etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

bug 6890: preventing users from searching for system account details via the list api 

status 6890: resolved fixed
This commit is contained in:
abhishek 2010-11-02 17:48:54 -07:00
parent 6c219f4323
commit c6809f89d4
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
server/src/com/cloud/api/commands/ListAccountsCmd.java
View File

@ -29,9 +29,10 @@ import com.cloud.api.Implementation;
import com.cloud.api.Parameter;
import com.cloud.api.response.AccountResponse;
import com.cloud.api.response.ListResponse;
import com.cloud.server.ManagementServer;
import com.cloud.user.AccountVO;
@Implementation(method="searchForAccounts", description="Lists accounts and provides detailed account information for listed accounts")
@Implementation(method="searchForAccounts",manager=ManagementServer.class,description="Lists accounts and provides detailed account information for listed accounts")
public class ListAccountsCmd extends BaseListCmd {
public static final Logger s_logger = Logger.getLogger(ListAccountsCmd.class.getName());
private static final String s_name = "listaccountsresponse";

6
server/src/com/cloud/server/ManagementServerImpl.java
View File

@ -2654,6 +2654,12 @@ public class ManagementServerImpl implements ManagementServer {
Long accountId = cmd.getId();
String accountName = null;
if(accountId != null && accountId == 1){
//system account should NOT be searchable
List<AccountVO> emptyList = new ArrayList<AccountVO>();
return emptyList;
}
if ((account == null) || isAdmin(account.getType())) {
accountName = cmd.getSearchName(); // admin's can specify a name to search for
if (domainId == null) {