[
https://issues.apache.org/jira/browse/CLOUDSTACK-6698?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14069472#comment-14069472
]
Nitin Mehta commented on CLOUDSTACK-6698:
-----------------------------------------
Here are the repro steps
1. Create some metadata for the root admin say for resourcetype=UserVm. Eg.
Vmid=6 belongs to the root admin here
mysql> select * from user_vm_details where vm_id=6;
+-----+-------+------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+
| id | vm_id | name | value
| display |
+-----+-------+------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+
| 124 | 6 | platform |
viridian:true;acpi:true;apic:true;pae:true;nx:false
| 1 |
| 126 | 6 | Message.ReservedCapacityFreed.Flag | true
| 1 |
| 127 | 6 | DR_RECOVERY_ZONE_ID |
f6e99f08-c3d0-497d-b6be-c323f5641351
| 1 |
| 129 | 6 | DR_RECOVERY_OBJECT_ID |
b0d4520f-605d-4506-96ac-46326326e0bb
| 1 |
| 130 | 6 | hypervisortoolsversion | xenserver56
| 1 |
| 211 | 6 | DR_ORIGINAL_NTWK_IDS |
0d55db45-ae0c-462a-a492-216f31c7e275,
| 0 |
| 215 | 6 | DR_RECOVERED_NTWK_IDS |
0d55db45-ae0c-462a-a492-216f31c7e275,
| 0 |
| 219 | 6 | DR_ORIGINAL_NTWK_IDS |
0d55db45-ae0c-462a-a492-216f31c7e275,
| 0 |
| 220 | 6 | DR_RECOVERED_NTWK_IDS |
0d55db45-ae0c-462a-a492-216f31c7e275,
| 0 |
| 222 | 6 | DR_ALERT_AUTOSCALE_VMPROFILE | Failed to process event
PrepareForFailOverRequested for vm id=001c78af-4991-459c-8377-aab5c874f1fe due
to java.io.IOException: Global setting endpointe.url has to be set to the
Management Server's API end point Error Code - 431 | 1 |
| 223 | 6 | DR_STATE | SET_FOR_FAILOVER
| 1 |
+-----+-------+------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+
11 rows in set (0.00 sec)
mysql> select * from vm_instance where id=6\G;
*************************** 1. row ***************************
id: 6
name: VM-001c78af-4991-459c-8377-aab5c874f1fe
uuid: 001c78af-4991-459c-8377-aab5c874f1fe
instance_name: i-2-6-VM
state: Stopped
vm_template_id: 5
guest_os_id: 142
private_mac_address: 02:00:59:a8:00:03
private_ip_address: 10.1.1.8
pod_id: 1
data_center_id: 1
host_id: NULL
last_host_id: 1
proxy_id: NULL
proxy_assign_time: NULL
vnc_password: e0f5357f6363dfe
ha_enabled: 0
limit_cpu_use: 0
update_count: 15
update_time: 2014-07-02 16:45:20
created: 2014-06-30 18:51:24
removed: NULL
type: User
vm_type: User
account_id: 2
domain_id: 1
service_offering_id: 12
reservation_id: ecb0d7ad-c57d-4756-bb9c-b029222b2346
hypervisor_type: XenServer
disk_offering_id: NULL
owner: 2
host_name: VM-001c78af-4991-459c-8377-aab5c874f1fe
display_name: NULL
desired_state: NULL
dynamically_scalable: 0
display_vm: 1
power_state: PowerOn
power_state_update_time: 2014-07-21 22:46:08
power_state_update_count: 0
power_host: 1
1 row in set (0.00 sec)
2. Create an account 'nitin' and login as that and then fire the api and you
get to see the metadata belonging to a resource owned by root admin
http://localhost:8080/client/api?command=listResourceDetails&resourcetype=UserVm&resourceid=6&key=DR_STATE&sessionkey=kBdzR3RGiANveBxBdT1GcLl9x4A%3D
<listresourcedetailsresponse
cloud-stack-version="4.4.0-SNAPSHOT"><count>1</count><resourcedetail><resourceid>6</resourceid><resourcetype>UserVm</resourcetype><key>DR_STATE</key><value>SET_FOR_FAILOVER</value><fordisplay>true</fordisplay></resourcedetail></listresourcedetailsresponse>
> listResourceDetals - normal user able to list details not belonging to it
> -------------------------------------------------------------------------
>
> Key: CLOUDSTACK-6698
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6698
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Management Server
> Affects Versions: 4.4.0
> Reporter: Nitin Mehta
> Assignee: Alena Prokharchyk
> Priority: Critical
> Fix For: 4.4.0
>
>
--
This message was sent by Atlassian JIRA
(v6.2#6252)
