You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@stratos.apache.org by im...@apache.org on 2015/05/19 19:41:32 UTC
stratos git commit: Updating internal/user role permissions
Repository: stratos
Updated Branches:
refs/heads/master 7f58cdbb5 -> 497a90df2
Updating internal/user role permissions
Project: http://git-wip-us.apache.org/repos/asf/stratos/repo
Commit: http://git-wip-us.apache.org/repos/asf/stratos/commit/497a90df
Tree: http://git-wip-us.apache.org/repos/asf/stratos/tree/497a90df
Diff: http://git-wip-us.apache.org/repos/asf/stratos/diff/497a90df
Branch: refs/heads/master
Commit: 497a90df2c84ec2354eee9bea004385c76a87dca
Parents: 7f58cdb
Author: Imesh Gunaratne <im...@apache.org>
Authored: Tue May 19 23:09:51 2015 +0530
Committer: Imesh Gunaratne <im...@apache.org>
Committed: Tue May 19 23:11:12 2015 +0530
----------------------------------------------------------------------
.../src/main/resources/META-INF/component.xml | 2 +-
.../src/main/resources/META-INF/component.xml | 24 ++-----
.../console/controllers/menu/menu.json | 26 +++----
.../manager/utils/PermissionConstants.java | 73 +++++++++++++++-----
.../stratos/manager/utils/UserRoleCreator.java | 32 +++------
.../src/main/resources/META-INF/component.xml | 50 +++++++-------
.../rest/endpoint/api/StratosApiV41.java | 67 +++++++++---------
.../rest/endpoint/api/StratosApiV41Utils.java | 12 ++++
8 files changed, 157 insertions(+), 129 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/stratos/blob/497a90df/components/org.apache.stratos.autoscaler/src/main/resources/META-INF/component.xml
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.autoscaler/src/main/resources/META-INF/component.xml b/components/org.apache.stratos.autoscaler/src/main/resources/META-INF/component.xml
index 534e597..b9ad668 100644
--- a/components/org.apache.stratos.autoscaler/src/main/resources/META-INF/component.xml
+++ b/components/org.apache.stratos.autoscaler/src/main/resources/META-INF/component.xml
@@ -62,7 +62,7 @@
</ManagementPermission>
<ManagementPermission>
<DisplayName>Get Application Policy</DisplayName>
- <ResourceId>/permission/protected/manage/getApplicationPolicy</ResourceId>
+ <ResourceId>/permission/admin/manage/getApplicationPolicy</ResourceId>
</ManagementPermission>
</ManagementPermissions>
</component>
http://git-wip-us.apache.org/repos/asf/stratos/blob/497a90df/components/org.apache.stratos.cloud.controller/src/main/resources/META-INF/component.xml
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.cloud.controller/src/main/resources/META-INF/component.xml b/components/org.apache.stratos.cloud.controller/src/main/resources/META-INF/component.xml
index 1e68714..3de412c 100644
--- a/components/org.apache.stratos.cloud.controller/src/main/resources/META-INF/component.xml
+++ b/components/org.apache.stratos.cloud.controller/src/main/resources/META-INF/component.xml
@@ -23,16 +23,6 @@
<extension>xml</extension>
<class>org.apache.stratos.cloud.controller.deployers.CloudControllerDeployer</class>
</deployer>
- <!-- >deployer>
- <directory>cartridges</directory>
- <extension>xml</extension>
- <class>org.apache.stratos.cloud.controller.deployers.CartridgeDeployer</class>
- </deployer-->
- <!-- >deployer>
- <directory>services</directory>
- <extension>xml</extension>
- <class>org.apache.stratos.cloud.controller.deployers.ServiceDeployer</class>
- </deployer-->
</deployers>
<ManagementPermissions>
<ManagementPermission>
@@ -57,15 +47,15 @@
</ManagementPermission>
<ManagementPermission>
<DisplayName>Add Service Group</DisplayName>
- <ResourceId>/permission/protected/manage/addServiceGroup</ResourceId>
+ <ResourceId>/permission/admin/manage/addServiceGroup</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Get Service Group Definition</DisplayName>
- <ResourceId>/permission/protected/manage/getServiceGroupDefinition</ResourceId>
+ <ResourceId>/permission/admin/manage/getServiceGroupDefinition</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Remove Service Group Definition</DisplayName>
- <ResourceId>/permission/protected/manage/removeServiceGroup</ResourceId>
+ <ResourceId>/permission/admin/manage/removeServiceGroup</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Add Deployment Policy</DisplayName>
@@ -85,19 +75,19 @@
</ManagementPermission>
<ManagementPermission>
<DisplayName>Add Network Partition</DisplayName>
- <ResourceId>/permission/protected/manage/addNetworkPartition</ResourceId>
+ <ResourceId>/permission/admin/manage/addNetworkPartition</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Update Network Partition</DisplayName>
