From 2358632253a0a0da74b81028e6c63aeb49df7e84 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Erik=20B=C3=B6ck?=
 <89930804+erikbocks@users.noreply.github.com>
Date: Mon, 12 Jan 2026 04:20:31 -0300
Subject: [PATCH] Fixed User type accounts being able to change resource limits
 of their own domain and account (#12046)

Co-authored-by: Lucas Martins <56271185+lucas-a-martins@users.noreply.github.com>
---
 .../com/cloud/resourcelimit/ResourceLimitManagerImpl.java    | 5 +++++
 .../cloud/resourcelimit/ResourceLimitManagerImplTest.java    | 1 +
 2 files changed, 6 insertions(+)

diff --git a/server/src/main/java/com/cloud/resourcelimit/ResourceLimitManagerImpl.java b/server/src/main/java/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
index 9a6c8a85f18..648abf0d938 100644
--- a/server/src/main/java/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
+++ b/server/src/main/java/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
@@ -903,6 +903,11 @@ public class ResourceLimitManagerImpl extends ManagerBase implements ResourceLim
     public ResourceLimitVO updateResourceLimit(Long accountId, Long domainId, Integer typeId, Long max, String tag) {
         Account caller = CallContext.current().getCallingAccount();
 
+        if (caller.getType().equals(Account.Type.NORMAL)) {
+            logger.info("Throwing exception because only root admins and domain admins are allowed to update resource limits.");
+            throw new PermissionDeniedException("Your account does not have the permission to update resource limits.");
+        }
+
         if (max == null) {
             max = (long)Resource.RESOURCE_UNLIMITED;
         } else if (max < Resource.RESOURCE_UNLIMITED) {
diff --git a/server/src/test/java/com/cloud/resourcelimit/ResourceLimitManagerImplTest.java b/server/src/test/java/com/cloud/resourcelimit/ResourceLimitManagerImplTest.java
index a968a2da0b7..0b0b8c5e43f 100644
--- a/server/src/test/java/com/cloud/resourcelimit/ResourceLimitManagerImplTest.java
+++ b/server/src/test/java/com/cloud/resourcelimit/ResourceLimitManagerImplTest.java
@@ -147,6 +147,7 @@ public class ResourceLimitManagerImplTest {
         overrideDefaultConfigValue(ResourceLimitService.ResourceLimitStorageTags, "_defaultValue", StringUtils.join(storageTags, ","));
 
         Account account = mock(Account.class);
+        when(account.getType()).thenReturn(Account.Type.ADMIN);
         User user = mock(User.class);
         CallContext.register(user, account);
     }