Skip to content

Fixed User type accounts being able to change resource limits of their own domain and account #12046

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
DaanHoogland merged 4 commits into from
Jan 12, 2026
Merged

Fixed User type accounts being able to change resource limits of their own domain and account #12046

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
7ca0152
Fix normal user being able to update domain and his account resource …
erikbocks Oct 10, 2025
4a432cc
remove duplicated line
erikbocks Oct 13, 2025
123a0a8
Default call context account to ADMIN type in tests
erikbocks Nov 11, 2025
97a6698
Address Lucas' review
erikbocks Jan 8, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions server/src/main/java/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -903,6 +903,11 @@ protected void addTaggedResourceLimits(List<ResourceLimitVO> limits, ResourceTyp
public ResourceLimitVO updateResourceLimit(Long accountId, Long domainId, Integer typeId, Long max, String tag) {
Account caller = CallContext.current().getCallingAccount();

if (caller.getType().equals(Account.Type.NORMAL)) {
logger.info("Throwing exception because only root admins and domain admins are allowed to update resource limits.");
throw new PermissionDeniedException("Your account does not have the right access level to update resource limits.");
Comment thread
erikbocks marked this conversation as resolved.
Outdated
}

if (max == null) {
max = (long)Resource.RESOURCE_UNLIMITED;
} else if (max < Resource.RESOURCE_UNLIMITED) {
Expand Down
1 change: 1 addition & 0 deletions server/src/test/java/com/cloud/resourcelimit/ResourceLimitManagerImplTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,7 @@ public void setUp() throws Exception {
overrideDefaultConfigValue(ResourceLimitService.ResourceLimitStorageTags, "_defaultValue", StringUtils.join(storageTags, ","));

Account account = mock(Account.class);
when(account.getType()).thenReturn(Account.Type.ADMIN);
User user = mock(User.class);
CallContext.register(user, account);
}
Expand Down
Loading