fix and changes

shwstppr · shwstppr · commit b2d4fb646086 · 2025-08-05T14:53:26.000+05:30
Signed-off-by: Abhishek Kumar &lt;abhishek.mrt22@gmail.com&gt;
diff --git a/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java b/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java
@@ -856,7 +856,7 @@ private Pair<List<EventJoinVO>, Integer> searchForEventsInternal(ListEventsCmd c
 
     private Pair<List<Long>, Integer> searchForEventIdsAndCount(ListEventsCmd cmd) {
         Account caller = CallContext.current().getCallingAccount();
-        boolean isRootAdmin = accountMgr.isRootAdmin(caller);
+        boolean isRootAdmin = CallContext.current().isCallingAccountRootAdmin();
         List<Long> permittedAccounts = new ArrayList<>();
 
         Long id = cmd.getId();
@@ -950,7 +950,7 @@ private Pair<List<Long>, Integer> searchForEventIdsAndCount(ListEventsCmd cmd) {
         accountMgr.buildACLSearchCriteria(sc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
 
         // For end users display only enabled events
-        if (!accountMgr.isRootAdmin(caller)) {
+        if (!CallContext.current().isCallingAccountRootAdmin()) {
             sc.setParameters("displayEvent", true);
         }
 
@@ -1185,8 +1185,7 @@ public ListResponse<UserVmResponse> searchForUserVMs(ListVMsCmd cmd) {
         }
 
         ResponseView respView = ResponseView.Restricted;
-        Account caller = CallContext.current().getCallingAccount();
-        if (accountMgr.isRootAdmin(caller)) {
+        if (CallContext.current().isCallingAccountRootAdmin()) {
             respView = ResponseView.Full;
         }
         List<UserVmResponse> vmResponses = ViewResponseHelper.createUserVmResponse(respView, "virtualmachine", cmd.getDetails(), cmd.getAccumulate(), cmd.getShowUserData(),
@@ -1315,7 +1314,7 @@ private Pair<List<Long>, Integer> searchForUserVMIdsAndCount(ListVMsCmd cmd) {
             isAdmin = true;
         }
 
-        if (accountMgr.isRootAdmin(caller)) {
+        if (CallContext.current().isCallingAccountRootAdmin()) {
             isRootAdmin = true;
             podId = (Long) getObjectPossibleMethodValue(cmd, "getPodId");
             clusterId = (Long) getObjectPossibleMethodValue(cmd, "getClusterId");
@@ -2630,7 +2629,7 @@ private Pair<List<Long>, Integer> searchForVolumeIdsAndCount(ListVolumesCmd cmd)
         Boolean display = cmd.getDisplay();
         String state = cmd.getState();
         boolean shouldListSystemVms = Boolean.TRUE.equals(cmd.getListSystemVms()) &&
-                CallContext.registerPlaceHolderContext().isCallingAccountRootAdmin();
+                CallContext.current().isCallingAccountRootAdmin();
 
         Long zoneId = cmd.getZoneId();
         Long podId = cmd.getPodId();
@@ -4009,14 +4008,14 @@ private Pair<List<Long>, Integer> searchForServiceOfferingIdsAndCount(ListServic
 
         final Account owner = accountMgr.finalizeOwner(caller, accountName, domainId, projectId);
 
-        if (!accountMgr.isRootAdmin(caller) && isSystem) {
+        if (!CallContext.current().isCallingAccountRootAdmin() && isSystem) {
             throw new InvalidParameterValueException("Only ROOT admins can access system offerings.");
         }
 
         // Keeping this logic consistent with domain specific zones
         // if a domainId is provided, we just return the so associated with this
         // domain
-        if (domainId != null && !accountMgr.isRootAdmin(caller)) {
+        if (domainId != null && !CallContext.current().isCallingAccountRootAdmin()) {
             // check if the user's domain == so's domain || user's domain is a
             // child of so's domain
             if (!isPermissible(owner.getDomainId(), domainId)) {
diff --git a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -1024,7 +1024,7 @@ public Configuration updateConfiguration(final UpdateCfgCmd cmd) throws InvalidP
         validateIpAddressRelatedConfigValues(name, value);
         validateConflictingConfigValue(name, value);
 
