From 87849c3964c7f46bc5d1e499a16a3a20be97dd99 Mon Sep 17 00:00:00 2001
From: pdumbre <pallavi_dumbre@accelerite.com>
Date: Fri, 16 Dec 2016 19:00:26 +0530
Subject: [PATCH] CLOUDSTACK-9679:Allow master user to manage subordinate user
 uploaded template

---
 server/src/com/cloud/api/query/QueryManagerImpl.java | 9 +++++++--
 ui/scripts/templates.js                              | 4 ++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/server/src/com/cloud/api/query/QueryManagerImpl.java b/server/src/com/cloud/api/query/QueryManagerImpl.java
index f61d6736e92..c4068fd4915 100644
--- a/server/src/com/cloud/api/query/QueryManagerImpl.java
+++ b/server/src/com/cloud/api/query/QueryManagerImpl.java
@@ -3146,9 +3146,14 @@ public class QueryManagerImpl extends MutualExclusiveIdsManagerBase implements Q
                 ex.addProxyObject(template.getUuid(), "templateId");
                 throw ex;
             }
+            if (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) {
+                Account template_acc = _accountMgr.getAccount(template.getAccountId());
+                DomainVO domain = _domainDao.findById(template_acc.getDomainId());
+                _accountMgr.checkAccess(caller, domain);
 
-            // if template is not public, perform permission check here
-            if (!template.isPublicTemplate() && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
+
+            }// if template is not public, perform permission check here
+            else if (!template.isPublicTemplate() && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
                 _accountMgr.checkAccess(caller, null, false, template);
             }
 
diff --git a/ui/scripts/templates.js b/ui/scripts/templates.js
index 96ef43aee1c..204687a27f0 100644
--- a/ui/scripts/templates.js
+++ b/ui/scripts/templates.js
@@ -35,7 +35,7 @@
                     filters: {
                         all: {
                             preFilter: function(args) {
-                                if (isAdmin()) //"listTemplates&templatefilter=all" only works for root-admin, but no domain-admin. Domain-admin is unable to see all templates until listTemplates API supports a new type of templatefilter for domain-admin to see all templates in his domain.
+                                if (isAdmin()|| isDomainAdmin()) //"listTemplates&templatefilter=all" only for root-admin and domain-admin. Domain-admin is able to see all templates in his domain.
                                     return true;
                                 else
                                     return false;
@@ -1793,7 +1793,7 @@
                     filters: {
                         all: {
                             preFilter: function(args) {
-                                if (isAdmin()) //"listIsos&filter=all" only works for root-admin, but no domain-admin. Domain-admin is unable to see all Isos until listIsos API supports a new type of isofilter for domain-admin to see all Isos in his domain.
+                                if (isAdmin()||isDomainAdmin()) //"listIsos&filter=all" works for root-admin and domain-admin. Domain-admin is able to see all Isos in his domain.
                                     return true;
                                 else
                                     return false;