You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by mc...@apache.org on 2013/01/12 00:51:03 UTC
[15/32] git commit: APIAccessChecker: Refactor and simply plugin
implementation using better data structures
APIAccessChecker: Refactor and simply plugin implementation using better data structures
Signed-off-by: Rohit Yadav <bh...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/18bdc58c
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/18bdc58c
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/18bdc58c
Branch: refs/heads/api_limit
Commit: 18bdc58cebdceb4e078edbc8aa28f2a415729cae
Parents: e63e352
Author: Rohit Yadav <bh...@apache.org>
Authored: Thu Jan 10 17:21:58 2013 -0800
Committer: Rohit Yadav <bh...@apache.org>
Committed: Thu Jan 10 17:21:58 2013 -0800
----------------------------------------------------------------------
.../apache/cloudstack/acl/APIAccessChecker.java | 3 +-
.../acl/StaticRoleBasedAPIAccessChecker.java | 64 +++------------
2 files changed, 14 insertions(+), 53 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/18bdc58c/api/src/org/apache/cloudstack/acl/APIAccessChecker.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/APIAccessChecker.java b/api/src/org/apache/cloudstack/acl/APIAccessChecker.java
index a5c656d..1645fa2 100644
--- a/api/src/org/apache/cloudstack/acl/APIAccessChecker.java
+++ b/api/src/org/apache/cloudstack/acl/APIAccessChecker.java
@@ -17,7 +17,6 @@
package org.apache.cloudstack.acl;
import org.apache.cloudstack.acl.RoleType;
-import com.cloud.exception.PermissionDeniedException;
import com.cloud.utils.component.Adapter;
/**
@@ -25,5 +24,5 @@ import com.cloud.utils.component.Adapter;
*/
public interface APIAccessChecker extends Adapter {
// Interface for checking access to an API for an user
- boolean canAccessAPI(RoleType roleType, String apiCommandName) throws PermissionDeniedException;
+ boolean canAccessAPI(RoleType roleType, String apiCommandName);
}
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/18bdc58c/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java
----------------------------------------------------------------------
diff --git a/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java b/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java
index 689540a..d6bf3f6 100644
--- a/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java
+++ b/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java
@@ -16,7 +16,6 @@
// under the License.
package org.apache.cloudstack.acl;
-import com.cloud.exception.PermissionDeniedException;
import com.cloud.server.ManagementServer;
import com.cloud.utils.component.AdapterBase;
import com.cloud.utils.component.ComponentLocator;
@@ -39,45 +38,20 @@ import org.apache.log4j.Logger;
public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIAccessChecker {
protected static final Logger s_logger = Logger.getLogger(StaticRoleBasedAPIAccessChecker.class);
- private static Set<String> s_userCommands = null;
- private static Set<String> s_resellerCommands = null; // AKA domain-admin
- private static Set<String> s_adminCommands = null;
- private static Set<String> s_resourceDomainAdminCommands = null;
- private static Set<String> s_allCommands = null;
+
+ private static Map<RoleType, Set<String>> s_roleBasedApisMap =
+ new HashMap<RoleType, Set<String>>();
protected StaticRoleBasedAPIAccessChecker() {
super();
- s_allCommands = new HashSet<String>();
- s_userCommands = new HashSet<String>();
- s_resellerCommands = new HashSet<String>();
- s_adminCommands = new HashSet<String>();
- s_resourceDomainAdminCommands = new HashSet<String>();
+ for (RoleType roleType: RoleType.values()) {
+ s_roleBasedApisMap.put(roleType, new HashSet<String>());
+ }
}
@Override
- public boolean canAccessAPI(RoleType roleType, String commandName)
- throws PermissionDeniedException {
-
- boolean commandExists = s_allCommands.contains(commandName);
- boolean commandAccessible = false;
-
- if (commandExists) {
- switch (roleType) {
- case Admin:
- commandAccessible = s_adminCommands.contains(commandName);
- break;
- case DomainAdmin:
- commandAccessible = s_resellerCommands.contains(commandName);
- break;
- case ResourceAdmin:
- commandAccessible = s_resourceDomainAdminCommands.contains(commandName);
- break;
- case User:
- commandAccessible = s_userCommands.contains(commandName);
- break;
- }
- }
- return commandExists && commandAccessible;
+ public boolean canAccessAPI(RoleType roleType, String commandName) {
+ return s_roleBasedApisMap.get(roleType).contains(commandName);
}
@Override
@@ -98,31 +72,19 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIA
return true;
}
- private void processConfigFiles(Map<String, String> config) {
- for (Map.Entry<String, String> entry: config.entrySet()) {
+ private void processConfigFiles(Map<String, String> configMap) {
+ for (Map.Entry<String, String> entry: configMap.entrySet()) {
String apiName = entry.getKey();
String roleMask = entry.getValue();
try {
short cmdPermissions = Short.parseShort(roleMask);
- if ((cmdPermissions & Admin.getValue()) != 0) {
- s_adminCommands.add(apiName);
- }
- if ((cmdPermissions & ResourceAdmin.getValue()) != 0) {
- s_resourceDomainAdminCommands.add(apiName);
- }
- if ((cmdPermissions & DomainAdmin.getValue()) != 0) {
- s_resellerCommands.add(apiName);
- }
- if ((cmdPermissions & User.getValue()) != 0) {
- s_userCommands.add(apiName);
+ for (RoleType roleType: RoleType.values()) {
+ if ((cmdPermissions & roleType.getValue()) != 0)
+ s_roleBasedApisMap.get(roleType).add(apiName);
}
} catch (NumberFormatException nfe) {
s_logger.info("Malformed commands.properties permissions value, for entry: " + entry.toString());
}
}
- s_allCommands.addAll(s_adminCommands);
- s_allCommands.addAll(s_resourceDomainAdminCommands);
- s_allCommands.addAll(s_userCommands);
- s_allCommands.addAll(s_resellerCommands);
}
}