-        if (CATEGORY_SYSTEM.equals(category) && !_accountMgr.isRootAdmin(caller)) {
+        if (CATEGORY_SYSTEM.equals(category) && !CallContext.current().isCallingAccountRootAdmin()) {
             logger.warn("Only Root Admin is allowed to edit the configuration {}", name);
             throw new CloudRuntimeException("Only Root Admin is allowed to edit this configuration.");
         }
@@ -4934,9 +4934,8 @@ public Vlan createVlanAndPublicIpRange(final CreateVlanIpRangeCmd cmd) throws In
         }
 
         // Check if zone is enabled
-        final Account caller = CallContext.current().getCallingAccount();
         if (Grouping.AllocationState.Disabled == zone.getAllocationState()
-                && !_accountMgr.isRootAdmin(caller)) {
+                && !CallContext.current().isCallingAccountRootAdmin()) {
             throw new PermissionDeniedException(String.format("Cannot perform this operation, Zone is currently disabled: %s", zone));
         }
 
diff --git a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
@@ -1267,7 +1267,7 @@ public Vpc createVpc(final long zoneId, final long vpcOffId, final long vpcOwner
             throw new InvalidParameterValueException("Network domain must be specified for region level VPC");
         }
 
-        if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller)) {
+        if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !CallContext.current().isCallingAccountRootAdmin()) {
             // See DataCenterVO.java
             final PermissionDeniedException ex = new PermissionDeniedException("Cannot perform this operation since specified Zone is currently disabled");
             ex.addProxyObject(zone.getUuid(), "zoneId");
@@ -2643,8 +2643,7 @@ private void validateVpcPrivateGatewayAssociateNetworkId(NetworkOfferingVO ntwkO
         if (broadcastUri != null && associatedNetworkId != null) {
             throw new InvalidParameterValueException("vlanId and associatedNetworkId are mutually exclusive");
         }
-        Account caller = CallContext.current().getCallingAccount();
-        if (!_accountMgr.isRootAdmin(caller) && (ntwkOff.isSpecifyVlan() || broadcastUri != null || bypassVlanOverlapCheck)) {
+        if (!CallContext.current().isCallingAccountRootAdmin() && (ntwkOff.isSpecifyVlan() || broadcastUri != null || bypassVlanOverlapCheck)) {
             throw new InvalidParameterValueException("Only ROOT admin is allowed to specify vlanId or bypass vlan overlap check");
         }
         if (ntwkOff.isSpecifyVlan() && broadcastUri == null) {
@@ -2767,7 +2766,7 @@ public boolean deleteVpcPrivateGateway(final long gatewayId) throws ConcurrentOp
         }
 
         final Account caller = CallContext.current().getCallingAccount();
-        if (!_accountMgr.isRootAdmin(caller)) {
+        if (!CallContext.current().isCallingAccountRootAdmin()) {
             _accountMgr.checkAccess(caller, null, false, gatewayVO);
             final NetworkVO networkVO = _ntwkDao.findById(gatewayVO.getNetworkId());
             if (networkVO != null) {
diff --git a/server/src/main/java/com/cloud/storage/VolumeApiServiceImpl.java b/server/src/main/java/com/cloud/storage/VolumeApiServiceImpl.java
@@ -946,7 +946,7 @@ public VolumeVO allocVolume(CreateVolumeCmd cmd) throws ResourceAllocationExcept
         }
 
         // Check if zone is disabled
-        if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller)) {
+        if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !CallContext.current().isCallingAccountRootAdmin()) {
             throw new PermissionDeniedException(String.format("Cannot perform this operation, Zone: %s is currently disabled", zone));
         }
 
