Examples with PermissionDeniedException com.cloud.exception.PermissionDeniedException used on opensource projects

Example 81 with PermissionDeniedException

use of com.cloud.exception.PermissionDeniedException in project cloudstack by apache.

the class AccountManagerImpl method createUser.

@Override
@ActionEvent(eventType = EventTypes.EVENT_USER_CREATE, eventDescription = "creating User")
public UserVO createUser(String userName, String password, String firstName, String lastName, String email, String timeZone, String accountName, Long domainId, String userUUID, User.Source source) {
    // default domain to ROOT if not specified
    if (domainId == null) {
        domainId = Domain.ROOT_DOMAIN;
    }
    Domain domain = _domainMgr.getDomain(domainId);
    if (domain == null) {
        throw new CloudRuntimeException("The domain " + domainId + " does not exist; unable to create user");
    } else if (domain.getState().equals(Domain.State.Inactive)) {
        throw new CloudRuntimeException("The user cannot be created as domain " + domain.getName() + " is being deleted");
    }
    checkAccess(CallContext.current().getCallingAccount(), domain);
    Account account = _accountDao.findEnabledAccount(accountName, domainId);
    if (account == null || account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
        throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain id=" + domainId + " to create user");
    }
    if (account.getId() == Account.ACCOUNT_ID_SYSTEM) {
        throw new PermissionDeniedException("Account id : " + account.getId() + " is a system account, can't add a user to it");
    }
    if (!_userAccountDao.validateUsernameInDomain(userName, domainId)) {
        throw new CloudRuntimeException("The user " + userName + " already exists in domain " + domainId);
    }
    UserVO user = null;
    user = createUser(account.getId(), userName, password, firstName, lastName, email, timeZone, userUUID, source);
    return user;
}

Example 82 with PermissionDeniedException

use of com.cloud.exception.PermissionDeniedException in project cloudstack by apache.

the class AccountManagerImpl method buildACLSearchParameters.

//TODO: deprecate this to use the new buildACLSearchParameters with permittedDomains, permittedAccounts, and permittedResources as return
@Override
public void buildACLSearchParameters(Account caller, Long id, String accountName, Long projectId, List<Long> permittedAccounts, Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject, boolean listAll, boolean forProjectInvitation) {
    Long domainId = domainIdRecursiveListProject.first();
    if (domainId != null) {
        Domain domain = _domainDao.findById(domainId);
        if (domain == null) {
            throw new InvalidParameterValueException("Unable to find domain by id " + domainId);
        }
        // check permissions
        checkAccess(caller, domain);
    }
    if (accountName != null) {
        if (projectId != null) {
            throw new InvalidParameterValueException("Account and projectId can't be specified together");
        }
        Account userAccount = null;
        Domain domain = null;
        if (domainId != null) {
            userAccount = _accountDao.findActiveAccount(accountName, domainId);
            domain = _domainDao.findById(domainId);
        } else {
            userAccount = _accountDao.findActiveAccount(accountName, caller.getDomainId());
            domain = _domainDao.findById(caller.getDomainId());
        }
        if (userAccount != null) {
            checkAccess(caller, null, false, userAccount);
            // check permissions
            permittedAccounts.add(userAccount.getId());
        } else {
            throw new InvalidParameterValueException("could not find account " + accountName + " in domain " + domain.getUuid());
        }
    }
    // set project information
    if (projectId != null) {
        if (!forProjectInvitation) {
            if (projectId.longValue() == -1) {
                if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) {
                    permittedAccounts.addAll(_projectMgr.listPermittedProjectAccounts(caller.getId()));
                } else {
                    domainIdRecursiveListProject.third(Project.ListProjectResourcesCriteria.ListProjectResourcesOnly);
                }
            } else {
                Project project = _projectMgr.getProject(projectId);
                if (project == null) {
                    throw new InvalidParameterValueException("Unable to find project by id " + projectId);
                }
                if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) {
                    throw new PermissionDeniedException("Account " + caller + " can't access project id=" + projectId);
                }
                permittedAccounts.add(project.getProjectAccountId());
            }
        }
    } else {
        if (id == null) {
            domainIdRecursiveListProject.third(Project.ListProjectResourcesCriteria.SkipProjectResources);
        }
        if (permittedAccounts.isEmpty() && domainId == null) {
            if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) {
                permittedAccounts.add(caller.getId());
            } else if (!listAll) {
                if (id == null) {
                    permittedAccounts.add(caller.getId());
                } else if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
                    domainIdRecursiveListProject.first(caller.getDomainId());
                    domainIdRecursiveListProject.second(true);
                }
            } else if (domainId == null) {
                if (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) {
                    domainIdRecursiveListProject.first(caller.getDomainId());
                    domainIdRecursiveListProject.second(true);
                }
            }
        } else if (domainId != null) {
            if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) {
                permittedAccounts.add(caller.getId());
            }
        }
    }
}