From afaf21d5c881a85f35a6ff981403f03a99bc7555 Mon Sep 17 00:00:00 2001
From: Manoj Kumar <manojkr.itbhu@gmail.com>
Date: Mon, 23 Feb 2026 11:41:46 +0530
Subject: [PATCH] fix the permission check when user is not root for non-public
 template

---
 .../main/java/com/cloud/api/query/QueryManagerImpl.java   | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java b/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java
index 0cec3a38075d..88cef836e496 100644
--- a/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java
+++ b/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java
@@ -4965,15 +4965,13 @@ private Pair<List<TemplateJoinVO>, Integer> searchForTemplatesInternal(Long temp
                 ex.addProxyObject(template.getUuid(), "templateId");
                 throw ex;
             }
+
             if (!template.isPublicTemplate() && caller.getType() == Account.Type.DOMAIN_ADMIN) {
                 Account template_acc = accountMgr.getAccount(template.getAccountId());
                 DomainVO domain = _domainDao.findById(template_acc.getDomainId());
                 accountMgr.checkAccess(caller, domain);
-            }
-
-            // if template is not public, perform permission check here
-            else if (!template.isPublicTemplate() && caller.getType() != Account.Type.ADMIN) {
-                accountMgr.checkAccess(caller, null, false, template);
+            } else if (!template.isPublicTemplate() && caller.getType() != Account.Type.ADMIN) { // if template is not public, perform permission check here
+                accountMgr.checkAccess(caller, null, true, template);
             } else if (template.isPublicTemplate()) {
                 accountMgr.checkAccess(caller, null, false, template);
             }