From f1339d4d6d5f1f81a29aa311f10b50001145ab81 Mon Sep 17 00:00:00 2001 From: alena Date: Mon, 20 Jun 2011 10:15:45 -0700 Subject: [PATCH] bug 9991: do account permission check in getCloudIdentifier api status 9991: resolved fixed --- server/src/com/cloud/server/ManagementServerImpl.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java index 0a899762b38..9cb5993feb2 100755 --- a/server/src/com/cloud/server/ManagementServerImpl.java +++ b/server/src/com/cloud/server/ManagementServerImpl.java @@ -4089,12 +4089,16 @@ public class ManagementServerImpl implements ManagementServer { @Override public ArrayList getCloudIdentifierResponse(GetCloudIdentifierCmd cmd) { Long userId = cmd.getUserId(); + Account caller = UserContext.current().getCaller(); // verify that user exists User user = findUserById(userId); if ((user == null) || (user.getRemoved() != null)) { throw new InvalidParameterValueException("Unable to find active user by id " + userId); } + + // check permissions + _accountMgr.checkAccess(caller, _accountMgr.getAccount(user.getAccountId())); String cloudIdentifier = _configDao.getValue("cloud.identifier"); if (cloudIdentifier == null) {