本文整理汇总了Java中com.cloud.exception.PermissionDeniedException类的典型用法代码示例。如果您正苦于以下问题:Java PermissionDeniedException类的具体用法?Java PermissionDeniedException怎么用?Java PermissionDeniedException使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
PermissionDeniedException类属于com.cloud.exception包,在下文中一共展示了PermissionDeniedException类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: getEntityOwnerId
import com.cloud.exception.PermissionDeniedException; //导入依赖的package包/类
@Override
public long getEntityOwnerId() {
final Volume volume = _entityMgr.findById(Volume.class, getEntityId());
if (volume == null) {
throw new InvalidParameterValueException("Unable to find volume by id=" + id);
}
final Account account = _accountService.getAccount(volume.getAccountId());
//Can resize volumes for enabled projects/accounts only
if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
final Project project = _projectService.findByProjectAccountId(volume.getAccountId());
if (project.getState() != Project.State.Active) {
throw new PermissionDeniedException("Can't add resources to project id=" + project.getId() + " in state=" + project.getState() +
" as it's no longer active");
}
} else if (account.getState() == Account.State.disabled) {
throw new PermissionDeniedException("The owner of volume " + id + " is disabled: " + account);
}
return volume.getAccountId();
}
示例2: getEntityOwnerId
import com.cloud.exception.PermissionDeniedException; //导入依赖的package包/类
@Override
public long getEntityOwnerId() {
final VMSnapshot vmsnapshot = _entityMgr.findById(VMSnapshot.class, getVMSnapshotId());
if (vmsnapshot == null) {
throw new InvalidParameterValueException("Unable to find vmsnapshot by id=" + getVMSnapshotId());
}
final Account account = _accountService.getAccount(vmsnapshot.getAccountId());
//Can create templates for enabled projects/accounts only
if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
final Project project = _projectService.findByProjectAccountId(vmsnapshot.getAccountId());
if (project == null) {
throw new InvalidParameterValueException("Unable to find project by account id=" + account.getUuid());
}
if (project.getState() != Project.State.Active) {
throw new PermissionDeniedException("Can't add resources to the project id=" + project.getUuid() + " in state=" + project.getState() + " as it's no longer active");
}
} else if (account.getState() == Account.State.disabled) {
throw new PermissionDeniedException("The owner of template is disabled: " + account);
}
return vmsnapshot.getAccountId();
}
示例3: getEntityOwnerId
import com.cloud.exception.PermissionDeniedException; //导入依赖的package包/类
@Override
public long getEntityOwnerId() {
final Volume volume = _entityMgr.findById(Volume.class, getVolumeId());
if (volume == null) {
throw new InvalidParameterValueException("Unable to find volume by id=" + volumeId);
}
final Account account = _accountService.getAccount(volume.getAccountId());
//Can create templates for enabled projects/accounts only
if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
final Project project = _projectService.findByProjectAccountId(volume.getAccountId());
if (project.getState() != Project.State.Active) {
throw new PermissionDeniedException("Can't add resources to the project id=" + project.getId() + " in state=" + project.getState() + " as it's no longer active");
}
} else if (account.getState() == Account.State.disabled) {
throw new PermissionDeniedException("The owner of template is disabled: " + account);
}
return volume.getAccountId();
}
示例4: checkAccess
import com.cloud.exception.PermissionDeniedException; //导入依赖的package包/类
@Override
public boolean checkAccess(final Account caller, final Domain domain) throws PermissionDeniedException {
if (caller.getState() != Account.State.enabled) {
throw new PermissionDeniedException(caller + " is disabled.");
}
final long domainId = domain.getId();
if (_accountService.isNormalUser(caller.getId())) {
if (caller.getDomainId() != domainId) {
throw new PermissionDeniedException(caller + " does not have permission to operate within domain id=" + domain.getUuid());
}
} else if (!_domainDao.isChildDomain(caller.getDomainId(), domainId)) {
throw new PermissionDeniedException(caller + " does not have permission to operate within domain id=" + domain.getUuid());
}
return true;
}
示例5: destroyVm
import com.cloud.exception.PermissionDeniedException; //导入依赖的package包/类
@Override
@ActionEvent(eventType = EventTypes.EVENT_VM_DESTROY, eventDescription = "destroying Vm", async = true)
public UserVm destroyVm(final DestroyVMCmd cmd) throws ResourceUnavailableException, ConcurrentOperationException {
final CallContext ctx = CallContext.current();
final long vmId = cmd.getId();
final boolean expunge = cmd.getExpunge();
// When trying to expunge, permission is denied when the caller is not an admin and the AllowUserExpungeRecoverVm is false for the caller.
