apache
diff --git a/‎api/src/com/cloud/network/NetworkModel.java‎
Lines changed: 0 additions & 4 deletions b/‎api/src/com/cloud/network/NetworkModel.java‎
Lines changed: 0 additions & 4 deletions
diff --git a/‎api/src/com/cloud/user/AccountService.java‎
Lines changed: 4 additions & 3 deletions b/‎api/src/com/cloud/user/AccountService.java‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎api/src/org/apache/cloudstack/acl/SecurityChecker.java‎
Lines changed: 3 additions & 3 deletions b/‎api/src/org/apache/cloudstack/acl/SecurityChecker.java‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎api/src/org/apache/cloudstack/api/command/admin/address/AssociateIPAddrCmdByAdmin.java‎
Lines changed: 1 addition & 4 deletions b/‎api/src/org/apache/cloudstack/api/command/admin/address/AssociateIPAddrCmdByAdmin.java‎
Lines changed: 1 addition & 4 deletions
diff --git a/‎api/src/org/apache/cloudstack/api/command/admin/vm/AddNicToVMCmdByAdmin.java‎
Lines changed: 1 addition & 0 deletions b/‎api/src/org/apache/cloudstack/api/command/admin/vm/AddNicToVMCmdByAdmin.java‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎api/src/org/apache/cloudstack/api/command/user/address/AssociateIPAddrCmd.java‎
Lines changed: 0 additions & 1 deletion b/‎api/src/org/apache/cloudstack/api/command/user/address/AssociateIPAddrCmd.java‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java‎
Lines changed: 1 addition & 0 deletions b/‎api/src/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎api/src/org/apache/cloudstack/api/command/user/loadbalancer/AssignToLoadBalancerRuleCmd.java‎
Lines changed: 2 additions & 7 deletions b/‎api/src/org/apache/cloudstack/api/command/user/loadbalancer/AssignToLoadBalancerRuleCmd.java‎
Lines changed: 2 additions & 7 deletions
diff --git a/‎api/src/org/apache/cloudstack/api/command/user/loadbalancer/ListLBStickinessPoliciesCmd.java‎
Lines changed: 2 additions & 2 deletions b/‎api/src/org/apache/cloudstack/api/command/user/loadbalancer/ListLBStickinessPoliciesCmd.java‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎api/src/org/apache/cloudstack/api/command/user/nat/DisableStaticNatCmd.java‎
Lines changed: 1 addition & 4 deletions b/‎api/src/org/apache/cloudstack/api/command/user/nat/DisableStaticNatCmd.java‎
Lines changed: 1 addition & 4 deletions
@@ -22,8 +22,6 @@
 import java.util.Map;
 import java.util.Set;
 
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-
 import com.cloud.dc.Vlan;
 import com.cloud.exception.InsufficientAddressCapacityException;
 import com.cloud.exception.InvalidParameterValueException;
@@ -277,6 +275,4 @@ public interface NetworkModel {
     boolean isNetworkReadyForGc(long networkId);
 
     boolean getNetworkEgressDefaultPolicy(Long networkId);
-
-    void checkNetworkPermissions(Account owner, Network network, AccessType accessType);
 }
@@ -103,11 +103,12 @@ UserAccount createUserAccount(String userName, String password, String firstName
 
     RoleType getRoleType(Account account);
 
-    void checkAccess(Account caller, Domain domain) throws PermissionDeniedException;
+    void checkAccess(Account account, Domain domain) throws PermissionDeniedException;
 
-    void checkAccess(Account caller, AccessType accessType, ControlledEntity... entities) throws PermissionDeniedException;
+    void checkAccess(Account account, AccessType accessType, boolean sameOwner, ControlledEntity... entities) throws PermissionDeniedException;
 
-    void checkAccess(Account caller, AccessType accessType, String apiName, ControlledEntity... entities) throws PermissionDeniedException;
+    void checkAccess(Account account, AccessType accessType, boolean sameOwner, String apiName,
+            ControlledEntity... entities) throws PermissionDeniedException;
 
     Long finalyzeAccountId(String accountName, Long domainId, Long projectId, boolean enabledOnly);
 
 
@@ -31,10 +31,10 @@
 public interface SecurityChecker extends Adapter {
 
     public enum AccessType {
-        ListEntry,
-        UseEntry,
-        OperateEntry,
         ModifyProject,
+        OperateEntry,
+        UseEntry,
+        ListEntry
     }
 
     /**
 
@@ -31,11 +31,8 @@
 import com.cloud.exception.ResourceAllocationException;
 import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.network.IpAddress;
-import com.cloud.network.vpc.Vpc;
 
-@APICommand(name = "associateIpAddress", description = "Acquires and associates a public IP to an account.", responseObject = IPAddressResponse.class, responseView = ResponseView.Full,
-        entityType = {IpAddress.class, Vpc.class},
-        requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
+@APICommand(name = "associateIpAddress", description = "Acquires and associates a public IP to an account.", responseObject = IPAddressResponse.class, responseView = ResponseView.Full)
 public class AssociateIPAddrCmdByAdmin extends AssociateIPAddrCmd {
     public static final Logger s_logger = Logger.getLogger(AssociateIPAddrCmdByAdmin.class.getName());
 
 
@@ -33,6 +33,7 @@
 import com.cloud.uservm.UserVm;
 import com.cloud.vm.VirtualMachine;
 
+
 @APICommand(name = "addNicToVirtualMachine", description = "Adds VM to specified network by creating a NIC", responseObject = UserVmResponse.class, responseView = ResponseView.Full, entityType = {VirtualMachine.class},
         requestHasSensitiveInfo = false, responseHasSensitiveInfo = true)
 public class AddNicToVMCmdByAdmin extends AddNicToVMCmd {
 
