You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by pr...@apache.org on 2014/03/19 19:01:32 UTC

[2/3] git commit: updated refs/heads/master to acfdd51

More changes to support 'readOnly' access


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/c3ee01cc
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/c3ee01cc
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/c3ee01cc

Branch: refs/heads/master
Commit: c3ee01cca1f82501d076ed9c838f8b7139527447
Parents: e09f97a
Author: Prachi Damle <pr...@cloud.com>
Authored: Tue Mar 18 17:04:27 2014 -0700
Committer: Prachi Damle <pr...@cloud.com>
Committed: Wed Mar 19 11:00:23 2014 -0700

----------------------------------------------------------------------
 api/src/org/apache/cloudstack/api/ApiConstants.java      |  2 +-
 server/src/com/cloud/acl/DomainChecker.java              | 11 +++++++++++
 .../api/command/iam/AddIAMPermissionToIAMPolicyCmd.java  |  1 -
 .../src/org/apache/cloudstack/iam/IAMApiServiceImpl.java |  3 ++-
 .../apache/cloudstack/iam/test/IAMApiServiceTest.java    |  4 ++--
 5 files changed, 16 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c3ee01cc/api/src/org/apache/cloudstack/api/ApiConstants.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/ApiConstants.java b/api/src/org/apache/cloudstack/api/ApiConstants.java
index b8f720a..97b1cd7 100755
--- a/api/src/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/org/apache/cloudstack/api/ApiConstants.java
@@ -591,7 +591,7 @@ public class ApiConstants {
     public static final String VGPUTYPE = "vgputype";
     public static final String REMAININGCAPACITY = "remainingcapacity";
     public static final String DISTRIBUTED_VPC_ROUTER = "distributedvpcrouter";
-    public static final String READ_ONLY = "readOnly";
+    public static final String READ_ONLY = "readonly";
 
 
     public enum HostDetails {

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c3ee01cc/server/src/com/cloud/acl/DomainChecker.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/acl/DomainChecker.java b/server/src/com/cloud/acl/DomainChecker.java
index cb6921d..ea129f7 100755
--- a/server/src/com/cloud/acl/DomainChecker.java
+++ b/server/src/com/cloud/acl/DomainChecker.java
@@ -328,6 +328,17 @@ public class DomainChecker extends AdapterBase implements SecurityChecker {
     @Override
     public boolean checkAccess(Account caller, ControlledEntity entity, AccessType accessType, String action)
             throws PermissionDeniedException {
+
+        if (action != null && ("SystemCapability".equals(action))) {
+            if (caller != null && caller.getType() == Account.ACCOUNT_TYPE_ADMIN) {
+                return true;
+            }
+
+        } else if (action != null && ("DomainCapability".equals(action))) {
+            if (caller != null && caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) {
+                return true;
+            }
+        }
         return checkAccess(caller, entity, accessType);
     }
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c3ee01cc/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
index e7c5650..d69f3d0 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
@@ -29,7 +29,6 @@ import org.apache.cloudstack.api.ApiErrorCode;
 import org.apache.cloudstack.api.BaseAsyncCmd;
 import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.BaseCmd.CommandType;
 import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.iam.IAMApiService;

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c3ee01cc/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
index 467caed..5d35ee2 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
@@ -721,7 +721,8 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
             String description = "Policy to grant permission to " + entityType + entityId;
             policy = createIAMPolicy(caller, aclPolicyName, description, null);
             // add permission to this policy
-            addIAMPermissionToIAMPolicy(policy.getId(), entityType, PermissionScope.RESOURCE, entityId, action, Permission.Allow, false);
+            addIAMPermissionToIAMPolicy(policy.getId(), entityType, PermissionScope.RESOURCE, entityId, action,
+                    Permission.Allow, false, false);
         }
         // attach this policy to list of accounts if not attached already
         Long policyId = policy.getId();

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c3ee01cc/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java b/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
index 49c4c9f..1f09720 100644
--- a/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
+++ b/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
@@ -295,8 +295,8 @@ public class IAMApiServiceTest {
                 _iamSrv.addIAMPermissionToIAMPolicy(policyId, VirtualMachine.class.getSimpleName(),
                         PermissionScope.RESOURCE.toString(), resId, "listVirtualMachines",
                         AccessType.UseEntry.toString(), Permission.Allow, false)).thenReturn(policy);
-        _aclSrv.addIAMPermissionToIAMPolicy(policyId, VirtualMachine.class.getSimpleName(),
-                PermissionScope.RESOURCE, resId, "listVirtualMachines", Permission.Allow, false);
+        _aclSrv.addIAMPermissionToIAMPolicy(policyId, IAMEntityType.VirtualMachine.toString(),
+                PermissionScope.RESOURCE, resId, "listVirtualMachines", Permission.Allow, false, false);
         Pair<List<IAMPolicy>, Integer> policyList = new Pair<List<IAMPolicy>, Integer>(policies, 1);
         List<IAMPolicyPermission> policyPerms = new ArrayList<IAMPolicyPermission>();
         IAMPolicyPermission perm = new IAMPolicyPermissionVO(policyId, "listVirtualMachines",