[1/2] git commit: updated refs/heads/master to 06c8e5b

Fri, 05 Jul 2013 04:05:23 -0700 

Updated Branches:
  refs/heads/master c56a75da9 -> 06c8e5bfd


CLOUDSTACK-3361. [Projects] Allow a normal user to edit public templates 
created by him.


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/9c5da1c6
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/9c5da1c6
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/9c5da1c6

Branch: refs/heads/master
Commit: 9c5da1c6e393b6ffc67f2bcf594c1f1cbc71b2b0
Parents: 4bf6c1e
Author: Likitha Shetty <likitha.she...@citrix.com>
Authored: Fri Jul 5 16:15:29 2013 +0530
Committer: Likitha Shetty <likitha.she...@citrix.com>
Committed: Fri Jul 5 16:21:47 2013 +0530

----------------------------------------------------------------------
 server/src/com/cloud/acl/DomainChecker.java | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9c5da1c6/server/src/com/cloud/acl/DomainChecker.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/acl/DomainChecker.java 
b/server/src/com/cloud/acl/DomainChecker.java
index 8b20f3d..94cdfd1 100755
--- a/server/src/com/cloud/acl/DomainChecker.java
+++ b/server/src/com/cloud/acl/DomainChecker.java
@@ -110,7 +110,10 @@ public class DomainChecker extends AdapterBase implements 
SecurityChecker {
                 // Domain admin and regular user can delete/modify only 
templates created by them
                 if (accessType != null && accessType == 
AccessType.ModifyEntry) {
                     if (!BaseCmd.isRootAdmin(caller.getType()) && 
owner.getId() != caller.getId()) {
-                        throw new PermissionDeniedException("Domain Admin and 
regular users can modify only their own Public templates");
+                        // For projects check if the caller account can access 
the project account
+                        if (owner.getType() != Account.ACCOUNT_TYPE_PROJECT || 
!(_projectMgr.canAccessProjectAccount(caller, owner.getId()))) {
+                            throw new PermissionDeniedException("Domain Admin 
and regular users can modify only their own Public templates");
+                        }
                     }
                 }
             }

Reply via email to