@@ -3989,8 +3989,6 @@ private boolean isOperationSupported(VMTemplateVO template, UserVmVO userVm) {
     @Override
     @ActionEvent(eventType = EventTypes.EVENT_SNAPSHOT_CREATE, eventDescription = "allocating snapshot", create = true)
     public Snapshot allocSnapshot(Long volumeId, Long policyId, String snapshotName, Snapshot.LocationType locationType, List<Long> zoneIds, List<Long> poolIds, Boolean useStorageReplication) throws ResourceAllocationException {
-        Account caller = CallContext.current().getCallingAccount();
-
         VolumeInfo volume = volFactory.getVolume(volumeId);
         if (volume == null) {
             throw new InvalidParameterValueException("Creating snapshot failed due to volume:" + volumeId + " doesn't exist");
@@ -4059,7 +4057,7 @@ public Snapshot allocSnapshot(Long volumeId, Long policyId, String snapshotName,
                 if (dataCenter == null) {
                     throw new InvalidParameterValueException("Unable to find the specified zone");
                 }
-                if (Grouping.AllocationState.Disabled.equals(dataCenter.getAllocationState()) && !_accountMgr.isRootAdmin(caller)) {
+                if (Grouping.AllocationState.Disabled.equals(dataCenter.getAllocationState()) && !CallContext.current().isCallingAccountRootAdmin()) {
                     throw new PermissionDeniedException("Cannot perform this operation, Zone is currently disabled: " + dataCenter.getName());
                 }
                 if (DataCenter.Type.Edge.equals(dataCenter.getType())) {
@@ -4115,7 +4113,7 @@ public Snapshot allocSnapshotForVm(Long vmId, Long volumeId, String snapshotName
             throw new InvalidParameterValueException("Can't find zone by id " + volume.getDataCenterId());
         }
 
-        if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller)) {
+        if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !CallContext.current().isCallingAccountRootAdmin()) {
             throw new PermissionDeniedException("Cannot perform this operation, Zone is currently disabled: " + zone.getName());
         }
 
diff --git a/server/src/main/java/com/cloud/storage/snapshot/SnapshotManagerImpl.java b/server/src/main/java/com/cloud/storage/snapshot/SnapshotManagerImpl.java
@@ -533,7 +533,7 @@ public String extractSnapshot(ExtractSnapshotCmd cmd) {
         Long snapshotId = cmd.getId();
         Long zoneId = cmd.getZoneId();
 
-        if (!_accountMgr.isRootAdmin(caller) && ApiDBUtils.isExtractionDisabled()) {
+        if (!CallContext.current().isCallingAccountRootAdmin() && ApiDBUtils.isExtractionDisabled()) {
             logger.error("Extraction is disabled through [{}].", Config.DisableExtraction);
             throw new PermissionDeniedException("Extraction could not be completed.");
         }
@@ -2264,9 +2264,9 @@ public Snapshot copySnapshot(CopySnapshotCmd cmd) throws StorageUnavailableExcep
         storagePoolIds = snapshotHelper.addStoragePoolsForCopyToPrimary(volume, destZoneIds, storagePoolIds, useStorageReplication);
         boolean canCopyBetweenStoragePools = CollectionUtils.isNotEmpty(storagePoolIds) && canCopyOnPrimary(storagePoolIds, snapshotVO);
         Map<Long, DataCenterVO> dataCenterVOs = new HashMap<>();
-        boolean isRootAdminCaller = _accountMgr.isRootAdmin(caller);
         for (Long destZoneId: destZoneIds) {
-            DataCenterVO dstZone = getCheckedDestinationZoneForSnapshotCopy(destZoneId, isRootAdminCaller);
+            DataCenterVO dstZone = getCheckedDestinationZoneForSnapshotCopy(destZoneId,
+                    CallContext.current().isCallingAccountRootAdmin());
             dataCenterVOs.put(destZoneId, dstZone);
         }
         _accountMgr.checkAccess(caller, SecurityChecker.AccessType.OperateEntry, true, snapshot);
diff --git a/server/src/main/java/com/cloud/template/TemplateAdapterBase.java b/server/src/main/java/com/cloud/template/TemplateAdapterBase.java
@@ -371,8 +371,7 @@ public TemplateProfile prepare(boolean isIso, long userId, String name, String d
                 if (zone == null) {
                     throw new IllegalArgumentException("Please specify a valid zone.");
                 }
-                Account caller = CallContext.current().getCallingAccount();
-                if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller)) {
+                if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !CallContext.current().isCallingAccountRootAdmin()) {
                     throw new PermissionDeniedException(String.format("Cannot perform this operation, Zone %s is currently disabled", zone));
                 }
             }
diff --git a/server/src/main/java/com/cloud/usage/UsageServiceImpl.java b/server/src/main/java/com/cloud/usage/UsageServiceImpl.java
@@ -193,7 +193,7 @@ public Pair<List<? extends Usage>, Integer> getUsageRecords(ListUsageRecordsCmd
             accountId = caller.getId();
             //List records for all the accounts if the caller account is of type admin.
             //If account_id or account_name is explicitly mentioned, list records for the specified account only even if the caller is of type admin
-            ignoreAccountId = _accountService.isRootAdmin(caller);
+            ignoreAccountId = CallContext.current().isCallingAccountRootAdmin();
             logger.debug("Account details not available. Using userContext account: {}", caller);
         }
 
