Examples with PermissionDeniedException com.cloud.legacymodel.exceptions.PermissionDeniedException used on opensource projects

Example 56 with PermissionDeniedException

use of com.cloud.legacymodel.exceptions.PermissionDeniedException in project cosmic by MissionCriticalCloud.

the class AccountManagerImpl method createApiKeyAndSecretKey.

@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_REGISTER_FOR_SECRET_API_KEY, eventDescription = "register for the developer API keys")
public String[] createApiKeyAndSecretKey(final RegisterCmd cmd) {
    final Account caller = CallContext.current().getCallingAccount();
    final Long userId = cmd.getId();
    final User user = getUserIncludingRemoved(userId);
    if (user == null) {
        throw new InvalidParameterValueException("unable to find user by id");
    }
    final Account account = _accountDao.findById(user.getAccountId());
    checkAccess(caller, null, true, account);
    // don't allow updating system user
    if (user.getId() == User.UID_SYSTEM) {
        throw new PermissionDeniedException("user id : " + user.getId() + " is system account, update is not allowed");
    }
    // generate both an api key and a secret key, update the user table with the keys, return the keys to the user
    final String[] keys = new String[2];
    Transaction.execute(new TransactionCallbackNoReturn() {

        @Override
        public void doInTransactionWithoutResult(final TransactionStatus status) {
            keys[0] = createUserApiKey(userId);
            keys[1] = createUserSecretKey(userId);
        }
    });
    return keys;
}

Example 57 with PermissionDeniedException

use of com.cloud.legacymodel.exceptions.PermissionDeniedException in project cosmic by MissionCriticalCloud.

the class AccountManagerImpl method createUser.

@Override
@ActionEvent(eventType = EventTypes.EVENT_USER_CREATE, eventDescription = "creating User")
public UserVO createUser(final String userName, final String password, final String firstName, final String lastName, final String email, final String timeZone, final String accountName, Long domainId, final String userUUID, final User.Source source) {
    // default domain to ROOT if not specified
    if (domainId == null) {
        domainId = Domain.ROOT_DOMAIN;
    }
    final Domain domain = _domainMgr.getDomain(domainId);
    if (domain == null) {
        throw new CloudRuntimeException("The domain " + domainId + " does not exist; unable to create user");
    } else if (domain.getState().equals(Domain.State.Inactive)) {
        throw new CloudRuntimeException("The user cannot be created as domain " + domain.getName() + " is being deleted");
    }
    checkAccess(CallContext.current().getCallingAccount(), domain);
    final Account account = _accountDao.findEnabledAccount(accountName, domainId);
    if (account == null || account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
        throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain id=" + domainId + " to create user");
    }
    if (account.getId() == Account.ACCOUNT_ID_SYSTEM) {
        throw new PermissionDeniedException("Account id : " + account.getId() + " is a system account, can't add a user to it");
    }
    if (!_userAccountDao.validateUsernameInDomain(userName, domainId)) {
        throw new CloudRuntimeException("The user " + userName + " already exists in domain " + domainId);
    }
    final UserVO user;
    user = createUser(account.getId(), userName, password, firstName, lastName, email, timeZone, userUUID, source);
    return user;
}

Example 58 with PermissionDeniedException

use of com.cloud.legacymodel.exceptions.PermissionDeniedException in project cosmic by MissionCriticalCloud.

the class AccountManagerImpl method lockAccount.

