You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by mc...@apache.org on 2013/11/21 19:32:53 UTC
[1/2] git commit: updated refs/heads/rbac to c3baf3a
Updated Branches:
refs/heads/rbac 7ed030115 -> c3baf3ad7
Change two static response views to Full and Restricted.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/81a794a5
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/81a794a5
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/81a794a5
Branch: refs/heads/rbac
Commit: 81a794a5d3def713a5d00b4cff548bab189c2b3b
Parents: 7ed0301
Author: Min Chen <mi...@citrix.com>
Authored: Thu Nov 21 10:32:08 2013 -0800
Committer: Min Chen <mi...@citrix.com>
Committed: Thu Nov 21 10:32:08 2013 -0800
----------------------------------------------------------------------
api/src/org/apache/cloudstack/api/APICommand.java | 2 +-
api/src/org/apache/cloudstack/api/ResponseObject.java | 4 ++--
.../cloudstack/api/command/admin/vm/ListVMsCmdByAdmin.java | 2 +-
.../org/apache/cloudstack/api/command/user/vm/ListVMsCmd.java | 2 +-
server/src/com/cloud/api/ApiServer.java | 4 ++--
server/src/com/cloud/api/query/QueryManagerImpl.java | 4 ++--
server/src/com/cloud/api/query/dao/UserVmJoinDaoImpl.java | 2 +-
7 files changed, 10 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/81a794a5/api/src/org/apache/cloudstack/api/APICommand.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/APICommand.java b/api/src/org/apache/cloudstack/api/APICommand.java
index 008bd1e..192d6ad 100644
--- a/api/src/org/apache/cloudstack/api/APICommand.java
+++ b/api/src/org/apache/cloudstack/api/APICommand.java
@@ -40,7 +40,7 @@ public @interface APICommand {
String since() default "";
- ResponseView responseView() default ResponseView.Admin;
+ ResponseView responseView() default ResponseView.Full;
RoleType[] authorized() default {};
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/81a794a5/api/src/org/apache/cloudstack/api/ResponseObject.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/ResponseObject.java b/api/src/org/apache/cloudstack/api/ResponseObject.java
index 6c32016..2a3ba9b 100644
--- a/api/src/org/apache/cloudstack/api/ResponseObject.java
+++ b/api/src/org/apache/cloudstack/api/ResponseObject.java
@@ -78,7 +78,7 @@ public interface ResponseObject {
void setJobStatus(Integer jobStatus);
public enum ResponseView {
- Admin,
- User
+ Full,
+ Restricted
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/81a794a5/api/src/org/apache/cloudstack/api/command/admin/vm/ListVMsCmdByAdmin.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/vm/ListVMsCmdByAdmin.java b/api/src/org/apache/cloudstack/api/command/admin/vm/ListVMsCmdByAdmin.java
index 5699fbd..489af29 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/vm/ListVMsCmdByAdmin.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/vm/ListVMsCmdByAdmin.java
@@ -29,7 +29,7 @@ import org.apache.cloudstack.api.response.StoragePoolResponse;
import org.apache.cloudstack.api.response.UserVmResponse;
-@APICommand(name = "listVirtualMachines", description = "List the virtual machines owned by the account.", responseObject = UserVmResponse.class, responseView = ResponseView.Admin)
+@APICommand(name = "listVirtualMachines", description = "List the virtual machines owned by the account.", responseObject = UserVmResponse.class, responseView = ResponseView.Full)
public class ListVMsCmdByAdmin extends ListVMsCmd {
public static final Logger s_logger = Logger.getLogger(ListVMsCmdByAdmin.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/81a794a5/api/src/org/apache/cloudstack/api/command/user/vm/ListVMsCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/ListVMsCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/ListVMsCmd.java
index a031c03..9d9b372 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/ListVMsCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/ListVMsCmd.java
@@ -42,7 +42,7 @@ import org.apache.cloudstack.api.response.ZoneResponse;
import com.cloud.exception.InvalidParameterValueException;
-@APICommand(name = "listVirtualMachines", description = "List the virtual machines owned by the account.", responseObject = UserVmResponse.class, responseView = ResponseView.User)
+@APICommand(name = "listVirtualMachines", description = "List the virtual machines owned by the account.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted)
public class ListVMsCmd extends BaseListTaggedResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListVMsCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/81a794a5/server/src/com/cloud/api/ApiServer.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java
index 45a2cba..0ed6a68 100755
--- a/server/src/com/cloud/api/ApiServer.java
+++ b/server/src/com/cloud/api/ApiServer.java
@@ -887,9 +887,9 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
return cmdList.get(0);
else {
// determine the cmd class based on calling context
- ResponseView view = ResponseView.User;
+ ResponseView view = ResponseView.Restricted;
if (_accountMgr.isRootAdmin(CallContext.current().getCallingAccount().getId())) {
- view = ResponseView.Admin;
+ view = ResponseView.Full;
}
for (Class<?> cmdClass : cmdList) {
