etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed security problem in listAccounts call (regular user could see other accounts' info when domainId was passed in to listAccounts call)

This commit is contained in:
Alena Prokharchyk 2012-09-25 10:38:04 -07:00
parent 5c4cf11860
commit 51041e4f77
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/src/com/cloud/user/AccountManagerImpl.java
View File

@ -2007,7 +2007,7 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag
if (domainId == null) {
domainId = caller.getDomainId();
}
} else if (domainId != null) {
} else if (isAdmin(caller.getType()) && domainId != null) {
listForDomain = true;
} else {
accountId = caller.getAccountId();