You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by da...@apache.org on 2014/05/03 00:45:00 UTC
git commit: updated refs/heads/4.4 to 1085695
Repository: cloudstack
Updated Branches:
refs/heads/4.4 d17c299fb -> 1085695b5
CLOUDSTACK-6569: IAM - Regular user is able to listNetworks of another
user in the same domain , by passing account and domainId.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/1085695b
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/1085695b
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/1085695b
Branch: refs/heads/4.4
Commit: 1085695b5cd179e29fff98aa62a7d61415243064
Parents: d17c299
Author: Min Chen <mi...@citrix.com>
Authored: Fri May 2 14:53:44 2014 -0700
Committer: Daan Hoogland <da...@onecht.net>
Committed: Sat May 3 00:44:25 2014 +0200
----------------------------------------------------------------------
api/src/com/cloud/user/AccountService.java | 4 ----
.../network/contrail/management/MockAccountManager.java | 7 -------
server/src/com/cloud/api/query/QueryManagerImpl.java | 6 +++---
server/src/com/cloud/network/NetworkServiceImpl.java | 2 +-
server/src/com/cloud/user/AccountManagerImpl.java | 8 --------
server/test/com/cloud/user/MockAccountManagerImpl.java | 6 ------
6 files changed, 4 insertions(+), 29 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1085695b/api/src/com/cloud/user/AccountService.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/user/AccountService.java b/api/src/com/cloud/user/AccountService.java
index 10be650..6cc86cd 100755
--- a/api/src/com/cloud/user/AccountService.java
+++ b/api/src/com/cloud/user/AccountService.java
@@ -24,7 +24,6 @@ import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.command.admin.user.RegisterCmd;
import com.cloud.domain.Domain;
-import com.cloud.domain.PartOf;
import com.cloud.exception.PermissionDeniedException;
public interface AccountService {
@@ -110,9 +109,6 @@ public interface AccountService {
void checkAccess(Account caller, AccessType accessType, String apiName, ControlledEntity... entities) throws PermissionDeniedException;
- //TO be implemented, to check accessibility for an entity owned by domain
- void checkAccess(Account caller, AccessType accessType, boolean sameOwner, PartOf... entities) throws PermissionDeniedException;
-
Long finalyzeAccountId(String accountName, Long domainId, Long projectId, boolean enabledOnly);
/**
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1085695b/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java b/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java
index e12a4bf..a39fb43 100644
--- a/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java
+++ b/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java
@@ -37,7 +37,6 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.configuration.ResourceLimit;
import com.cloud.configuration.dao.ResourceCountDao;
import com.cloud.domain.Domain;
-import com.cloud.domain.PartOf;
import com.cloud.exception.ConcurrentOperationException;
import com.cloud.exception.PermissionDeniedException;
import com.cloud.exception.ResourceUnavailableException;
@@ -194,12 +193,6 @@ public class MockAccountManager extends ManagerBase implements AccountManager {
return false;
}
- @Override
- public void checkAccess(Account account, AccessType accessType, boolean sameOwner, PartOf... entities) throws PermissionDeniedException {
- // TODO Auto-generated method stub
-
- }
-
@Override
public void buildACLSearchParameters(Account caller, Long id, String accountName, Long projectId, List<Long> permittedDomains, List<Long> permittedAccounts,
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1085695b/server/src/com/cloud/api/query/QueryManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/QueryManagerImpl.java b/server/src/com/cloud/api/query/QueryManagerImpl.java
index 8e020fc..6848ba0 100644
--- a/server/src/com/cloud/api/query/QueryManagerImpl.java
+++ b/server/src/com/cloud/api/query/QueryManagerImpl.java
@@ -3111,7 +3111,7 @@ public class QueryManagerImpl extends ManagerBase implements QueryService {
}
if (userAccount != null) {
- _accountMgr.checkAccess(caller, null, false, userAccount);
+ _accountMgr.checkAccess(caller, null, userAccount);
// check permissions
permittedAccounts.add(userAccount.getId());
} else {
@@ -3251,7 +3251,7 @@ public class QueryManagerImpl extends ManagerBase implements QueryService {
// if template is not public, perform permission check here
if (!template.isPublicTemplate() && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
Account owner = _accountMgr.getAccount(template.getAccountId());
- _accountMgr.checkAccess(caller, null, true, owner);
+ _accountMgr.checkAccess(caller, null, owner);
}
// if templateId is specified, then we will just use the id to
@@ -3576,7 +3576,7 @@ public class QueryManagerImpl extends ManagerBase implements QueryService {
throw new InvalidParameterValueException("Unable to list affinity groups for virtual machine instance "
+ vmId + "; instance not found.");
}
- _accountMgr.checkAccess(caller, null, true, userVM);
+ _accountMgr.checkAccess(caller, null, userVM);
return listAffinityGroupsByVM(vmId.longValue(), startIndex, pageSize);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1085695b/server/src/com/cloud/network/NetworkServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/NetworkServiceImpl.java b/server/src/com/cloud/network/NetworkServiceImpl.java
index 2820135..05c2725 100755
--- a/server/src/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/com/cloud/network/NetworkServiceImpl.java
@@ -1432,7 +1432,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService {
throw new InvalidParameterValueException("Unable to find account " + accountName + " in specified domain");
}
- _accountMgr.checkAccess(caller, null, true, owner);
+ _accountMgr.checkAccess(caller, null, owner);
permittedAccounts.add(owner.getId());
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1085695b/server/src/com/cloud/user/AccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
index 4b78141..22be83c 100755
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -75,7 +75,6 @@ import com.cloud.dc.dao.DataCenterVnetDao;
import com.cloud.dc.dao.DedicatedResourceDao;
import com.cloud.domain.Domain;
import com.cloud.domain.DomainVO;
-import com.cloud.domain.PartOf;
import com.cloud.domain.dao.DomainDao;
import com.cloud.event.ActionEvent;
import com.cloud.event.ActionEventUtils;
@@ -465,13 +464,6 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
throw new PermissionDeniedException("There's no way to confirm " + caller + " has access to " + domain);
}
- @Override
- public void checkAccess(Account caller, AccessType accessType, boolean sameOwner, PartOf... entities) throws PermissionDeniedException {
- // TODO Auto-generated method stub
-
- //TO BE IMPLEMENTED
-
- }
@Override
public void checkAccess(Account caller, AccessType accessType, ControlledEntity... entities) throws PermissionDeniedException {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1085695b/server/test/com/cloud/user/MockAccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/test/com/cloud/user/MockAccountManagerImpl.java b/server/test/com/cloud/user/MockAccountManagerImpl.java
index 4a7d4eb..a2b8a85 100644
--- a/server/test/com/cloud/user/MockAccountManagerImpl.java
+++ b/server/test/com/cloud/user/MockAccountManagerImpl.java
@@ -33,7 +33,6 @@ import org.apache.cloudstack.api.command.admin.user.RegisterCmd;
import org.apache.cloudstack.api.command.admin.user.UpdateUserCmd;
import com.cloud.domain.Domain;
-import com.cloud.domain.PartOf;
import com.cloud.exception.ConcurrentOperationException;
import com.cloud.exception.PermissionDeniedException;
import com.cloud.exception.ResourceUnavailableException;
@@ -220,11 +219,6 @@ public class MockAccountManagerImpl extends ManagerBase implements Manager, Acco
}
- @Override
- public void checkAccess(Account account, AccessType accessType, boolean sameOwner, PartOf... entities) throws PermissionDeniedException {
- // TODO Auto-generated method stub
-
- }
@Override
public UserAccount getUserAccountById(Long userId) {