Implemented condition that only admin or owner of the template can change its permissions using updateTemplatePermissions API

Maneesha.P · Maneesha.P · commit f7e8d445525e · 2015-08-11T11:08:35.000+05:30
diff --git a/server/src/com/cloud/template/TemplateManagerImpl.java b/server/src/com/cloud/template/TemplateManagerImpl.java
@@ -1324,6 +1324,11 @@ public boolean updateTemplateOrIsoPermissions(BaseUpdateTemplateOrIsoPermissions
             throw new InvalidParameterValueException("Update template permissions is an invalid operation on template " + template.getName());
         }
 
+        //Only admin or owner of the template should be able to change its permissions
+        if (caller.getId() != ownerId && !isAdmin) {
+            throw new InvalidParameterValueException("Unable to grant permission to account " + caller.getAccountName() + " as it is neither admin nor owner or the template");
+        }
+
         VMTemplateVO updatedTemplate = _tmpltDao.createForUpdate();
 
         if (isPublic != null) {
