cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From alena1...@apache.org
Subject git commit: updated refs/heads/master to 97efbc5
Date Mon, 11 Aug 2014 21:06:35 GMT
Repository: cloudstack
Updated Branches:
  refs/heads/master 736ff5f8e -> 97efbc56e


CLOUDSTACK-7283: listUsers - for regular user, only return the caller info. If there are more
users under the same account, their information should never be returned


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/97efbc56
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/97efbc56
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/97efbc56

Branch: refs/heads/master
Commit: 97efbc56e4e24563d1a68db9da500054867683c6
Parents: 736ff5f
Author: Alena Prokharchyk <alena.prokharchyk@citrix.com>
Authored: Mon Aug 11 13:51:11 2014 -0700
Committer: Alena Prokharchyk <alena.prokharchyk@citrix.com>
Committed: Mon Aug 11 13:51:11 2014 -0700

----------------------------------------------------------------------
 server/src/com/cloud/api/query/QueryManagerImpl.java | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/97efbc56/server/src/com/cloud/api/query/QueryManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/QueryManagerImpl.java b/server/src/com/cloud/api/query/QueryManagerImpl.java
index c30683e..0b4eb6c 100644
--- a/server/src/com/cloud/api/query/QueryManagerImpl.java
+++ b/server/src/com/cloud/api/query/QueryManagerImpl.java
@@ -26,9 +26,6 @@ import java.util.Set;
 import javax.ejb.Local;
 import javax.inject.Inject;
 
-import org.apache.log4j.Logger;
-import org.springframework.stereotype.Component;
-
 import org.apache.cloudstack.acl.ControlledEntity.ACLType;
 import org.apache.cloudstack.affinity.AffinityGroupDomainMapVO;
 import org.apache.cloudstack.affinity.AffinityGroupResponse;
@@ -100,6 +97,8 @@ import org.apache.cloudstack.engine.subsystem.api.storage.DataStoreManager;
 import org.apache.cloudstack.engine.subsystem.api.storage.TemplateState;
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
 import org.apache.cloudstack.query.QueryService;
+import org.apache.log4j.Logger;
+import org.springframework.stereotype.Component;
 
 import com.cloud.api.query.dao.AccountJoinDao;
 import com.cloud.api.query.dao.AffinityGroupJoinDao;
@@ -386,6 +385,13 @@ public class QueryManagerImpl extends ManagerBase implements QueryService
{
 
         boolean listAll = cmd.listAll();
         Long id = cmd.getId();
+        if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) {
+            long currentId = CallContext.current().getCallingUser().getId();
+            if (id != null && currentId != id.longValue()) {
+                throw new PermissionDeniedException("Calling user is not authorized to see
the user requested by id");
+            }
+            id = currentId;
+        }
         Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject
= new Ternary<Long, Boolean, ListProjectResourcesCriteria>(
                 cmd.getDomainId(), cmd.isRecursive(), null);
         _accountMgr.buildACLSearchParameters(caller, id, cmd.getAccountName(), null, permittedAccounts,


Mime
View raw message