Repository: stratos Updated Branches: refs/heads/master 7f58cdbb5 -> 497a90df2
Updating internal/user role permissions Project: http://git-wip-us.apache.org/repos/asf/stratos/repo Commit: http://git-wip-us.apache.org/repos/asf/stratos/commit/497a90df Tree: http://git-wip-us.apache.org/repos/asf/stratos/tree/497a90df Diff: http://git-wip-us.apache.org/repos/asf/stratos/diff/497a90df Branch: refs/heads/master Commit: 497a90df2c84ec2354eee9bea004385c76a87dca Parents: 7f58cdb Author: Imesh Gunaratne <[email protected]> Authored: Tue May 19 23:09:51 2015 +0530 Committer: Imesh Gunaratne <[email protected]> Committed: Tue May 19 23:11:12 2015 +0530 ---------------------------------------------------------------------- .../src/main/resources/META-INF/component.xml | 2 +- .../src/main/resources/META-INF/component.xml | 24 ++----- .../console/controllers/menu/menu.json | 26 +++---- .../manager/utils/PermissionConstants.java | 73 +++++++++++++++----- .../stratos/manager/utils/UserRoleCreator.java | 32 +++------ .../src/main/resources/META-INF/component.xml | 50 +++++++------- .../rest/endpoint/api/StratosApiV41.java | 67 +++++++++--------- .../rest/endpoint/api/StratosApiV41Utils.java | 12 ++++ 8 files changed, 157 insertions(+), 129 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/stratos/blob/497a90df/components/org.apache.stratos.autoscaler/src/main/resources/META-INF/component.xml ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.autoscaler/src/main/resources/META-INF/component.xml b/components/org.apache.stratos.autoscaler/src/main/resources/META-INF/component.xml index 534e597..b9ad668 100644 --- a/components/org.apache.stratos.autoscaler/src/main/resources/META-INF/component.xml +++ b/components/org.apache.stratos.autoscaler/src/main/resources/META-INF/component.xml @@ -62,7 +62,7 @@ </ManagementPermission> <ManagementPermission> <DisplayName>Get Application Policy</DisplayName> - <ResourceId>/permission/protected/manage/getApplicationPolicy</ResourceId> + <ResourceId>/permission/admin/manage/getApplicationPolicy</ResourceId> </ManagementPermission> </ManagementPermissions> </component> http://git-wip-us.apache.org/repos/asf/stratos/blob/497a90df/components/org.apache.stratos.cloud.controller/src/main/resources/META-INF/component.xml ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.cloud.controller/src/main/resources/META-INF/component.xml b/components/org.apache.stratos.cloud.controller/src/main/resources/META-INF/component.xml index 1e68714..3de412c 100644 --- a/components/org.apache.stratos.cloud.controller/src/main/resources/META-INF/component.xml +++ b/components/org.apache.stratos.cloud.controller/src/main/resources/META-INF/component.xml @@ -23,16 +23,6 @@ <extension>xml</extension> <class>org.apache.stratos.cloud.controller.deployers.CloudControllerDeployer</class> </deployer> - <!-- >deployer> - <directory>cartridges</directory> - <extension>xml</extension> - <class>org.apache.stratos.cloud.controller.deployers.CartridgeDeployer</class> - </deployer--> - <!-- >deployer> - <directory>services</directory> - <extension>xml</extension> - <class>org.apache.stratos.cloud.controller.deployers.ServiceDeployer</class> - </deployer--> </deployers> <ManagementPermissions> <ManagementPermission> @@ -57,15 +47,15 @@ </ManagementPermission> <ManagementPermission> <DisplayName>Add Service Group</DisplayName> - <ResourceId>/permission/protected/manage/addServiceGroup</ResourceId> + <ResourceId>/permission/admin/manage/addServiceGroup</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Get Service Group Definition</DisplayName> - <ResourceId>/permission/protected/manage/getServiceGroupDefinition</ResourceId> + <ResourceId>/permission/admin/manage/getServiceGroupDefinition</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Remove Service Group Definition</DisplayName> - <ResourceId>/permission/protected/manage/removeServiceGroup</ResourceId> + <ResourceId>/permission/admin/manage/removeServiceGroup</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Add Deployment Policy</DisplayName> @@ -85,19 +75,19 @@ </ManagementPermission> <ManagementPermission> <DisplayName>Add Network Partition</DisplayName> - <ResourceId>/permission/protected/manage/addNetworkPartition</ResourceId> + <ResourceId>/permission/admin/manage/addNetworkPartition</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Update