Fix role escalation prevention (#7853)

Co-authored-by: Henrique Sato <henrique.sato@scclouds.com.br>

Author: hsato03

plugins/acl/static-role-based/src/main/java/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java

@@ -76,12 +76,12 @@ public boolean isEnabled() {
         if (roleService.isEnabled()) {
             LOGGER.debug("RoleService is enabled. We will use it instead of StaticRoleBasedAPIAccessChecker.");
         }
-        return roleService.isEnabled();
+        return !roleService.isEnabled();
     }
 
     @Override
     public List<String> getApisAllowedToUser(Role role, User user, List<String> apiNames) throws PermissionDeniedException {
-        if (isEnabled()) {
+        if (!isEnabled()) {
             return apiNames;
         }
 
@@ -93,7 +93,7 @@ public List<String> getApisAllowedToUser(Role role, User user, List<String> apiN
 
     @Override
     public boolean checkAccess(User user, String commandName) throws PermissionDeniedException {
-        if (isEnabled()) {
+        if (!isEnabled()) {
             return true;
         }
 
@@ -107,6 +107,10 @@ public boolean checkAccess(User user, String commandName) throws PermissionDenie
 
     @Override
     public boolean checkAccess(Account account, String commandName) {
+        if (!isEnabled()) {
+            return true;
+        }
+
         RoleType roleType = accountService.getRoleType(account);
         if (isApiAllowed(commandName, roleType)) {
             return true;