private <VO extends ControlledEntity> VO getEntityInDatabase(Account caller, String paramName, Long id, GenericDao<VO, Long> dao) { VO vo = dao.findById(id); if (vo == null) { throw new InvalidParameterValueException("Unable to find " + paramName); } _accountMgr.checkAccess(caller, null, false, (ControlledEntity)vo); return vo; }
@Override public VirtualRouter destroyRouter(final long routerId, final Account caller, final Long callerUserId) throws ResourceUnavailableException, ConcurrentOperationException { if (s_logger.isDebugEnabled()) { s_logger.debug("Attempting to destroy router " + routerId); } final DomainRouterVO router = _routerDao.findById(routerId); if (router == null) { return null; } _accountMgr.checkAccess(caller, null, true, router); _itMgr.expunge(router.getUuid()); _routerDao.remove(router.getId()); return router; }
public void checkCallerAccess(String accountName, Long domainId) { Account caller = CallContext.current().getCallingAccount(); Account owner = _accountDao.findActiveAccount(accountName, domainId); if (owner == null) { List<String> idList = new ArrayList<String>(); idList.add(ApiDBUtils.findDomainById(domainId).getUuid()); throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain with specifed domainId"); } _accountMgr.checkAccess(caller, null, false, owner); }
@Override public List<? extends VpnUser> listVpnUsers(long vpnOwnerId, String userName) { Account caller = CallContext.current().getCallingAccount(); Account owner = _accountDao.findById(vpnOwnerId); _accountMgr.checkAccess(caller, null, true, owner); return _vpnUsersDao.listByAccount(vpnOwnerId); }
@Override public VirtualRouter stopInternalLbVm(final long vmId, final boolean forced, final Account caller, final long callerUserId) throws ConcurrentOperationException, ResourceUnavailableException { final DomainRouterVO internalLbVm = _internalLbVmDao.findById(vmId); if (internalLbVm == null || internalLbVm.getRole() != Role.INTERNAL_LB_VM) { throw new InvalidParameterValueException("Can't find internal lb vm by id specified"); } //check permissions _accountMgr.checkAccess(caller, null, true, internalLbVm); return stopInternalLbVm(internalLbVm, forced, caller, callerUserId); }
@Override public VirtualRouter startInternalLbVm(final long internalLbVmId, final Account caller, final long callerUserId) throws StorageUnavailableException, InsufficientCapacityException, ConcurrentOperationException, ResourceUnavailableException { final DomainRouterVO internalLbVm = _internalLbVmDao.findById(internalLbVmId); if (internalLbVm == null || internalLbVm.getRole() != Role.INTERNAL_LB_VM) { throw new InvalidParameterValueException("Can't find internal lb vm by id specified"); } //check permissions _accountMgr.checkAccess(caller, null, true, internalLbVm); return startInternalLbVm(internalLbVm, caller, callerUserId, null); } }
@Override public NetworkACL createNetworkACL(final String name, final String description, final long vpcId, final Boolean forDisplay) { final Account caller = CallContext.current().getCallingAccount(); final Vpc vpc = _entityMgr.findById(Vpc.class, vpcId); if (vpc == null) { throw new InvalidParameterValueException("Unable to find VPC"); } _accountMgr.checkAccess(caller, null, true, vpc); return _networkAclMgr.createNetworkACL(name, description, vpcId, forDisplay); }
@Override public String getVmUserData(long vmId) { UserVmVO vm = _vmDao.findById(vmId); if (vm == null) { throw new InvalidParameterValueException("Unable to find virual machine with id " + vmId); } _accountMgr.checkAccess(CallContext.current().getCallingAccount(), null, true, vm); return vm.getUserData(); }
@Override public List<? extends NicSecondaryIp> listVmNicSecondaryIps(ListNicsCmd cmd) { Account caller = CallContext.current().getCallingAccount(); Long nicId = cmd.getNicId(); long vmId = cmd.getVmId(); String keyword = cmd.getKeyword(); UserVmVO userVm = _userVmDao.findById(vmId); if (userVm == null || (!userVm.isDisplayVm() && caller.getType() == Account.ACCOUNT_TYPE_NORMAL)) { throwInvalidIdException("Virtual machine id does not exist", Long.valueOf(vmId).toString(), "vmId"); } _accountMgr.checkAccess(caller, null, true, userVm); return _nicSecondaryIpDao.listSecondaryIpUsingKeyword(nicId, keyword); }
private IpAddress allocateIP(Account ipOwner, boolean isSystem, long zoneId) throws ResourceAllocationException, InsufficientAddressCapacityException, ConcurrentOperationException { Account caller = CallContext.current().getCallingAccount(); long callerUserId = CallContext.current().getCallingUserId(); // check permissions _accountMgr.checkAccess(caller, null, false, ipOwner); DataCenter zone = _entityMgr.findById(DataCenter.class, zoneId); return allocateIp(ipOwner, isSystem, caller, callerUserId, zone, null); }
protected VirtualRouter stopNetScalerVm(final long vmId, final boolean forced, final Account caller, final long callerUserId) throws ResourceUnavailableException, ConcurrentOperationException { final DomainRouterVO netscalerVm = _routerDao.findById(vmId); s_logger.debug("Stopping NetScaler vm " + netscalerVm); if (netscalerVm == null || netscalerVm.getRole() != Role.NETSCALER_VM) { throw new InvalidParameterValueException("Can't find NetScaler vm by id specified"); } _accountMgr.checkAccess(caller, null, true, netscalerVm); try { _itMgr.expunge(netscalerVm.getUuid()); return _routerDao.findById(netscalerVm.getId()); } catch (final Exception e) { throw new CloudRuntimeException("Unable to stop " + netscalerVm, e); } }
