AffinityGroupDomainMapDao _affinityGroupDomainMapDao;
@Override
public boolean checkAccess(Account caller, ControlledEntity entity, AccessType accessType) throws PermissionDeniedException {
if (entity instanceof AffinityGroup) {
AffinityGroup group = (AffinityGroup)entity;
if (_affinityGroupService.isAdminControlledGroup(group)) {
if (accessType != null && accessType == AccessType.OperateEntry
&& !_accountMgr.isRootAdmin(caller.getId())) {
throw new PermissionDeniedException(caller + " does not have permission to operate with resource "
+ entity);
}
}
if (group.getAclType() == ACLType.Domain) {
if (!_affinityGroupService.isAffinityGroupAvailableInDomain(group.getId(), caller.getDomainId())) {
throw new PermissionDeniedException("Affinity group is not available in domain id=" + caller.getDomainId());
} else {
return true;
}
} else {
//acl_type account
if (caller.getId() != group.getAccountId()) {
throw new PermissionDeniedException(caller + " does not have permission to operate with resource " + entity);
} else {
return true;
}