You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by pr...@apache.org on 2013/12/14 01:31:05 UTC
git commit: updated refs/heads/rbac to 3f092d1
Updated Branches:
refs/heads/rbac d2922b925 -> 3f092d14c
Adding the AclEntityType attribute to APICommand annotation
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/3f092d14
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/3f092d14
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/3f092d14
Branch: refs/heads/rbac
Commit: 3f092d14ccc2957baf5fd0abe217aa3680a224c4
Parents: d2922b9
Author: Prachi Damle <pr...@cloud.com>
Authored: Fri Dec 13 15:35:34 2013 -0800
Committer: Prachi Damle <pr...@cloud.com>
Committed: Fri Dec 13 16:04:25 2013 -0800
----------------------------------------------------------------------
.../org/apache/cloudstack/api/APICommand.java | 5 ++-
.../api/command/user/vm/ScaleVMCmd.java | 3 +-
.../api/command/user/vm/StartVMCmd.java | 3 +-
.../api/command/user/vm/StopVMCmd.java | 3 +-
.../api/command/user/vm/UpgradeVMCmd.java | 3 +-
server/src/com/cloud/api/ApiServer.java | 43 ++++++++++++++------
6 files changed, 42 insertions(+), 18 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/3f092d14/api/src/org/apache/cloudstack/api/APICommand.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/APICommand.java b/api/src/org/apache/cloudstack/api/APICommand.java
index 192d6ad..eaadf62 100644
--- a/api/src/org/apache/cloudstack/api/APICommand.java
+++ b/api/src/org/apache/cloudstack/api/APICommand.java
@@ -24,6 +24,7 @@ import java.lang.annotation.Target;
import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.api.ResponseObject.ResponseView;
+import org.apache.cloudstack.acl.AclEntityType;
@Retention(RetentionPolicy.RUNTIME)
@Target({ TYPE })
@@ -39,8 +40,10 @@ public @interface APICommand {
boolean includeInApiDoc() default true;
String since() default "";
-
+
ResponseView responseView() default ResponseView.Full;
RoleType[] authorized() default {};
+
+ AclEntityType[] entityType() default {};
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/3f092d14/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java
index dfec0cc..c065019 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java
@@ -20,6 +20,7 @@ import java.util.List;
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.AclEntityType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
@@ -41,7 +42,7 @@ import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "scaleVirtualMachine", description = "Scales the virtual machine to a new service offering.", responseObject = SuccessResponse.class, responseView = ResponseView.Restricted)
+@APICommand(name = "scaleVirtualMachine", description = "Scales the virtual machine to a new service offering.", responseObject = SuccessResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
public class ScaleVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(ScaleVMCmd.class.getName());
private static final String s_name = "scalevirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/3f092d14/api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java
index 98a7ece..21883d6 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java
@@ -18,6 +18,7 @@ package org.apache.cloudstack.api.command.user.vm;
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.AclEntityType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@@ -42,7 +43,7 @@ import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
import com.cloud.utils.exception.ExecutionException;
-@APICommand(name = "startVirtualMachine", responseObject = UserVmResponse.class, description = "Starts a virtual machine.", responseView = ResponseView.Restricted)
+@APICommand(name = "startVirtualMachine", responseObject = UserVmResponse.class, description = "Starts a virtual machine.", responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
public class StartVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(StartVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/3f092d14/api/src/org/apache/cloudstack/api/command/user/vm/StopVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/StopVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/StopVMCmd.java
index 638e423..34f8ebf 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/StopVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/StopVMCmd.java
@@ -18,6 +18,7 @@ package org.apache.cloudstack.api.command.user.vm;
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.AclEntityType;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@@ -35,7 +36,7 @@ import com.cloud.exception.ConcurrentOperationException;
import com.cloud.user.Account;
import com.cloud.uservm.UserVm;
-@APICommand(name = "stopVirtualMachine", responseObject = UserVmResponse.class, description = "Stops a virtual machine.", responseView = ResponseView.Restricted)
+@APICommand(name = "stopVirtualMachine", responseObject = UserVmResponse.class, description = "Stops a virtual machine.", responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
public class StopVMCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(StopVMCmd.class.getName());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/3f092d14/api/src/org/apache/cloudstack/api/command/user/vm/UpgradeVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/UpgradeVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/UpgradeVMCmd.java
index c98a484..fecfde2 100644
--- a/api/src/org/apache/cloudstack/api/command/user/vm/UpgradeVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/UpgradeVMCmd.java
@@ -18,6 +18,7 @@ package org.apache.cloudstack.api.command.user.vm;
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.AclEntityType;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
@@ -37,7 +38,7 @@ import com.cloud.uservm.UserVm;
@APICommand(name = "changeServiceForVirtualMachine", responseObject=UserVmResponse.class, description="Changes the service offering for a virtual machine. " +
"The virtual machine must be in a \"Stopped\" state for " +
- "this command to take effect.", responseView = ResponseView.Restricted)
+ "this command to take effect.", responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
public class UpgradeVMCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(UpgradeVMCmd.class.getName());
private static final String s_name = "changeserviceforvirtualmachineresponse";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/3f092d14/server/src/com/cloud/api/ApiServer.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java
index d28a51c..882a5b1 100755
--- a/server/src/com/cloud/api/ApiServer.java
+++ b/server/src/com/cloud/api/ApiServer.java
@@ -83,6 +83,7 @@ import org.apache.log4j.Logger;
import org.springframework.stereotype.Component;
import org.apache.cloudstack.acl.APIChecker;
+import org.apache.cloudstack.acl.AclEntityType;
import org.apache.cloudstack.acl.AclPolicyPermission.Permission;
import org.apache.cloudstack.acl.AclPolicyPermissionVO;
import org.apache.cloudstack.acl.PermissionScope;
@@ -242,7 +243,6 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
// commands.properties.