diff --git a/server/src/main/java/com/cloud/user/DomainManagerImpl.java b/server/src/main/java/com/cloud/user/DomainManagerImpl.java
@@ -721,7 +721,7 @@ public Pair<List<? extends Domain>, Integer> searchForDomains(ListDomainsCmd cmd
             }
             _accountMgr.checkAccess(caller, domain);
         } else {
-            if (!_accountMgr.isRootAdmin(caller)) {
+            if (!CallContext.current().isCallingAccountRootAdmin()) {
             domainId = caller.getDomainId();
             }
             if (listAll) {
diff --git a/server/src/main/java/com/cloud/uuididentity/UUIDManagerImpl.java b/server/src/main/java/com/cloud/uuididentity/UUIDManagerImpl.java
@@ -47,10 +47,8 @@ public <T> void checkUuid(String uuid, Class<T> entityType) {
             return;
         }
 
-        Account caller = CallContext.current().getCallingAccount();
-
         // Only admin and system allowed to do this
-        if (!(caller.getId() == Account.ACCOUNT_ID_SYSTEM || _accountMgr.isRootAdmin(caller))) {
+        if (!(CallContext.current().getCallingAccountId() == Account.ACCOUNT_ID_SYSTEM || CallContext.current().isCallingAccountRootAdmin())) {
             throw new PermissionDeniedException("Please check your permissions, you are not allowed to create/update custom id");
         }
 
diff --git a/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java b/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java
@@ -6930,8 +6930,7 @@ public VirtualMachine getVm(long vmId) {
 
     private VMInstanceVO preVmStorageMigrationCheck(Long vmId) {
         // access check - only root admin can migrate VM
-        Account caller = CallContext.current().getCallingAccount();
-        if (!_accountMgr.isRootAdmin(caller)) {
+        if (!CallContext.current().isCallingAccountRootAdmin()) {
             if (logger.isDebugEnabled()) {
                 logger.debug("Caller is not a root admin, permission denied to migrate the VM");
             }
@@ -7072,8 +7071,7 @@ public boolean isVMUsingLocalStorage(VMInstanceVO vm) {
     public VirtualMachine migrateVirtualMachine(Long vmId, Host destinationHost) throws ResourceUnavailableException, ConcurrentOperationException, ManagementServerException,
     VirtualMachineMigrationException {
         // access check - only root admin can migrate VM
-        Account caller = CallContext.current().getCallingAccount();
-        if (!_accountMgr.isRootAdmin(caller)) {
+        if (!CallContext.current().isCallingAccountRootAdmin()) {
             if (logger.isDebugEnabled()) {
                 logger.debug("Caller is not a root admin, permission denied to migrate the VM");
             }
diff --git a/server/src/main/java/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java b/server/src/main/java/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java
@@ -133,7 +133,7 @@ public AffinityGroup createAffinityGroup(final String accountName, final Long pr
         }
 
         Account caller = CallContext.current().getCallingAccount();
-        if (processor.isAdminControlledGroup() && !_accountMgr.isRootAdmin(caller)) {
+        if (processor.isAdminControlledGroup() && !CallContext.current().isCallingAccountRootAdmin()) {
             throw new PermissionDeniedException("Cannot create the affinity group");
         }
 
