Example 1 with UnavailableCommandException
use of com.cloud.exception.UnavailableCommandException in project cloudstack by apache.
the class DomainChecker method checkOperationPermitted.
private boolean checkOperationPermitted(Account caller, ControlledEntity entity) {
User user = CallContext.current().getCallingUser();
Project project = projectDao.findByProjectAccountId(entity.getAccountId());
if (project == null) {
throw new CloudRuntimeException("Unable to find project to which the entity belongs to");
}
ProjectAccount projectUser = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId());
String apiCommandName = CallContext.current().getApiName();
if (accountService.isRootAdmin(caller.getId()) || accountService.isDomainAdmin(caller.getAccountId())) {
return true;
}
if (projectUser != null) {
if (projectUser.getAccountRole() == ProjectAccount.Role.Admin) {
return true;
} else {
return isPermitted(project, projectUser, apiCommandName);
}
}
ProjectAccount projectAccount = _projectAccountDao.findByProjectIdAccountId(project.getId(), caller.getAccountId());
if (projectAccount != null) {
if (projectAccount.getAccountRole() == ProjectAccount.Role.Admin) {
return true;
} else {
return isPermitted(project, projectAccount, apiCommandName);
}
}
throw new UnavailableCommandException("The given command '" + apiCommandName + "' either does not exist or is not available for the user");
}
Also used :
Project(com.cloud.projects.Project)
ProjectAccount(com.cloud.projects.ProjectAccount)
User(com.cloud.user.User)
CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException)
UnavailableCommandException(com.cloud.exception.UnavailableCommandException)
Example 2 with UnavailableCommandException
use of com.cloud.exception.UnavailableCommandException in project cloudstack by apache.
the class ProjectRoleBasedApiAccessChecker method checkAccess.
@Override
public boolean checkAccess(User user, String apiCommandName) throws PermissionDeniedException {
if (isDisabled()) {
return true;
}
Account userAccount = accountService.getAccount(user.getAccountId());
Project project = CallContext.current().getProject();
if (project == null) {
return true;
}
if (accountService.isRootAdmin(userAccount.getId()) || accountService.isDomainAdmin(userAccount.getAccountId())) {
return true;
}
ProjectAccount projectUser = projectAccountDao.findByProjectIdUserId(project.getId(), userAccount.getAccountId(), user.getId());
if (projectUser != null) {
if (projectUser.getAccountRole() == ProjectAccount.Role.Admin) {
return true;
} else {
return isPermitted(project, projectUser, apiCommandName);
}
}
ProjectAccount projectAccount = projectAccountDao.findByProjectIdAccountId(project.getId(), userAccount.getAccountId());
if (projectAccount != null) {
if (projectAccount.getAccountRole() == ProjectAccount.Role.Admin) {
return true;
} else {
return isPermitted(project, projectAccount, apiCommandName);
}
}
// Default deny all
if ("updateProjectInvitation".equals(apiCommandName)) {
return true;
}
throw new UnavailableCommandException("The API " + apiCommandName + " does not exist or is not available for this account/user in project " + project.getUuid());
}
Also used :
Account(com.cloud.user.Account)
ProjectAccount(com.cloud.projects.ProjectAccount)
Project(com.cloud.projects.Project)
ProjectAccount(com.cloud.projects.ProjectAccount)
UnavailableCommandException(com.cloud.exception.UnavailableCommandException)
Aggregations
UnavailableCommandException (com.cloud.exception.UnavailableCommandException)2
Project (com.cloud.projects.Project)2
ProjectAccount (com.cloud.projects.ProjectAccount)2
Account (com.cloud.user.Account)1
User (com.cloud.user.User)1
CloudRuntimeException (com.cloud.utils.exception.CloudRuntimeException)1
