private void doAccessChecks(BaseCmd cmd, Map<Object, AccessType> entitiesToAccess) { Account caller = CallContext.current().getCallingAccount(); // due to deleteAccount design flaw CLOUDSTACK-6588, we should still include those removed account as well to clean up leftover resources from that account Account owner = _accountMgr.getAccount(cmd.getEntityOwnerId()); if (cmd instanceof BaseAsyncCreateCmd) { // check that caller can access the owner account. _accountMgr.checkAccess(caller, null, false, owner); } if (!entitiesToAccess.isEmpty()) { // check that caller can access the owner account. _accountMgr.checkAccess(caller, null, false, owner); for (Map.Entry<Object,AccessType>entry : entitiesToAccess.entrySet()) { Object entity = entry.getKey(); if (entity instanceof ControlledEntity) { _accountMgr.checkAccess(caller, entry.getValue(), true, (ControlledEntity) entity); } else if (entity instanceof InfrastructureEntity) { // FIXME: Move this code in adapter, remove code from // Account manager } } } }