APICommand at = cmdClass.getAnnotation(APICommand.class);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/81a794a5/server/src/com/cloud/api/query/QueryManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/QueryManagerImpl.java b/server/src/com/cloud/api/query/QueryManagerImpl.java
index 882e406..f55fcd8 100644
--- a/server/src/com/cloud/api/query/QueryManagerImpl.java
+++ b/server/src/com/cloud/api/query/QueryManagerImpl.java
@@ -737,9 +737,9 @@ public class QueryManagerImpl extends ManagerBase implements QueryService {
public ListResponse<UserVmResponse> searchForUserVMs(ListVMsCmd cmd) {
Pair<List<UserVmJoinVO>, Integer> result = searchForUserVMsInternal(cmd);
ListResponse<UserVmResponse> response = new ListResponse<UserVmResponse>();
- ResponseView respView = ResponseView.User;
+ ResponseView respView = ResponseView.Restricted;
if (cmd instanceof ListVMsCmdByAdmin) {
- respView = ResponseView.Admin;
+ respView = ResponseView.Full;
}
List<UserVmResponse> vmResponses = ViewResponseHelper.createUserVmResponse(respView, "virtualmachine", cmd.getDetails(),
result.first().toArray(new UserVmJoinVO[result.first().size()]));
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/81a794a5/server/src/com/cloud/api/query/dao/UserVmJoinDaoImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/dao/UserVmJoinDaoImpl.java b/server/src/com/cloud/api/query/dao/UserVmJoinDaoImpl.java
index 0094638..7371665 100644
--- a/server/src/com/cloud/api/query/dao/UserVmJoinDaoImpl.java
+++ b/server/src/com/cloud/api/query/dao/UserVmJoinDaoImpl.java
@@ -127,7 +127,7 @@ public class UserVmJoinDaoImpl extends GenericDaoBase<UserVmJoinVO, Long> implem
}
userVmResponse.setZoneId(userVm.getDataCenterUuid());
userVmResponse.setZoneName(userVm.getDataCenterName());
- if (view == ResponseView.Admin || ((view == null) && ((caller == null) || (_accountMgr.isRootAdmin(caller.getId()))))) {
+ if (view == ResponseView.Full || ((view == null) && ((caller == null) || (_accountMgr.isRootAdmin(caller.getId()))))) {
userVmResponse.setInstanceName(userVm.getInstanceName());
userVmResponse.setHostId(userVm.getHostUuid());
userVmResponse.setHostName(userVm.getHostName());
[2/2] git commit: updated refs/heads/rbac to c3baf3a
Posted by mc...@apache.org.
Interface for QueryChecker adapter.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/c3baf3ad
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/c3baf3ad
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/c3baf3ad
Branch: refs/heads/rbac
Commit: c3baf3ad72bd77eb1415feae5f715bcd8501d26b
Parents: 81a794a
Author: Min Chen <mi...@citrix.com>
Authored: Thu Nov 21 10:32:26 2013 -0800
Committer: Min Chen <mi...@citrix.com>
Committed: Thu Nov 21 10:32:26 2013 -0800
----------------------------------------------------------------------
.../org/apache/cloudstack/acl/QueryChecker.java | 83 ++++++++++++++++++++
1 file changed, 83 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c3baf3ad/api/src/org/apache/cloudstack/acl/QueryChecker.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/QueryChecker.java b/api/src/org/apache/cloudstack/acl/QueryChecker.java
new file mode 100644
index 0000000..bbe9a2e
--- /dev/null
+++ b/api/src/org/apache/cloudstack/acl/QueryChecker.java
@@ -0,0 +1,83 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.acl;
+
+import java.util.List;
+
+import com.cloud.user.Account;
+import com.cloud.utils.component.Adapter;
+
+/**
+ * QueryChecker returns granted access at domain, account or resource level.
+ */
+public interface QueryChecker extends Adapter {
+
+ /**
+ * List granted domains for the caller, given a specific entity type.
+ *
+ * @param caller account to check against.
+ * @param entityType entity type
+ * @return list of domain Ids granted to the caller account.
+ */
+ List<Long> getAuthorizedDomains(Account caller, AclEntityType entityType);
+
+ /**
+ * List denied domains for the caller, given a specific entity type.
+ *
+ * @param caller account to check against.
+ * @param entityType entity type
+ * @return list of domain Ids granted to the caller account.
+ */
+ List<Long> getDeniedDomains(Account caller, AclEntityType entityType);
+
+ /**
+ * List granted accounts for the caller, given a specific entity type.
+ *
+ * @param caller account to check against.
+ * @param entityType entity type
+ * @return list of domain Ids granted to the caller account.
+ */
+ List<Long> getAuthorizedAccounts(Account caller, AclEntityType entityType);
+
+ /**
+ * List denied accounts for the caller, given a specific entity type.
+ *
+ * @param caller account to check against.
+ * @param entityType entity type
+ * @return list of domain Ids granted to the caller account.
+ */
+ List<Long> getDeniedAccounts(Account caller, AclEntityType entityType);
+
+ /**
+ * List granted resources for the caller, given a specific entity type.
+ *
+ * @param caller account to check against.
+ * @param entityType entity type
+ * @return list of domain Ids granted to the caller account.
+ */
+ List<Long> getAuthorizedResources(Account caller, AclEntityType entityType);
+
+ /**
+ * List denied resources for the caller, given a specific entity type.
+ *
+ * @param caller account to check against.
+ * @param entityType entity type
+ * @return list of domain Ids granted to the caller account.
+ */
+ List<Long> getDeniedResources(Account caller, AclEntityType entityType);
+
+}