- <ResourceId>/permission/protected/manage/updateNetworkPartition</ResourceId>
+ <ResourceId>/permission/admin/manage/updateNetworkPartition</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Get Network Partition</DisplayName>
- <ResourceId>/permission/protected/manage/getNetworkPartitions</ResourceId>
+ <ResourceId>/permission/admin/manage/getNetworkPartitions</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Remove Network Partition</DisplayName>
- <ResourceId>/permission/protected/manage/removeNetworkPartition</ResourceId>
+ <ResourceId>/permission/admin/manage/removeNetworkPartition</ResourceId>
</ManagementPermission>
</ManagementPermissions>
</component>
http://git-wip-us.apache.org/repos/asf/stratos/blob/497a90df/components/org.apache.stratos.manager.console/console/controllers/menu/menu.json
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.manager.console/console/controllers/menu/menu.json b/components/org.apache.stratos.manager.console/console/controllers/menu/menu.json
index 4604256..c7dff7d 100644
--- a/components/org.apache.stratos.manager.console/console/controllers/menu/menu.json
+++ b/components/org.apache.stratos.manager.console/console/controllers/menu/menu.json
@@ -15,7 +15,7 @@
"context": "/configure",
"title": "Network Partitions",
"icon": "fa-th-large",
- "permissionPaths": ["/permission", "/permission/admin"],
+ "permissionPaths": ["/permission", "/permission/admin/manage/getNetworkPartitions"],
"description": "Manage network partitions."
},
{
@@ -24,7 +24,7 @@
"context": "/configure",
"title": "Autoscaling Policies",
"icon": "fa-expand",
- "permissionPaths": ["/permission", "/permission/admin", "/permission/admin/manage/view/autoscalingpolicy"],
+ "permissionPaths": ["/permission", "/permission/admin", "/permission/admin/manage/getAutoscalingPolicies"],
"description": "Manage policies which specify autoscaling threshold values."
},
{
@@ -33,7 +33,7 @@
"context": "/configure",
"title": "Deployment Policies",
"icon": "fa-road",
- "permissionPaths": ["/permission", "/permission/admin"],
+ "permissionPaths": ["/permission", "/permission/admin/manage/getDeploymentPolicies"],
"description": "Manage policies which specify cartridge deployment in partitions."
},
{
@@ -42,7 +42,7 @@
"context": "/configure",
"title": "Application Policies",
"icon": "fa-cube",
- "permissionPaths": ["/permission", "/permission/admin", "/permission/admin/manage/view/subscription"],
+ "permissionPaths": ["/permission", "/permission/admin", "/permission/admin/manage/getApplicationPolicies"],
"description": "Manage policies which specify application deployment in network partitions."
},
{
@@ -51,7 +51,7 @@
"context": "/configure",
"title": "Cartridges",
"icon": "fa-inbox",
- "permissionPaths": ["/permission", "/permission/admin"],
+ "permissionPaths": ["/permission", "/permission/admin/manage/getCartridges"],
"description": "Manage single-tenant & multi-tenant cartridges."
},
{
@@ -60,16 +60,16 @@
"context": "/configure",
"title": "Cartridge Groups",
"icon": "fa-briefcase",
- "permissionPaths": ["/permission", "/permission/admin", "/permission/admin/manage/view/subscription"],
+ "permissionPaths": ["/permission", "/permission/admin", "/permission/admin/getServiceGroupDefinition"],
"description": "Manage cartridge groups"
},
{
- "link": "configure/docker/",
+ "link": "configure/kubernetesClusters/",
"linkexternal": false,
"context": "/configure",
"title": "Kubernetes Clusters",
"icon": "fa-sitemap",
- "permissionPaths": ["/permission", "/permission/admin"],
+ "permissionPaths": ["/permission", "/permission/admin/manage/getKubernetesClusters"],
"description": "Manage Kubernetes clusters."
}
]
@@ -89,7 +89,7 @@
"context": "/users",
"title": "Manage Users",
"icon": "fa-user",
- "permissionPaths": ["/permission", "/permission/admin"],
+ "permissionPaths": ["/permission", "/permission/protected/manage/getUsers"],
"description": "Manage current tenant users."
},
{
@@ -98,7 +98,7 @@
"context": "/users",
"title": "Manage Tenants",
"icon": "fa-building",
- "permissionPaths": ["/permission"],
+ "permissionPaths": ["/permission/protected/manage/getTenants"],
"description": "Manage tenants."
}
]
@@ -109,7 +109,7 @@
"context": "/",
"title": "Applications",
"icon": "fa-cubes",
- "permissionPaths": ["/permission", "/permission/admin/manage/view/cartridge"],
+ "permissionPaths": ["/permission", "/permission/admin/manage/getApplications"],
"description": "Manage applications."
