You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by hu...@apache.org on 2013/01/15 09:21:19 UTC
[11/26] git commit: StaticRoleBased: commands.properties is actually
cfg for this plugin
StaticRoleBased: commands.properties is actually cfg for this plugin
Signed-off-by: Rohit Yadav <bh...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/3ec985f4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/3ec985f4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/3ec985f4
Branch: refs/heads/cloud-agent-with-openvswitch
Commit: 3ec985f46f7f251e5fb47cc3f4aa89e57f349454
Parents: c318561
Author: Rohit Yadav <bh...@apache.org>
Authored: Mon Jan 14 18:58:23 2013 -0800
Committer: Rohit Yadav <bh...@apache.org>
Committed: Mon Jan 14 19:01:26 2013 -0800
----------------------------------------------------------------------
.../acl/StaticRoleBasedAPIAccessChecker.java | 29 +++++++--------
1 files changed, 13 insertions(+), 16 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/3ec985f4/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java
----------------------------------------------------------------------
diff --git a/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java b/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java
index 55db288..1635784 100644
--- a/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java
+++ b/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java
@@ -21,15 +21,14 @@ import com.cloud.server.ManagementServer;
import com.cloud.user.Account;
import com.cloud.user.AccountService;
import com.cloud.user.User;
+import com.cloud.utils.PropertiesUtil;
import com.cloud.utils.component.AdapterBase;
import com.cloud.utils.component.ComponentLocator;
-import com.cloud.utils.component.PluggableService;
import javax.ejb.Local;
import javax.naming.ConfigurationException;
import java.util.HashMap;
import java.util.HashSet;
-import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -37,7 +36,7 @@ import org.apache.log4j.Logger;
// This is the default API access checker that grab's the user's account
// based on the account type, access is granted
-@Local(value=APIChecker.class)
+@Local(value = APIChecker.class)
public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIChecker {
protected static final Logger s_logger = Logger.getLogger(StaticRoleBasedAPIAccessChecker.class);
@@ -49,7 +48,7 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIC
protected StaticRoleBasedAPIAccessChecker() {
super();
- for (RoleType roleType: RoleType.values())
+ for (RoleType roleType : RoleType.values())
s_roleBasedApisMap.put(roleType, new HashSet<String>());
}
@@ -57,6 +56,10 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIC
public boolean checkAccess(User user, String commandName)
throws PermissionDeniedException {
Account account = s_accountService.getAccount(user.getAccountId());
+ if (account == null) {
+ throw new PermissionDeniedException("The account id=" + user.getAccountId() + "for user id=" + user.getId() + "is null");
+ }
+
RoleType roleType = s_accountService.getRoleType(account);
boolean isAllowed = s_roleBasedApisMap.get(roleType).contains(commandName);
if (!isAllowed) {
@@ -71,32 +74,26 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIC
// Read command properties files to build the static map per role.
ComponentLocator locator = ComponentLocator.getLocator(ManagementServer.Name);
-
s_accountService = locator.getManager(AccountService.class);
- List<PluggableService> services = locator.getAllPluggableServices();
- services.add((PluggableService) ComponentLocator.getComponent(ManagementServer.Name));
+ processMapping(PropertiesUtil.processConfigFile(new String[]
+ {"commands.properties"}));
- for (PluggableService service : services) {
- processConfigFiles(service.getProperties(), service.getClass().toString());
- s_logger.info("Processed role based acl for: " + service.toString());
- }
return true;
}
- private void processConfigFiles(Map<String, String> configMap, String service) {
- for (Map.Entry<String, String> entry: configMap.entrySet()) {
+ private void processMapping(Map<String, String> configMap) {
+ for (Map.Entry<String, String> entry : configMap.entrySet()) {
String apiName = entry.getKey();
String roleMask = entry.getValue();
try {
short cmdPermissions = Short.parseShort(roleMask);
- for (RoleType roleType: RoleType.values()) {
+ for (RoleType roleType : RoleType.values()) {
if ((cmdPermissions & roleType.getValue()) != 0)
s_roleBasedApisMap.get(roleType).add(apiName);
}
} catch (NumberFormatException nfe) {
- s_logger.info("Malformed getProperties() value for service: " + service
- + " for entry: " + entry.toString());
+ s_logger.info("Malformed key=value pair for entry: " + entry.toString());
}
}
}