@@ -58,7 +58,6 @@
 import com.cloud.user.Account;
 
 @APICommand(name = "associateIpAddress", description = "Acquires and associates a public IP to an account.", responseObject = IPAddressResponse.class, responseView = ResponseView.Restricted,
-        entityType = {IpAddress.class, Vpc.class},
         requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
 public class AssociateIPAddrCmd extends BaseAsyncCreateCmd {
     public static final Logger s_logger = Logger.getLogger(AssociateIPAddrCmd.class.getName());
 
@@ -49,6 +49,7 @@
 import com.cloud.utils.net.NetUtils;
 import com.cloud.vm.VirtualMachine;
 
+
 @APICommand(name = "createPortForwardingRule", description = "Creates a port forwarding rule", responseObject = FirewallRuleResponse.class, entityType = {FirewallRule.class,
         VirtualMachine.class, IpAddress.class},
         requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
 
@@ -23,11 +23,8 @@
 import java.util.List;
 import java.util.Map;
 
-import com.cloud.utils.net.NetUtils;
 import org.apache.log4j.Logger;
 
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.api.ACL;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.ApiErrorCode;
@@ -41,15 +38,15 @@
 
 import com.cloud.event.EventTypes;
 import com.cloud.exception.InvalidParameterValueException;
-import com.cloud.network.rules.FirewallRule;
 import com.cloud.network.rules.LoadBalancer;
 import com.cloud.user.Account;
 import com.cloud.utils.StringUtils;
+import com.cloud.utils.net.NetUtils;
 import com.cloud.vm.VirtualMachine;
 
 @APICommand(name = "assignToLoadBalancerRule",
             description = "Assigns virtual machine or a list of virtual machines to a load balancer rule.",
-        responseObject = SuccessResponse.class, entityType = {FirewallRule.class, VirtualMachine.class},
+            responseObject = SuccessResponse.class,
             requestHasSensitiveInfo = false,
             responseHasSensitiveInfo = false)
 public class AssignToLoadBalancerRuleCmd extends BaseAsyncCmd {
@@ -61,15 +58,13 @@ public class AssignToLoadBalancerRuleCmd extends BaseAsyncCmd {
     //////////////// API parameters /////////////////////
     /////////////////////////////////////////////////////
 
-    @ACL(accessType = AccessType.OperateEntry)
     @Parameter(name = ApiConstants.ID,
                type = CommandType.UUID,
                entityType = FirewallRuleResponse.class,
                required = true,
                description = "the ID of the load balancer rule")
     private Long id;
 
-    @ACL(accessType = AccessType.OperateEntry)
     @Parameter(name = ApiConstants.VIRTUAL_MACHINE_IDS,
                type = CommandType.LIST,
                collectionType = CommandType.UUID,
 
@@ -86,15 +86,15 @@ public void execute() {
         if (lb != null) {
             //check permissions
             Account caller = CallContext.current().getCallingAccount();
-            _accountService.checkAccess(caller, null, lb);
+            _accountService.checkAccess(caller, null, true, lb);
             List<? extends StickinessPolicy> stickinessPolicies = _lbService.searchForLBStickinessPolicies(this);
             LBStickinessResponse spResponse = _responseGenerator.createLBStickinessPolicyResponse(stickinessPolicies, lb);
             spResponses.add(spResponse);
             response.setResponses(spResponses);
         }
 
         response.setResponseName(getCommandName());
-        setResponseObject(response);
+        this.setResponseObject(response);
     }
 
 }
@@ -34,11 +34,8 @@
 import com.cloud.exception.NetworkRuleConflictException;
 import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.network.IpAddress;
-import com.cloud.network.vpc.Vpc;
-import com.cloud.vm.VirtualMachine;
 
 @APICommand(name = "disableStaticNat", description = "Disables static rule for given ip address", responseObject = SuccessResponse.class,
-        entityType = {IpAddress.class, VirtualMachine.class, Vpc.class},
         requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
 public class DisableStaticNatCmd extends BaseAsyncCmd {
     public static final Logger s_logger = Logger.getLogger(DeletePortForwardingRuleCmd.class.getName());
@@ -92,7 +89,7 @@ public void execute() throws ResourceUnavailableException, NetworkRuleConflictEx
 
         if (result) {
             SuccessResponse response = new SuccessResponse(getCommandName());
-            setResponseObject(response);
+            this.setResponseObject(response);
         } else {
             throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to disable static nat");
         }
Original file line number	Diff line number	Diff line change
`@@ -86,15 +86,15 @@ public void execute() {`
`86`	`86`	`if (lb != null) {`
`87`	`87`	`//check permissions`
`88`	`88`	`Account caller = CallContext.current().getCallingAccount();`
`89`		`- _accountService.checkAccess(caller, null, lb);`
	`89`	`+ _accountService.checkAccess(caller, null, true, lb);`
`90`	`90`	`List<? extends StickinessPolicy> stickinessPolicies = _lbService.searchForLBStickinessPolicies(this);`
`91`	`91`	`LBStickinessResponse spResponse = _responseGenerator.createLBStickinessPolicyResponse(stickinessPolicies, lb);`
`92`	`92`	`spResponses.add(spResponse);`
`93`	`93`	`response.setResponses(spResponses);`
`94`	`94`	`}`
`95`	`95`
`96`	`96`	`response.setResponseName(getCommandName());`
`97`		`- setResponseObject(response);`
	`97`	`+ this.setResponseObject(response);`
`98`	`98`	`}`
`99`	`99`
`100`	`100`	`}`