/** * Adds the tenant to the vCenter acls if the tenant admin is creating it. This always sets the * vCenter tenant (the old deprecated filed to null). * * @param tenant a valid tenant org if the tenant admin is creating it. * @param vcenter the vCenter being created. */ private void addVcenterAclIfTenantAdmin(TenantOrg tenant, Vcenter vcenter) { // Always set the deprecated tenant field of a vCenter to null. vcenter.setTenant(NullColumnValueGetter.getNullURI()); if (isSystemAdmin()) { return; } URI tenantId; if (tenant != null) { tenantId = tenant.getId(); } else { // If the tenant org is not valid, try to use the // user's tenant org. tenantId = URI.create(getUserFromContext().getTenantId()); } // If the User is an admin in the tenant org, allow the // operation otherwise, report the insufficient permission // exception. if (_permissionsHelper.userHasGivenRole(getUserFromContext(), tenantId, Role.TENANT_ADMIN)) { // Generate the acl entry and add to the vCenters acls. String aclKey = _permissionsHelper.getTenantUsePermissionKey(tenantId.toString()); vcenter.addAcl(aclKey, ACL.USE.name()); _log.debug("Adding {} to the vCenter {} acls", aclKey, vcenter.getLabel()); } }