@@ -464,7 +464,7 @@ public UserVm updateVMAffinityGroups(Long vmId, List<Long> affinityGroupIds) {
                 if (ag.getAclType() == ACLType.Domain) {
                     _accountMgr.checkAccess(caller, null, false, owner, ag);
                     // make sure the affinity group is available in that domain
-                    if (caller.getId() == Account.ACCOUNT_ID_SYSTEM || _accountMgr.isRootAdmin(caller)) {
+                    if (caller.getId() == Account.ACCOUNT_ID_SYSTEM || CallContext.current().isCallingAccountRootAdmin()) {
                         if (!isAffinityGroupAvailableInDomain(ag.getId(), owner.getDomainId())) {
                             throw new PermissionDeniedException("Affinity Group " + ag + " does not belong to the VM's domain");
                         }
@@ -474,7 +474,7 @@ public UserVm updateVMAffinityGroups(Long vmId, List<Long> affinityGroupIds) {
                     // Root admin has access to both VM and AG by default,
                     // but
                     // make sure the owner of these entities is same
-                    if (caller.getId() == Account.ACCOUNT_ID_SYSTEM || _accountMgr.isRootAdmin(caller)) {
+                    if (caller.getId() == Account.ACCOUNT_ID_SYSTEM || CallContext.current().isCallingAccountRootAdmin()) {
                         if (ag.getAccountId() != owner.getAccountId()) {
                             throw new PermissionDeniedException("Affinity Group " + ag + " does not belong to the VM's account");
                         }
diff --git a/server/src/test/java/com/cloud/api/query/QueryManagerImplTest.java b/server/src/test/java/com/cloud/api/query/QueryManagerImplTest.java
@@ -196,7 +196,6 @@ private void setupCommonMocks() {
         user = new UserVO(1, "testuser", "password", "firstname", "lastName", "email", "timezone",
                 UUID.randomUUID().toString(), User.Source.UNKNOWN);
         CallContext.register(user, account);
-        Mockito.when(accountManager.isRootAdmin(account)).thenReturn(false);
         final SearchBuilder<EventVO> eventSearchBuilder = mock(SearchBuilder.class);
         final SearchCriteria<EventVO> eventSearchCriteria = mock(SearchCriteria.class);
         final EventVO eventVO = mock(EventVO.class);
diff --git a/server/src/test/java/com/cloud/storage/snapshot/SnapshotManagerTest.java b/server/src/test/java/com/cloud/storage/snapshot/SnapshotManagerTest.java

