) { // domain + all sub-domains if (account.getType() == Account.ACCOUNT_TYPE_NORMAL) {
if ((_accountMgr.isNormalUser(caller.getId()) || _accountMgr.isDomainAdmin(caller.getId())) || caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) {
if (_accountMgr.isNormalUser(caller.getId()) && (ntwkOff.getTrafficType() != TrafficType.Guest || ntwkOff.getGuestType() != Network.GuestType.Isolated && areServicesSupportedByNetworkOffering(ntwkOff.getId(), Service.SourceNat))) { throw new InvalidParameterValueException(
if (domainId == null && accountId == null && (_accountMgr.isNormalUser(caller.getId()) || !listAll)) { accountId = caller.getId(); } else if (_accountMgr.isDomainAdmin(caller.getId()) || (isRecursive && !listAll)) {