You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@brooklyn.apache.org by sv...@apache.org on 2016/02/10 15:09:02 UTC
[4/4] brooklyn-server git commit: Closes #16
Closes #16
Add entitlements checks for sensor/config lookup
Project: http://git-wip-us.apache.org/repos/asf/brooklyn-server/repo
Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-server/commit/6693cd0c
Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-server/tree/6693cd0c
Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-server/diff/6693cd0c
Branch: refs/heads/master
Commit: 6693cd0cd7a1f26dd97a52095674ed3a0ff97f74
Parents: 5c8bb4e 4a3ab33
Author: Svetoslav Neykov <sv...@cloudsoftcorp.com>
Authored: Wed Feb 10 16:08:24 2016 +0200
Committer: Svetoslav Neykov <sv...@cloudsoftcorp.com>
Committed: Wed Feb 10 16:08:24 2016 +0200
----------------------------------------------------------------------
.../core/mgmt/entitlement/Entitlements.java | 42 ++++++-
.../mgmt/entitlement/EntityEntitlementTest.java | 4 +
.../rest/resources/ActivityResource.java | 42 ++++++-
.../rest/resources/ApplicationResource.java | 8 +-
.../rest/resources/CatalogResource.java | 32 ++---
.../rest/resources/EffectorResource.java | 2 +-
.../rest/resources/EntityConfigResource.java | 77 ++++++++----
.../brooklyn/rest/resources/EntityResource.java | 4 +-
.../rest/resources/PolicyConfigResource.java | 2 +-
.../brooklyn/rest/resources/SensorResource.java | 59 +++++++--
.../brooklyn/rest/resources/ServerResource.java | 16 +--
.../rest/util/BrooklynRestResourceUtils.java | 6 +-
.../AbstractRestApiEntitlementsTest.java | 111 +++++++++++++++++
.../ActivityApiEntitlementsTest.java | 123 +++++++++++++++++++
.../AuthenticateAnyoneSecurityProvider.java | 41 +++++++
.../EntityConfigApiEntitlementsTest.java | 103 ++++++++++++++++
.../entitlement/SensorApiEntitlementsTest.java | 108 ++++++++++++++++
.../entitlement/ServerApiEntitlementsTest.java | 34 +++++
.../StaticDelegatingEntitlementManager.java | 37 ++++++
.../AbstractSoftwareProcessStreamsTest.java | 10 +-
20 files changed, 779 insertions(+), 82 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/6693cd0c/rest/rest-server/src/main/java/org/apache/brooklyn/rest/resources/ApplicationResource.java
----------------------------------------------------------------------
diff --cc rest/rest-server/src/main/java/org/apache/brooklyn/rest/resources/ApplicationResource.java
index d9c38b6,351f65a..97ed1d9
--- a/rest/rest-server/src/main/java/org/apache/brooklyn/rest/resources/ApplicationResource.java
+++ b/rest/rest-server/src/main/java/org/apache/brooklyn/rest/resources/ApplicationResource.java
@@@ -241,9 -280,9 +241,9 @@@ public class ApplicationResource extend
log.debug("Creating app from yaml:\n{}", yaml);
EntitySpec<? extends Application> spec = createEntitySpecForApplication(yaml);
-
+
if (!Entitlements.isEntitled(mgmt().getEntitlementManager(), Entitlements.DEPLOY_APPLICATION, spec)) {
- throw WebResourceUtils.unauthorized("User '%s' is not authorized to start application %s",
+ throw WebResourceUtils.forbidden("User '%s' is not authorized to start application %s",
Entitlements.getEntitlementContext().user(), yaml);
}
@@@ -322,9 -361,9 +322,9 @@@
@Override
public Response delete(String application) {
Application app = brooklyn().getApplication(application);
- if (!Entitlements.isEntitled(mgmt().getEntitlementManager(), Entitlements.INVOKE_EFFECTOR, Entitlements.EntityAndItem.of(app,
+ if (!Entitlements.isEntitled(mgmt().getEntitlementManager(), Entitlements.INVOKE_EFFECTOR, Entitlements.EntityAndItem.of(app,
StringAndArgument.of(Entitlements.LifecycleEffectors.DELETE, null)))) {
- throw WebResourceUtils.unauthorized("User '%s' is not authorized to delete application %s",
+ throw WebResourceUtils.forbidden("User '%s' is not authorized to delete application %s",
Entitlements.getEntitlementContext().user(), app);
}
Task<?> t = brooklyn().destroy(app);