Original file line number	Diff line number	Diff line change
`@@ -1024,7 +1024,7 @@ public Configuration updateConfiguration(final UpdateCfgCmd cmd) throws InvalidP`
`1024`	`1024`	`validateIpAddressRelatedConfigValues(name, value);`
`1025`	`1025`	`validateConflictingConfigValue(name, value);`
`1026`	`1026`
`1027`		`- if (CATEGORY_SYSTEM.equals(category) && !_accountMgr.isRootAdmin(caller)) {`
	`1027`	`+ if (CATEGORY_SYSTEM.equals(category) && !CallContext.current().isCallingAccountRootAdmin()) {`
`1028`	`1028`	`logger.warn("Only Root Admin is allowed to edit the configuration {}", name);`
`1029`	`1029`	`throw new CloudRuntimeException("Only Root Admin is allowed to edit this configuration.");`
`1030`	`1030`	`}`
`@@ -4934,9 +4934,8 @@ public Vlan createVlanAndPublicIpRange(final CreateVlanIpRangeCmd cmd) throws In`
`4934`	`4934`	`}`
`4935`	`4935`
`4936`	`4936`	`// Check if zone is enabled`
`4937`		`- final Account caller = CallContext.current().getCallingAccount();`
`4938`	`4937`	`if (Grouping.AllocationState.Disabled == zone.getAllocationState()`
`4939`		`- && !_accountMgr.isRootAdmin(caller)) {`
	`4938`	`+ && !CallContext.current().isCallingAccountRootAdmin()) {`
`4940`	`4939`	`throw new PermissionDeniedException(String.format("Cannot perform this operation, Zone is currently disabled: %s", zone));`
`4941`	`4940`	`}`
`4942`	`4941`
Original file line number	Diff line number	Diff line change
`@@ -1267,7 +1267,7 @@ public Vpc createVpc(final long zoneId, final long vpcOffId, final long vpcOwner`
`1267`	`1267`	`throw new InvalidParameterValueException("Network domain must be specified for region level VPC");`
`1268`	`1268`	`}`
`1269`	`1269`
`1270`		`- if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller)) {`
	`1270`	`+ if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !CallContext.current().isCallingAccountRootAdmin()) {`
`1271`	`1271`	`// See DataCenterVO.java`
`1272`	`1272`	`final PermissionDeniedException ex = new PermissionDeniedException("Cannot perform this operation since specified Zone is currently disabled");`
`1273`	`1273`	`ex.addProxyObject(zone.getUuid(), "zoneId");`
`@@ -2643,8 +2643,7 @@ private void validateVpcPrivateGatewayAssociateNetworkId(NetworkOfferingVO ntwkO`
`2643`	`2643`	`if (broadcastUri != null && associatedNetworkId != null) {`
`2644`	`2644`	`throw new InvalidParameterValueException("vlanId and associatedNetworkId are mutually exclusive");`
`2645`	`2645`	`}`
`2646`		`- Account caller = CallContext.current().getCallingAccount();`
`2647`		`- if (!_accountMgr.isRootAdmin(caller) && (ntwkOff.isSpecifyVlan() \|\| broadcastUri != null \|\| bypassVlanOverlapCheck)) {`
	`2646`	`+ if (!CallContext.current().isCallingAccountRootAdmin() && (ntwkOff.isSpecifyVlan() \|\| broadcastUri != null \|\| bypassVlanOverlapCheck)) {`
`2648`	`2647`	`throw new InvalidParameterValueException("Only ROOT admin is allowed to specify vlanId or bypass vlan overlap check");`
`2649`	`2648`	`}`
`2650`	`2649`	`if (ntwkOff.isSpecifyVlan() && broadcastUri == null) {`
`@@ -2767,7 +2766,7 @@ public boolean deleteVpcPrivateGateway(final long gatewayId) throws ConcurrentOp`
`2767`	`2766`	`}`
`2768`	`2767`
`2769`	`2768`	`final Account caller = CallContext.current().getCallingAccount();`
`2770`		`- if (!_accountMgr.isRootAdmin(caller)) {`
	`2769`	`+ if (!CallContext.current().isCallingAccountRootAdmin()) {`
`2771`	`2770`	`_accountMgr.checkAccess(caller, null, false, gatewayVO);`
`2772`	`2771`	`final NetworkVO networkVO = _ntwkDao.findById(gatewayVO.getNetworkId());`
`2773`	`2772`	`if (networkVO != null) {`
Original file line number	Diff line number	Diff line change
`@@ -946,7 +946,7 @@ public VolumeVO allocVolume(CreateVolumeCmd cmd) throws ResourceAllocationExcept`
`946`	`946`	`}`
`947`	`947`
`948`	`948`	`// Check if zone is disabled`
`949`		`- if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller)) {`
	`949`	`+ if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !CallContext.current().isCallingAccountRootAdmin()) {`
`950`	`950`	`throw new PermissionDeniedException(String.format("Cannot perform this operation, Zone: %s is currently disabled", zone));`
`951`	`951`	`}`
`952`	`952`
`@@ -3989,8 +3989,6 @@ private boolean isOperationSupported(VMTemplateVO template, UserVmVO userVm) {`
`3989`	`3989`	`@Override`
`3990`	`3990`	`@ActionEvent(eventType = EventTypes.EVENT_SNAPSHOT_CREATE, eventDescription = "allocating snapshot", create = true)`