if (expunge && !_accountMgr.isAdmin(ctx.getCallingAccount().getId()) && !AllowUserExpungeRecoverVm.valueIn(cmd.getEntityOwnerId())) {
throw new PermissionDeniedException("Parameter " + ApiConstants.EXPUNGE + " can be passed by Admin only. Or when the allow.user.expunge.recover.vm key is set.");
}
final UserVm destroyedVm = destroyVm(vmId);
if (expunge) {
final UserVmVO vm = _vmDao.findById(vmId);
if (!expunge(vm, ctx.getCallingUserId(), ctx.getCallingAccount())) {
throw new CloudRuntimeException("Failed to expunge vm " + destroyedVm);
}
}
return destroyedVm;
}
示例6: searchForLBStickinessPolicies
import com.cloud.exception.PermissionDeniedException; //导入依赖的package包/类
@Override
public List<LBStickinessPolicyVO> searchForLBStickinessPolicies(final ListLBStickinessPoliciesCmd cmd) throws PermissionDeniedException {
final Account caller = CallContext.current().getCallingAccount();
final Long loadBalancerId = cmd.getLbRuleId();
final Long stickinessId = cmd.getId();
final boolean forDisplay = cmd.getDisplay();
LoadBalancerVO loadBalancer = null;
if (loadBalancerId == null) {
loadBalancer = findLbByStickinessId(stickinessId);
} else {
loadBalancer = _lbDao.findById(loadBalancerId);
}
if (loadBalancer == null) {
return null;
}
_accountMgr.checkAccess(caller, null, true, loadBalancer);
final List<LBStickinessPolicyVO> sDbpolicies = _lb2stickinesspoliciesDao.listByLoadBalancerIdAndDisplayFlag(loadBalancer.getId(), forDisplay);
return sDbpolicies;
}
示例7: searchForLBHealthCheckPolicies
import com.cloud.exception.PermissionDeniedException; //导入依赖的package包/类
@Override
public List<LBHealthCheckPolicyVO> searchForLBHealthCheckPolicies(final ListLBHealthCheckPoliciesCmd cmd) throws PermissionDeniedException {
final Account caller = CallContext.current().getCallingAccount();
Long loadBalancerId = cmd.getLbRuleId();
final Long policyId = cmd.getId();
final boolean forDisplay = cmd.getDisplay();
if (loadBalancerId == null) {
loadBalancerId = findLBIdByHealtCheckPolicyId(policyId);
}
final LoadBalancerVO loadBalancer = _lbDao.findById(loadBalancerId);
if (loadBalancer == null) {
return null;
}
_accountMgr.checkAccess(caller, null, true, loadBalancer);
final List<LBHealthCheckPolicyVO> hcDbpolicies = _lb2healthcheckDao.listByLoadBalancerIdAndDisplayFlag(loadBalancerId, forDisplay);
return hcDbpolicies;
}
示例8: queryJobResult
import com.cloud.exception.PermissionDeniedException; //导入依赖的package包/类
@Override
public AsyncJobResponse queryJobResult(final QueryAsyncJobResultCmd cmd) {
final Account caller = CallContext.current().getCallingAccount();
final AsyncJob job = _entityMgr.findById(AsyncJob.class, cmd.getId());
if (job == null) {
throw new InvalidParameterValueException("Unable to find a job by id " + cmd.getId());
}
final User userJobOwner = _accountMgr.getUserIncludingRemoved(job.getUserId());
final Account jobOwner = _accountMgr.getAccount(userJobOwner.getAccountId());
//check permissions
if (_accountMgr.isNormalUser(caller.getId())) {
//regular user can see only jobs he owns
if (caller.getId() != jobOwner.getId()) {
throw new PermissionDeniedException("Account " + caller + " is not authorized to see job id=" + job.getId());
}
} else if (_accountMgr.isDomainAdmin(caller.getId())) {
_accountMgr.checkAccess(caller, null, true, jobOwner);
}
return createAsyncJobResponse(_jobMgr.queryJob(cmd.getId(), true));
}
示例9: checkUuid
import com.cloud.exception.PermissionDeniedException; //导入依赖的package包/类
@Override
public <T> void checkUuid(final String uuid, final Class<T> entityType) {
if (uuid == null) {
return;
}
final Account caller = CallContext.current().getCallingAccount();
// Only admin and system allowed to do this
if (!(caller.getId() == Account.ACCOUNT_ID_SYSTEM || _accountMgr.isRootAdmin(caller.getId()))) {
throw new PermissionDeniedException("Please check your permissions, you are not allowed to create/update custom id");
}
checkUuidSimple(uuid, entityType);
}
示例10: deleteDomain
import com.cloud.exception.PermissionDeniedException; //导入依赖的package包/类
@Override
@ActionEvent(eventType = EventTypes.EVENT_DOMAIN_DELETE, eventDescription = "deleting Domain", async = true)
public boolean deleteDomain(final long domainId, final Boolean cleanup) {
final Account caller = CallContext.current().getCallingAccount();
final DomainVO domain = _domainDao.findById(domainId);
if (domain == null) {
