From 1abbc007bac6db96a362426300f71737577b3dfe Mon Sep 17 00:00:00 2001
From: Kelven Yang <kelven@cloud.com>
Date: Wed, 23 Mar 2011 14:46:34 -0700
Subject: [PATCH] bug 8954: only root admin can access console proxy, SSVM and
 DomR

---
 server/src/com/cloud/servlet/ConsoleProxyServlet.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/server/src/com/cloud/servlet/ConsoleProxyServlet.java b/server/src/com/cloud/servlet/ConsoleProxyServlet.java
index 7c1edd9f681..b7d6ce13425 100644
--- a/server/src/com/cloud/servlet/ConsoleProxyServlet.java
+++ b/server/src/com/cloud/servlet/ConsoleProxyServlet.java
@@ -377,13 +377,13 @@ public class ConsoleProxyServlet extends HttpServlet {
         	return false;
         }
 		
+        // root admin can access anything
 		if(accountObj.getType() == Account.ACCOUNT_TYPE_ADMIN)
     		return true;
 
         switch(vm.getType())
         {
         case User :
-        case DomainRouter:
         	if(vm.getAccountId() != accountObj.getId()) {
         		
         		// access from another normal user
@@ -407,6 +407,7 @@ public class ConsoleProxyServlet extends HttpServlet {
         	}
         	break;
         	
+        case DomainRouter:
         case ConsoleProxy :
         case SecondaryStorageVm:
     		return false;