etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

bug 8749: make account permission check in getVmPassword api 

status 8749: resolved fixed
This commit is contained in:
alena 2011-03-14 15:27:04 -07:00
parent 1cf735c537
commit aa8183e660
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
server/src/com/cloud/server/ManagementServerImpl.java
View File

@ -4900,11 +4900,15 @@ public class ManagementServerImpl implements ManagementServer {
@Override
public String getVMPassword(GetVMPasswordCmd cmd) {
Account account = UserContext.current().getCaller();
Account caller = UserContext.current().getCaller();
UserVmVO vm = _userVmDao.findById(cmd.getId());
if (vm == null || vm.getAccountId() != account.getAccountId()) {
if (vm == null) {
throw new InvalidParameterValueException("No VM with id '" + cmd.getId() + "' found.");
}
//make permission check
_accountMgr.checkAccess(caller, vm);
_userVmDao.loadDetails(vm);
String password = vm.getDetail("Encrypted.Password");