You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by pr...@apache.org on 2014/03/29 02:55:06 UTC

git commit: updated refs/heads/4.4 to 412af7c

Repository: cloudstack
Updated Branches:
  refs/heads/4.4 36fa355f0 -> 412af7c2e


RoleBasedEntityAccessChecker should skip Project resources. IAM does not support Projects yet.


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/412af7c2
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/412af7c2
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/412af7c2

Branch: refs/heads/4.4
Commit: 412af7c2e64ec9d69dacf652e692d0c1fea69e7c
Parents: 36fa355
Author: Prachi Damle <pr...@cloud.com>
Authored: Fri Mar 28 18:53:18 2014 -0700
Committer: Prachi Damle <pr...@cloud.com>
Committed: Fri Mar 28 18:54:19 2014 -0700

----------------------------------------------------------------------
 .../apache/cloudstack/iam/RoleBasedEntityAccessChecker.java   | 7 +++++++
 1 file changed, 7 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/412af7c2/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
index 3ab3749..bcc483f 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
@@ -81,6 +81,12 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
             throw new InvalidParameterValueException("Entity and action cannot be both NULL in checkAccess!");
         }
 
+        // if a Project entity, skip
+        Account entityAccount = _accountService.getAccount(entity.getAccountId());
+        if (entityAccount != null && entityAccount.getType() == Account.ACCOUNT_TYPE_PROJECT) {
+            return false;
+        }
+
         String entityType = null;
         if (entity.getEntityType() != null) {
             entityType = entity.getEntityType().getSimpleName();
@@ -128,6 +134,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
 
         if (!policies.isEmpty()) { // Since we reach this point, none of the
                                    // roles granted access
+
             if (s_logger.isDebugEnabled()) {
                 s_logger.debug("Account " + caller + " does not have permission to access resource " + entity
                         + " for access type: " + accessType);