You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bh...@apache.org on 2012/12/11 23:19:36 UTC

[3/3] git commit: api: Fix APIAccessChecker and StaticRoleBasedAPIAccessChecker

api: Fix APIAccessChecker and StaticRoleBasedAPIAccessChecker

- Add getCmd api interface in APIAccessChecker adapter to get cmd properties
- Add mechanism in StaticRoleBasedAPIAccessChecker to get config properties
- Add public interface to get the cmd properties for the adapter impl

Signed-off-by: Rohit Yadav <bh...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/6ce68b93
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/6ce68b93
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/6ce68b93

Branch: refs/heads/api_refactoring
Commit: 6ce68b93ccfe23c4001713ae38c6422029891726
Parents: f4892fb
Author: Rohit Yadav <bh...@apache.org>
Authored: Tue Dec 11 14:10:36 2012 -0800
Committer: Rohit Yadav <bh...@apache.org>
Committed: Tue Dec 11 14:10:36 2012 -0800

----------------------------------------------------------------------
 api/src/com/cloud/acl/APIAccessChecker.java        |    8 ++++++--
 .../cloud/acl/StaticRoleBasedAPIAccessChecker.java |   14 +++++++++++---
 2 files changed, 17 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/6ce68b93/api/src/com/cloud/acl/APIAccessChecker.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/acl/APIAccessChecker.java b/api/src/com/cloud/acl/APIAccessChecker.java
index 4ccf49f..234f665 100644
--- a/api/src/com/cloud/acl/APIAccessChecker.java
+++ b/api/src/com/cloud/acl/APIAccessChecker.java
@@ -16,6 +16,8 @@
 // under the License.
 package com.cloud.acl;
 
+import java.util.Properties;
+
 import com.cloud.exception.PermissionDeniedException;
 import com.cloud.user.Account;
 import com.cloud.user.User;
@@ -25,6 +27,8 @@ import com.cloud.utils.component.Adapter;
  * APIAccessChecker checks the ownership and access control to API requests
  */
 public interface APIAccessChecker extends Adapter {
-
-	boolean canAccessAPI(User user, String apiCommandName) throws PermissionDeniedException;
+    // Interface for checking access to an API for a user
+    boolean canAccessAPI(User user, String apiCommandName) throws PermissionDeniedException;
+    // Interface for getting API Cmd properties
+    Properties getApiCommands();
 }

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/6ce68b93/server/src/com/cloud/acl/StaticRoleBasedAPIAccessChecker.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/acl/StaticRoleBasedAPIAccessChecker.java b/server/src/com/cloud/acl/StaticRoleBasedAPIAccessChecker.java
index cff098a..29dbc13 100644
--- a/server/src/com/cloud/acl/StaticRoleBasedAPIAccessChecker.java
+++ b/server/src/com/cloud/acl/StaticRoleBasedAPIAccessChecker.java
@@ -61,6 +61,7 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIA
     private static List<String> s_resourceDomainAdminCommands = null;
     private static List<String> s_allCommands = null;
     private static List<String> s_pluggableServiceCommands = null;
+    private Properties _apiCommands = null;
 
     protected @Inject AccountManager _accountMgr;
 
@@ -90,6 +91,11 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIA
         return commandExists;
     }
 
+    @Override
+    public Properties getApiCommands() {
+        return _apiCommands;
+    }
+
     private static boolean isCommandAvailableForAccount(short accountType, String commandName) {
         boolean isCommandAvailable = false;
         switch (accountType) {
@@ -140,6 +146,9 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIA
 
     private void processConfigFiles(String[] apiConfig, boolean pluggableServicesConfig) {
         try {
+            if (_apiCommands == null)
+                _apiCommands = new Properties();
+
             Properties preProcessedCommands = new Properties();
             if (apiConfig != null) {
                 for (String configFile : apiConfig) {
@@ -161,7 +170,7 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIA
                 for (Object key : preProcessedCommands.keySet()) {
                     String preProcessedCommand = preProcessedCommands.getProperty((String) key);
                     String[] commandParts = preProcessedCommand.split(";");
-
+                    _apiCommands.setProperty(key.toString(), commandParts[0]);
 
                     if (pluggableServicesConfig) {
                         s_pluggableServiceCommands.add(commandParts[0]);
@@ -196,8 +205,7 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIA
         } catch (FileNotFoundException fnfex) {
             s_logger.error("Unable to find properties file", fnfex);
         } catch (IOException ioex) {
-            s_logger.error("Exception loading properties file", ioex);
+            s_logger.error("IO Exception loading properties file", ioex);
         }
     }
-
 }