},
{
@@ -118,7 +118,7 @@
"context": "/",
"title": "JIRA",
"icon": "fa-bug",
- "permissionPaths": ["/permission", "/permission/admin/manage/view/subscription"],
+ "permissionPaths": ["/permission", "/permission/admin"],
"description": "Report your issues that you find."
},
{
@@ -127,7 +127,7 @@
"context": "/",
"title": "Documentation",
"icon": "fa-life-saver",
- "permissionPaths": ["/permission", "/permission/admin/manage/view/subscription"],
+ "permissionPaths": ["/permission", "/permission/admin"],
"description": "Read documentation to get more information."
}
]
http://git-wip-us.apache.org/repos/asf/stratos/blob/497a90df/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/utils/PermissionConstants.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/utils/PermissionConstants.java b/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/utils/PermissionConstants.java
index ac383fd..c65d64c 100644
--- a/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/utils/PermissionConstants.java
+++ b/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/utils/PermissionConstants.java
@@ -3,16 +3,16 @@
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
+ * to you under the Apache License", Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
- * Unless required by applicable law or agreed to in writing,
+ * Unless required by applicable law or agreed to in writing",
* software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
+ * "AS IS" BASIS", WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND", either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
@@ -21,18 +21,55 @@ package org.apache.stratos.manager.utils;
public class PermissionConstants {
- public static final String ADD_SUBSCRIPTION = "/permission/admin/manage/add/subscription";
- public static final String REST_LOGIN = "/permission/admin/restlogin";
- public static final String ADD_GIT_SYNC = "/permission/admin/manage/add/sync";
- public static final String ADD_DOMAIN = "/permission/admin/manage/add/domain";
- public static final String VIEW_AUTOSCALING_POLICY = "/permission/admin/manage/view/autoscalingPolicy";
- public static final String VIEW_DEPLOYMENT_POLICY = "/permission/admin/manage/view/deploymentPolicy";
- public static final String VIEW_SUBSCRIPTION = "/permission/admin/manage/view/subscription";
- public static final String VIEW_CARTRIDGE = "/permission/admin/manage/view/cartridge";
- public static final String VIEW_SERVICE = "/permission/admin/manage/view/service";
- public static final String VIEW_DOMAIN = "/permission/admin/manage/view/domain";
- public static final String VIEW_CLUSTER = "/permission/admin/manage/view/cluster";
- public static final String VIEW_INSTANCE = "/permission/admin/manage/view/instance";
- public static final String VIEW_KUBERNETES = "/permission/admin/manage/view/kubernetes";
-
+ public static final String[] INTERNAL_USER_ROLE_PERMISSIONS = new String[] {
+ "/permission/protected/restlogin",
+ "/permission/admin/manage/addCartridge",
+ "/permission/admin/manage/updateCartridge",
+ "/permission/admin/manage/getCartridges",
+ "/permission/admin/manage/getCartridgesByFilter",
+ "/permission/admin/manage/removeCartridge",
+ "/permission/admin/manage/addServiceGroup",
+ "/permission/admin/manage/getServiceGroupDefinition",
+ "/permission/admin/manage/removeServiceGroup",
+ "/permission/admin/manage/addDeploymentPolicy",
+ "/permission/admin/manage/getDeploymentPolicy",
+ "/permission/admin/manage/updateDeploymentPolicy",
+ "/permission/admin/manage/removeDeploymentPolicy",
+ "/permission/admin/manage/addNetworkPartition",
+ "/permission/admin/manage/updateNetworkPartition",
+ "/permission/admin/manage/getNetworkPartitions",
+ "/permission/admin/manage/removeNetworkPartition",
+ "/permission/admin/manage/getAutoscalingPolicies",
+ "/permission/admin/manage/addAutoscalingPolicy",
+ "/permission/admin/manage/updateAutoscalingPolicy",
+ "/permission/admin/manage/removeAutoscalingPolicy",
+ "/permission/admin/manage/addKubernetesHostCluster",
+ "/permission/admin/manage/addKubernetesHost",
+ "/permission/admin/manage/updateKubernetesMaster",
+ "/permission/admin/manage/updateKubernetesHost",
+ "/permission/admin/manage/getKubernetesHostClusters",
+ "/permission/admin/manage/removeKubernetesHostCluster",
+ "/permission/admin/manage/getApplicationPolicy",
+ "/permission/admin/manage/addApplication",
+ "/permission/admin/manage/getApplications",
+ "/permission/admin/manage/deployApplication",
+ "/permission/admin/manage/getApplicationDeploymentPolicy",
+ "/permission/admin/manage/addApplicationSignUp",
+ "/permission/admin/manage/getApplicationSignUp",
+ "/permission/admin/manage/removeApplicationSignUp",
+ "/permission/admin/manage/addDomainMappings",
+ "/permission/admin/manage/removeDomainMappings",
+ "/permission/admin/manage/getDomainMappings",
+ "/permission/admin/manage/undeployApplication",
+ "/permission/admin/manage/getApplicationRuntime",
+ "/permission/admin/manage/removeApplication",
+ "/permission/admin/manage/addTenant",
