apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-11-02 20:02:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

bug 9743: respect id/accountName/domainId parameters when call is executed by the regular user

Browse Source 
status 9743: resolved fixed
This commit is contained in:
alena 2011-06-20 11:22:23 -07:00
parent 3671ff63f2
commit 5fe49efc9f
1 changed files with 27 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
server/src/com/cloud/server/ManagementServerImpl.java
View File

@ -1765,27 +1765,38 @@ public class ManagementServerImpl implements ManagementServer {
List<AccountVO> emptyList = new ArrayList<AccountVO>();
return emptyList;
}
if (accountId != null) {
Account account = _accountDao.findById(accountId);
if (account == null) {
throw new InvalidParameterValueException("Unable to find account by id " + accountId);
}
_accountMgr.checkAccess(caller, account);
}
if (domainId != null) {
Domain domain = _domainDao.findById(domainId);
if (domain == null) {
throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
}
_accountMgr.checkAccess(caller, domain);
if (accountName != null) {
Account account = _accountDao.findActiveAccount(accountName, domainId);
if (account == null) {
throw new InvalidParameterValueException("Unable to find account by name " + accountName + " in domain " + domainId);
}
_accountMgr.checkAccess(caller, account);
}
}
if (isAdmin(caller.getType())) {
if (domainId == null) {
domainId = caller.getDomainId();
isRecursive = true;
} else {
Domain domain = _domainDao.findById(domainId);
if (domain == null) {
throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
}
_accountMgr.checkAccess(caller, domain);
if (accountName != null) {
Account account = _accountDao.findActiveAccount(accountName, domainId);
if (account == null) {
throw new InvalidParameterValueException("Unable to find account by name " + accountName + " in domain " + domainId);
}
_accountMgr.checkAccess(caller, account);
}
}
}
} else {
// regular user is constraint to only his account
accountId = caller.getId();