You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by pr...@apache.org on 2014/01/18 01:56:20 UTC
git commit: updated refs/heads/rbac to b444136
Updated Branches:
refs/heads/rbac 0ce176c0d -> b44413616
Adding the correct policyIds for the command permission loading
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/b4441361
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/b4441361
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/b4441361
Branch: refs/heads/rbac
Commit: b444136166066afa3a118f0d7ead6550e971446e
Parents: 0ce176c
Author: Prachi Damle <pr...@cloud.com>
Authored: Fri Jan 17 16:55:32 2014 -0800
Committer: Prachi Damle <pr...@cloud.com>
Committed: Fri Jan 17 16:55:32 2014 -0800
----------------------------------------------------------------------
.../acl/RoleBasedAPIAccessChecker.java | 31 ++++++++++++++++++--
1 file changed, 28 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b4441361/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java
index c81c31a..11110b2 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java
@@ -105,7 +105,8 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker
// commands.properties.
for (RoleType role : RoleType.values()) {
- _iamSrv.resetAclPolicy(role.ordinal() + 1);
+ Long policyId = getDefaultPolicyId(role);
+ _iamSrv.resetAclPolicy(policyId);
}
for (PluggableService service : _services) {
@@ -135,6 +136,29 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker
return super.start();
}
+ private Long getDefaultPolicyId(RoleType role) {
+ Long policyId = null;
+ switch (role) {
+ case User:
+ policyId = new Long(Account.ACCOUNT_TYPE_NORMAL + 1);
+ break;
+
+ case Admin:
+ policyId = new Long(Account.ACCOUNT_TYPE_ADMIN + 1);
+ break;
+
+ case DomainAdmin:
+ policyId = new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1);
+ break;
+
+ case ResourceAdmin:
+ policyId = new Long(Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN + 1);
+ break;
+ }
+
+ return policyId;
+ }
+
private void processMapping(Map<String, String> configMap) {
for (Map.Entry<String, String> entry : configMap.entrySet()) {
String apiName = entry.getKey();
@@ -182,6 +206,7 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker
}
PermissionScope permissionScope = PermissionScope.ACCOUNT;
+ Long policyId = getDefaultPolicyId(role);
switch (role) {
case User:
permissionScope = PermissionScope.ACCOUNT;
@@ -202,11 +227,11 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker
if (entityTypes == null || entityTypes.length == 0) {
- _iamSrv.addAclPermissionToAclPolicy(new Long(role.ordinal()) + 1, null, permissionScope.toString(), new Long(-1),
+ _iamSrv.addAclPermissionToAclPolicy(policyId, null, permissionScope.toString(), new Long(-1),
apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow);
} else {
for (AclEntityType entityType : entityTypes) {
- _iamSrv.addAclPermissionToAclPolicy(new Long(role.ordinal()) + 1, entityType.toString(), permissionScope.toString(), new Long(-1),
+ _iamSrv.addAclPermissionToAclPolicy(policyId, entityType.toString(), permissionScope.toString(), new Long(-1),
apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow);
}
}