This is an automated email from the ASF dual-hosted git repository.

heneveld pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git


The following commit(s) were added to refs/heads/master by this push:
     new 60e41a4  add a few more entitlements checks and notes in places
60e41a4 is described below

commit 60e41a41da5b620610ee18e512508d43e0e2a38e
Author: Alex Heneveld <[email protected]>
AuthorDate: Thu Jul 22 12:24:25 2021 +0100

    add a few more entitlements checks and notes in places
---
 .../java/org/apache/brooklyn/core/mgmt/entitlement/Entitlements.java  | 1 +
 .../java/org/apache/brooklyn/rest/resources/ApplicationResource.java  | 4 +++-
 .../java/org/apache/brooklyn/rest/resources/EffectorResource.java     | 4 +++-
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git 
a/core/src/main/java/org/apache/brooklyn/core/mgmt/entitlement/Entitlements.java
 
b/core/src/main/java/org/apache/brooklyn/core/mgmt/entitlement/Entitlements.java
index 7b462c8..0001ade 100644
--- 
a/core/src/main/java/org/apache/brooklyn/core/mgmt/entitlement/Entitlements.java
+++ 
b/core/src/main/java/org/apache/brooklyn/core/mgmt/entitlement/Entitlements.java
@@ -73,6 +73,7 @@ public class Entitlements {
     public static EntitlementClass<EntityAndItem<String>> SEE_CONFIG = new 
BasicEntitlementClassDefinition<EntityAndItem<String>>("config.see", 
EntityAndItem.typeToken(String.class));
     public static EntitlementClass<TaskAndItem<String>> SEE_ACTIVITY_STREAMS = 
new 
BasicEntitlementClassDefinition<TaskAndItem<String>>("activity.streams.see", 
TaskAndItem.typeToken(String.class));
     // string is effector name; argument may be a map or a list, depending how 
the args were supplied
+    // currently this permission gates even _seeing_ the effector; in future 
we might have a separate permission for that
     public static EntitlementClass<EntityAndItem<StringAndArgument>> 
INVOKE_EFFECTOR = new 
BasicEntitlementClassDefinition<EntityAndItem<StringAndArgument>>("effector.invoke",
 EntityAndItem.typeToken(StringAndArgument.class));
     public static EntitlementClass<Entity> MODIFY_ENTITY = new 
BasicEntitlementClassDefinition<Entity>("entity.modify", Entity.class);
 
diff --git 
a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/ApplicationResource.java
 
b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/ApplicationResource.java
index 13d7773..5708e03 100644
--- 
a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/ApplicationResource.java
+++ 
b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/ApplicationResource.java
@@ -220,7 +220,9 @@ public class ApplicationResource extends 
AbstractBrooklynRestResource implements
         
         List<EntityDetail> entitySummaries = Lists.newArrayList();
         for (Entity application : mgmt().getApplications()) {
-            
entitySummaries.add(addSensorsByName((EntityDetail)fromEntity(application, 
false, -1, null, null), application, extraSensors));
+            if (Entitlements.isEntitled(mgmt().getEntitlementManager(), 
Entitlements.SEE_ENTITY, application)) {
+                entitySummaries.add(addSensorsByName((EntityDetail) 
fromEntity(application, false, -1, null, null), application, extraSensors));
+            }
         }
 
         if (Strings.isNonBlank(entityIds)) {
diff --git 
a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/EffectorResource.java
 
b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/EffectorResource.java
index 1417a5c..862f15c 100644
--- 
a/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/EffectorResource.java
+++ 
b/rest/rest-resources/src/main/java/org/apache/brooklyn/rest/resources/EffectorResource.java
@@ -63,7 +63,9 @@ public class EffectorResource extends 
AbstractBrooklynRestResource implements Ef
                 .filter(new Predicate<Effector<?>>() {
                     @Override
                     public boolean apply(@Nullable Effector<?> input) {
-                        return 
Entitlements.isEntitled(mgmt().getEntitlementManager(), 
Entitlements.INVOKE_EFFECTOR,
+                        return 
Entitlements.isEntitled(mgmt().getEntitlementManager(),
+                                // see notes on INVOKE_EFFECTOR about the 
prospect of a separate SEE_EFFECTOR
+                                Entitlements.INVOKE_EFFECTOR,
                                 Entitlements.EntityAndItem.of(entity, 
StringAndArgument.of(input.getName(), null)));
                     }
                 })

Reply via email to