You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by pr...@apache.org on 2014/03/29 02:55:06 UTC
git commit: updated refs/heads/4.4 to 412af7c
Repository: cloudstack
Updated Branches:
refs/heads/4.4 36fa355f0 -> 412af7c2e
RoleBasedEntityAccessChecker should skip Project resources. IAM does not support Projects yet.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/412af7c2
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/412af7c2
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/412af7c2
Branch: refs/heads/4.4
Commit: 412af7c2e64ec9d69dacf652e692d0c1fea69e7c
Parents: 36fa355
Author: Prachi Damle <pr...@cloud.com>
Authored: Fri Mar 28 18:53:18 2014 -0700
Committer: Prachi Damle <pr...@cloud.com>
Committed: Fri Mar 28 18:54:19 2014 -0700
----------------------------------------------------------------------
.../apache/cloudstack/iam/RoleBasedEntityAccessChecker.java | 7 +++++++
1 file changed, 7 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/412af7c2/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
index 3ab3749..bcc483f 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
@@ -81,6 +81,12 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
throw new InvalidParameterValueException("Entity and action cannot be both NULL in checkAccess!");
}
+ // if a Project entity, skip
+ Account entityAccount = _accountService.getAccount(entity.getAccountId());
+ if (entityAccount != null && entityAccount.getType() == Account.ACCOUNT_TYPE_PROJECT) {
+ return false;
+ }
+
String entityType = null;
if (entity.getEntityType() != null) {
entityType = entity.getEntityType().getSimpleName();
@@ -128,6 +134,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
if (!policies.isEmpty()) { // Since we reach this point, none of the
// roles granted access
+
if (s_logger.isDebugEnabled()) {
s_logger.debug("Account " + caller + " does not have permission to access resource " + entity
+ " for access type: " + accessType);