+ "/permission/admin/manage/updateTenant",
+ "/permission/admin/manage/getTenantForDomain",
+ "/permission/admin/manage/removeTenant",
+ "/permission/admin/manage/getTenants",
+ "/permission/admin/manage/activateTenant",
+ "/permission/admin/manage/deactivateTenant",
+ "/permission/admin/manage/notifyRepository"
+ };
}
http://git-wip-us.apache.org/repos/asf/stratos/blob/497a90df/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/utils/UserRoleCreator.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/utils/UserRoleCreator.java b/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/utils/UserRoleCreator.java
index e7dfe94..2369a86 100644
--- a/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/utils/UserRoleCreator.java
+++ b/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/utils/UserRoleCreator.java
@@ -28,6 +28,9 @@ import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.mgt.UserMgtConstants;
+import java.util.ArrayList;
+import java.util.List;
+
public class UserRoleCreator {
private static final Log log = LogFactory.getLog(UserRoleCreator.class);
@@ -36,32 +39,19 @@ public class UserRoleCreator {
* Creating Internal/user Role at Carbon Server Start-up
*/
public static void createInternalUserRole(UserStoreManager userStoreManager) throws UserManagerException {
-
String userRole = "Internal/user";
-
try {
if (!userStoreManager.isExistingRole(userRole)) {
- if (log.isDebugEnabled()) {
- log.debug("Creating internal user role: " + userRole);
- }
- //Set permissions to the Internal/user role
- Permission[] tenantUserPermissions = new Permission[]{new Permission(PermissionConstants.VIEW_AUTOSCALING_POLICY, UserMgtConstants.EXECUTE_ACTION),
- new Permission(PermissionConstants.VIEW_DEPLOYMENT_POLICY, UserMgtConstants.EXECUTE_ACTION),
- new Permission(PermissionConstants.VIEW_CARTRIDGE, UserMgtConstants.EXECUTE_ACTION),
- new Permission(PermissionConstants.VIEW_SERVICE, UserMgtConstants.EXECUTE_ACTION),
- new Permission(PermissionConstants.VIEW_SUBSCRIPTION, UserMgtConstants.EXECUTE_ACTION),
- new Permission(PermissionConstants.VIEW_DOMAIN, UserMgtConstants.EXECUTE_ACTION),
- new Permission(PermissionConstants.VIEW_CLUSTER, UserMgtConstants.EXECUTE_ACTION),
- new Permission(PermissionConstants.VIEW_INSTANCE, UserMgtConstants.EXECUTE_ACTION),
- new Permission(PermissionConstants.VIEW_KUBERNETES, UserMgtConstants.EXECUTE_ACTION),
- new Permission(PermissionConstants.ADD_GIT_SYNC, UserMgtConstants.EXECUTE_ACTION),
- new Permission(PermissionConstants.ADD_SUBSCRIPTION, UserMgtConstants.EXECUTE_ACTION),
- new Permission(PermissionConstants.ADD_DOMAIN, UserMgtConstants.EXECUTE_ACTION),
- new Permission(PermissionConstants.REST_LOGIN, UserMgtConstants.EXECUTE_ACTION),
- };
+ log.info("Creating internal user role: " + userRole);
+ //Set permissions to the Internal/user role
+ List<Permission> permissions = new ArrayList<Permission>();
+ for(String permissionResourceId : PermissionConstants.INTERNAL_USER_ROLE_PERMISSIONS) {
+ Permission permission = new Permission(permissionResourceId, UserMgtConstants.EXECUTE_ACTION);
+ permissions.add(permission);
+ }
String[] userList = new String[]{};
- userStoreManager.addRole(userRole, userList, tenantUserPermissions);
+ userStoreManager.addRole(userRole, userList, permissions.toArray(new Permission[permissions.size()]));
}
} catch (UserStoreException e) {
String msg = "Error while creating the role: " + userRole;
http://git-wip-us.apache.org/repos/asf/stratos/blob/497a90df/components/org.apache.stratos.manager/src/main/resources/META-INF/component.xml
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.manager/src/main/resources/META-INF/component.xml b/components/org.apache.stratos.manager/src/main/resources/META-INF/component.xml
index a77988f..e885598 100644
--- a/components/org.apache.stratos.manager/src/main/resources/META-INF/component.xml
+++ b/components/org.apache.stratos.manager/src/main/resources/META-INF/component.xml
@@ -20,87 +20,87 @@
<ManagementPermissions>
<ManagementPermission>
<DisplayName>REST Login</DisplayName>
- <ResourceId>/permission/admin/restlogin</ResourceId>
+ <ResourceId>/permission/protected/restlogin</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Add Application</DisplayName>
- <ResourceId>/permission/protected/manage/addApplication</ResourceId>
+ <ResourceId>/permission/admin/manage/addApplication</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Get Application</DisplayName>
- <ResourceId>/permission/protected/manage/getApplications</ResourceId>
+ <ResourceId>/permission/admin/manage/getApplications</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Deploy Application</DisplayName>
- <ResourceId>/permission/protected/manage/deployApplication</ResourceId>
+ <ResourceId>/permission/admin/manage/deployApplication</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Get Application Deployment Policy</DisplayName>
- <ResourceId>/permission/protected/manage/getApplicationDeploymentPolicy</ResourceId>
