You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2018/04/26 09:51:42 UTC

[GitHub] nitin-maharana commented on a change in pull request #2606: When creating a new account (via domain admin) it is possible to select “root admin” as the role for the new user

nitin-maharana commented on a change in pull request #2606: When creating a new account (via domain admin) it is possible to select “root admin” as the role for the new user
URL: https://github.com/apache/cloudstack/pull/2606#discussion_r184332395
 
 

 ##########
 File path: api/src/main/java/org/apache/cloudstack/acl/RoleService.java
 ##########
 @@ -17,38 +17,62 @@
 
 package org.apache.cloudstack.acl;
 
+import java.util.List;
+
 import org.apache.cloudstack.acl.RolePermission.Permission;
 import org.apache.cloudstack.framework.config.ConfigKey;
 
-import java.util.List;
-
 public interface RoleService {
 
     ConfigKey<Boolean> EnableDynamicApiChecker = new ConfigKey<>("Advanced", Boolean.class, "dynamic.apichecker.enabled", "false",
-            "If set to true, this enables the dynamic role-based api access checker and disables the default static role-based api access checker.",
-            true);
+            "If set to true, this enables the dynamic role-based api access checker and disables the default static role-based api access checker.", true);
 
     boolean isEnabled();
-    Role findRole(final Long id);
-    Role createRole(final String name, final RoleType roleType, final String description);
-    Role updateRole(final Role role, final String name, final RoleType roleType, final String description);
-    boolean deleteRole(final Role role);
 
-    RolePermission findRolePermission(final Long id);
-    RolePermission findRolePermissionByUuid(final String uuid);
+    /**
+     *  Searches for a role with the given ID. If the ID is null or less than zero, this method will return null.
+     *  This method will also return null if no role is found with the provided ID. Moreover, we will check if the requested role is of 'Admin' type; roles with 'Admin' type should only be visible to 'root admins'.  Therefore, if a non-'root admin' user tries to search for an 'Admin' role, this method will return null.
 
 Review comment:
   @rafaelweingartner, Thanks for the fix. Would be more appropriate if we break this line into two.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services