You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by pr...@apache.org on 2013/10/02 03:13:15 UTC
git commit: updated refs/heads/rbac to bb27192
Updated Branches:
refs/heads/rbac 5583506c0 -> bb271926f
WIP AccessChecker plugin
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/bb271926
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/bb271926
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/bb271926
Branch: refs/heads/rbac
Commit: bb271926fb6193a61015c80d434644855c99637b
Parents: 5583506
Author: Prachi Damle <pr...@cloud.com>
Authored: Tue Oct 1 18:11:30 2013 -0700
Committer: Prachi Damle <pr...@cloud.com>
Committed: Tue Oct 1 18:11:30 2013 -0700
----------------------------------------------------------------------
api/src/org/apache/cloudstack/acl/AclService.java | 7 +++++--
plugins/pom.xml | 1 +
server/src/com/cloud/user/AccountManagerImpl.java | 8 +++-----
.../org/apache/cloudstack/acl/AclServiceImpl.java | 15 +++++++++++++--
4 files changed, 22 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bb271926/api/src/org/apache/cloudstack/acl/AclService.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/AclService.java b/api/src/org/apache/cloudstack/acl/AclService.java
index e01c3b6..0866b2f 100644
--- a/api/src/org/apache/cloudstack/acl/AclService.java
+++ b/api/src/org/apache/cloudstack/acl/AclService.java
@@ -40,9 +40,9 @@ public interface AclService {
*/
boolean deleteAclRole(long aclRoleId);
- AclRole grantPermissionToAclRole(long aclRoleId, List<String> apiNames);
+ AclRole grantApiPermissionToAclRole(long aclRoleId, List<String> apiNames);
- AclRole revokePermissionFromAclRole(long aclRoleId, List<String> apiNames);
+ AclRole revokeApiPermissionFromAclRole(long aclRoleId, List<String> apiNames);
AclGroup addAclRolesToGroup(List<Long> roleIds, Long groupId);
@@ -74,5 +74,8 @@ public interface AclService {
*/
boolean deleteAclGroup(Long aclGroupId);
+ List<AclRole> getAclRoles(long accountId);
+
+ boolean isAPIAccessibleForRoles(String apiName, List<AclRole> roles);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bb271926/plugins/pom.xml
----------------------------------------------------------------------
diff --git a/plugins/pom.xml b/plugins/pom.xml
index 0812642..a218bde 100755
--- a/plugins/pom.xml
+++ b/plugins/pom.xml
@@ -62,6 +62,7 @@
<module>alert-handlers/snmp-alerts</module>
<module>alert-handlers/syslog-alerts</module>
<module>network-elements/internal-loadbalancer</module>
+ <module>acl/role-based-access-checkers</module>
</modules>
<dependencies>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bb271926/server/src/com/cloud/user/AccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
index cb0a65f..270ab79 100755
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -353,11 +353,9 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
@Override
public boolean isRootAdmin(long accountId) {
- // refer to account_group_map and check if account is in Root 'Admin'
- // group
-
- AclGroupAccountMapVO adminGroupMember = _aclGroupAccountDao.findAccountInAdminGroup(accountId);
- if (adminGroupMember != null) {
+ // refer to account_group_map and check if account is in Root 'Admin' group
+ AclGroupAccountMapVO rootAdminGroupMember = _aclGroupAccountDao.findAccountInAdminGroup(accountId);
+ if (rootAdminGroupMember != null) {
return true;
}
return false;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bb271926/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
index 1e5ad15..c8fc54c 100644
--- a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
+++ b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
@@ -165,7 +165,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACL_ROLE_GRANT, eventDescription = "Granting permission to Acl Role")
- public AclRole grantPermissionToAclRole(long aclRoleId, List<String> apiNames) {
+ public AclRole grantApiPermissionToAclRole(long aclRoleId, List<String> apiNames) {
Account caller = CallContext.current().getCallingAccount();
// get the Acl Role entity
AclRole role = _aclRoleDao.findById(aclRoleId);
@@ -195,7 +195,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACL_ROLE_REVOKE, eventDescription = "Revoking permission from Acl Role")
- public AclRole revokePermissionFromAclRole(long aclRoleId, List<String> apiNames) {
+ public AclRole revokeApiPermissionFromAclRole(long aclRoleId, List<String> apiNames) {
Account caller = CallContext.current().getCallingAccount();
// get the Acl Role entity
AclRole role = _aclRoleDao.findById(aclRoleId);
@@ -505,5 +505,16 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
return true;
}
+ @Override
+ public List<AclRole> getAclRoles(long accountId) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isAPIAccessibleForRoles(String apiName, List<AclRole> roles) {
+ // TODO Auto-generated method stub
+ return false;
+ }
}