You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by hu...@apache.org on 2013/01/15 09:21:19 UTC

[11/26] git commit: StaticRoleBased: commands.properties is actually cfg for this plugin

StaticRoleBased: commands.properties is actually cfg for this plugin

Signed-off-by: Rohit Yadav <bh...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/3ec985f4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/3ec985f4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/3ec985f4

Branch: refs/heads/cloud-agent-with-openvswitch
Commit: 3ec985f46f7f251e5fb47cc3f4aa89e57f349454
Parents: c318561
Author: Rohit Yadav <bh...@apache.org>
Authored: Mon Jan 14 18:58:23 2013 -0800
Committer: Rohit Yadav <bh...@apache.org>
Committed: Mon Jan 14 19:01:26 2013 -0800

----------------------------------------------------------------------
 .../acl/StaticRoleBasedAPIAccessChecker.java       |   29 +++++++--------
 1 files changed, 13 insertions(+), 16 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/3ec985f4/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java
----------------------------------------------------------------------
diff --git a/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java b/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java
index 55db288..1635784 100644
--- a/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java
+++ b/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java
@@ -21,15 +21,14 @@ import com.cloud.server.ManagementServer;
 import com.cloud.user.Account;
 import com.cloud.user.AccountService;
 import com.cloud.user.User;
+import com.cloud.utils.PropertiesUtil;
 import com.cloud.utils.component.AdapterBase;
 import com.cloud.utils.component.ComponentLocator;
-import com.cloud.utils.component.PluggableService;
 
 import javax.ejb.Local;
 import javax.naming.ConfigurationException;
 import java.util.HashMap;
 import java.util.HashSet;
-import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
@@ -37,7 +36,7 @@ import org.apache.log4j.Logger;
 
 // This is the default API access checker that grab's the user's account
 // based on the account type, access is granted
-@Local(value=APIChecker.class)
+@Local(value = APIChecker.class)
 public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIChecker {
 
     protected static final Logger s_logger = Logger.getLogger(StaticRoleBasedAPIAccessChecker.class);
@@ -49,7 +48,7 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIC
 
     protected StaticRoleBasedAPIAccessChecker() {
         super();
-        for (RoleType roleType: RoleType.values())
+        for (RoleType roleType : RoleType.values())
             s_roleBasedApisMap.put(roleType, new HashSet<String>());
     }
 
@@ -57,6 +56,10 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIC
     public boolean checkAccess(User user, String commandName)
             throws PermissionDeniedException {
         Account account = s_accountService.getAccount(user.getAccountId());
+        if (account == null) {
+            throw new PermissionDeniedException("The account id=" + user.getAccountId() + "for user id=" + user.getId() + "is null");
+        }
+
         RoleType roleType = s_accountService.getRoleType(account);
         boolean isAllowed = s_roleBasedApisMap.get(roleType).contains(commandName);
         if (!isAllowed) {
@@ -71,32 +74,26 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIC
 
         // Read command properties files to build the static map per role.
         ComponentLocator locator = ComponentLocator.getLocator(ManagementServer.Name);
-
         s_accountService = locator.getManager(AccountService.class);
 
-        List<PluggableService> services = locator.getAllPluggableServices();
-        services.add((PluggableService) ComponentLocator.getComponent(ManagementServer.Name));
+        processMapping(PropertiesUtil.processConfigFile(new String[]
+                {"commands.properties"}));
 
-        for (PluggableService service : services) {
-            processConfigFiles(service.getProperties(), service.getClass().toString());
-            s_logger.info("Processed role based acl for: " + service.toString());
-        }
         return true;
     }
 
-    private void processConfigFiles(Map<String, String> configMap, String service) {
-        for (Map.Entry<String, String> entry: configMap.entrySet()) {
+    private void processMapping(Map<String, String> configMap) {
+        for (Map.Entry<String, String> entry : configMap.entrySet()) {
             String apiName = entry.getKey();
             String roleMask = entry.getValue();
             try {
                 short cmdPermissions = Short.parseShort(roleMask);
-                for (RoleType roleType: RoleType.values()) {
+                for (RoleType roleType : RoleType.values()) {
                     if ((cmdPermissions & roleType.getValue()) != 0)
                         s_roleBasedApisMap.get(roleType).add(apiName);
                 }
             } catch (NumberFormatException nfe) {
-                s_logger.info("Malformed getProperties() value for service: " + service
-                        + " for entry: " + entry.toString());
+                s_logger.info("Malformed key=value pair for entry: " + entry.toString());
             }
         }
     }