From c6809f89d432f613970aabb7f81bc46c462da8af Mon Sep 17 00:00:00 2001
From: abhishek <abhishek@cloud.com>
Date: Tue, 2 Nov 2010 17:48:54 -0700
Subject: [PATCH] bug 6890: preventing users from searching for system account
 details via the list api status 6890: resolved fixed

---
 server/src/com/cloud/api/commands/ListAccountsCmd.java | 3 ++-
 server/src/com/cloud/server/ManagementServerImpl.java  | 6 ++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/server/src/com/cloud/api/commands/ListAccountsCmd.java b/server/src/com/cloud/api/commands/ListAccountsCmd.java
index 3ecdeaaa572..c0213572154 100644
--- a/server/src/com/cloud/api/commands/ListAccountsCmd.java
+++ b/server/src/com/cloud/api/commands/ListAccountsCmd.java
@@ -29,9 +29,10 @@ import com.cloud.api.Implementation;
 import com.cloud.api.Parameter;
 import com.cloud.api.response.AccountResponse;
 import com.cloud.api.response.ListResponse;
+import com.cloud.server.ManagementServer;
 import com.cloud.user.AccountVO;
 
-@Implementation(method="searchForAccounts", description="Lists accounts and provides detailed account information for listed accounts")
+@Implementation(method="searchForAccounts",manager=ManagementServer.class,description="Lists accounts and provides detailed account information for listed accounts")
 public class ListAccountsCmd extends BaseListCmd {
 	public static final Logger s_logger = Logger.getLogger(ListAccountsCmd.class.getName());
     private static final String s_name = "listaccountsresponse";
diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java
index e747e9a58cb..ff814ce518d 100755
--- a/server/src/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/com/cloud/server/ManagementServerImpl.java
@@ -2654,6 +2654,12 @@ public class ManagementServerImpl implements ManagementServer {
         Long accountId = cmd.getId();
         String accountName = null;
 
+        if(accountId != null && accountId == 1){
+        	//system account should NOT be searchable
+        	List<AccountVO> emptyList = new ArrayList<AccountVO>();
+        	return emptyList;
+        }
+        
         if ((account == null) || isAdmin(account.getType())) {
             accountName = cmd.getSearchName(); // admin's can specify a name to search for
             if (domainId == null) {