You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by hu...@apache.org on 2014/03/14 14:58:08 UTC
[11/50] [abbrv] git commit: updated refs/heads/4.4 to 48f8a95
Removed the AccessType.UseNetwork - replaced all referrences by AccessType.UseEntry
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/36c0a4e2
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/36c0a4e2
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/36c0a4e2
Branch: refs/heads/4.4
Commit: 36c0a4e2c33f59649ff52e3be7a4f181f8defeae
Parents: 84a528f
Author: Prachi Damle <pr...@cloud.com>
Authored: Thu Mar 13 15:32:38 2014 -0700
Committer: Prachi Damle <pr...@cloud.com>
Committed: Thu Mar 13 15:32:38 2014 -0700
----------------------------------------------------------------------
api/src/org/apache/cloudstack/acl/SecurityChecker.java | 1 -
.../apache/cloudstack/api/command/user/vm/DeployVMCmd.java | 2 +-
server/src/com/cloud/acl/DomainChecker.java | 2 +-
server/src/com/cloud/network/IpAddressManagerImpl.java | 8 +++++---
server/src/com/cloud/network/NetworkServiceImpl.java | 4 ++--
server/src/com/cloud/user/AccountManagerImpl.java | 3 ++-
server/src/com/cloud/vm/UserVmManagerImpl.java | 6 +++---
.../network/lb/ApplicationLoadBalancerManagerImpl.java | 2 +-
8 files changed, 15 insertions(+), 13 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/36c0a4e2/api/src/org/apache/cloudstack/acl/SecurityChecker.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/SecurityChecker.java b/api/src/org/apache/cloudstack/acl/SecurityChecker.java
index 2889bc8..614f604 100644
--- a/api/src/org/apache/cloudstack/acl/SecurityChecker.java
+++ b/api/src/org/apache/cloudstack/acl/SecurityChecker.java
@@ -32,7 +32,6 @@ public interface SecurityChecker extends Adapter {
public enum AccessType {
ModifyProject,
- UseNetwork,
OperateEntry,
UseEntry
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/36c0a4e2/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java
index 69e079f..0235fcc 100755
--- a/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java
@@ -105,7 +105,7 @@ public class DeployVMCmd extends BaseAsyncCreateCustomIdCmd {
private Long domainId;
//Network information
- @ACL(accessType = AccessType.UseNetwork)
+ @ACL(accessType = AccessType.UseEntry)
@Parameter(name = ApiConstants.NETWORK_IDS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = NetworkResponse.class, description = "list of network ids used by virtual machine. Can't be specified with ipToNetworkList parameter")
private List<Long> networkIds;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/36c0a4e2/server/src/com/cloud/acl/DomainChecker.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/acl/DomainChecker.java b/server/src/com/cloud/acl/DomainChecker.java
index 3df71a7..cb6921d 100755
--- a/server/src/com/cloud/acl/DomainChecker.java
+++ b/server/src/com/cloud/acl/DomainChecker.java
@@ -134,7 +134,7 @@ public class DomainChecker extends AdapterBase implements SecurityChecker {
}
return true;
- } else if (entity instanceof Network && accessType != null && accessType == AccessType.UseNetwork) {
+ } else if (entity instanceof Network && accessType != null && accessType == AccessType.UseEntry) {
_networkMgr.checkNetworkPermissions(caller, (Network)entity);
} else if (entity instanceof AffinityGroup) {
return false;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/36c0a4e2/server/src/com/cloud/network/IpAddressManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/IpAddressManagerImpl.java b/server/src/com/cloud/network/IpAddressManagerImpl.java
index 5225e3d..9b1f9bd 100644
--- a/server/src/com/cloud/network/IpAddressManagerImpl.java
+++ b/server/src/com/cloud/network/IpAddressManagerImpl.java
@@ -1164,7 +1164,8 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage
if (zone.getNetworkType() == NetworkType.Advanced) {
if (network.getGuestType() == Network.GuestType.Shared) {
if (isSharedNetworkOfferingWithServices(network.getNetworkOfferingId())) {
- _accountMgr.checkAccess(CallContext.current().getCallingAccount(), AccessType.UseNetwork, false, network);
+ _accountMgr.checkAccess(CallContext.current().getCallingAccount(), AccessType.UseEntry, false,
+ network);
} else {
throw new InvalidParameterValueException("IP can be associated with guest network of 'shared' type only if "
+ "network services Source Nat, Static Nat, Port Forwarding, Load balancing, firewall are enabled in the network");
@@ -1186,7 +1187,7 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage
Network network = _networksDao.findById(networkId);
if (network != null) {
- _accountMgr.checkAccess(owner, AccessType.UseNetwork, false, network);
+ _accountMgr.checkAccess(owner, AccessType.UseEntry, false, network);
} else {
s_logger.debug("Unable to find ip address by id: " + ipId);
return null;
@@ -1318,7 +1319,8 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage
if (zone.getNetworkType() == NetworkType.Advanced) {
if (network.getGuestType() == Network.GuestType.Shared) {
assert (isSharedNetworkOfferingWithServices(network.getNetworkOfferingId()));
- _accountMgr.checkAccess(CallContext.current().getCallingAccount(), AccessType.UseNetwork, false, network);
