@Override public long getEntityOwnerId() { Account caller = CallContext.current().getCallingAccount(); //For domain wide affinity groups (if the affinity group processor type allows it) if(projectId == null && domainId != null && accountName == null && _accountService.isRootAdmin(caller.getId())){ return Account.ACCOUNT_ID_SYSTEM; } Account owner = _accountService.finalizeOwner(caller, accountName, domainId, projectId); if(owner == null){ return caller.getAccountId(); } return owner.getAccountId(); }
@Override public long getEntityOwnerId() { Account caller = CallContext.current().getCallingAccount(); //For domain wide affinity groups (if the affinity group processor type allows it) if(projectId == null && domainId != null && accountName == null && _accountService.isRootAdmin(caller.getId())){ return Account.ACCOUNT_ID_SYSTEM; } Account owner = _accountService.finalizeOwner(caller, accountName, domainId, projectId); if(owner == null){ return caller.getAccountId(); } return owner.getAccountId(); }
@Override public boolean checkAccess(User user, String apiCommandName) throws PermissionDeniedException { // check if api rate limiting is enabled or not if (!enabled) { return true; } Long accountId = user.getAccountId(); Account account = _accountService.getAccount(accountId); if (_accountService.isRootAdmin(account.getId())) { // no API throttling on root admin return true; } StoreEntry entry = _store.get(accountId); if (entry == null) { /* Populate the entry, thus unlocking any underlying mutex */ entry = _store.create(accountId, timeToLive); } /* Increment the client count and see whether we have hit the maximum allowed clients yet. */ int current = entry.incrementAndGet(); if (current <= maxAllowed) { s_logger.trace("account (" + account.getAccountId() + "," + account.getAccountName() + ") has current count = " + current); return true; } else { long expireAfter = entry.getExpireDuration(); // for this exception, we can just show the same message to user and admin users. String msg = "The given user has reached his/her account api limit, please retry after " + expireAfter + " ms."; s_logger.warn(msg); throw new RequestLimitException(msg); } }
@Override @ActionEvent(eventType = EventTypes.EVENT_TEMPLATE_CREATE, eventDescription = "creating template") public VirtualMachineTemplate registerTemplate(RegisterTemplateCmd cmd) throws URISyntaxException, ResourceAllocationException { Account account = CallContext.current().getCallingAccount(); if (cmd.getTemplateTag() != null) { if (!_accountService.isRootAdmin(account.getId())) { throw new PermissionDeniedException("Parameter templatetag can only be specified by a Root Admin, permission denied"); } } if (cmd.isRoutingType() != null) { if (!_accountService.isRootAdmin(account.getId())) { throw new PermissionDeniedException("Parameter isrouting can only be specified by a Root Admin, permission denied"); } } TemplateAdapter adapter = getAdapter(HypervisorType.getType(cmd.getHypervisor())); TemplateProfile profile = adapter.prepare(cmd); VMTemplateVO template = adapter.create(profile); if (template != null) { return template; } else { throw new CloudRuntimeException("Failed to create a template"); } }
if (!_accountService.isRootAdmin(caller.getId())) { throw new PermissionDeniedException("Parameter templatetag can only be specified by a Root Admin, permission denied");
if (_accountService.isRootAdmin(caller.getId())) { isAdmin = true; } else if (_accountService.isDomainAdmin(caller.getId())) {
if (hostId != null) { Account account = CallContext.current().getCallingAccount(); if (!_accountService.isRootAdmin(account.getId())) { throw new PermissionDeniedException( "Parameter hostid can only be specified by a Root Admin, permission denied");
} else { if (_accountService.isRootAdmin(account.getId())) { return true;
} else { if (_accountService.isRootAdmin(account.getId())) { return true;
if (_accountService.isRootAdmin(caller.getId()) || (owner.getId() == caller.getId())) { return true; if (!_accountService.isRootAdmin(caller.getId()) && owner.getId() != caller.getId()) {
if (!_accountService.isRootAdmin(account.getId())) { throw new PermissionDeniedException("Parameter isrouting can only be specified by a Root Admin, permission denied");
} else { if (_accountService.isRootAdmin(account.getId())) { return true;
@Override public long getEntityOwnerId() { final Account caller = CallContext.current().getCallingAccount(); //For domain wide affinity groups (if the affinity group processor type allows it) if (projectId == null && domainId != null && accountName == null && _accountService.isRootAdmin(caller.getId())) { return Account.ACCOUNT_ID_SYSTEM; } final Account owner = _accountService.finalizeOwner(caller, accountName, domainId, projectId); if (owner == null) { return caller.getAccountId(); } return owner.getAccountId(); }
@Override public long getEntityOwnerId() { final Account caller = CallContext.current().getCallingAccount(); //For domain wide affinity groups (if the affinity group processor type allows it) if (projectId == null && domainId != null && accountName == null && _accountService.isRootAdmin(caller.getId())) { return Account.ACCOUNT_ID_SYSTEM; } final Account owner = _accountService.finalizeOwner(caller, accountName, domainId, projectId); if (owner == null) { return caller.getAccountId(); } return owner.getAccountId(); }