From 7ca01522cb7540c10110e8bf705d066a2e2eb22e Mon Sep 17 00:00:00 2001
From: erikbocks <erik.bock@outlook.com>
Date: Fri, 10 Oct 2025 14:24:41 -0300
Subject: [PATCH 1/4] Fix normal user being able to update domain and his
 account resource limits

---
 .../com/cloud/resourcelimit/ResourceLimitManagerImpl.java   | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/server/src/main/java/com/cloud/resourcelimit/ResourceLimitManagerImpl.java b/server/src/main/java/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
index 9a6c8a85f18e..d72dea29a995 100644
--- a/server/src/main/java/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
+++ b/server/src/main/java/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
@@ -903,6 +903,12 @@ protected void addTaggedResourceLimits(List<ResourceLimitVO> limits, ResourceTyp
     public ResourceLimitVO updateResourceLimit(Long accountId, Long domainId, Integer typeId, Long max, String tag) {
         Account caller = CallContext.current().getCallingAccount();
 
+        if (caller.getType().equals(Account.Type.NORMAL)) {
+            logger.info("Throwing exception because only root admins and domain admins are allowed to update resource limits.");
+            throw new PermissionDeniedException("Your account does not have the right access level to update resource limits.");
+        }
+
+
         if (max == null) {
             max = (long)Resource.RESOURCE_UNLIMITED;
         } else if (max < Resource.RESOURCE_UNLIMITED) {

From 4a432cc4deffd4eed04e7f7e7ecd747963196820 Mon Sep 17 00:00:00 2001
From: erikbocks <erik.bock@outlook.com>
Date: Mon, 13 Oct 2025 09:59:06 -0300
Subject: [PATCH 2/4] remove duplicated line

---
 .../java/com/cloud/resourcelimit/ResourceLimitManagerImpl.java   | 1 -
 1 file changed, 1 deletion(-)

diff --git a/server/src/main/java/com/cloud/resourcelimit/ResourceLimitManagerImpl.java b/server/src/main/java/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
index d72dea29a995..7661103e2384 100644
--- a/server/src/main/java/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
+++ b/server/src/main/java/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
@@ -908,7 +908,6 @@ public ResourceLimitVO updateResourceLimit(Long accountId, Long domainId, Intege
             throw new PermissionDeniedException("Your account does not have the right access level to update resource limits.");
         }
 
-
         if (max == null) {
             max = (long)Resource.RESOURCE_UNLIMITED;
         } else if (max < Resource.RESOURCE_UNLIMITED) {

From 123a0a8587816a2feabcf43f2d5d0416fe0482bf Mon Sep 17 00:00:00 2001
From: erikbocks <erik.bock@outlook.com>
Date: Tue, 11 Nov 2025 13:32:45 -0300
Subject: [PATCH 3/4] Default call context account to ADMIN type in tests

---
 .../com/cloud/resourcelimit/ResourceLimitManagerImplTest.java    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/server/src/test/java/com/cloud/resourcelimit/ResourceLimitManagerImplTest.java b/server/src/test/java/com/cloud/resourcelimit/ResourceLimitManagerImplTest.java
index a968a2da0b7d..0b0b8c5e43fe 100644
--- a/server/src/test/java/com/cloud/resourcelimit/ResourceLimitManagerImplTest.java
+++ b/server/src/test/java/com/cloud/resourcelimit/ResourceLimitManagerImplTest.java
@@ -147,6 +147,7 @@ public void setUp() throws Exception {
         overrideDefaultConfigValue(ResourceLimitService.ResourceLimitStorageTags, "_defaultValue", StringUtils.join(storageTags, ","));
 
         Account account = mock(Account.class);
+        when(account.getType()).thenReturn(Account.Type.ADMIN);
         User user = mock(User.class);
         CallContext.register(user, account);
     }

From 97a6698e9464426193954f0eb33d854bb48fffcd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Erik=20B=C3=B6ck?=
 <89930804+erikbocks@users.noreply.github.com>
Date: Thu, 8 Jan 2026 16:34:10 -0300
Subject: [PATCH 4/4] Address Lucas' review

Co-authored-by: Lucas Martins <56271185+lucas-a-martins@users.noreply.github.com>
---
 .../java/com/cloud/resourcelimit/ResourceLimitManagerImpl.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/src/main/java/com/cloud/resourcelimit/ResourceLimitManagerImpl.java b/server/src/main/java/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
index 7661103e2384..648abf0d9384 100644
--- a/server/src/main/java/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
+++ b/server/src/main/java/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
@@ -905,7 +905,7 @@ public ResourceLimitVO updateResourceLimit(Long accountId, Long domainId, Intege
 
         if (caller.getType().equals(Account.Type.NORMAL)) {
             logger.info("Throwing exception because only root admins and domain admins are allowed to update resource limits.");
-            throw new PermissionDeniedException("Your account does not have the right access level to update resource limits.");
+            throw new PermissionDeniedException("Your account does not have the permission to update resource limits.");
         }
 
         if (max == null) {