From aa8183e660e4d6f77f1c42895db8147cd6f1b711 Mon Sep 17 00:00:00 2001
From: alena <alena@cloud.com>
Date: Mon, 14 Mar 2011 15:27:04 -0700
Subject: [PATCH] bug 8749: make account permission check in getVmPassword api
 status 8749: resolved fixed

---
 server/src/com/cloud/server/ManagementServerImpl.java | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java
index 8496142524c..0ad6886b3ec 100755
--- a/server/src/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/com/cloud/server/ManagementServerImpl.java
@@ -4900,11 +4900,15 @@ public class ManagementServerImpl implements ManagementServer {
 
     @Override
     public String getVMPassword(GetVMPasswordCmd cmd) {   	
-        Account account = UserContext.current().getCaller();
+        Account caller = UserContext.current().getCaller();
+        
         UserVmVO vm = _userVmDao.findById(cmd.getId());
-        if (vm == null || vm.getAccountId() != account.getAccountId()) {
+        if (vm == null) {
             throw new InvalidParameterValueException("No VM with id '" + cmd.getId() + "' found.");
         }
+        
+        //make permission check
+        _accountMgr.checkAccess(caller, vm);
             	
         _userVmDao.loadDetails(vm);
         String password = vm.getDetail("Encrypted.Password");