apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

bug 9760: added missing permission check to listTemplates api (didn't work when id parameter was specified in the request)

Browse Source 
status 9760: resolved fixed
This commit is contained in:
alena 2011-05-06 11:19:15 -07:00
parent 4e2935dc37
commit fc0bb46f10
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
server/src/com/cloud/server/ManagementServerImpl.java
View File

@ -1637,6 +1637,8 @@ public class ManagementServerImpl implements ManagementServer {
private Set<Pair<Long, Long>> listTemplates(Long templateId, String name, String keyword, TemplateFilter templateFilter, boolean isIso, Boolean bootable, Long accountId, Long pageSize,
Long startIndex, Long zoneId, HypervisorType hyperType, boolean isAccountSpecific, boolean showDomr) {
Account caller = UserContext.current().getCaller();
VMTemplateVO template = null;
if (templateId != null) {
template = _templateDao.findById(templateId);
@ -1671,6 +1673,11 @@ public class ManagementServerImpl implements ManagementServer {
if (template == null) {
templateZonePairSet = _templateDao.searchTemplates(name, keyword, templateFilter, isIso, bootable, account, domain, pageSize, startIndex, zoneId, hyperType, onlyReady, showDomr);
} else {
//if template is not public, perform permission check here
if (!template.isPublicTemplate() && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
Account owner = _accountMgr.getAccount(template.getAccountId());
_accountMgr.checkAccess(caller, owner);
}
templateZonePairSet.add(new Pair<Long, Long>(template.getId(), zoneId));
}