+ _accountMgr.checkAccess(CallContext.current().getCallingAccount(), AccessType.UseEntry, false,
+ network);
}
} else {
_accountMgr.checkAccess(caller, null, true, ipToAssoc);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/36c0a4e2/server/src/com/cloud/network/NetworkServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/NetworkServiceImpl.java b/server/src/com/cloud/network/NetworkServiceImpl.java
index 9185d84..9238a1e 100755
--- a/server/src/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/com/cloud/network/NetworkServiceImpl.java
@@ -535,7 +535,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService {
// if shared network in the advanced zone, then check the caller against the network for 'AccessType.UseNetwork'
if (zone.getNetworkType() == NetworkType.Advanced) {
if (isSharedNetworkOfferingWithServices(network.getNetworkOfferingId())) {
- _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network);
+ _accountMgr.checkAccess(caller, AccessType.UseEntry, false, network);
if (s_logger.isDebugEnabled()) {
s_logger.debug("Associate IP address called by the user " + callerUserId + " account " + ipOwner.getId());
}
@@ -578,7 +578,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService {
// if shared network in the advanced zone, then check the caller against the network for 'AccessType.UseNetwork'
if (zone.getNetworkType() == NetworkType.Advanced) {
if (isSharedNetworkOfferingWithServices(network.getNetworkOfferingId())) {
- _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network);
+ _accountMgr.checkAccess(caller, AccessType.UseEntry, false, network);
if (s_logger.isDebugEnabled()) {
s_logger.debug("Associate IP address called by the user " + callerUserId + " account " + ipOwner.getId());
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/36c0a4e2/server/src/com/cloud/user/AccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
index 1b68b0c..f0d129a 100755
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -91,6 +91,7 @@ import com.cloud.exception.PermissionDeniedException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.network.IpAddress;
import com.cloud.network.IpAddressManager;
+import com.cloud.network.Network;
import com.cloud.network.VpnUserVO;
import com.cloud.network.as.AutoScaleManager;
import com.cloud.network.dao.AccountGuestVlanMapDao;
@@ -490,7 +491,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
domainId = account != null ? account.getDomainId() : -1;
}
if (entity.getAccountId() != -1 && domainId != -1 && !(entity instanceof VirtualMachineTemplate) &&
- !(accessType != null && accessType == AccessType.UseNetwork) && !(entity instanceof AffinityGroup)) {
+ !(entity instanceof Network && accessType != null && accessType == AccessType.UseEntry) && !(entity instanceof AffinityGroup)) {
List<ControlledEntity> toBeChecked = domains.get(entity.getDomainId());
// for templates, we don't have to do cross domains check
if (toBeChecked == null) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/36c0a4e2/server/src/com/cloud/vm/UserVmManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java
index e7c0c8d..0e4fb5e 100755
--- a/server/src/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/com/cloud/vm/UserVmManagerImpl.java
@@ -987,7 +987,7 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir
}
// Perform account permission check on network
- _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network);
+ _accountMgr.checkAccess(caller, AccessType.UseEntry, false, network);
//ensure network belongs in zone
if (network.getDataCenterId() != vmInstance.getDataCenterId()) {
@@ -1061,7 +1061,7 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir
}
// Perform account permission check on network
- _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network);
+ _accountMgr.checkAccess(caller, AccessType.UseEntry, false, network);
boolean nicremoved = false;
@@ -2336,7 +2336,7 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir
// Perform account permission check
if (network.getAclType() == ACLType.Account) {
- _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network);
+ _accountMgr.checkAccess(caller, AccessType.UseEntry, false, network);
}
networkList.add(network);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/36c0a4e2/server/src/org/apache/cloudstack/network/lb/ApplicationLoadBalancerManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/org/apache/cloudstack/network/lb/ApplicationLoadBalancerManagerImpl.java b/server/src/org/apache/cloudstack/network/lb/ApplicationLoadBalancerManagerImpl.java
index 1f3e0d2..73bf0d2 100644
--- a/server/src/org/apache/cloudstack/network/lb/ApplicationLoadBalancerManagerImpl.java
+++ b/server/src/org/apache/cloudstack/network/lb/ApplicationLoadBalancerManagerImpl.java
@@ -114,7 +114,7 @@ public class ApplicationLoadBalancerManagerImpl extends ManagerBase implements A
}
Account caller = CallContext.current().getCallingAccount();
- _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, guestNtwk);
+ _accountMgr.checkAccess(caller, AccessType.UseEntry, false, guestNtwk);
Network sourceIpNtwk = _networkModel.getNetwork(sourceIpNetworkId);
if (sourceIpNtwk == null) {