+ <ResourceId>/permission/admin/manage/getApplicationDeploymentPolicy</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Add Application Sign Up</DisplayName>
- <ResourceId>/permission/protected/manage/addApplicationSignUp</ResourceId>
+ <ResourceId>/permission/admin/manage/addApplicationSignUp</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Get Application Sign Up</DisplayName>
- <ResourceId>/permission/protected/manage/getApplicationSignUp</ResourceId>
+ <ResourceId>/permission/admin/manage/getApplicationSignUp</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Remove Application Sign Up</DisplayName>
- <ResourceId>/permission/protected/manage/removeApplicationSignUp</ResourceId>
+ <ResourceId>/permission/admin/manage/removeApplicationSignUp</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Add Domain Mappings</DisplayName>
- <ResourceId>/permission/protected/manage/addDomainMappings</ResourceId>
+ <ResourceId>/permission/admin/manage/addDomainMappings</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Remove Domain Mappings</DisplayName>
- <ResourceId>/permission/protected/manage/removeDomainMappings</ResourceId>
+ <ResourceId>/permission/admin/manage/removeDomainMappings</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Get Domain Mappings</DisplayName>
- <ResourceId>/permission/protected/manage/getDomainMappings</ResourceId>
+ <ResourceId>/permission/admin/manage/getDomainMappings</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Undeploy Application</DisplayName>
- <ResourceId>/permission/protected/manage/undeployApplication</ResourceId>
+ <ResourceId>/permission/admin/manage/undeployApplication</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Get Application Runtime</DisplayName>
- <ResourceId>/permission/protected/manage/getApplicationRuntime</ResourceId>
+ <ResourceId>/permission/admin/manage/getApplicationRuntime</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Remove Application</DisplayName>
- <ResourceId>/permission/protected/manage/removeApplication</ResourceId>
+ <ResourceId>/permission/admin/manage/removeApplication</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Add Tenant</DisplayName>
- <ResourceId>/permission/protected/manage/addTenant</ResourceId>
+ <ResourceId>/permission/admin/manage/addTenant</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Update Tenant</DisplayName>
- <ResourceId>/permission/protected/manage/updateTenant</ResourceId>
+ <ResourceId>/permission/admin/manage/updateTenant</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Get Tenant For Domain</DisplayName>
- <ResourceId>/permission/protected/manage/getTenantForDomain</ResourceId>
+ <ResourceId>/permission/admin/manage/getTenantForDomain</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Remove Tenant</DisplayName>
- <ResourceId>/permission/protected/manage/removeTenant</ResourceId>
+ <ResourceId>/permission/admin/manage/removeTenant</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Get Tenants</DisplayName>
- <ResourceId>/permission/protected/manage/getTenants</ResourceId>
+ <ResourceId>/permission/admin/manage/getTenants</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Activate Tenant</DisplayName>
- <ResourceId>/permission/protected/manage/activateTenant</ResourceId>
+ <ResourceId>/permission/admin/manage/activateTenant</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Deactivate Tenant</DisplayName>
- <ResourceId>/permission/protected/manage/deactivateTenant</ResourceId>
+ <ResourceId>/permission/admin/manage/deactivateTenant</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Notify Repository</DisplayName>
@@ -108,19 +108,19 @@
</ManagementPermission>
<ManagementPermission>
<DisplayName>Add User</DisplayName>
- <ResourceId>/permission/admin/manage/addUser</ResourceId>
+ <ResourceId>/permission/protected/manage/addUser</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Remove User</DisplayName>
- <ResourceId>/permission/admin/manage/removeUser</ResourceId>
+ <ResourceId>/permission/protected/manage/removeUser</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Update User</DisplayName>
- <ResourceId>/permission/admin/manage/updateUser</ResourceId>
+ <ResourceId>/permission/protected/manage/updateUser</ResourceId>
</ManagementPermission>
<ManagementPermission>
<DisplayName>Get Users</DisplayName>
- <ResourceId>/permission/admin/manage/getUsers</ResourceId>
+ <ResourceId>/permission/protected/manage/getUsers</ResourceId>
</ManagementPermission>
</ManagementPermissions>
</component>
http://git-wip-us.apache.org/repos/asf/stratos/blob/497a90df/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41.java b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41.java
index ed46f17..7e25e8e 100644
--- a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41.java
+++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41.java
@@ -125,7 +125,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/cartridges")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/addCartridge")
+ @AuthorizationAction("/permission/protected/manage/addCartridge")
public Response addCartridge(
