apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

server: fix non-root users are able to list system networks by id (#5729)

Browse Source
This commit is contained in:
Wei Zhou 2021-12-03 10:36:33 +01:00 committed by GitHub
parent 46fa7f473d
commit a277e4e08c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
server/src/main/java/com/cloud/network/NetworkServiceImpl.java
View File

@ -1617,8 +1617,8 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C
Long networkOfferingId = cmd.getNetworkOfferingId();
// 1) default is system to false if not specified
// 2) reset parameter to false if it's specified by the regular user
if ((isSystem == null || _accountMgr.isNormalUser(caller.getId())) && id == null) {
// 2) reset parameter to false if it's specified by a non-ROOT user
if (isSystem == null || !_accountMgr.isRootAdmin(caller.getId())) {
isSystem = false;
}