From f7e8d445525e659ee007be5e4ef181ab8ee546e6 Mon Sep 17 00:00:00 2001
From: "Maneesha.P" <maneesha.papireddygari@citrix.com>
Date: Wed, 5 Aug 2015 14:28:00 +0530
Subject: [PATCH] Implemented condition that only admin or owner of the
 template can change its permissions using updateTemplatePermissions API

---
 server/src/com/cloud/template/TemplateManagerImpl.java | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/server/src/com/cloud/template/TemplateManagerImpl.java b/server/src/com/cloud/template/TemplateManagerImpl.java
index e9581e2427d..6e9af8a0441 100644
--- a/server/src/com/cloud/template/TemplateManagerImpl.java
+++ b/server/src/com/cloud/template/TemplateManagerImpl.java
@@ -1324,6 +1324,11 @@ public class TemplateManagerImpl extends ManagerBase implements TemplateManager,
             throw new InvalidParameterValueException("Update template permissions is an invalid operation on template " + template.getName());
         }
 
+        //Only admin or owner of the template should be able to change its permissions
+        if (caller.getId() != ownerId && !isAdmin) {
+            throw new InvalidParameterValueException("Unable to grant permission to account " + caller.getAccountName() + " as it is neither admin nor owner or the template");
+        }
+
         VMTemplateVO updatedTemplate = _tmpltDao.createForUpdate();
 
         if (isPublic != null) {