apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-3242: fixed updateTemplate and updateTemplate permissions security checks for project based templates

Browse Source
This commit is contained in:
Alena Prokharchyk 2013-06-27 11:31:21 -07:00
parent 882e5fa4e0
commit 77fd76acb4
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
server/src/com/cloud/acl/DomainChecker.java
View File

@ -19,11 +19,11 @@ package com.cloud.acl;
import javax.ejb.Local; import javax.ejb.Local;
import javax.inject.Inject; import javax.inject.Inject;
import org.springframework.stereotype.Component;
import org.apache.cloudstack.acl.ControlledEntity; import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.acl.SecurityChecker; import org.apache.cloudstack.acl.SecurityChecker;
import org.apache.cloudstack.api.BaseCmd; import org.apache.cloudstack.api.BaseCmd;
import org.springframework.stereotype.Component;
import com.cloud.dc.DataCenter; import com.cloud.dc.DataCenter;
import com.cloud.domain.Domain; import com.cloud.domain.Domain;
import com.cloud.domain.dao.DomainDao; import com.cloud.domain.dao.DomainDao;
@ -95,6 +95,10 @@ public class DomainChecker extends AdapterBase implements SecurityChecker {
if (BaseCmd.isRootAdmin(caller.getType()) || (owner.getId() == caller.getId())) { if (BaseCmd.isRootAdmin(caller.getType()) || (owner.getId() == caller.getId())) {
return true; return true;
} }
//special handling for the project case
if (owner.getType() == Account.ACCOUNT_TYPE_PROJECT && _projectMgr.canAccessProjectAccount(caller, owner.getId())) {
return true;
}
// since the current account is not the owner of the template, check the launch permissions table to see if the // since the current account is not the owner of the template, check the launch permissions table to see if the
// account can launch a VM from this template // account can launch a VM from this template