use of com.cloud.legacymodel.exceptions.PermissionDeniedException in project cosmic by MissionCriticalCloud.
the class AccountManagerImpl method createApiKeyAndSecretKey.
@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_REGISTER_FOR_SECRET_API_KEY, eventDescription = "register for the developer API keys")
public String[] createApiKeyAndSecretKey(final RegisterCmd cmd) {
final Account caller = CallContext.current().getCallingAccount();
final Long userId = cmd.getId();
final User user = getUserIncludingRemoved(userId);
if (user == null) {
throw new InvalidParameterValueException("unable to find user by id");
}
final Account account = _accountDao.findById(user.getAccountId());
checkAccess(caller, null, true, account);
// don't allow updating system user
if (user.getId() == User.UID_SYSTEM) {
throw new PermissionDeniedException("user id : " + user.getId() + " is system account, update is not allowed");
}
// generate both an api key and a secret key, update the user table with the keys, return the keys to the user
final String[] keys = new String[2];
Transaction.execute(new TransactionCallbackNoReturn() {
@Override
public void doInTransactionWithoutResult(final TransactionStatus status) {
keys[0] = createUserApiKey(userId);
keys[1] = createUserSecretKey(userId);
}
});
return keys;
}
use of com.cloud.legacymodel.exceptions.PermissionDeniedException in project cosmic by MissionCriticalCloud.
the class AccountManagerImpl method createUser.
@Override
@ActionEvent(eventType = EventTypes.EVENT_USER_CREATE, eventDescription = "creating User")
public UserVO createUser(final String userName, final String password, final String firstName, final String lastName, final String email, final String timeZone, final String accountName, Long domainId, final String userUUID, final User.Source source) {
// default domain to ROOT if not specified
if (domainId == null) {
domainId = Domain.ROOT_DOMAIN;
}
final Domain domain = _domainMgr.getDomain(domainId);
if (domain == null) {
throw new CloudRuntimeException("The domain " + domainId + " does not exist; unable to create user");
} else if (domain.getState().equals(Domain.State.Inactive)) {
throw new CloudRuntimeException("The user cannot be created as domain " + domain.getName() + " is being deleted");
}
checkAccess(CallContext.current().getCallingAccount(), domain);
final Account account = _accountDao.findEnabledAccount(accountName, domainId);
if (account == null || account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain id=" + domainId + " to create user");
}
if (account.getId() == Account.ACCOUNT_ID_SYSTEM) {
throw new PermissionDeniedException("Account id : " + account.getId() + " is a system account, can't add a user to it");
}
if (!_userAccountDao.validateUsernameInDomain(userName, domainId)) {
throw new CloudRuntimeException("The user " + userName + " already exists in domain " + domainId);
}
final UserVO user;
user = createUser(account.getId(), userName, password, firstName, lastName, email, timeZone, userUUID, source);
return user;
}
use of com.cloud.legacymodel.exceptions.PermissionDeniedException in project cosmic by MissionCriticalCloud.
the class AccountManagerImpl method lockAccount.
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACCOUNT_DISABLE, eventDescription = "locking account", async = true)
public AccountVO lockAccount(final String accountName, final Long domainId, final Long accountId) {
final Account caller = CallContext.current().getCallingAccount();
final Account account;
if (accountId != null) {
account = _accountDao.findById(accountId);
} else {
account = _accountDao.findActiveAccount(accountName, domainId);
}
if (account == null || account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
throw new InvalidParameterValueException("Unable to find active account by accountId: " + accountId + " OR by name: " + accountName + " in domain " + domainId);
}
if (account.getId() == Account.ACCOUNT_ID_SYSTEM) {
throw new PermissionDeniedException("Account id : " + accountId + " is a system account, lock is not allowed");
}
checkAccess(caller, AccessType.OperateEntry, true, account);
if (lockAccount(account.getId())) {
CallContext.current().putContextParameter(Account.class, account.getUuid());
return _accountDao.findById(account.getId());
} else {
throw new CloudRuntimeException("Unable to lock account by accountId: " + accountId + " OR by name: " + accountName + " in domain " + domainId);
}
}
use of com.cloud.legacymodel.exceptions.PermissionDeniedException in project cosmic by MissionCriticalCloud.
the class AccountManagerImpl method lockUser.
@Override
@ActionEvent(eventType = EventTypes.EVENT_USER_LOCK, eventDescription = "locking User")
public UserAccount lockUser(final long userId) {
final Account caller = CallContext.current().getCallingAccount();
// Check if user with id exists in the system
final User user = _userDao.findById(userId);
if (user == null || user.getRemoved() != null) {
throw new InvalidParameterValueException("Unable to find user by id");
}
final Account account = _accountDao.findById(user.getAccountId());
if (account == null) {
throw new InvalidParameterValueException("unable to find user account " + user.getAccountId());
}
// don't allow to lock user of the account of type Project
if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
throw new InvalidParameterValueException("Unable to find user by id");
}
// If the user is a System user, return an error. We do not allow this
if (account.getId() == Account.ACCOUNT_ID_SYSTEM) {
throw new PermissionDeniedException("user id : " + userId + " is a system user, locking is not allowed");
}
checkAccess(caller, AccessType.OperateEntry, true, account);
// make sure the account is enabled too
// if the user is either locked already or disabled already, don't change state...only lock currently enabled
// users
boolean success;
if (user.getState().equals(State.locked)) {
// already locked...no-op
return _userAccountDao.findById(userId);
} else if (user.getState().equals(State.enabled)) {
success = doSetUserStatus(user.getId(), State.locked);
boolean lockAccount = true;
final List<UserVO> allUsersByAccount = _userDao.listByAccount(user.getAccountId());
for (final UserVO oneUser : allUsersByAccount) {
if (oneUser.getState().equals(State.enabled)) {
lockAccount = false;
break;
}
}
if (lockAccount) {
success = (success && lockAccount(user.getAccountId()));
}
} else {
if (s_logger.isInfoEnabled()) {
s_logger.info("Attempting to lock a non-enabled user, current state is " + user.getState() + " (userId: " + user.getId() + "), locking failed.");
}
success = false;
}
if (success) {
CallContext.current().putContextParameter(User.class, user.getUuid());
return _userAccountDao.findById(userId);
} else {
throw new CloudRuntimeException("Unable to lock user " + userId);
}
}
use of com.cloud.legacymodel.exceptions.PermissionDeniedException in project cosmic by MissionCriticalCloud.
the class DomainManagerImpl method deleteDomain.
@Override
@ActionEvent(eventType = EventTypes.EVENT_DOMAIN_DELETE, eventDescription = "deleting Domain", async = true)
public boolean deleteDomain(final long domainId, final Boolean cleanup) {
final Account caller = CallContext.current().getCallingAccount();
final DomainVO domain = _domainDao.findById(domainId);
if (domain == null) {
throw new InvalidParameterValueException("Failed to delete domain " + domainId + ", domain not found");
} else if (domainId == Domain.ROOT_DOMAIN) {
throw new PermissionDeniedException("Can't delete ROOT domain");
}
_accountMgr.checkAccess(caller, domain);
return deleteDomain(domain, cleanup);
}
Aggregations