Revision 4c8b82e2 src/rm/RequestManagerAllocate.cc

View differences:

src/rm/RequestManagerAllocate.cc
87 87

  
88 88
    if ( att.uid != 0 && att.gid != GroupPool::ONEADMIN_ID )
89 89
    {
90
        if (ttmpl->check(aname))
90
        if (ttmpl->check_restricted(aname))
91 91
        {
92 92
            att.resp_msg = "VM Template includes a restricted attribute "+aname;
93 93
            failure_response(AUTHORIZATION, att);
......
513 513

  
514 514
        // ------------ Check template for restricted attributes  --------------
515 515

  
516
        if ( att.uid != UserPool::ONEADMIN_ID && att.gid != GroupPool::ONEADMIN_ID )
516
        if ( att.uid != UserPool::ONEADMIN_ID &&
517
                att.gid != GroupPool::ONEADMIN_ID )
517 518
        {
518
            if (tmpl->check(aname))
519
            if (tmpl->check_restricted(aname))
519 520
            {
520 521
                att.resp_msg = "Template includes a restricted attribute "+aname;
521 522
                failure_response(AUTHORIZATION, att);
......
528 529
        // ------------------ Check permissions and ACLs  ----------------------
529 530
        tmpl->to_xml(tmpl_str);
530 531

  
531
        ar.add_create_auth(att.uid, att.gid, auth_object, tmpl_str); // CREATE IMAGE
532
        ar.add_create_auth(att.uid, att.gid, auth_object, tmpl_str);
532 533

  
533 534
        ar.add_auth(AuthRequest::USE, ds_perms); // USE DATASTORE
534 535

  
......
649 650
    VirtualMachineTemplate * ttmpl = static_cast<VirtualMachineTemplate *>(tmpl);
650 651

  
651 652
    // ------------ Check template for restricted attributes -------------------
652
    if (ttmpl->check(aname))
653
    if (ttmpl->check_restricted(aname))
653 654
    {
654 655
        att.resp_msg = "VM Template includes a restricted attribute " + aname;
655 656

  

Also available in: Unified diff