fix CLOUDSTACK-2989 normal user are allowed to create isolated network offerings with vlan assignments 1) only root admin can list network offering with specifyVlan=true 2) only root admin can create network with specifyVlan=true
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/76636849 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/76636849 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/76636849 Branch: refs/heads/object_store Commit: 7663684981d731eacc84ea6c31cc10250aad39ed Parents: b2111e4 Author: Mice Xia <[email protected]> Authored: Fri Jun 14 14:54:20 2013 +0800 Committer: Mice Xia <[email protected]> Committed: Fri Jun 14 14:58:24 2013 +0800 ---------------------------------------------------------------------- .../src/com/cloud/configuration/ConfigurationManagerImpl.java | 5 ++++- server/src/com/cloud/network/NetworkServiceImpl.java | 6 +++--- 2 files changed, 7 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/76636849/server/src/com/cloud/configuration/ConfigurationManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java index b684e01..131d340 100755 --- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java +++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java @@ -4162,8 +4162,11 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati sc.addAnd("isDefault", SearchCriteria.Op.EQ, isDefault); } - if (specifyVlan != null) { + // only root admin can list network offering with specifyVlan = true + if (specifyVlan != null && caller.getType() == Account.ACCOUNT_TYPE_ADMIN) { sc.addAnd("specifyVlan", SearchCriteria.Op.EQ, specifyVlan); + }else{ + specifyVlan = false; } if (availability != null) { http://git-wip-us.apache.org/repos/asf/cloudstack/blob/76636849/server/src/com/cloud/network/NetworkServiceImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/NetworkServiceImpl.java b/server/src/com/cloud/network/NetworkServiceImpl.java index 024c969..f026dbc 100755 --- a/server/src/com/cloud/network/NetworkServiceImpl.java +++ b/server/src/com/cloud/network/NetworkServiceImpl.java @@ -1202,9 +1202,9 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService { + Network.GuestType.Isolated + " with a service " + Service.SourceNat.getName() + " enabled"); } - // Don't allow to specify vlan if the caller is a regular user - if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL && (ntwkOff.getSpecifyVlan() || vlanId != null)) { - throw new InvalidParameterValueException("Regular user is not allowed to specify vlanId"); + // Don't allow to specify vlan if the caller is not ROOT admin + if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN && (ntwkOff.getSpecifyVlan() || vlanId != null)) { + throw new InvalidParameterValueException("Only ROOT admin is allowed to specify vlanId"); } if (ipv4) {
