From 60f234c682dbd27acc2c763e73569acec57a383f Mon Sep 17 00:00:00 2001
From: dahn <daan@onecht.net>
Date: Fri, 21 Jun 2024 11:50:49 +0200
Subject: [PATCH] remove Project Template Permissions inhibition (#9196)

---
 .../main/java/com/cloud/template/TemplateManagerImpl.java  | 7 ++++---
 ui/src/views/compute/DeployVM.vue                          | 2 ++
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/server/src/main/java/com/cloud/template/TemplateManagerImpl.java b/server/src/main/java/com/cloud/template/TemplateManagerImpl.java
index 2ed42087020..14f54e22f56 100755
--- a/server/src/main/java/com/cloud/template/TemplateManagerImpl.java
+++ b/server/src/main/java/com/cloud/template/TemplateManagerImpl.java
@@ -189,6 +189,7 @@ import com.cloud.user.AccountManager;
 import com.cloud.user.AccountService;
 import com.cloud.user.AccountVO;
 import com.cloud.user.ResourceLimitService;
+import com.cloud.user.User;
 import com.cloud.user.UserData;
 import com.cloud.user.dao.AccountDao;
 import com.cloud.uservm.UserVm;
@@ -1448,6 +1449,7 @@ public class TemplateManagerImpl extends ManagerBase implements TemplateManager,
         // Input validation
         final Long id = cmd.getId();
         final Account caller = CallContext.current().getCallingAccount();
+        final User user = CallContext.current().getCallingUser();
         List<String> accountNames = cmd.getAccountNames();
         List<Long> projectIds = cmd.getProjectIds();
         Boolean isFeatured = cmd.isFeatured();
@@ -1517,9 +1519,8 @@ public class TemplateManagerImpl extends ManagerBase implements TemplateManager,
         }
 
         if (owner.getType() == Account.Type.PROJECT) {
-            // Currently project owned templates cannot be shared outside project but is available to all users within project by default.
-            throw new InvalidParameterValueException("Update template permissions is an invalid operation on template " + template.getName() +
-                    ". Project owned templates cannot be shared outside template.");
+            // if it is a project owned template/iso, the user must at least have access to be allowed to share it.
+            _accountMgr.checkAccess(user, template);
         }
 
         // check configuration parameter(allow.public.user.templates) value for
diff --git a/ui/src/views/compute/DeployVM.vue b/ui/src/views/compute/DeployVM.vue
index 95919461644..0bd68e5e204 100644
--- a/ui/src/views/compute/DeployVM.vue
+++ b/ui/src/views/compute/DeployVM.vue
@@ -2276,6 +2276,7 @@ export default {
       }
       args.zoneid = _.get(this.zone, 'id')
       args.templatefilter = templateFilter
+      args.projectid = -1
       args.details = 'all'
       args.showicon = 'true'
       args.id = this.templateId
@@ -2298,6 +2299,7 @@ export default {
       }
       args.zoneid = _.get(this.zone, 'id')
       args.isoFilter = isoFilter
+      args.projectid = -1
       args.bootable = true
       args.showicon = 'true'
       args.id = this.isoId