From 5d47d024c13ef8c626951d55917ae6cdba13c760 Mon Sep 17 00:00:00 2001
From: alena <alena@cloud.com>
Date: Thu, 3 Nov 2011 17:59:59 -0700
Subject: [PATCH] Only ROOT/Domain admins and users belonging to the project
 can list project users

---
 server/src/com/cloud/projects/ProjectManagerImpl.java | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/server/src/com/cloud/projects/ProjectManagerImpl.java b/server/src/com/cloud/projects/ProjectManagerImpl.java
index 990f6ba5014..eed616b8bbb 100644
--- a/server/src/com/cloud/projects/ProjectManagerImpl.java
+++ b/server/src/com/cloud/projects/ProjectManagerImpl.java
@@ -635,8 +635,10 @@ public class ProjectManagerImpl implements ProjectManager, Manager{
             throw new InvalidParameterValueException("Unable to find the project id=" + projectId);
         }
         
-        //verify permissions
-        _accountMgr.checkAccess(caller, _domainDao.findById(project.getDomainId()));
+        //verify permissions - only accounts belonging to the project can list project's account
+        if (!_accountMgr.isAdmin(caller.getType()) && _projectAccountDao.findByProjectIdAccountId(projectId, caller.getAccountId()) == null) {
+            throw new PermissionDeniedException("Account " + caller + " is not authorized to list users of the project id=" + projectId);
+        }
         
         Filter searchFilter = new Filter(ProjectAccountVO.class, "id", false, startIndex, pageSizeVal);
         SearchBuilder<ProjectAccountVO> sb = _projectAccountDao.createSearchBuilder();