Merge branch '4.20' of https://github.com/apache/cloudstack into healthcheck-4.20

Pearl1594 · Pearl1594 · commit 5165c6cd541f · 2025-05-28T16:53:08.000+05:30
diff --git a/server/src/main/java/com/cloud/user/AccountManagerImpl.java b/server/src/main/java/com/cloud/user/AccountManagerImpl.java
@@ -1579,16 +1579,20 @@ public UserAccount updateUser(UpdateUserCmd updateUserCmd) {
     public void verifyCallerPrivilegeForUserOrAccountOperations(Account userAccount) {
         logger.debug(String.format("Verifying whether the caller has the correct privileges based on the user's role type and API permissions: %s", userAccount));
 
-        checkCallerRoleTypeAllowedForUserOrAccountOperations(userAccount, null);
-        checkCallerApiPermissionsForUserOrAccountOperations(userAccount);
+        if (!Account.Type.PROJECT.equals(userAccount.getType())) {
+            checkCallerRoleTypeAllowedForUserOrAccountOperations(userAccount, null);
+            checkCallerApiPermissionsForUserOrAccountOperations(userAccount);
+        }
     }
 
     protected void verifyCallerPrivilegeForUserOrAccountOperations(User user) {
         logger.debug(String.format("Verifying whether the caller has the correct privileges based on the user's role type and API permissions: %s", user));
 
         Account userAccount = getAccount(user.getAccountId());
-        checkCallerRoleTypeAllowedForUserOrAccountOperations(userAccount, user);
-        checkCallerApiPermissionsForUserOrAccountOperations(userAccount);
+        if (!Account.Type.PROJECT.equals(userAccount.getType())) {
+            checkCallerRoleTypeAllowedForUserOrAccountOperations(userAccount, user);
+            checkCallerApiPermissionsForUserOrAccountOperations(userAccount);
+        }
     }
 
     protected void checkCallerRoleTypeAllowedForUserOrAccountOperations(Account userAccount, User user) {
@@ -1597,7 +1601,7 @@ protected void checkCallerRoleTypeAllowedForUserOrAccountOperations(Account user
         RoleType userAccountRoleType = getRoleType(userAccount);
 
         if (RoleType.Unknown == callerRoleType || RoleType.Unknown == userAccountRoleType) {
-            String errMsg = String.format("The role type of account [%s, %s] or [%s, %s] is unknown",
+            String errMsg = String.format("The role type of caller account [%s, %s] or target account [%s, %s] is unknown",
                     callingAccount.getName(), callingAccount.getUuid(), userAccount.getName(), userAccount.getUuid());
             throw new PermissionDeniedException(errMsg);
         }
@@ -2707,10 +2711,8 @@ public AccountVO createAccount(final String accountName, final Account.Type acco
             }
         }
 
-        if (!Account.Type.PROJECT.equals(accountType)) {
-            AccountVO newAccount = new AccountVO(accountName, domainId, networkDomain, accountType, roleId, uuid);
-            verifyCallerPrivilegeForUserOrAccountOperations(newAccount);
-        }
+        AccountVO newAccount = new AccountVO(accountName, domainId, networkDomain, accountType, roleId, uuid);
+        verifyCallerPrivilegeForUserOrAccountOperations(newAccount);
 
         // Create the account
         return Transaction.execute(new TransactionCallback<>() {
