cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From alena1...@apache.org
Subject git commit: Fixed security problem in listAccounts call (regular user could see other accounts' info when domainId was passed in to listAccounts call)
Date Tue, 25 Sep 2012 17:48:10 GMT
Updated Branches:
  refs/heads/master 5c4cf1186 -> 51041e4f7


Fixed security problem in listAccounts call (regular user could see other accounts' info when
domainId was passed in to listAccounts call)


Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/51041e4f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/51041e4f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/51041e4f

Branch: refs/heads/master
Commit: 51041e4f77d857cc0211ab9bac57cf071d30c266
Parents: 5c4cf11
Author: Alena Prokharchyk <alena.prokharchyk@citrix.com>
Authored: Tue Sep 25 10:38:04 2012 -0700
Committer: Alena Prokharchyk <alena.prokharchyk@citrix.com>
Committed: Tue Sep 25 10:44:22 2012 -0700

----------------------------------------------------------------------
 server/src/com/cloud/user/AccountManagerImpl.java |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/51041e4f/server/src/com/cloud/user/AccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
index fa9fafb..a79251b 100755
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -2007,7 +2007,7 @@ public class AccountManagerImpl implements AccountManager, AccountService,
Manag
                 if (domainId == null) {
                     domainId = caller.getDomainId();
                 }
-            } else if (domainId != null) {
+            } else if (isAdmin(caller.getType()) && domainId != null) {
                 listForDomain = true;
             } else {
                 accountId = caller.getAccountId();


Mime
View raw message