Network Partition</DisplayName> - <ResourceId>/permission/protected/manage/updateNetworkPartition</ResourceId> + <ResourceId>/permission/admin/manage/updateNetworkPartition</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Get Network Partition</DisplayName> - <ResourceId>/permission/protected/manage/getNetworkPartitions</ResourceId> + <ResourceId>/permission/admin/manage/getNetworkPartitions</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Remove Network Partition</DisplayName> - <ResourceId>/permission/protected/manage/removeNetworkPartition</ResourceId> + <ResourceId>/permission/admin/manage/removeNetworkPartition</ResourceId> </ManagementPermission> </ManagementPermissions> </component> http://git-wip-us.apache.org/repos/asf/stratos/blob/497a90df/components/org.apache.stratos.manager.console/console/controllers/menu/menu.json ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.manager.console/console/controllers/menu/menu.json b/components/org.apache.stratos.manager.console/console/controllers/menu/menu.json index 4604256..c7dff7d 100644 --- a/components/org.apache.stratos.manager.console/console/controllers/menu/menu.json +++ b/components/org.apache.stratos.manager.console/console/controllers/menu/menu.json @@ -15,7 +15,7 @@ "context": "/configure", "title": "Network Partitions", "icon": "fa-th-large", - "permissionPaths": ["/permission", "/permission/admin"], + "permissionPaths": ["/permission", "/permission/admin/manage/getNetworkPartitions"], "description": "Manage network partitions." }, { @@ -24,7 +24,7 @@ "context": "/configure", "title": "Autoscaling Policies", "icon": "fa-expand", - "permissionPaths": ["/permission", "/permission/admin", "/permission/admin/manage/view/autoscalingpolicy"], + "permissionPaths": ["/permission", "/permission/admin", "/permission/admin/manage/getAutoscalingPolicies"], "description": "Manage policies which specify autoscaling threshold values." }, { @@ -33,7 +33,7 @@ "context": "/configure", "title": "Deployment Policies", "icon": "fa-road", - "permissionPaths": ["/permission", "/permission/admin"], + "permissionPaths": ["/permission", "/permission/admin/manage/getDeploymentPolicies"], "description": "Manage policies which specify cartridge deployment in partitions." }, { @@ -42,7 +42,7 @@ "context": "/configure", "title": "Application Policies", "icon": "fa-cube", - "permissionPaths": ["/permission", "/permission/admin", "/permission/admin/manage/view/subscription"], + "permissionPaths": ["/permission", "/permission/admin", "/permission/admin/manage/getApplicationPolicies"], "description": "Manage policies which specify application deployment in network partitions." }, { @@ -51,7 +51,7 @@ "context": "/configure", "title": "Cartridges", "icon": "fa-inbox", - "permissionPaths": ["/permission", "/permission/admin"], + "permissionPaths": ["/permission", "/permission/admin/manage/getCartridges"], "description": "Manage single-tenant & multi-tenant cartridges." }, { @@ -60,16 +60,16 @@ "context": "/configure", "title": "Cartridge Groups", "icon": "fa-briefcase", - "permissionPaths": ["/permission", "/permission/admin", "/permission/admin/manage/view/subscription"], + "permissionPaths": ["/permission", "/permission/admin", "/permission/admin/getServiceGroupDefinition"], "description": "Manage cartridge groups" }, { - "link": "configure/docker/", + "link": "configure/kubernetesClusters/", "linkexternal": false, "context": "/configure", "title": "Kubernetes Clusters", "icon": "fa-sitemap", - "permissionPaths": ["/permission", "/permission/admin"], + "permissionPaths": ["/permission", "/permission/admin/manage/getKubernetesClusters"], "description": "Manage Kubernetes clusters." } ] @@ -89,7 +89,7 @@ "context": "/users", "title": "Manage Users", "icon": "fa-user", - "permissionPaths": ["/permission", "/permission/admin"], + "permissionPaths": ["/permission", "/permission/protected/manage/getUsers"], "description": "Manage current tenant users." }, { @@ -98,7 +98,7 @@ "context": "/users", "title": "Manage Tenants", "icon": "fa-building", - "permissionPaths": ["/permission"], + "permissionPaths": ["/permission/protected/manage/getTenants"], "description": "Manage tenants." } ] @@ -109,7 +109,7 @@ "context": "/", "title": "Applications", "icon": "fa-cubes", - "permissionPaths": ["/permission", "/permission/admin/manage/view/cartridge"], + "permissionPaths": ["/permission", "/permission/admin/manage/getApplications"], "description": "Manage applications." }, { @@ -118,7 +118,7 @@ "context": "/", "title": "JIRA", "icon": "fa-bug", - "permissionPaths": ["/permission", "/permission/admin/manage/view/subscription"], + "permissionPaths": ["/permission", "/permission/admin"], "description": "Report your issues that you find." }, { @@ -127,7 +127,7 @@ "context": "/", "title": "Documentation", "icon": "fa-life-saver", - "permissionPaths": ["/permission", "/permission/admin/manage/view/subscription"], + "permissionPaths": ["/permission", "/permission/admin"], "description": "Read documentation to get more information." } ] http://git-wip-us.apache.org/repos/asf/stratos/blob/497a90df/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/utils/PermissionConstants.java ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/utils/PermissionConstants.java b/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/utils/PermissionConstants.java index ac383fd..c65d64c 100644 --- a/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/utils/PermissionConstants.java +++ b/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/utils/PermissionConstants.java @@ -3,16 +3,16 @@ * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the + * to you under the Apache License", Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, + * Unless required by applicable law or agreed to in writing", * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the + * "AS IS" BASIS", WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND", either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ @@ -21,18 +21,55 @@ package org.apache.stratos.manager.utils; public class PermissionConstants { - public static final String ADD_SUBSCRIPTION = "/permission/admin/manage/add/subscription"; - public static final String REST_LOGIN = "/permission/admin/restlogin"; - public static final String ADD_GIT_SYNC = "/permission/admin/manage/add/sync"; - public static final String ADD_DOMAIN = "/permission/admin/manage/add/domain"; - public static final String VIEW_AUTOSCALING_POLICY = "/permission/admin/manage/view/autoscalingPolicy"; - public static final String VIEW_DEPLOYMENT_POLICY = "/permission/admin/manage/view/deploymentPolicy"; - public static final String VIEW_SUBSCRIPTION = "/permission/admin/manage/view/subscription"; - public static final String VIEW_CARTRIDGE = "/permission/admin/manage/view/cartridge"; - public static final String VIEW_SERVICE = "/permission/admin/manage/view/service"; - public static final String VIEW_DOMAIN = "/permission/admin/manage/view/domain"; - public static final String VIEW_CLUSTER = "/permission/admin/manage/view/cluster"; - public static final String VIEW_INSTANCE = "/permission/admin/manage/view/instance"; - public static final String VIEW_KUBERNETES = "/permission/admin/manage/view/kubernetes"; - + public static final String[] INTERNAL_USER_ROLE_PERMISSIONS = new String[] { + "/permission/protected/restlogin", + "/permission/admin/manage/addCartridge", + "/permission/admin/manage/updateCartridge", + "/permission/admin/manage/getCartridges", + "/permission/admin/manage/getCartridgesByFilter", + "/permission/admin/manage/removeCartridge", + "/permission/admin/manage/addServiceGroup", + "/permission/admin/manage/getServiceGroupDefinition", + "/permission/admin/manage/removeServiceGroup", + "/permission/admin/manage/addDeploymentPolicy", + "/permission/admin/manage/getDeploymentPolicy", + "/permission/admin/manage/updateDeploymentPolicy", + "/permission/admin/manage/removeDeploymentPolicy", + "/permission/admin/manage/addNetworkPartition", + "/permission/admin/manage/updateNetworkPartition", + "/permission/admin/manage/getNetworkPartitions", + "/permission/admin/manage/removeNetworkPartition", + "/permission/admin/manage/getAutoscalingPolicies", + "/permission/admin/manage/addAutoscalingPolicy", + "/permission/admin/manage/updateAutoscalingPolicy", + "/permission/admin/manage/removeAutoscalingPolicy", + "/permission/admin/manage/addKubernetesHostCluster", + "/permission/admin/manage/addKubernetesHost", + "/permission/admin/manage/updateKubernetesMaster", + "/permission/admin/manage/updateKubernetesHost", + "/permission/admin/manage/getKubernetesHostClusters", + "/permission/admin/manage/removeKubernetesHostCluster", + "/permission/admin/manage/getApplicationPolicy", + "/permission/admin/manage/addApplication", + "/permission/admin/manage/getApplications", + "/permission/admin/manage/deployApplication", + "/permission/admin/manage/getApplicationDeploymentPolicy", + "/permission/admin/manage/addApplicationSignUp", + "/permission/admin/manage/getApplicationSignUp", + "/permission/admin/manage/removeApplicationSignUp", + "/permission/admin/manage/addDomainMappings", + "/permission/admin/manage/removeDomainMappings", + "/permission/admin/manage/getDomainMappings", + "/permission/admin/manage/undeployApplication", + "/permission/admin/manage/getApplicationRuntime", + "/permission/admin/manage/removeApplication", + "/permission/admin/manage/addTenant", + "/permission/admin/manage/updateTenant", + "/permission/admin/manage/getTenantForDomain", + "/permission/admin/manage/removeTenant", + "/permission/admin/manage/getTenants", + "/permission/admin/manage/activateTenant", + "/permission/admin/manage/deactivateTenant", + "/permission/admin/manage/notifyRepository" + }; } http://git-wip-us.apache.org/repos/asf/stratos/blob/497a90df/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/utils/UserRoleCreator.java ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/utils/UserRoleCreator.java b/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/utils/UserRoleCreator.java index e7dfe94..2369a86 100644 --- a/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/utils/UserRoleCreator.java +++ b/components/org.apache.stratos.manager/src/main/java/org/apache/stratos/manager/utils/UserRoleCreator.java @@ -28,6 +28,9 @@ import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.api.UserStoreManager; import org.wso2.carbon.user.mgt.UserMgtConstants; +import java.util.ArrayList; +import java.util.List; + public class UserRoleCreator { private static final Log log = LogFactory.getLog(UserRoleCreator.class); @@ -36,32 +39,19 @@ public class UserRoleCreator { * Creating Internal/user Role at Carbon Server Start-up */ public static void createInternalUserRole(UserStoreManager userStoreManager) throws UserManagerException { - String userRole = "Internal/user"; - try { if (!userStoreManager.isExistingRole(userRole)) { - if (log.isDebugEnabled()) { - log.debug("Creating internal user role: " + userRole); - } - //Set permissions to the Internal/user role - Permission[] tenantUserPermissions = new Permission[]{new Permission(PermissionConstants.VIEW_AUTOSCALING_POLICY, UserMgtConstants.EXECUTE_ACTION), - new Permission(PermissionConstants.VIEW_DEPLOYMENT_POLICY, UserMgtConstants.EXECUTE_ACTION), - new Permission(PermissionConstants.VIEW_CARTRIDGE, UserMgtConstants.EXECUTE_ACTION), - new Permission(PermissionConstants.VIEW_SERVICE, UserMgtConstants.EXECUTE_ACTION), - new Permission(PermissionConstants.VIEW_SUBSCRIPTION, UserMgtConstants.EXECUTE_ACTION), - new Permission(PermissionConstants.VIEW_DOMAIN, UserMgtConstants.EXECUTE_ACTION), - new Permission(PermissionConstants.VIEW_CLUSTER, UserMgtConstants.EXECUTE_ACTION), - new Permission(PermissionConstants.VIEW_INSTANCE, UserMgtConstants.EXECUTE_ACTION), - new Permission(PermissionConstants.VIEW_KUBERNETES, UserMgtConstants.EXECUTE_ACTION), - new Permission(PermissionConstants.ADD_GIT_SYNC, UserMgtConstants.EXECUTE_ACTION), - new Permission(PermissionConstants.ADD_SUBSCRIPTION, UserMgtConstants.EXECUTE_ACTION), - new Permission(PermissionConstants.ADD_DOMAIN, UserMgtConstants.EXECUTE_ACTION), - new Permission(PermissionConstants.REST_LOGIN, UserMgtConstants.EXECUTE_ACTION), - }; + log.info("Creating internal user role: " + userRole); + //Set permissions to the Internal/user role + List<Permission> permissions = new ArrayList<Permission>(); + for(String permissionResourceId : PermissionConstants.INTERNAL_USER_ROLE_PERMISSIONS) { + Permission permission = new Permission(permissionResourceId, UserMgtConstants.EXECUTE_ACTION); + permissions.add(permission); + } String[] userList = new String[]{}; - userStoreManager.addRole(userRole, userList, tenantUserPermissions); + userStoreManager.addRole(userRole, userList, permissions.toArray(new