Skip to content

Commit f65dec4

Browse files
committed
Merge pull request #658 from manuiiit/pull-11
Implemented condition that only admin or owner of the template can change its permissions ..... using updateTemplatePermissions API Consider this scenario : In a domain, there are three User Accounts UA1, UA2,UA3 A private template is registered by UA1 Through the updateTemplatePermissions API, UA1 gives permission to both UA2 and UA3 Now, UA2, having been shared the template, can remove the permission of UA3(or add permissions to another account). EXPECTED BEHAVIOR : UA2 should not be able to to add/remove permissions of other accounts. * pr/658: Implemented condition that only admin or owner of the template can change its permissions using updateTemplatePermissions API Signed-off-by: Remi Bergsma <github@remi.nl>
2 parents b1fa378 + f7e8d44 commit f65dec4

File tree

1 file changed

+5
-0
lines changed

1 file changed

+5
-0
lines changed

server/src/com/cloud/template/TemplateManagerImpl.java

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1324,6 +1324,11 @@ public boolean updateTemplateOrIsoPermissions(BaseUpdateTemplateOrIsoPermissions
13241324
throw new InvalidParameterValueException("Update template permissions is an invalid operation on template " + template.getName());
13251325
}
13261326

1327+
//Only admin or owner of the template should be able to change its permissions
1328+
if (caller.getId() != ownerId && !isAdmin) {
1329+
throw new InvalidParameterValueException("Unable to grant permission to account " + caller.getAccountName() + " as it is neither admin nor owner or the template");
1330+
}
1331+
13271332
VMTemplateVO updatedTemplate = _tmpltDao.createForUpdate();
13281333

13291334
if (isPublic != null) {

0 commit comments

Comments
 (0)