CartridgeBean cartridgeDefinitionBean) throws RestAPIException {
@@ -155,7 +155,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/deploymentPolicies")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/addDeploymentPolicy")
+ @AuthorizationAction("/permission/protected/manage/addDeploymentPolicy")
public Response addDeploymentPolicy(
DeploymentPolicyBean deploymentPolicyDefinitionBean) throws RestAPIException {
@@ -186,7 +186,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/deploymentPolicies/{deploymentPolicyId}")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/getDeploymentPolicy")
+ @AuthorizationAction("/permission/protected/manage/getDeploymentPolicy")
public Response getDeploymentPolicy(
@PathParam("deploymentPolicyId") String deploymentPolicyId) throws RestAPIException {
DeploymentPolicyBean deploymentPolicyBean = StratosApiV41Utils.getDeployementPolicy(deploymentPolicyId);
@@ -230,7 +230,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/deploymentPolicies")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/updateDeploymentPolicy")
+ @AuthorizationAction("/permission/protected/manage/updateDeploymentPolicy")
public Response updateDeploymentPolicy(
DeploymentPolicyBean deploymentPolicyDefinitionBean) throws RestAPIException {
@@ -270,7 +270,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/deploymentPolicies/{deploymentPolicyId}")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/removeDeploymentPolicy")
+ @AuthorizationAction("/permission/protected/manage/removeDeploymentPolicy")
public Response removeDeploymentPolicy(
@PathParam("deploymentPolicyId") String deploymentPolicyId) throws RestAPIException {
try {
@@ -299,7 +299,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/cartridges")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/updateCartridge")
+ @AuthorizationAction("/permission/protected/manage/updateCartridge")
public Response updateCartridge(
CartridgeBean cartridgeDefinitionBean) throws RestAPIException {
StratosApiV41Utils.updateCartridge(cartridgeDefinitionBean);
@@ -320,7 +320,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/cartridges")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/getCartridge")
+ @AuthorizationAction("/permission/protected/manage/getCartridge")
public Response getCartridges()
throws RestAPIException {
@@ -345,7 +345,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/cartridges/{cartridgeType}")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/getCartridge")
+ @AuthorizationAction("/permission/protected/manage/getCartridge")
public Response getCartridge(
@PathParam("cartridgeType") String cartridgeType) throws RestAPIException {
CartridgeBean cartridge;
@@ -370,7 +370,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/cartridges/filter/{filter}")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/getCartridgesByFilter")
+ @AuthorizationAction("/permission/protected/manage/getCartridgesByFilter")
public Response getCartridgesByFilter(
@DefaultValue("") @PathParam("filter") String filter, @QueryParam("criteria") String criteria)
throws RestAPIException {
@@ -397,7 +397,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/cartridges/{cartridgeType}/filter/{filter}")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/getCartridgesByFilter")
+ @AuthorizationAction("/permission/protected/manage/getCartridgesByFilter")
public Response getCartridgeByFilter(
@PathParam("cartridgeType") String cartridgeType, @DefaultValue("") @PathParam("filter") String filter)
throws RestAPIException {
@@ -423,7 +423,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/cartridges/{cartridgeType}")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/removeCartridge")
+ @AuthorizationAction("/permission/protected/manage/removeCartridge")
public Response removeCartridge(
@PathParam("cartridgeType") String cartridgeType) throws RestAPIException {
StratosApiV41Utils.removeCartridge(cartridgeType);
@@ -824,7 +824,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/applicationPolicies")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/addApplicationPolicy")
+ @AuthorizationAction("/permission/protected/manage/addApplicationPolicy")
public Response addApplicationPolicy(
ApplicationPolicyBean applicationPolicy) throws RestAPIException {
try {
@@ -885,7 +885,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/applicationPolicies")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/getApplicationPolicies")
+ @AuthorizationAction("/permission/protected/manage/getApplicationPolicies")
public Response getApplicationPolicies()
throws RestAPIException {
ApplicationPolicyBean[] applicationPolicies = StratosApiV41Utils.getApplicationPolicies();
@@ -907,7 +907,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/applicationPolicies/{applicationPolicyId}")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/removeApplicationPolicy")
+ @AuthorizationAction("/permission/protected/manage/removeApplicationPolicy")
public Response removeApplicationPolicy(
