git commit: updated refs/heads/master to 77fd76a

[alena1108]

Updated Branches:
  refs/heads/master 882e5fa4e -> 77fd76acb


CLOUDSTACK-3242: fixed updateTemplate and updateTemplate permissions security 
checks for project based templates


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/77fd76ac
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/77fd76ac
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/77fd76ac

Branch: refs/heads/master
Commit: 77fd76acb47fd56ff0c265c6b15b4497a57e40c7
Parents: 882e5fa
Author: Alena Prokharchyk <alena.prokharc...@citrix.com>
Authored: Thu Jun 27 11:31:21 2013 -0700
Committer: Alena Prokharchyk <alena.prokharc...@citrix.com>
Committed: Thu Jun 27 11:32:41 2013 -0700

----------------------------------------------------------------------
 server/src/com/cloud/acl/DomainChecker.java | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/77fd76ac/server/src/com/cloud/acl/DomainChecker.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/acl/DomainChecker.java 
b/server/src/com/cloud/acl/DomainChecker.java
index c778c50..8b20f3d 100755
--- a/server/src/com/cloud/acl/DomainChecker.java
+++ b/server/src/com/cloud/acl/DomainChecker.java
@@ -19,11 +19,11 @@ package com.cloud.acl;
 import javax.ejb.Local;
 import javax.inject.Inject;
 
-import org.springframework.stereotype.Component;
-
 import org.apache.cloudstack.acl.ControlledEntity;
 import org.apache.cloudstack.acl.SecurityChecker;
 import org.apache.cloudstack.api.BaseCmd;
+import org.springframework.stereotype.Component;
+
 import com.cloud.dc.DataCenter;
 import com.cloud.domain.Domain;
 import com.cloud.domain.dao.DomainDao;
@@ -95,6 +95,10 @@ public class DomainChecker extends AdapterBase implements 
SecurityChecker {
                 if (BaseCmd.isRootAdmin(caller.getType()) || (owner.getId() == 
caller.getId())) {
                     return true;
                 }
+                //special handling for the project case
+                if (owner.getType() == Account.ACCOUNT_TYPE_PROJECT && 
_projectMgr.canAccessProjectAccount(caller, owner.getId())) {
+                    return true;
+                }
                 
                 // since the current account is not the owner of the template, 
check the launch permissions table to see if the
                 // account can launch a VM from this template