Updated Branches: refs/heads/rbac 5583506c0 -> bb271926f
WIP AccessChecker plugin Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/bb271926 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/bb271926 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/bb271926 Branch: refs/heads/rbac Commit: bb271926fb6193a61015c80d434644855c99637b Parents: 5583506 Author: Prachi Damle <[email protected]> Authored: Tue Oct 1 18:11:30 2013 -0700 Committer: Prachi Damle <[email protected]> Committed: Tue Oct 1 18:11:30 2013 -0700 ---------------------------------------------------------------------- api/src/org/apache/cloudstack/acl/AclService.java | 7 +++++-- plugins/pom.xml | 1 + server/src/com/cloud/user/AccountManagerImpl.java | 8 +++----- .../org/apache/cloudstack/acl/AclServiceImpl.java | 15 +++++++++++++-- 4 files changed, 22 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bb271926/api/src/org/apache/cloudstack/acl/AclService.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/acl/AclService.java b/api/src/org/apache/cloudstack/acl/AclService.java index e01c3b6..0866b2f 100644 --- a/api/src/org/apache/cloudstack/acl/AclService.java +++ b/api/src/org/apache/cloudstack/acl/AclService.java @@ -40,9 +40,9 @@ public interface AclService { */ boolean deleteAclRole(long aclRoleId); - AclRole grantPermissionToAclRole(long aclRoleId, List<String> apiNames); + AclRole grantApiPermissionToAclRole(long aclRoleId, List<String> apiNames); - AclRole revokePermissionFromAclRole(long aclRoleId, List<String> apiNames); + AclRole revokeApiPermissionFromAclRole(long aclRoleId, List<String> apiNames); AclGroup addAclRolesToGroup(List<Long> roleIds, Long groupId); @@ -74,5 +74,8 @@ public interface AclService { */ boolean deleteAclGroup(Long aclGroupId); + List<AclRole> getAclRoles(long accountId); + + boolean isAPIAccessibleForRoles(String apiName, List<AclRole> roles); } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bb271926/plugins/pom.xml ---------------------------------------------------------------------- diff --git a/plugins/pom.xml b/plugins/pom.xml index 0812642..a218bde 100755 --- a/plugins/pom.xml +++ b/plugins/pom.xml @@ -62,6 +62,7 @@ <module>alert-handlers/snmp-alerts</module> <module>alert-handlers/syslog-alerts</module> <module>network-elements/internal-loadbalancer</module> + <module>acl/role-based-access-checkers</module> </modules> <dependencies> http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bb271926/server/src/com/cloud/user/AccountManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java index cb0a65f..270ab79 100755 --- a/server/src/com/cloud/user/AccountManagerImpl.java +++ b/server/src/com/cloud/user/AccountManagerImpl.java @@ -353,11 +353,9 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M @Override public boolean isRootAdmin(long accountId) { - // refer to account_group_map and check if account is in Root 'Admin' - // group - - AclGroupAccountMapVO adminGroupMember = _aclGroupAccountDao.findAccountInAdminGroup(accountId); - if (adminGroupMember != null) { + // refer to account_group_map and check if account is in Root 'Admin' group + AclGroupAccountMapVO rootAdminGroupMember = _aclGroupAccountDao.findAccountInAdminGroup(accountId); + if (rootAdminGroupMember != null) { return true; } return false; http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bb271926/server/src/org/apache/cloudstack/acl/AclServiceImpl.java ---------------------------------------------------------------------- diff --git a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java index 1e5ad15..c8fc54c 100644 --- a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java +++ b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java @@ -165,7 +165,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager { @DB @Override @ActionEvent(eventType = EventTypes.EVENT_ACL_ROLE_GRANT, eventDescription = "Granting permission to Acl Role") - public AclRole grantPermissionToAclRole(long aclRoleId, List<String> apiNames) { + public AclRole grantApiPermissionToAclRole(long aclRoleId, List<String> apiNames) { Account caller = CallContext.current().getCallingAccount(); // get the Acl Role entity AclRole role = _aclRoleDao.findById(aclRoleId); @@ -195,7 +195,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager { @DB @Override @ActionEvent(eventType = EventTypes.EVENT_ACL_ROLE_REVOKE, eventDescription = "Revoking permission from Acl Role") - public AclRole revokePermissionFromAclRole(long aclRoleId, List<String> apiNames) { + public AclRole revokeApiPermissionFromAclRole(long aclRoleId, List<String> apiNames) { Account caller = CallContext.current().getCallingAccount(); // get the Acl Role entity AclRole role = _aclRoleDao.findById(aclRoleId); @@ -505,5 +505,16 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager { return true; } + @Override + public List<AclRole> getAclRoles(long accountId) { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isAPIAccessibleForRoles(String apiName, List<AclRole> roles) { + // TODO Auto-generated method stub + return false; + } }