throw new InvalidParameterValueException("Failed to delete domain " + domainId + ", domain not found");
} else if (domainId == Domain.ROOT_DOMAIN) {
throw new PermissionDeniedException("Can't delete ROOT domain");
}
_accountMgr.checkAccess(caller, domain);
return deleteDomain(domain, cleanup);
}
示例11: isResourceDomainAdmin
import com.cloud.exception.PermissionDeniedException; //导入依赖的package包/类
public boolean isResourceDomainAdmin(final Long accountId) {
if (accountId != null) {
final AccountVO acct = _accountDao.findById(accountId);
if (acct == null) {
return false; //account is deleted or does not exist
}
for (final SecurityChecker checker : _securityCheckers) {
try {
if (checker.checkAccess(acct, null, null, "DomainResourceCapability")) {
if (s_logger.isTraceEnabled()) {
s_logger.trace("ResourceDomainAdmin Access granted to " + acct + " by " + checker.getName());
}
return true;
}
} catch (final PermissionDeniedException ex) {
return false;
}
}
}
return false;
}
示例12: isRootAdmin
import com.cloud.exception.PermissionDeniedException; //导入依赖的package包/类
@Override
public boolean isRootAdmin(final Long accountId) {
if (accountId != null) {
final AccountVO acct = _accountDao.findById(accountId);
if (acct == null) {
return false; //account is deleted or does not exist
}
for (final SecurityChecker checker : _securityCheckers) {
try {
if (checker.checkAccess(acct, null, null, "SystemCapability")) {
if (s_logger.isTraceEnabled()) {
s_logger.trace("Root Access granted to " + acct + " by " + checker.getName());
}
return true;
}
} catch (final PermissionDeniedException ex) {
return false;
}
}
}
return false;
}
示例13: isDomainAdmin
import com.cloud.exception.PermissionDeniedException; //导入依赖的package包/类
@Override
public boolean isDomainAdmin(final Long accountId) {
if (accountId != null) {
final AccountVO acct = _accountDao.findById(accountId);
if (acct == null) {
return false; //account is deleted or does not exist
}
for (final SecurityChecker checker : _securityCheckers) {
try {
if (checker.checkAccess(acct, null, null, "DomainCapability")) {
if (s_logger.isTraceEnabled()) {
s_logger.trace("DomainAdmin Access granted to " + acct + " by " + checker.getName());
}
return true;
}
} catch (final PermissionDeniedException ex) {
return false;
}
}
}
return false;
}
示例14: registerTemplate
import com.cloud.exception.PermissionDeniedException; //导入依赖的package包/类
@Override
@ActionEvent(eventType = EventTypes.EVENT_TEMPLATE_CREATE, eventDescription = "creating template")
public VirtualMachineTemplate registerTemplate(final RegisterTemplateCmd cmd) throws URISyntaxException, ResourceAllocationException {
final Account account = CallContext.current().getCallingAccount();
if (cmd.getTemplateTag() != null) {
if (!_accountService.isRootAdmin(account.getId())) {
throw new PermissionDeniedException("Parameter templatetag can only be specified by a Root Admin, permission denied");
}
}
if (cmd.isRoutingType() != null) {
if (!_accountService.isRootAdmin(account.getId())) {
throw new PermissionDeniedException("Parameter isrouting can only be specified by a Root Admin, permission denied");
}
}
final TemplateAdapter adapter = getAdapter(HypervisorType.getType(cmd.getHypervisor()));
final TemplateProfile profile = adapter.prepare(cmd);
final VMTemplateVO template = adapter.create(profile);
if (template != null) {
return template;
} else {
throw new CloudRuntimeException("Failed to create a template");
}
}
示例15: checkAccess
import com.cloud.exception.PermissionDeniedException; //导入依赖的package包/类
@Override
public boolean checkAccess(final User user, final String commandName) throws PermissionDeniedException {
final Account account = _accountService.getAccount(user.getAccountId());
if (account == null) {
throw new PermissionDeniedException("The account id=" + user.getAccountId() + "for user id=" + user.getId() + "is null");
}
final RoleType roleType = _accountService.getRoleType(account);
final boolean isAllowed =
commandsPropertiesOverrides.contains(commandName) ? commandsPropertiesRoleBasedApisMap.get(roleType).contains(commandName) : annotationRoleBasedApisMap.get(
roleType).contains(commandName);
if (!isAllowed) {
throw new PermissionDeniedException("The API does not exist or is blacklisted. Role type=" + roleType.toString() + " is not allowed to request the api: " +
commandName);
}
return isAllowed;
}