/**
* Adds the tenant to the vCenter acls if the tenant admin is creating it. This always sets the
* vCenter tenant (the old deprecated filed to null).
*
* @param tenant a valid tenant org if the tenant admin is creating it.
* @param vcenter the vCenter being created.
*/
private void addVcenterAclIfTenantAdmin(TenantOrg tenant, Vcenter vcenter) {
// Always set the deprecated tenant field of a vCenter to null.
vcenter.setTenant(NullColumnValueGetter.getNullURI());
if (isSystemAdmin()) {
return;
}
URI tenantId;
if (tenant != null) {
tenantId = tenant.getId();
} else {
// If the tenant org is not valid, try to use the
// user's tenant org.
tenantId = URI.create(getUserFromContext().getTenantId());
}
// If the User is an admin in the tenant org, allow the
// operation otherwise, report the insufficient permission
// exception.
if (_permissionsHelper.userHasGivenRole(getUserFromContext(), tenantId, Role.TENANT_ADMIN)) {
// Generate the acl entry and add to the vCenters acls.
String aclKey = _permissionsHelper.getTenantUsePermissionKey(tenantId.toString());
vcenter.addAcl(aclKey, ACL.USE.name());
_log.debug("Adding {} to the vCenter {} acls", aclKey, vcenter.getLabel());
}
}
