You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by pr...@apache.org on 2014/03/03 23:06:17 UTC
git commit: updated refs/heads/rbac to a837ac8
Repository: cloudstack
Updated Branches:
refs/heads/rbac e5d722654 -> a837ac887
Adding Operate access check at service layer, since we are not checking access on the command parameter here
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/a837ac88
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/a837ac88
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/a837ac88
Branch: refs/heads/rbac
Commit: a837ac8873d8ad4e8300be747cd9dc02549fc415
Parents: e5d7226
Author: Prachi Damle <pr...@cloud.com>
Authored: Mon Mar 3 13:34:26 2014 -0800
Committer: Prachi Damle <pr...@cloud.com>
Committed: Mon Mar 3 13:35:19 2014 -0800
----------------------------------------------------------------------
.../command/user/securitygroup/RevokeSecurityGroupEgressCmd.java | 3 ---
.../src/com/cloud/network/security/SecurityGroupManagerImpl.java | 3 ++-
2 files changed, 2 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a837ac88/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java b/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java
index 0f74784..a93bee5 100644
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java
@@ -19,8 +19,6 @@ package org.apache.cloudstack.api.command.user.securitygroup;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.IAMEntityType;
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -47,7 +45,6 @@ public class RevokeSecurityGroupEgressCmd extends BaseAsyncCmd {
// ////////////// API parameters /////////////////////
// ///////////////////////////////////////////////////
- @ACL(accessType = AccessType.OperateEntry, pointerToEntity = "securityGroupId")
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, required = true, description = "The ID of the egress rule", entityType=SecurityGroupRuleResponse.class)
private Long id;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a837ac88/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
index d5f9405..cf71b25 100755
--- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
+++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
@@ -43,6 +43,7 @@ import javax.naming.ConfigurationException;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.command.user.securitygroup.AuthorizeSecurityGroupEgressCmd;
import org.apache.cloudstack.api.command.user.securitygroup.AuthorizeSecurityGroupIngressCmd;
import org.apache.cloudstack.api.command.user.securitygroup.CreateSecurityGroupCmd;
@@ -812,7 +813,7 @@ public class SecurityGroupManagerImpl extends ManagerBase implements SecurityGro
// Check permissions
SecurityGroup securityGroup = _securityGroupDao.findById(rule.getSecurityGroupId());
- _accountMgr.checkAccess(caller, null, true, securityGroup);
+ _accountMgr.checkAccess(caller, AccessType.OperateEntry, true, securityGroup);
return Transaction.execute(new TransactionCallback<Boolean>() {
@Override