From a277e4e08c8913b1ef1d4d0470bae039a60d111a Mon Sep 17 00:00:00 2001
From: Wei Zhou <weizhou@apache.org>
Date: Fri, 3 Dec 2021 10:36:33 +0100
Subject: [PATCH] server: fix non-root users are able to list system networks
 by id (#5729)

---
 .../src/main/java/com/cloud/network/NetworkServiceImpl.java   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
index 7a79cfa167d..2084cd4a003 100644
--- a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
@@ -1617,8 +1617,8 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C
         Long networkOfferingId = cmd.getNetworkOfferingId();
 
         // 1) default is system to false if not specified
-        // 2) reset parameter to false if it's specified by the regular user
-        if ((isSystem == null || _accountMgr.isNormalUser(caller.getId())) && id == null) {
+        // 2) reset parameter to false if it's specified by a non-ROOT user
+        if (isSystem == null || !_accountMgr.isRootAdmin(caller.getId())) {
             isSystem = false;
         }