Examples with PermissionDeniedException com.cloud.legacymodel.exceptions.PermissionDeniedException used on opensource projects

Example 71 with PermissionDeniedException

use of com.cloud.legacymodel.exceptions.PermissionDeniedException in project cosmic by MissionCriticalCloud.

the class TaggedResourceManagerImpl method createTags.

@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_TAGS_CREATE, eventDescription = "creating resource tags")
public List<ResourceTag> createTags(final List<String> resourceIds, final ResourceObjectType resourceType, final Map<String, String> tags, final String customer) {
    final Account caller = CallContext.current().getCallingAccount();
    final List<ResourceTag> resourceTags = new ArrayList<>(tags.size());
    Transaction.execute(new TransactionCallbackNoReturn() {

        @Override
        public void doInTransactionWithoutResult(final TransactionStatus status) {
            for (final String key : tags.keySet()) {
                for (final String resourceId : resourceIds) {
                    if (!resourceType.resourceTagsSupport()) {
                        throw new InvalidParameterValueException("The resource type " + resourceType + " doesn't support resource tags");
                    }
                    final long id = getResourceId(resourceId, resourceType);
                    final String resourceUuid = getUuid(resourceId, resourceType);
                    final Pair<Long, Long> accountDomainPair = getAccountDomain(id, resourceType);
                    final Long domainId = accountDomainPair.second();
                    final Long accountId = accountDomainPair.first();
                    if ((domainId != null) && (domainId == -1)) {
                        throw new CloudRuntimeException("Invalid DomainId : -1");
                    }
                    if (accountId != null) {
                        _accountMgr.checkAccess(caller, null, false, _accountMgr.getAccount(accountId));
                    } else if (domainId != null && !_accountMgr.isNormalUser(caller.getId())) {
                        // check permissions;
                        _accountMgr.checkAccess(caller, _domainMgr.getDomain(domainId));
                    } else {
                        throw new PermissionDeniedException("Account " + caller + " doesn't have permissions to create tags" + " for resource " + key);
                    }
                    final String value = tags.get(key);
                    if (value == null || value.isEmpty()) {
                        throw new InvalidParameterValueException("Value for the key " + key + " is either null or empty");
                    }
                    ResourceTagVO resourceTag = new ResourceTagVO(key, value, accountDomainPair.first(), accountDomainPair.second(), id, resourceType, customer, resourceUuid);
                    resourceTag = _resourceTagDao.persist(resourceTag);
                    resourceTags.add(resourceTag);
                }
            }
        }
    });
    return resourceTags;
}

Example 72 with PermissionDeniedException

use of com.cloud.legacymodel.exceptions.PermissionDeniedException in project cosmic by MissionCriticalCloud.

the class TemplateManagerImpl method listTemplatePermissions.

@Override
public List<String> listTemplatePermissions(final BaseListTemplateOrIsoPermissionsCmd cmd) {
    final Account caller = CallContext.current().getCallingAccount();
    final Long id = cmd.getId();
    if (id.equals(Long.valueOf(1))) {
        throw new PermissionDeniedException("unable to list permissions for " + cmd.getMediaType() + " with id " + id);
    }
    final VirtualMachineTemplate template = this._tmpltDao.findById(id);
    if (template == null) {
        throw new InvalidParameterValueException("unable to find " + cmd.getMediaType() + " with id " + id);
    }
    if (cmd instanceof ListTemplatePermissionsCmd) {
        if (template.getFormat().equals(ImageFormat.ISO)) {
            throw new InvalidParameterValueException("Please provide a valid template");
        }
    } else if (cmd instanceof ListIsoPermissionsCmd) {
        if (!template.getFormat().equals(ImageFormat.ISO)) {
            throw new InvalidParameterValueException("Please provide a valid iso");
        }
    }
    if (!template.isPublicTemplate()) {
        this._accountMgr.checkAccess(caller, null, true, template);
    }
    final List<String> accountNames = new ArrayList<>();
    final List<LaunchPermissionVO> permissions = this._launchPermissionDao.findByTemplate(id);
    if (permissions != null && !permissions.isEmpty()) {
        for (final LaunchPermissionVO permission : permissions) {
            final Account acct = this._accountDao.findById(permission.getAccountId());
            accountNames.add(acct.getAccountName());
        }
    }
    // also add the owner if not public
    if (!template.isPublicTemplate()) {
        final Account templateOwner = this._accountDao.findById(template.getAccountId());
        accountNames.add(templateOwner.getAccountName());
    }
    return accountNames;
}

Example 73 with PermissionDeniedException

use of com.cloud.legacymodel.exceptions.PermissionDeniedException in project cosmic by MissionCriticalCloud.

the class UserVmManagerTest method testMoveVmToUser2.

// Test Move VM b/w accounts where caller doesn't have access to the old or new account
@Test(expected = PermissionDeniedException.class)
public void testMoveVmToUser2() throws Exception {
    final AssignVMCmd cmd = new AssignVMCmd();
    final Class<?> _class = cmd.getClass();
    final Field virtualmachineIdField = _class.getDeclaredField("virtualMachineId");
    virtualmachineIdField.setAccessible(true);
    virtualmachineIdField.set(cmd, 1L);
    final Field accountNameField = _class.getDeclaredField("accountName");
    accountNameField.setAccessible(true);
    accountNameField.set(cmd, "account");
    final Field domainIdField = _class.getDeclaredField("domainId");
    domainIdField.setAccessible(true);
    domainIdField.set(cmd, 1L);
    final Account oldAccount = new AccountVO("testaccount", 1, "networkdomain", (short) 0, UUID.randomUUID().toString());
    final Account newAccount = new AccountVO("testaccount", 1, "networkdomain", (short) 1, UUID.randomUUID().toString());
    final UserVmVO vm = new UserVmVO(10L, "test", "test", 1L, HypervisorType.Any, 1L, false, false, 1L, 1L, 1, 5L, "test", "test", 1L, "Manufacturer", OptimiseFor.Generic, false, "", MaintenancePolicy.LiveMigrate, 0L, "cdrom,hd,network");
    vm.setState(VirtualMachine.State.Stopped);
    when(_vmDao.findById(anyLong())).thenReturn(vm);
    when(_accountService.getActiveAccountById(anyLong())).thenReturn(oldAccount);
    when(_accountService.getActiveAccountByName(anyString(), anyLong())).thenReturn(newAccount);
    doThrow(new PermissionDeniedException("Access check failed")).when(_accountMgr).checkAccess(any(Account.class), any(AccessType.class), any(Boolean.class), any(ControlledEntity.class));
    when(_accountMgr.isRootAdmin(anyLong())).thenReturn(true);
    _userVmMgr.moveVMToUser(cmd);
}