From 630e8d9db4a1b2ae327d569dd966d1f4daa14848 Mon Sep 17 00:00:00 2001
From: alena <alena@cloud.com>
Date: Mon, 20 Jun 2011 10:15:45 -0700
Subject: [PATCH] bug 9991: do account permission check in getCloudIdentifier
 api status 9991: resolved fixed

---
 server/src/com/cloud/server/ManagementServerImpl.java | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java
index 129039e0156..ad8d835aebf 100755
--- a/server/src/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/com/cloud/server/ManagementServerImpl.java
@@ -4094,12 +4094,16 @@ public class ManagementServerImpl implements ManagementServer {
     @Override
     public ArrayList<String> getCloudIdentifierResponse(GetCloudIdentifierCmd cmd) {
         Long userId = cmd.getUserId();
+        Account caller = UserContext.current().getCaller();
 
         // verify that user exists
         User user = findUserById(userId);
         if ((user == null) || (user.getRemoved() != null)) {
             throw new InvalidParameterValueException("Unable to find active user by id " + userId);
         }
+        
+        // check permissions
+        _accountMgr.checkAccess(caller, _accountMgr.getAccount(user.getAccountId()));
 
         String cloudIdentifier = _configDao.getValue("cloud.identifier");
         if (cloudIdentifier == null) {