@PathParam("applicationPolicyId") String applicationPolicyId) throws RestAPIException {
try {
@@ -943,7 +943,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/applicationPolicies")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/updateApplicationPolicy")
+ @AuthorizationAction("/permission/protected/manage/updateApplicationPolicy")
public Response updateApplicationPolicy(
ApplicationPolicyBean applicationPolicy) throws RestAPIException {
@@ -1260,7 +1260,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/autoscalingPolicies")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/getAutoscalingPolicies")
+ @AuthorizationAction("/permission/protected/manage/getAutoscalingPolicies")
public Response getAutoscalingPolicies()
throws RestAPIException {
AutoscalePolicyBean[] autoScalePolicies = StratosApiV41Utils.getAutoScalePolicies();
@@ -1282,7 +1282,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/autoscalingPolicies/{autoscalePolicyId}")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/getAutoscalingPolicies")
+ @AuthorizationAction("/permission/protected/manage/getAutoscalingPolicies")
public Response getAutoscalingPolicy(
@PathParam("autoscalePolicyId") String autoscalePolicyId) throws RestAPIException {
AutoscalePolicyBean autoScalePolicy = StratosApiV41Utils.getAutoScalePolicy(autoscalePolicyId);
@@ -1304,7 +1304,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/autoscalingPolicies")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/addAutoscalingPolicy")
+ @AuthorizationAction("/permission/protected/manage/addAutoscalingPolicy")
public Response addAutoscalingPolicy(
AutoscalePolicyBean autoscalePolicy) throws RestAPIException {
@@ -1336,7 +1336,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/autoscalingPolicies")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/updateAutoscalingPolicy")
+ @AuthorizationAction("/permission/protected/manage/updateAutoscalingPolicy")
public Response updateAutoscalingPolicy(
AutoscalePolicyBean autoscalePolicy) throws RestAPIException {
@@ -1388,7 +1388,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/autoscalingPolicies/{autoscalingPolicyId}")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/removeAutoscalingPolicy")
+ @AuthorizationAction("/permission/protected/manage/removeAutoscalingPolicy")
public Response removeAutoscalingPolicy(
@PathParam("autoscalingPolicyId") String autoscalingPolicyId) throws RestAPIException {
@@ -1418,7 +1418,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/cluster/{clusterId}")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/cluster")
+ @AuthorizationAction("/permission/protected/manage/cluster")
public Response getCluster(
@PathParam("clusterId") String clusterId) throws RestAPIException {
try {
@@ -1686,7 +1686,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/repo/notify")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/notifyRepository")
+ @AuthorizationAction("/permission/protected/manage/notifyRepository")
public Response notifyRepository(
GitNotificationPayloadBean payload) throws RestAPIException {
if (log.isInfoEnabled()) {
@@ -1801,7 +1801,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/kubernetesClusters")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/addKubernetesCluster")
+ @AuthorizationAction("/permission/protected/manage/addKubernetesCluster")
public Response addKubernetesHostCluster(
KubernetesClusterBean kubernetesCluster) throws RestAPIException {
@@ -1833,7 +1833,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/kubernetesClusters")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/updateKubernetesCluster")
+ @AuthorizationAction("/permission/protected/manage/updateKubernetesCluster")
public Response updateKubernetesHostCluster(
KubernetesClusterBean kubernetesCluster) throws RestAPIException {
@@ -1863,7 +1863,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/kubernetesClusters/{kubernetesClusterId}/minion")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/addKubernetesHost")
+ @AuthorizationAction("/permission/protected/manage/addKubernetesHost")
public Response addKubernetesHost(
@PathParam("kubernetesClusterId") String kubernetesClusterId, KubernetesHostBean kubernetesHost)
throws RestAPIException {
@@ -1885,7 +1885,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/kubernetesClusters/{kubernetesClusterId}/master")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/updateKubernetesMaster")
+ @AuthorizationAction("/permission/protected/manage/updateKubernetesMaster")
public Response updateKubernetesMaster(
KubernetesMasterBean kubernetesMaster) throws RestAPIException {
try {
@@ -1904,7 +1904,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/kubernetesClusters/host")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/updateKubernetesHost")
+ @AuthorizationAction("/permission/protected/manage/updateKubernetesHost")
public Response updateKubernetesHost(
KubernetesHostBean kubernetesHost) throws RestAPIException {
try {