Permission[permissions.size()])); } } catch (UserStoreException e) { String msg = "Error while creating the role: " + userRole; http://git-wip-us.apache.org/repos/asf/stratos/blob/497a90df/components/org.apache.stratos.manager/src/main/resources/META-INF/component.xml ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.manager/src/main/resources/META-INF/component.xml b/components/org.apache.stratos.manager/src/main/resources/META-INF/component.xml index a77988f..e885598 100644 --- a/components/org.apache.stratos.manager/src/main/resources/META-INF/component.xml +++ b/components/org.apache.stratos.manager/src/main/resources/META-INF/component.xml @@ -20,87 +20,87 @@ <ManagementPermissions> <ManagementPermission> <DisplayName>REST Login</DisplayName> - <ResourceId>/permission/admin/restlogin</ResourceId> + <ResourceId>/permission/protected/restlogin</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Add Application</DisplayName> - <ResourceId>/permission/protected/manage/addApplication</ResourceId> + <ResourceId>/permission/admin/manage/addApplication</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Get Application</DisplayName> - <ResourceId>/permission/protected/manage/getApplications</ResourceId> + <ResourceId>/permission/admin/manage/getApplications</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Deploy Application</DisplayName> - <ResourceId>/permission/protected/manage/deployApplication</ResourceId> + <ResourceId>/permission/admin/manage/deployApplication</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Get Application Deployment Policy</DisplayName> - <ResourceId>/permission/protected/manage/getApplicationDeploymentPolicy</ResourceId> + <ResourceId>/permission/admin/manage/getApplicationDeploymentPolicy</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Add Application Sign Up</DisplayName> - <ResourceId>/permission/protected/manage/addApplicationSignUp</ResourceId> + <ResourceId>/permission/admin/manage/addApplicationSignUp</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Get Application Sign Up</DisplayName> - <ResourceId>/permission/protected/manage/getApplicationSignUp</ResourceId> + <ResourceId>/permission/admin/manage/getApplicationSignUp</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Remove Application Sign Up</DisplayName> - <ResourceId>/permission/protected/manage/removeApplicationSignUp</ResourceId> + <ResourceId>/permission/admin/manage/removeApplicationSignUp</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Add Domain Mappings</DisplayName> - <ResourceId>/permission/protected/manage/addDomainMappings</ResourceId> + <ResourceId>/permission/admin/manage/addDomainMappings</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Remove Domain Mappings</DisplayName> - <ResourceId>/permission/protected/manage/removeDomainMappings</ResourceId> + <ResourceId>/permission/admin/manage/removeDomainMappings</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Get Domain Mappings</DisplayName> - <ResourceId>/permission/protected/manage/getDomainMappings</ResourceId> + <ResourceId>/permission/admin/manage/getDomainMappings</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Undeploy Application</DisplayName> - <ResourceId>/permission/protected/manage/undeployApplication</ResourceId> + <ResourceId>/permission/admin/manage/undeployApplication</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Get Application Runtime</DisplayName> - <ResourceId>/permission/protected/manage/getApplicationRuntime</ResourceId> + <ResourceId>/permission/admin/manage/getApplicationRuntime</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Remove Application</DisplayName> - <ResourceId>/permission/protected/manage/removeApplication</ResourceId> + <ResourceId>/permission/admin/manage/removeApplication</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Add Tenant</DisplayName> - <ResourceId>/permission/protected/manage/addTenant</ResourceId> + <ResourceId>/permission/admin/manage/addTenant</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Update Tenant</DisplayName> - <ResourceId>/permission/protected/manage/updateTenant</ResourceId> + <ResourceId>/permission/admin/manage/updateTenant</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Get Tenant For