diff --git a/src/api/vm.coffee b/src/api/vm.coffee index 66d6873f2..99a6a4d05 100644 --- a/src/api/vm.coffee +++ b/src/api/vm.coffee @@ -198,30 +198,27 @@ migrate = $coroutine ({ mapVifsNetworks, migrationNetwork }) -> + permissions = [] + if mapVdisSrs mapVdisSrsXapi = {} forEach mapVdisSrs, (srId, vdiId) => vdiXapiId = @getObject(vdiId, 'VDI')._xapiId mapVdisSrsXapi[vdiXapiId] = @getObject(srId, 'SR')._xapiId + permissions.push([ + srId, + 'administrate' + ]) if mapVifsNetworks mapVifsNetworksXapi = {} forEach mapVifsNetworks, (networkId, vifId) => vifXapiId = @getObject(vifId, 'VIF')._xapiId mapVifsNetworksXapi[vifXapiId] = @getObject(networkId, 'network')._xapiId - - permissions = [] - for vif, network of mapVifsNetworks - permissions.push([ - network, - 'administrate' - ]) - - for vdi, sr of mapVdisSrs - permissions.push([ - sr, - 'administrate' - ]) + permissions.push([ + networkId, + 'administrate' + ]) unless yield @hasPermissions(@session.get('user_id'), permissions) throw new Unauthorized() diff --git a/src/xapi.js b/src/xapi.js index 2103d4739..cf1dea4c9 100644 --- a/src/xapi.js +++ b/src/xapi.js @@ -1531,12 +1531,14 @@ export default class Xapi extends XapiBase { } // VIFs/Networks mapping - const vifsMap = {} - const defaultNetworkRef = find(host.$PIFs, pif => pif.management).$network.$ref - for (const vif of vm.$VIFs) { - vifsMap[vif.$ref] = mapVifsNetworks && mapVifsNetworks[vif.$id] - ? hostXapi.getObject(mapVifsNetworks[vif.$id]).$ref - : defaultNetworkRef + let vifsMap = {} + if (vm.$pool !== host.$pool) { + const defaultNetworkRef = find(host.$PIFs, pif => pif.management).$network.$ref + for (const vif of vm.$VIFs) { + vifsMap[vif.$ref] = mapVifsNetworks && mapVifsNetworks[vif.$id] + ? hostXapi.getObject(mapVifsNetworks[vif.$id]).$ref + : defaultNetworkRef + } } const token = await hostXapi.call(