@@ -1929,7 +1929,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/kubernetesClusters")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/getKubernetesHostClusters")
+ @AuthorizationAction("/permission/protected/manage/getKubernetesHostClusters")
public Response getKubernetesHostClusters() throws RestAPIException {
KubernetesClusterBean[] availableKubernetesClusters = StratosApiV41Utils.getAvailableKubernetesClusters();
if (availableKubernetesClusters == null || availableKubernetesClusters.length == 0) {
@@ -1950,7 +1950,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/kubernetesClusters/{kubernetesClusterId}")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/getKubernetesHostClusters")
+ @AuthorizationAction("/permission/protected/manage/getKubernetesHostClusters")
public Response getKubernetesHostCluster(
@PathParam("kubernetesClusterId") String kubernetesClusterId) throws RestAPIException {
try {
@@ -1972,7 +1972,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/kubernetesClusters/{kubernetesClusterId}/hosts")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/getKubernetesHostClusters")
+ @AuthorizationAction("/permission/protected/manage/getKubernetesHostClusters")
public Response getKubernetesHostsOfKubernetesCluster(
@PathParam("kubernetesClusterId") String kubernetesClusterId) throws RestAPIException {
try {
@@ -1994,7 +1994,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/kubernetesClusters/{kubernetesClusterId}/master")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/getKubernetesHostClusters")
+ @AuthorizationAction("/permission/protected/manage/getKubernetesHostClusters")
public Response getKubernetesMasterOfKubernetesCluster(
@PathParam("kubernetesClusterId") String kubernetesClusterId) throws RestAPIException {
try {
@@ -2016,7 +2016,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/kubernetesClusters/{kubernetesClusterId}")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/removeKubernetesHostCluster")
+ @AuthorizationAction("/permission/protected/manage/removeKubernetesHostCluster")
public Response removeKubernetesHostCluster(
@PathParam("kubernetesClusterId") String kubernetesClusterId) throws RestAPIException {
try {
@@ -2044,7 +2044,7 @@ public class StratosApiV41 extends AbstractApi {
@Path("/kubernetesClusters/{kubernetesClusterId}/hosts/{hostId}")
@Produces("application/json")
@Consumes("application/json")
- @AuthorizationAction("/permission/admin/manage/removeKubernetesHostCluster")
+ @AuthorizationAction("/permission/protected/manage/removeKubernetesHostCluster")
public Response removeKubernetesHostOfKubernetesCluster(
@PathParam("hostId") String kubernetesHostId) throws RestAPIException {
try {
@@ -2057,5 +2057,4 @@ public class StratosApiV41 extends AbstractApi {
String.format("Kubernetes Host removed successfully: [kub-host] %s", kubernetesHostId)))
.build();
}
-
}
http://git-wip-us.apache.org/repos/asf/stratos/blob/497a90df/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41Utils.java
----------------------------------------------------------------------
diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41Utils.java b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41Utils.java
index d89ea35..42612a7 100644
--- a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41Utils.java
+++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41Utils.java
@@ -55,6 +55,7 @@ import org.apache.stratos.common.beans.topology.GroupInstanceBean;
import org.apache.stratos.common.client.AutoscalerServiceClient;
import org.apache.stratos.common.client.CloudControllerServiceClient;
import org.apache.stratos.common.client.StratosManagerServiceClient;
+import org.apache.stratos.common.exception.ApacheStratosException;
import org.apache.stratos.common.exception.InvalidEmailException;
import org.apache.stratos.common.util.ClaimsMgtUtil;
import org.apache.stratos.common.util.CommonUtil;
@@ -64,6 +65,7 @@ import org.apache.stratos.manager.service.stub.domain.application.signup.Applica
import org.apache.stratos.manager.service.stub.domain.application.signup.ArtifactRepository;
import org.apache.stratos.manager.service.stub.domain.application.signup.DomainMapping;
import org.apache.stratos.manager.user.management.StratosUserManagerUtils;
+import org.apache.stratos.manager.user.management.TenantUserRoleManager;
import org.apache.stratos.manager.user.management.exception.UserManagerException;
import org.apache.stratos.manager.utils.ApplicationManagementUtil;
import org.apache.stratos.messaging.domain.application.Application;
@@ -2891,6 +2893,16 @@ public class StratosApiV41Utils {
log.error(msg, e);
throw new RestAPIException(msg);
}
+
+ try {
+ TenantUserRoleManager tenantUserRoleManager = new TenantUserRoleManager();
+ tenantUserRoleManager.onTenantCreate(tenantInfoBean);
+ } catch (ApacheStratosException e) {
+ String message = "Could create Internal/user role for tenant";
+ log.error(message, e);
+ throw new RestAPIException(message);
+ }
+
// For the super tenant tenant creation, tenants are always activated as they are created.
try {
TenantMgtUtil.activateTenantInitially(