vdcadmin user->VMs table shows other users' VMs
|Assignee:||Daniel Molina||% Done:|
|Target version:||Release 4.10.2|
|Affected Versions:||OpenNebula 4.10|
When using the vdcadmin view as oneadmin, the table of summary VM info for any user whose id is a substring of another user's id will include blocks for the other user's VMs. This is most readily demonstrated with the 'serveradmin' user (by default, id=1) with other users in the range 10-19.
This seems to be mostly cosmetic, as normal permissions and ACLs appear to prevent unprivileged users from being shown other users' VMs, but it is an indication of potentially risky code being used to identify VM ownership.
bug #3481: Use regex to filter user resources
(cherry picked from commit 7cc45141f6e478c1d37a8c5861201b7f5ee4364e)