@Override
@ActionEvent(eventType = EventTypes.EVENT_ACCOUNT_DISABLE, eventDescription = "locking account", async = true)
public AccountVO lockAccount(final String accountName, final Long domainId, final Long accountId) {
    final Account caller = CallContext.current().getCallingAccount();
    final Account account;
    if (accountId != null) {
        account = _accountDao.findById(accountId);
    } else {
        account = _accountDao.findActiveAccount(accountName, domainId);
    }
    if (account == null || account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
        throw new InvalidParameterValueException("Unable to find active account by accountId: " + accountId + " OR by name: " + accountName + " in domain " + domainId);
    }
    if (account.getId() == Account.ACCOUNT_ID_SYSTEM) {
        throw new PermissionDeniedException("Account id : " + accountId + " is a system account, lock is not allowed");
    }
    checkAccess(caller, AccessType.OperateEntry, true, account);
    if (lockAccount(account.getId())) {
        CallContext.current().putContextParameter(Account.class, account.getUuid());
        return _accountDao.findById(account.getId());
    } else {
        throw new CloudRuntimeException("Unable to lock account by accountId: " + accountId + " OR by name: " + accountName + " in domain " + domainId);
    }
}

Example 59 with PermissionDeniedException

use of com.cloud.legacymodel.exceptions.PermissionDeniedException in project cosmic by MissionCriticalCloud.

the class AccountManagerImpl method lockUser.

@Override
@ActionEvent(eventType = EventTypes.EVENT_USER_LOCK, eventDescription = "locking User")
public UserAccount lockUser(final long userId) {
    final Account caller = CallContext.current().getCallingAccount();
    // Check if user with id exists in the system
    final User user = _userDao.findById(userId);
    if (user == null || user.getRemoved() != null) {
        throw new InvalidParameterValueException("Unable to find user by id");
    }
    final Account account = _accountDao.findById(user.getAccountId());
    if (account == null) {
        throw new InvalidParameterValueException("unable to find user account " + user.getAccountId());
    }
    // don't allow to lock user of the account of type Project
    if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
        throw new InvalidParameterValueException("Unable to find user by id");
    }
    // If the user is a System user, return an error. We do not allow this
    if (account.getId() == Account.ACCOUNT_ID_SYSTEM) {
        throw new PermissionDeniedException("user id : " + userId + " is a system user, locking is not allowed");
    }
    checkAccess(caller, AccessType.OperateEntry, true, account);
    // make sure the account is enabled too
    // if the user is either locked already or disabled already, don't change state...only lock currently enabled
    // users
    boolean success;
    if (user.getState().equals(State.locked)) {
        // already locked...no-op
        return _userAccountDao.findById(userId);
    } else if (user.getState().equals(State.enabled)) {
        success = doSetUserStatus(user.getId(), State.locked);
        boolean lockAccount = true;
        final List<UserVO> allUsersByAccount = _userDao.listByAccount(user.getAccountId());
        for (final UserVO oneUser : allUsersByAccount) {
            if (oneUser.getState().equals(State.enabled)) {
                lockAccount = false;
                break;
            }
        }
        if (lockAccount) {
            success = (success && lockAccount(user.getAccountId()));
        }
    } else {
        if (s_logger.isInfoEnabled()) {
            s_logger.info("Attempting to lock a non-enabled user, current state is " + user.getState() + " (userId: " + user.getId() + "), locking failed.");
        }
        success = false;
    }
    if (success) {
        CallContext.current().putContextParameter(User.class, user.getUuid());
        return _userAccountDao.findById(userId);
    } else {
        throw new CloudRuntimeException("Unable to lock user " + userId);
    }
}

Example 60 with PermissionDeniedException

use of com.cloud.legacymodel.exceptions.PermissionDeniedException in project cosmic by MissionCriticalCloud.

the class DomainManagerImpl method deleteDomain.

@Override
@ActionEvent(eventType = EventTypes.EVENT_DOMAIN_DELETE, eventDescription = "deleting Domain", async = true)
public boolean deleteDomain(final long domainId, final Boolean cleanup) {
    final Account caller = CallContext.current().getCallingAccount();
    final DomainVO domain = _domainDao.findById(domainId);
    if (domain == null) {
        throw new InvalidParameterValueException("Failed to delete domain " + domainId + ", domain not found");
    } else if (domainId == Domain.ROOT_DOMAIN) {
        throw new PermissionDeniedException("Can't delete ROOT domain");
    }
    _accountMgr.checkAccess(caller, domain);
    return deleteDomain(domain, cleanup);
}