Examples with PermissionDeniedException com.cloud.legacymodel.exceptions.PermissionDeniedException used on opensource projects

Example 6 with PermissionDeniedException

use of com.cloud.legacymodel.exceptions.PermissionDeniedException in project cosmic by MissionCriticalCloud.

the class IpAddressManagerImpl method allocateIp.

@DB
@Override
public IpAddress allocateIp(final Account ipOwner, final boolean isSystem, final Account caller, final long callerUserId, final DataCenter zone, final Boolean displayIp) throws ConcurrentOperationException, ResourceAllocationException, InsufficientAddressCapacityException {
    final VlanType vlanType = VlanType.VirtualNetwork;
    final boolean assign = false;
    if (AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getId())) {
        // zone is of type DataCenter. See DataCenterVO.java.
        final PermissionDeniedException ex = new PermissionDeniedException("Cannot perform this operation, " + "Zone is currently disabled");
        ex.addProxyObject(zone.getUuid(), "zoneId");
        throw ex;
    }
    PublicIp ip = null;
    Account accountToLock = null;
    try {
        if (s_logger.isDebugEnabled()) {
            s_logger.debug("Associate IP address called by the user " + callerUserId + " account " + ipOwner.getId());
        }
        accountToLock = _accountDao.acquireInLockTable(ipOwner.getId());
        if (accountToLock == null) {
            s_logger.warn("Unable to lock account: " + ipOwner.getId());
            throw new ConcurrentOperationException("Unable to acquire account lock");
        }
        if (s_logger.isDebugEnabled()) {
            s_logger.debug("Associate IP address lock acquired");
        }
        ip = Transaction.execute(new TransactionCallbackWithException<PublicIp, InsufficientAddressCapacityException>() {

            @Override
            public PublicIp doInTransaction(final TransactionStatus status) throws InsufficientAddressCapacityException {
                final PublicIp ip = fetchNewPublicIp(zone.getId(), null, null, ipOwner, vlanType, null, false, assign, null, isSystem, null, displayIp);
                if (ip == null) {
                    final InsufficientAddressCapacityException ex = new InsufficientAddressCapacityException("Unable to find available public IP addresses", DataCenter.class, zone.getId());
                    ex.addProxyObject(ApiDBUtils.findZoneById(zone.getId()).getUuid());
                    throw ex;
                }
                CallContext.current().setEventDetails("Ip Id: " + ip.getId());
                final Ip ipAddress = ip.getAddress();
                s_logger.debug("Got " + ipAddress + " to assign for account " + ipOwner.getId() + " in zone " + zone.getId());
                return ip;
            }
        });
    } finally {
        if (accountToLock != null) {
            if (s_logger.isDebugEnabled()) {
                s_logger.debug("Releasing lock account " + ipOwner);
            }
            _accountDao.releaseFromLockTable(ipOwner.getId());
            s_logger.debug("Associate IP address lock released");
        }
    }
    return ip;
}

Example 7 with PermissionDeniedException

use of com.cloud.legacymodel.exceptions.PermissionDeniedException in project cosmic by MissionCriticalCloud.

the class NetworkServiceImpl method updateIP.

@Override
@ActionEvent(eventType = EventTypes.EVENT_NET_IP_UPDATE, eventDescription = "updating public ip address", async = true)
public IpAddress updateIP(final Long id, final String customId, final Boolean displayIp) {
    final Account caller = CallContext.current().getCallingAccount();
    final IPAddressVO ipVO = _ipAddressDao.findById(id);
    if (ipVO == null) {
        throw new InvalidParameterValueException("Unable to find ip address by id");
    }
    // verify permissions
    if (ipVO.getAllocatedToAccountId() != null) {
        _accountMgr.checkAccess(caller, null, true, ipVO);
    } else if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
        throw new PermissionDeniedException("Only Root admin can update non-allocated ip addresses");
    }
    if (customId != null) {
        ipVO.setUuid(customId);
    }
    if (displayIp != null) {
        ipVO.setDisplay(displayIp);
    }
    _ipAddressDao.update(id, ipVO);
    return _ipAddressDao.findById(id);
}

Example 8 with PermissionDeniedException

use of com.cloud.legacymodel.exceptions.PermissionDeniedException in project cosmic by MissionCriticalCloud.

the class CreateTemplateCmd method getEntityOwnerId.

