This is an automated email from the ASF dual-hosted git repository. dahn pushed a commit to branch 4.19 in repository https://gitbox.apache.org/repos/asf/cloudstack.git
commit 38f3107211bc767096984024c7b7dd5721ebb387 Author: nvazquez <[email protected]> AuthorDate: Wed Apr 9 07:50:32 2025 -0300 Fix aaccess to template/ISO list for domain/resource admins In Apache CloudStack, while using the listTemplates and listIsos APIs, Domain Admins and Resource Admins can retrieve templates and ISOs outside their intended scope. Co-authored-by: bernardodemarco <[email protected]> Co-authored-by: nvazquez <[email protected]> --- server/src/main/java/com/cloud/api/query/QueryManagerImpl.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java b/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java index 1a03ea93dcb..d0f6fc0b16d 100644 --- a/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java +++ b/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java @@ -4572,7 +4572,7 @@ public class QueryManagerImpl extends MutualExclusiveIdsManagerBase implements Q if (!permittedAccounts.isEmpty()) { domain = _domainDao.findById(permittedAccounts.get(0).getDomainId()); } else { - domain = _domainDao.findById(Domain.ROOT_DOMAIN); + domain = _domainDao.findById(caller.getDomainId()); } setIdsListToSearchCriteria(sc, ids);