Domain</DisplayName> - <ResourceId>/permission/protected/manage/getTenantForDomain</ResourceId> + <ResourceId>/permission/admin/manage/getTenantForDomain</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Remove Tenant</DisplayName> - <ResourceId>/permission/protected/manage/removeTenant</ResourceId> + <ResourceId>/permission/admin/manage/removeTenant</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Get Tenants</DisplayName> - <ResourceId>/permission/protected/manage/getTenants</ResourceId> + <ResourceId>/permission/admin/manage/getTenants</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Activate Tenant</DisplayName> - <ResourceId>/permission/protected/manage/activateTenant</ResourceId> + <ResourceId>/permission/admin/manage/activateTenant</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Deactivate Tenant</DisplayName> - <ResourceId>/permission/protected/manage/deactivateTenant</ResourceId> + <ResourceId>/permission/admin/manage/deactivateTenant</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Notify Repository</DisplayName> @@ -108,19 +108,19 @@ </ManagementPermission> <ManagementPermission> <DisplayName>Add User</DisplayName> - <ResourceId>/permission/admin/manage/addUser</ResourceId> + <ResourceId>/permission/protected/manage/addUser</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Remove User</DisplayName> - <ResourceId>/permission/admin/manage/removeUser</ResourceId> + <ResourceId>/permission/protected/manage/removeUser</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Update User</DisplayName> - <ResourceId>/permission/admin/manage/updateUser</ResourceId> + <ResourceId>/permission/protected/manage/updateUser</ResourceId> </ManagementPermission> <ManagementPermission> <DisplayName>Get Users</DisplayName> - <ResourceId>/permission/admin/manage/getUsers</ResourceId> + <ResourceId>/permission/protected/manage/getUsers</ResourceId> </ManagementPermission> </ManagementPermissions> </component> http://git-wip-us.apache.org/repos/asf/stratos/blob/497a90df/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41.java ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41.java b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41.java index ed46f17..7e25e8e 100644 --- a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41.java +++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41.java @@ -125,7 +125,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/cartridges") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/addCartridge") + @AuthorizationAction("/permission/protected/manage/addCartridge") public Response addCartridge( CartridgeBean cartridgeDefinitionBean) throws RestAPIException { @@ -155,7 +155,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/deploymentPolicies") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/addDeploymentPolicy") + @AuthorizationAction("/permission/protected/manage/addDeploymentPolicy") public Response addDeploymentPolicy( DeploymentPolicyBean deploymentPolicyDefinitionBean) throws RestAPIException { @@ -186,7 +186,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/deploymentPolicies/{deploymentPolicyId}") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/getDeploymentPolicy") + @AuthorizationAction("/permission/protected/manage/getDeploymentPolicy") public Response getDeploymentPolicy( @PathParam("deploymentPolicyId") String deploymentPolicyId) throws RestAPIException { DeploymentPolicyBean deploymentPolicyBean = StratosApiV41Utils.getDeployementPolicy(deploymentPolicyId); @@ -230,7 +230,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/deploymentPolicies") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/updateDeploymentPolicy") + @AuthorizationAction("/permission/protected/manage/updateDeploymentPolicy") public Response updateDeploymentPolicy( DeploymentPolicyBean deploymentPolicyDefinitionBean) throws RestAPIException { @@ -270,7 +270,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/deploymentPolicies/{deploymentPolicyId}") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/removeDeploymentPolicy") + @AuthorizationAction("/permission/protected/manage/removeDeploymentPolicy") public Response removeDeploymentPolicy( @PathParam("deploymentPolicyId") String deploymentPolicyId) throws RestAPIException { try { @@ -299,7 +299,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/cartridges") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/updateCartridge") + @AuthorizationAction("/permission/protected/manage/updateCartridge") public Response updateCartridge( CartridgeBean cartridgeDefinitionBean) throws RestAPIException { StratosApiV41Utils.updateCartridge(cartridgeDefinitionBean); @@ -320,7 +320,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/cartridges") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/getCartridge") + @AuthorizationAction("/permission/protected/manage/getCartridge") public Response getCartridges() throws RestAPIException { @@ -345,7 +345,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/cartridges/{cartridgeType}") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/getCartridge") + @AuthorizationAction("/permission/protected/manage/getCartridge") public Response getCartridge( @PathParam("cartridgeType") String cartridgeType) throws RestAPIException { CartridgeBean cartridge; @@ -370,7 +370,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/cartridges/filter/{filter}") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/getCartridgesByFilter") + @AuthorizationAction("/permission/protected/manage/getCartridgesByFilter") public Response getCartridgesByFilter( @DefaultValue("") @PathParam("filter") String filter, @QueryParam("criteria") String criteria) throws RestAPIException { @@ -397,7 +397,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/cartridges/{cartridgeType}/filter/{filter}") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/getCartridgesByFilter") + @AuthorizationAction("/permission/protected/manage/getCartridgesByFilter") public Response getCartridgeByFilter( @PathParam("cartridgeType") String cartridgeType, @DefaultValue("") @PathParam("filter") String filter) throws RestAPIException { @@ -423,7 +423,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/cartridges/{cartridgeType}") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/removeCartridge") + @AuthorizationAction("/permission/protected/manage/removeCartridge") public Response removeCartridge( @PathParam("cartridgeType") String cartridgeType) throws RestAPIException { StratosApiV41Utils.removeCartridge(cartridgeType); @@ -824,7 +824,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/applicationPolicies") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/addApplicationPolicy") + @AuthorizationAction("/permission/protected/manage/addApplicationPolicy") public Response addApplicationPolicy( ApplicationPolicyBean applicationPolicy) throws RestAPIException { try { @@ -885,7 +885,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/applicationPolicies") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/getApplicationPolicies") + @AuthorizationAction("/permission/protected/manage/getApplicationPolicies") public Response getApplicationPolicies() throws RestAPIException { ApplicationPolicyBean[] applicationPolicies = StratosApiV41Utils.getApplicationPolicies(); @@ -907,7 +907,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/applicationPolicies/{applicationPolicyId}") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/removeApplicationPolicy") + @AuthorizationAction("/permission/protected/manage/removeApplicationPolicy") public Response removeApplicationPolicy( @PathParam("applicationPolicyId") String applicationPolicyId) throws RestAPIException { try { @@ -943,7 +943,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/applicationPolicies") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/updateApplicationPolicy") + @AuthorizationAction("/permission/protected/manage/updateApplicationPolicy") public Response updateApplicationPolicy( ApplicationPolicyBean applicationPolicy) throws RestAPIException { @@ -1260,7 +1260,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/autoscalingPolicies") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/getAutoscalingPolicies") + @AuthorizationAction("/permission/protected/manage/getAutoscalingPolicies") public Response getAutoscalingPolicies() throws RestAPIException { AutoscalePolicyBean[] autoScalePolicies = StratosApiV41Utils.getAutoScalePolicies(); @@ -1282,7 +1282,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/autoscalingPolicies/{autoscalePolicyId}") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/getAutoscalingPolicies") + @AuthorizationAction("/permission/protected/manage/getAutoscalingPolicies") public