`3991`	`3991`	`public Snapshot allocSnapshot(Long volumeId, Long policyId, String snapshotName, Snapshot.LocationType locationType, List<Long> zoneIds, List<Long> poolIds, Boolean useStorageReplication) throws ResourceAllocationException {`
`3992`		`- Account caller = CallContext.current().getCallingAccount();`
`3993`		`-`
`3994`	`3992`	`VolumeInfo volume = volFactory.getVolume(volumeId);`
`3995`	`3993`	`if (volume == null) {`
`3996`	`3994`	`throw new InvalidParameterValueException("Creating snapshot failed due to volume:" + volumeId + " doesn't exist");`
`@@ -4059,7 +4057,7 @@ public Snapshot allocSnapshot(Long volumeId, Long policyId, String snapshotName,`
`4059`	`4057`	`if (dataCenter == null) {`
`4060`	`4058`	`throw new InvalidParameterValueException("Unable to find the specified zone");`
`4061`	`4059`	`}`
`4062`		`- if (Grouping.AllocationState.Disabled.equals(dataCenter.getAllocationState()) && !_accountMgr.isRootAdmin(caller)) {`
	`4060`	`+ if (Grouping.AllocationState.Disabled.equals(dataCenter.getAllocationState()) && !CallContext.current().isCallingAccountRootAdmin()) {`
`4063`	`4061`	`throw new PermissionDeniedException("Cannot perform this operation, Zone is currently disabled: " + dataCenter.getName());`
`4064`	`4062`	`}`
`4065`	`4063`	`if (DataCenter.Type.Edge.equals(dataCenter.getType())) {`
`@@ -4115,7 +4113,7 @@ public Snapshot allocSnapshotForVm(Long vmId, Long volumeId, String snapshotName`
`4115`	`4113`	`throw new InvalidParameterValueException("Can't find zone by id " + volume.getDataCenterId());`
`4116`	`4114`	`}`
`4117`	`4115`
`4118`		`- if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller)) {`
	`4116`	`+ if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !CallContext.current().isCallingAccountRootAdmin()) {`
`4119`	`4117`	`throw new PermissionDeniedException("Cannot perform this operation, Zone is currently disabled: " + zone.getName());`
`4120`	`4118`	`}`
`4121`	`4119`
Original file line number	Diff line number	Diff line change
`@@ -371,8 +371,7 @@ public TemplateProfile prepare(boolean isIso, long userId, String name, String d`
`371`	`371`	`if (zone == null) {`
`372`	`372`	`throw new IllegalArgumentException("Please specify a valid zone.");`
`373`	`373`	`}`
`374`		`- Account caller = CallContext.current().getCallingAccount();`
`375`		`- if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller)) {`
	`374`	`+ if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !CallContext.current().isCallingAccountRootAdmin()) {`
`376`	`375`	`throw new PermissionDeniedException(String.format("Cannot perform this operation, Zone %s is currently disabled", zone));`
`377`	`376`	`}`
`378`	`377`	`}`
Original file line number	Diff line number	Diff line change
`@@ -193,7 +193,7 @@ public Pair<List<? extends Usage>, Integer> getUsageRecords(ListUsageRecordsCmd`
`193`	`193`	`accountId = caller.getId();`
`194`	`194`	`//List records for all the accounts if the caller account is of type admin.`
`195`	`195`	`//If account_id or account_name is explicitly mentioned, list records for the specified account only even if the caller is of type admin`
`196`		`- ignoreAccountId = _accountService.isRootAdmin(caller);`
	`196`	`+ ignoreAccountId = CallContext.current().isCallingAccountRootAdmin();`
`197`	`197`	`logger.debug("Account details not available. Using userContext account: {}", caller);`
`198`	`198`	`}`
`199`	`199`
Original file line number	Diff line number	Diff line change
`@@ -721,7 +721,7 @@ public Pair<List<? extends Domain>, Integer> searchForDomains(ListDomainsCmd cmd`
`721`	`721`	`}`
`722`	`722`	`_accountMgr.checkAccess(caller, domain);`
`723`	`723`	`} else {`
`724`		`- if (!_accountMgr.isRootAdmin(caller)) {`
	`724`	`+ if (!CallContext.current().isCallingAccountRootAdmin()) {`
`725`	`725`	`domainId = caller.getDomainId();`
`726`	`726`	`}`
`727`	`727`	`if (listAll) {`
Original file line number	Diff line number	Diff line change
`@@ -47,10 +47,8 @@ public <T> void checkUuid(String uuid, Class<T> entityType) {`
`47`	`47`	`return;`
`48`	`48`	`}`
`49`	`49`
`50`		`- Account caller = CallContext.current().getCallingAccount();`
`51`		`-`
`52`	`50`	`// Only admin and system allowed to do this`
`53`		`- if (!(caller.getId() == Account.ACCOUNT_ID_SYSTEM \|\| _accountMgr.isRootAdmin(caller))) {`
	`51`	`+ if (!(CallContext.current().getCallingAccountId() == Account.ACCOUNT_ID_SYSTEM \|\| CallContext.current().isCallingAccountRootAdmin())) {`
`54`	`52`	`throw new PermissionDeniedException("Please check your permissions, you are not allowed to create/update custom id");`
`55`	`53`	`}`
`56`	`54`