You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by pr...@apache.org on 2014/03/19 19:01:32 UTC
[2/3] git commit: updated refs/heads/master to acfdd51
More changes to support 'readOnly' access
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/c3ee01cc
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/c3ee01cc
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/c3ee01cc
Branch: refs/heads/master
Commit: c3ee01cca1f82501d076ed9c838f8b7139527447
Parents: e09f97a
Author: Prachi Damle <pr...@cloud.com>
Authored: Tue Mar 18 17:04:27 2014 -0700
Committer: Prachi Damle <pr...@cloud.com>
Committed: Wed Mar 19 11:00:23 2014 -0700
----------------------------------------------------------------------
api/src/org/apache/cloudstack/api/ApiConstants.java | 2 +-
server/src/com/cloud/acl/DomainChecker.java | 11 +++++++++++
.../api/command/iam/AddIAMPermissionToIAMPolicyCmd.java | 1 -
.../src/org/apache/cloudstack/iam/IAMApiServiceImpl.java | 3 ++-
.../apache/cloudstack/iam/test/IAMApiServiceTest.java | 4 ++--
5 files changed, 16 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c3ee01cc/api/src/org/apache/cloudstack/api/ApiConstants.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/ApiConstants.java b/api/src/org/apache/cloudstack/api/ApiConstants.java
index b8f720a..97b1cd7 100755
--- a/api/src/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/org/apache/cloudstack/api/ApiConstants.java
@@ -591,7 +591,7 @@ public class ApiConstants {
public static final String VGPUTYPE = "vgputype";
public static final String REMAININGCAPACITY = "remainingcapacity";
public static final String DISTRIBUTED_VPC_ROUTER = "distributedvpcrouter";
- public static final String READ_ONLY = "readOnly";
+ public static final String READ_ONLY = "readonly";
public enum HostDetails {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c3ee01cc/server/src/com/cloud/acl/DomainChecker.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/acl/DomainChecker.java b/server/src/com/cloud/acl/DomainChecker.java
index cb6921d..ea129f7 100755
--- a/server/src/com/cloud/acl/DomainChecker.java
+++ b/server/src/com/cloud/acl/DomainChecker.java
@@ -328,6 +328,17 @@ public class DomainChecker extends AdapterBase implements SecurityChecker {
@Override
public boolean checkAccess(Account caller, ControlledEntity entity, AccessType accessType, String action)
throws PermissionDeniedException {
+
+ if (action != null && ("SystemCapability".equals(action))) {
+ if (caller != null && caller.getType() == Account.ACCOUNT_TYPE_ADMIN) {
+ return true;
+ }
+
+ } else if (action != null && ("DomainCapability".equals(action))) {
+ if (caller != null && caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) {
+ return true;
+ }
+ }
return checkAccess(caller, entity, accessType);
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c3ee01cc/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
index e7c5650..d69f3d0 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
@@ -29,7 +29,6 @@ import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.BaseCmd.CommandType;
import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.iam.IAMApiService;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c3ee01cc/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
index 467caed..5d35ee2 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
@@ -721,7 +721,8 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man
String description = "Policy to grant permission to " + entityType + entityId;
policy = createIAMPolicy(caller, aclPolicyName, description, null);
// add permission to this policy
- addIAMPermissionToIAMPolicy(policy.getId(), entityType, PermissionScope.RESOURCE, entityId, action, Permission.Allow, false);
+ addIAMPermissionToIAMPolicy(policy.getId(), entityType, PermissionScope.RESOURCE, entityId, action,
+ Permission.Allow, false, false);
}
// attach this policy to list of accounts if not attached already
Long policyId = policy.getId();
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c3ee01cc/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java b/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
index 49c4c9f..1f09720 100644
--- a/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
+++ b/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
@@ -295,8 +295,8 @@ public class IAMApiServiceTest {
_iamSrv.addIAMPermissionToIAMPolicy(policyId, VirtualMachine.class.getSimpleName(),
PermissionScope.RESOURCE.toString(), resId, "listVirtualMachines",
AccessType.UseEntry.toString(), Permission.Allow, false)).thenReturn(policy);
- _aclSrv.addIAMPermissionToIAMPolicy(policyId, VirtualMachine.class.getSimpleName(),
- PermissionScope.RESOURCE, resId, "listVirtualMachines", Permission.Allow, false);
+ _aclSrv.addIAMPermissionToIAMPolicy(policyId, IAMEntityType.VirtualMachine.toString(),
+ PermissionScope.RESOURCE, resId, "listVirtualMachines", Permission.Allow, false, false);
Pair<List<IAMPolicy>, Integer> policyList = new Pair<List<IAMPolicy>, Integer>(policies, 1);
List<IAMPolicyPermission> policyPerms = new ArrayList<IAMPolicyPermission>();
IAMPolicyPermission perm = new IAMPolicyPermissionVO(policyId, "listVirtualMachines",