Fixed User type accounts being able to change resource limits of their own domain and account (#12046)

Co-authored-by: Lucas Martins <[email protected]>

Author: erikbocks

server/src/main/java/com/cloud/resourcelimit/ResourceLimitManagerImpl.java

@@ -903,6 +903,11 @@ protected void addTaggedResourceLimits(List<ResourceLimitVO> limits, ResourceTyp
     public ResourceLimitVO updateResourceLimit(Long accountId, Long domainId, Integer typeId, Long max, String tag) {
         Account caller = CallContext.current().getCallingAccount();
 
+        if (caller.getType().equals(Account.Type.NORMAL)) {
+            logger.info("Throwing exception because only root admins and domain admins are allowed to update resource limits.");
+            throw new PermissionDeniedException("Your account does not have the permission to update resource limits.");
+        }
+
         if (max == null) {
             max = (long)Resource.RESOURCE_UNLIMITED;
         } else if (max < Resource.RESOURCE_UNLIMITED) {

server/src/test/java/com/cloud/resourcelimit/ResourceLimitManagerImplTest.java

@@ -147,6 +147,7 @@ public void setUp() throws Exception {
         overrideDefaultConfigValue(ResourceLimitService.ResourceLimitStorageTags, "_defaultValue", StringUtils.join(storageTags, ","));
 
         Account account = mock(Account.class);
+        when(account.getType()).thenReturn(Account.Type.ADMIN);
         User user = mock(User.class);
         CallContext.register(user, account);
     }