SearchBuilder<AclPolicyPermissionVO> sb = _aclPermissionDao.createSearchBuilder();
sb.and("policyId", sb.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
- sb.and("resourceType", sb.entity().getEntityType(), SearchCriteria.Op.NULL);
sb.and("scope", sb.entity().getScope(), SearchCriteria.Op.EQ);
sb.done();
@@ -343,6 +343,7 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
private void addDefaultAclPolicyPermission(String apiName, Class<?> cmdClass, RoleType role) {
boolean isReadCommand = false;
+ AclEntityType[] entityTypes = null;
if (cmdClass != null) {
BaseCmd cmdObj;
try {
@@ -354,37 +355,53 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
throw new CloudRuntimeException(String.format(
"%s is claimed as an API command, but it cannot be instantiated", cmdClass.getName()));
}
+
+ APICommand at = cmdClass.getAnnotation(APICommand.class);
+ entityTypes = at.entityType();
}
AclPolicyPermissionVO apiPermission = null;
+ PermissionScope permissionScope = PermissionScope.ACCOUNT;
switch (role) {
case User:
- apiPermission = new AclPolicyPermissionVO(role.ordinal() + 1, apiName, null, null, PermissionScope.ACCOUNT,
- null, Permission.Allow);
+ permissionScope = PermissionScope.ACCOUNT;
break;
case Admin:
- apiPermission = new AclPolicyPermissionVO(role.ordinal() + 1, apiName, null, null, PermissionScope.ALL,
- null, Permission.Allow);
+ permissionScope = PermissionScope.ALL;
break;
case DomainAdmin:
- apiPermission = new AclPolicyPermissionVO(role.ordinal() + 1, apiName, null, null, PermissionScope.DOMAIN,
- null, Permission.Allow);
+ permissionScope = PermissionScope.DOMAIN;
break;
case ResourceAdmin:
- apiPermission = new AclPolicyPermissionVO(role.ordinal() + 1, apiName, null, null, PermissionScope.DOMAIN,
- null, Permission.Allow);
+ permissionScope = PermissionScope.DOMAIN;
break;
}
- if (apiPermission != null) {
- if (isReadCommand) {
- apiPermission.setAccessType(AccessType.ListEntry);
+ if (entityTypes == null || entityTypes.length == 0) {
+ apiPermission = new AclPolicyPermissionVO(role.ordinal() + 1, apiName, null, null, permissionScope,
+ new Long(-1), Permission.Allow);
+ if (apiPermission != null) {
+ if (isReadCommand) {
+ apiPermission.setAccessType(AccessType.ListEntry);
+ }
+ _aclPermissionDao.persist(apiPermission);
+ }
+ }
+
+ for (AclEntityType entityType : entityTypes) {
+ apiPermission = new AclPolicyPermissionVO(role.ordinal() + 1, apiName, entityType.toString(), null,
+ permissionScope, new Long(-1), Permission.Allow);
+ if (apiPermission != null) {
+ if (isReadCommand) {
+ apiPermission.setAccessType(AccessType.ListEntry);
+ }
+ _aclPermissionDao.persist(apiPermission);
}
- _aclPermissionDao.persist(apiPermission);
}
+
}
// NOTE: handle() only handles over the wire (OTW) requests from integration.api.port 8096