You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by mc...@apache.org on 2014/01/06 22:27:49 UTC
git commit: updated refs/heads/rbac to 7114d49
Updated Branches:
refs/heads/rbac e02e19a6f -> 7114d49c1
Some cleanup on AclApiService and remove array copy in some
implementations of IAMServiceImpl
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/7114d49c
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/7114d49c
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/7114d49c
Branch: refs/heads/rbac
Commit: 7114d49c14989b82ad2232adc3e9c38806d5706a
Parents: e02e19a
Author: Min Chen <mi...@citrix.com>
Authored: Mon Jan 6 13:27:29 2014 -0800
Committer: Min Chen <mi...@citrix.com>
Committed: Mon Jan 6 13:27:29 2014 -0800
----------------------------------------------------------------------
.../acl/RoleBasedEntityAccessChecker.java | 19 +++++--
.../cloudstack/acl/api/AclApiService.java | 3 --
.../cloudstack/acl/api/AclApiServiceImpl.java | 16 ------
.../cloudstack/iam/server/IAMServiceImpl.java | 56 +++++++++++---------
4 files changed, 47 insertions(+), 47 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7114d49c/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java
index e180000..040a3e5 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java
@@ -24,7 +24,6 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.api.AclApiService;
import org.apache.cloudstack.iam.api.AclPolicy;
import org.apache.cloudstack.iam.api.AclPolicyPermission;
import org.apache.cloudstack.iam.api.IAMService;
@@ -41,8 +40,6 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
@Inject
AccountService _accountService;
- @Inject
- AclApiService _aclService;
@Inject DomainDao _domainDao;
@@ -67,7 +64,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
}
// get all Policies of this caller w.r.t the entity
- List<AclPolicy> policies = _aclService.getEffectivePolicies(caller, entity);
+ List<AclPolicy> policies = getEffectivePolicies(caller, entity);
HashMap<AclPolicy, Boolean> policyPermissionMap = new HashMap<AclPolicy, Boolean>();
for (AclPolicy policy : policies) {
@@ -120,4 +117,18 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
return false;
}
+
+ private List<AclPolicy> getEffectivePolicies(Account caller, ControlledEntity entity) {
+
+ // Get the static Policies of the Caller
+ List<AclPolicy> policies = _iamSrv.listAclPolicies(caller.getId());
+
+ // add any dynamic policies w.r.t the entity
+ if (caller.getId() == entity.getAccountId()) {
+ // The caller owns the entity
+ policies.add(_iamSrv.getResourceOwnerPolicy());
+ }
+
+ return policies;
+ }
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7114d49c/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java
index 12ecf8b..3d7bb3c 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java
@@ -18,7 +18,6 @@ package org.apache.cloudstack.acl.api;
import java.util.List;
-import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.acl.api.response.AclGroupResponse;
import org.apache.cloudstack.acl.api.response.AclPolicyResponse;
@@ -60,8 +59,6 @@ public interface AclApiService {
AclPolicyPermission getAclPolicyPermission(long accountId, String entityType, String action);
- List<AclPolicy> getEffectivePolicies(Account caller, ControlledEntity entity);
-
/* Response Generation */
AclPolicyResponse createAclPolicyResponse(AclPolicy policy);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7114d49c/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
index b117d0c..3fca5d5 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
@@ -25,7 +25,6 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.AclEntityType;
-import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.acl.api.response.AclGroupResponse;
@@ -192,21 +191,6 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
@Override
- public List<AclPolicy> getEffectivePolicies(Account caller, ControlledEntity entity) {
-
- // Get the static Policies of the Caller
- List<AclPolicy> policies = _iamSrv.listAclPolicies(caller.getId());
-
- // add any dynamic policies w.r.t the entity
- if (caller.getId() == entity.getAccountId()) {
- // The caller owns the entity
- policies.add(_iamSrv.getResourceOwnerPolicy());
- }
-
- return policies;
- }
-
- @Override
public AclPolicyResponse createAclPolicyResponse(AclPolicy policy) {
AclPolicyResponse response = new AclPolicyResponse();
response.setId(policy.getUuid());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7114d49c/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
index e6fcdcd..98a0793 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