@Override
public long getEntityOwnerId() {
    final Long volumeId = getVolumeId();
    final Long snapshotId = getSnapshotId();
    final Account callingAccount = CallContext.current().getCallingAccount();
    if (volumeId != null) {
        final Volume volume = _entityMgr.findById(Volume.class, volumeId);
        if (volume != null) {
            _accountService.checkAccess(callingAccount, SecurityChecker.AccessType.UseEntry, false, volume);
        } else {
            throw new InvalidParameterValueException("Unable to find volume by id=" + volumeId);
        }
    } else {
        final Snapshot snapshot = _entityMgr.findById(Snapshot.class, snapshotId);
        if (snapshot != null) {
            _accountService.checkAccess(callingAccount, SecurityChecker.AccessType.UseEntry, false, snapshot);
        } else {
            throw new InvalidParameterValueException("Unable to find snapshot by id=" + snapshotId);
        }
    }
    if (projectId != null) {
        final Project project = _projectService.getProject(projectId);
        if (project != null) {
            if (project.getState() == Project.State.Active) {
                final Account projectAccount = _accountService.getAccount(project.getProjectAccountId());
                _accountService.checkAccess(callingAccount, SecurityChecker.AccessType.UseEntry, false, projectAccount);
                return project.getProjectAccountId();
            } else {
                final PermissionDeniedException ex = new PermissionDeniedException("Can't add resources to the project with specified projectId in state=" + project.getState() + " as it's no longer active");
                ex.addProxyObject(project.getUuid(), "projectId");
                throw ex;
            }
        } else {
            throw new InvalidParameterValueException("Unable to find project by id");
        }
    }
    return callingAccount.getId();
}

Example 9 with PermissionDeniedException

use of com.cloud.legacymodel.exceptions.PermissionDeniedException in project cosmic by MissionCriticalCloud.

the class CreateSnapshotCmd method getEntityOwnerId.

@Override
public long getEntityOwnerId() {
    final Volume volume = _entityMgr.findById(Volume.class, getVolumeId());
    if (volume == null) {
        throw new InvalidParameterValueException("Unable to find volume by id=" + volumeId);
    }
    final Account account = _accountService.getAccount(volume.getAccountId());
    // Can create templates for enabled projects/accounts only
    if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
        final Project project = _projectService.findByProjectAccountId(volume.getAccountId());
        if (project.getState() != Project.State.Active) {
            throw new PermissionDeniedException("Can't add resources to the project id=" + project.getId() + " in state=" + project.getState() + " as it's no longer active");
        }
    } else if (account.getState() == Account.State.disabled) {
        throw new PermissionDeniedException("The owner of template is disabled: " + account);
    }
    return volume.getAccountId();
}

Example 10 with PermissionDeniedException

use of com.cloud.legacymodel.exceptions.PermissionDeniedException in project cosmic by MissionCriticalCloud.

the class CreateSnapshotFromVMSnapshotCmd method getEntityOwnerId.

@Override
public long getEntityOwnerId() {
    final VMSnapshot vmsnapshot = _entityMgr.findById(VMSnapshot.class, getVMSnapshotId());
    if (vmsnapshot == null) {
        throw new InvalidParameterValueException("Unable to find vmsnapshot by id=" + getVMSnapshotId());
    }
    final Account account = _accountService.getAccount(vmsnapshot.getAccountId());
    // Can create templates for enabled projects/accounts only
    if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
        final Project project = _projectService.findByProjectAccountId(vmsnapshot.getAccountId());
        if (project == null) {
            throw new InvalidParameterValueException("Unable to find project by account id=" + account.getUuid());
        }
        if (project.getState() != Project.State.Active) {
            throw new PermissionDeniedException("Can't add resources to the project id=" + project.getUuid() + " in state=" + project.getState() + " as it's no longer active");
        }
    } else if (account.getState() == Account.State.disabled) {
        throw new PermissionDeniedException("The owner of template is disabled: " + account);
    }
    return vmsnapshot.getAccountId();
}