From 62516b00cf68088ebae5b41b7a6eff8b1634fc53 Mon Sep 17 00:00:00 2001 From: alena Date: Mon, 20 Jun 2011 10:32:19 -0700 Subject: [PATCH] bug 9642: listVms by regular user using domainId parameter will work only when domainId specified is the domainId the caller belongs to. status 9642: resolved fixed --- server/src/com/cloud/vm/UserVmManagerImpl.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java index 8a61eecb8cb..1cc7b1c8077 100755 --- a/server/src/com/cloud/vm/UserVmManagerImpl.java +++ b/server/src/com/cloud/vm/UserVmManagerImpl.java @@ -80,9 +80,9 @@ import com.cloud.configuration.ResourceCount.ResourceType; import com.cloud.configuration.dao.ConfigurationDao; import com.cloud.configuration.dao.ResourceLimitDao; import com.cloud.dc.DataCenter; +import com.cloud.dc.DataCenter.NetworkType; import com.cloud.dc.DataCenterVO; import com.cloud.dc.HostPodVO; -import com.cloud.dc.DataCenter.NetworkType; import com.cloud.dc.dao.AccountVlanMapDao; import com.cloud.dc.dao.ClusterDao; import com.cloud.dc.dao.DataCenterDao; @@ -125,7 +125,6 @@ import com.cloud.network.dao.IPAddressDao; import com.cloud.network.dao.LoadBalancerDao; import com.cloud.network.dao.LoadBalancerVMMapDao; import com.cloud.network.dao.NetworkDao; -import com.cloud.network.guru.NetworkGuru; import com.cloud.network.lb.LoadBalancingRulesManager; import com.cloud.network.router.VirtualNetworkApplianceManager; import com.cloud.network.rules.RulesManager; @@ -2923,6 +2922,10 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager } } } else { + //regular user can't specify any other domain rather than his own + if (domainId != null && domainId.longValue() != caller.getDomainId()) { + throw new PermissionDeniedException("Caller is not authorised to see domain id=" + domainId + " entries"); + } accountId = caller.getId(); }