@@ -131,6 +131,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
return true;
}
+ @SuppressWarnings("unchecked")
@Override
public List<AclGroup> listAclGroups(long accountId) {
@@ -145,9 +146,9 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
sb.and("ids", sb.entity().getId(), Op.IN);
SearchCriteria<AclGroupVO> sc = sb.create();
sc.setParameters("ids", groupIds.toArray(new Object[groupIds.size()]));
- List<AclGroupVO> groups = _aclGroupDao.search(sc, null);
-
- return new ArrayList<AclGroup>(groups);
+ @SuppressWarnings("rawtypes")
+ List groups = _aclGroupDao.search(sc, null);
+ return groups;
}
@DB
@@ -324,6 +325,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
+ @SuppressWarnings("unchecked")
@Override
public List<AclPolicy> listAclPolicies(long accountId) {
@@ -345,11 +347,13 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
sb.and("ids", sb.entity().getId(), Op.IN);
SearchCriteria<AclPolicyVO> sc = sb.create();
sc.setParameters("ids", policyIds.toArray(new Object[policyIds.size()]));
- List<AclPolicyVO> policies = _aclPolicyDao.customSearch(sc, null);
+ @SuppressWarnings("rawtypes")
+ List policies = _aclPolicyDao.customSearch(sc, null);
+ return policies;
- return new ArrayList<AclPolicy>(policies);
}
+ @SuppressWarnings("unchecked")
@Override
public List<AclPolicy> listAclPoliciesByGroup(long groupId) {
List<AclGroupPolicyMapVO> policyGrpMap = _aclGroupPolicyMapDao.listByGroupId(groupId);
@@ -366,11 +370,13 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
sb.and("ids", sb.entity().getId(), Op.IN);
SearchCriteria<AclPolicyVO> sc = sb.create();
sc.setParameters("ids", policyIds.toArray(new Object[policyIds.size()]));
- List<AclPolicyVO> policies = _aclPolicyDao.customSearch(sc, null);
+ @SuppressWarnings("rawtypes")
+ List policies = _aclPolicyDao.customSearch(sc, null);
- return new ArrayList<AclPolicy>(policies);
+ return policies;
}
+ @SuppressWarnings("unchecked")
@Override
public Pair<List<AclPolicy>, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize) {
@@ -401,7 +407,9 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
sc.setParameters("path", path + "%");
Pair<List<AclPolicyVO>, Integer> policies = _aclPolicyDao.searchAndCount(sc, searchFilter);
- return new Pair<List<AclPolicy>, Integer>(new ArrayList<AclPolicy>(policies.first()), policies.second());
+ @SuppressWarnings("rawtypes")
+ List policyList = policies.first();
+ return new Pair<List<AclPolicy>, Integer>(policyList, policies.second());
}
@DB
@@ -649,35 +657,35 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
@Override
+ @SuppressWarnings("unchecked")
public List<AclPolicyPermission> listPolicyPermissions(long policyId) {
- List<AclPolicyPermissionVO> pp = _policyPermissionDao.listByPolicy(policyId);
- List<AclPolicyPermission> pl = new ArrayList<AclPolicyPermission>();
- pl.addAll(pp);
- return pl;
+ @SuppressWarnings("rawtypes")
+ List pp = _policyPermissionDao.listByPolicy(policyId);
+ return pp;
}
+ @SuppressWarnings("unchecked")
@Override
public List<AclPolicyPermission> listPolicyPermissionsByScope(long policyId, String action, String scope) {
- List<AclPolicyPermissionVO> pp = _policyPermissionDao.listGrantedByActionAndScope(policyId, action, scope);
- List<AclPolicyPermission> pl = new ArrayList<AclPolicyPermission>();
- pl.addAll(pp);
- return pl;
+ @SuppressWarnings("rawtypes")
+ List pp = _policyPermissionDao.listGrantedByActionAndScope(policyId, action, scope);
+ return pp;
}
+ @SuppressWarnings("unchecked")
@Override
public List<AclPolicyPermission> listPolicyPermissionByEntityType(long policyId, String action, String entityType) {
- List<AclPolicyPermissionVO> pp = _policyPermissionDao.listByPolicyActionAndEntity(policyId, action, entityType);
- List<AclPolicyPermission> pl = new ArrayList<AclPolicyPermission>();
- pl.addAll(pp);
- return pl;
+ @SuppressWarnings("rawtypes")
+ List pp = _policyPermissionDao.listByPolicyActionAndEntity(policyId, action, entityType);
+ return pp;
}
+ @SuppressWarnings("unchecked")
@Override
public List<AclPolicyPermission> listPolicyPermissionByAccessType(long policyId, String accessType, String entityType, String action) {
- List<AclPolicyPermissionVO> pp = _policyPermissionDao.listByPolicyAccessAndEntity(policyId, accessType, entityType, action);
- List<AclPolicyPermission> pl = new ArrayList<AclPolicyPermission>();
- pl.addAll(pp);
- return pl;
+ @SuppressWarnings("rawtypes")
+ List pp = _policyPermissionDao.listByPolicyAccessAndEntity(policyId, accessType, entityType, action);
+ return pp;
}
@Override