This is an automated email from the ASF dual-hosted git repository. pearl11594 pushed a commit to branch 4.20 in repository https://gitbox.apache.org/repos/asf/cloudstack.git
commit 64d83ce9d127e40bd40cd1af4784b26fabf923af Author: nvazquez <[email protected]> AuthorDate: Wed Apr 9 07:50:32 2025 -0300 Fix access to template/ISO list for domain/resource admins In Apache CloudStack, while using the listTemplates and listIsos APIs, Domain Admins and Resource Admins can retrieve templates and ISOs outside their intended scope. Co-authored-by: bernardodemarco <[email protected]> Co-authored-by: nvazquez <[email protected]> --- server/src/main/java/com/cloud/api/query/QueryManagerImpl.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java b/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java index 7c3e9391989..a2edc05a492 100644 --- a/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java +++ b/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java @@ -4660,7 +4660,7 @@ public class QueryManagerImpl extends MutualExclusiveIdsManagerBase implements Q if (!permittedAccounts.isEmpty()) { domain = _domainDao.findById(permittedAccounts.get(0).getDomainId()); } else { - domain = _domainDao.findById(Domain.ROOT_DOMAIN); + domain = _domainDao.findById(caller.getDomainId()); } setIdsListToSearchCriteria(sc, ids);