@Override @ActionEvent(eventType = EventTypes.EVENT_DOMAIN_DELETE, eventDescription = "deleting Domain", async = true) public boolean deleteDomain(long domainId, Boolean cleanup) { Account caller = getCaller(); DomainVO domain = _domainDao.findById(domainId); if (domain == null) { throw new InvalidParameterValueException("Failed to delete domain " + domainId + ", domain not found"); } else if (domainId == Domain.ROOT_DOMAIN) { throw new PermissionDeniedException("Can't delete ROOT domain"); } _accountMgr.checkAccess(caller, domain); return deleteDomain(domain, cleanup); }
protected void validateInputsAndPermissionForUpdateVirtualMachineCommand(UpdateVMCmd cmd) { UserVmVO vmInstance = _vmDao.findById(cmd.getId()); if (vmInstance == null) { throw new InvalidParameterValueException("unable to find virtual machine with id: " + cmd.getId()); } validateGuestOsIdForUpdateVirtualMachineCommand(cmd); Account caller = CallContext.current().getCallingAccount(); _accountMgr.checkAccess(caller, null, true, vmInstance); }
@Override public boolean deleteVmGroup(DeleteVMGroupCmd cmd) { Account caller = CallContext.current().getCallingAccount(); Long groupId = cmd.getId(); // Verify input parameters InstanceGroupVO group = _vmGroupDao.findById(groupId); if ((group == null) || (group.getRemoved() != null)) { throw new InvalidParameterValueException("unable to find a vm group with id " + groupId); } _accountMgr.checkAccess(caller, null, true, group); return deleteVmGroup(groupId); }
@Override @ActionEvent(eventType = EventTypes.EVENT_STATIC_ROUTE_DELETE, eventDescription = "deleting static route") public boolean revokeStaticRoute(final long routeId) throws ResourceUnavailableException { final Account caller = CallContext.current().getCallingAccount(); final StaticRouteVO route = _staticRouteDao.findById(routeId); if (route == null) { throw new InvalidParameterValueException("Unable to find static route by id"); } _accountMgr.checkAccess(caller, null, false, route); markStaticRouteForRevoke(route, caller); return applyStaticRoutesForVpc(route.getVpcId()); }
@Override public void checkRuleAndUserVm(FirewallRule rule, UserVm userVm, Account caller) { if (userVm == null || rule == null) { return; } _accountMgr.checkAccess(caller, null, true, rule, userVm); if (userVm.getState() == VirtualMachine.State.Destroyed || userVm.getState() == VirtualMachine.State.Expunging) { throw new InvalidParameterValueException("Invalid user vm: " + userVm.getId()); } // This same owner check is actually not needed, since multiple entities OperateEntry trick guarantee that if (rule.getAccountId() != userVm.getAccountId()) { throw new InvalidParameterValueException("New rule " + rule + " and vm id=" + userVm.getId() + " belong to different accounts"); } }
@Override public boolean canModifyProjectAccount(Account caller, long accountId) { //ROOT admin always can access the project if (_accountMgr.isRootAdmin(caller.getId())) { return true; } else if (_accountMgr.isDomainAdmin(caller.getId())) { Account owner = _accountMgr.getAccount(accountId); _accountMgr.checkAccess(caller, _domainDao.findById(owner.getDomainId())); return true; } return _projectAccountDao.canModifyProjectAccount(caller.getId(), accountId); }
@Override public boolean canAccessProjectAccount(Account caller, long accountId) { //ROOT admin always can access the project if (_accountMgr.isRootAdmin(caller.getId())) { return true; } else if (_accountMgr.isDomainAdmin(caller.getId())) { Account owner = _accountMgr.getAccount(accountId); _accountMgr.checkAccess(caller, _domainDao.findById(owner.getDomainId())); return true; } return _projectAccountDao.canAccessProjectAccount(caller.getId(), accountId); }
@Override @ActionEvent(eventType = EventTypes.EVENT_PROJECT_DELETE, eventDescription = "deleting project", async = true) public boolean deleteProject(long projectId) { CallContext ctx = CallContext.current(); ProjectVO project = getProject(projectId); //verify input parameters if (project == null) { throw new InvalidParameterValueException("Unable to find project by id " + projectId); } _accountMgr.checkAccess(ctx.getCallingAccount(), AccessType.ModifyProject, true, _accountMgr.getAccount(project.getProjectAccountId())); return deleteProject(ctx.getCallingAccount(), ctx.getCallingUserId(), project); }
@Override @ActionEvent(eventType = EventTypes.EVENT_S2S_VPN_CUSTOMER_GATEWAY_DELETE, eventDescription = "deleting s2s vpn customer gateway", create = true) public boolean deleteCustomerGateway(DeleteVpnCustomerGatewayCmd cmd) { CallContext.current().setEventDetails(" Id: " + cmd.getId()); Account caller = CallContext.current().getCallingAccount(); Long id = cmd.getId(); Site2SiteCustomerGateway customerGateway = _customerGatewayDao.findById(id); if (customerGateway == null) { throw new InvalidParameterValueException("Fail to find customer gateway with " + id + " !"); } _accountMgr.checkAccess(caller, null, false, customerGateway); return doDeleteCustomerGateway(customerGateway); }