use of com.cloud.exception.UnavailableCommandException in project cloudstack by apache.
the class DomainChecker method checkOperationPermitted.
private boolean checkOperationPermitted(Account caller, ControlledEntity entity) {
User user = CallContext.current().getCallingUser();
Project project = projectDao.findByProjectAccountId(entity.getAccountId());
if (project == null) {
throw new CloudRuntimeException("Unable to find project to which the entity belongs to");
}
ProjectAccount projectUser = _projectAccountDao.findByProjectIdUserId(project.getId(), user.getAccountId(), user.getId());
String apiCommandName = CallContext.current().getApiName();
if (accountService.isRootAdmin(caller.getId()) || accountService.isDomainAdmin(caller.getAccountId())) {
return true;
}
if (projectUser != null) {
if (projectUser.getAccountRole() == ProjectAccount.Role.Admin) {
return true;
} else {
return isPermitted(project, projectUser, apiCommandName);
}
}
ProjectAccount projectAccount = _projectAccountDao.findByProjectIdAccountId(project.getId(), caller.getAccountId());
if (projectAccount != null) {
if (projectAccount.getAccountRole() == ProjectAccount.Role.Admin) {
return true;
} else {
return isPermitted(project, projectAccount, apiCommandName);
}
}
throw new UnavailableCommandException("The given command '" + apiCommandName + "' either does not exist or is not available for the user");
}
use of com.cloud.exception.UnavailableCommandException in project cloudstack by apache.
the class ProjectRoleBasedApiAccessChecker method checkAccess.
@Override
public boolean checkAccess(User user, String apiCommandName) throws PermissionDeniedException {
if (isDisabled()) {
return true;
}
Account userAccount = accountService.getAccount(user.getAccountId());
Project project = CallContext.current().getProject();
if (project == null) {
return true;
}
if (accountService.isRootAdmin(userAccount.getId()) || accountService.isDomainAdmin(userAccount.getAccountId())) {
return true;
}
ProjectAccount projectUser = projectAccountDao.findByProjectIdUserId(project.getId(), userAccount.getAccountId(), user.getId());
if (projectUser != null) {
if (projectUser.getAccountRole() == ProjectAccount.Role.Admin) {
return true;
} else {
return isPermitted(project, projectUser, apiCommandName);
}
}
ProjectAccount projectAccount = projectAccountDao.findByProjectIdAccountId(project.getId(), userAccount.getAccountId());
if (projectAccount != null) {
if (projectAccount.getAccountRole() == ProjectAccount.Role.Admin) {
return true;
} else {
return isPermitted(project, projectAccount, apiCommandName);
}
}
// Default deny all
if ("updateProjectInvitation".equals(apiCommandName)) {
return true;
}
throw new UnavailableCommandException("The API " + apiCommandName + " does not exist or is not available for this account/user in project " + project.getUuid());
}
Aggregations