Response getAutoscalingPolicy( @PathParam("autoscalePolicyId") String autoscalePolicyId) throws RestAPIException { AutoscalePolicyBean autoScalePolicy = StratosApiV41Utils.getAutoScalePolicy(autoscalePolicyId); @@ -1304,7 +1304,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/autoscalingPolicies") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/addAutoscalingPolicy") + @AuthorizationAction("/permission/protected/manage/addAutoscalingPolicy") public Response addAutoscalingPolicy( AutoscalePolicyBean autoscalePolicy) throws RestAPIException { @@ -1336,7 +1336,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/autoscalingPolicies") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/updateAutoscalingPolicy") + @AuthorizationAction("/permission/protected/manage/updateAutoscalingPolicy") public Response updateAutoscalingPolicy( AutoscalePolicyBean autoscalePolicy) throws RestAPIException { @@ -1388,7 +1388,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/autoscalingPolicies/{autoscalingPolicyId}") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/removeAutoscalingPolicy") + @AuthorizationAction("/permission/protected/manage/removeAutoscalingPolicy") public Response removeAutoscalingPolicy( @PathParam("autoscalingPolicyId") String autoscalingPolicyId) throws RestAPIException { @@ -1418,7 +1418,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/cluster/{clusterId}") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/cluster") + @AuthorizationAction("/permission/protected/manage/cluster") public Response getCluster( @PathParam("clusterId") String clusterId) throws RestAPIException { try { @@ -1686,7 +1686,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/repo/notify") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/notifyRepository") + @AuthorizationAction("/permission/protected/manage/notifyRepository") public Response notifyRepository( GitNotificationPayloadBean payload) throws RestAPIException { if (log.isInfoEnabled()) { @@ -1801,7 +1801,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/kubernetesClusters") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/addKubernetesCluster") + @AuthorizationAction("/permission/protected/manage/addKubernetesCluster") public Response addKubernetesHostCluster( KubernetesClusterBean kubernetesCluster) throws RestAPIException { @@ -1833,7 +1833,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/kubernetesClusters") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/updateKubernetesCluster") + @AuthorizationAction("/permission/protected/manage/updateKubernetesCluster") public Response updateKubernetesHostCluster( KubernetesClusterBean kubernetesCluster) throws RestAPIException { @@ -1863,7 +1863,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/kubernetesClusters/{kubernetesClusterId}/minion") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/addKubernetesHost") + @AuthorizationAction("/permission/protected/manage/addKubernetesHost") public Response addKubernetesHost( @PathParam("kubernetesClusterId") String kubernetesClusterId, KubernetesHostBean kubernetesHost) throws RestAPIException { @@ -1885,7 +1885,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/kubernetesClusters/{kubernetesClusterId}/master") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/updateKubernetesMaster") + @AuthorizationAction("/permission/protected/manage/updateKubernetesMaster") public Response updateKubernetesMaster( KubernetesMasterBean kubernetesMaster) throws RestAPIException { try { @@ -1904,7 +1904,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/kubernetesClusters/host") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/updateKubernetesHost") + @AuthorizationAction("/permission/protected/manage/updateKubernetesHost") public Response updateKubernetesHost( KubernetesHostBean kubernetesHost) throws RestAPIException { try { @@ -1929,7 +1929,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/kubernetesClusters") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/getKubernetesHostClusters") + @AuthorizationAction("/permission/protected/manage/getKubernetesHostClusters") public Response getKubernetesHostClusters() throws RestAPIException { KubernetesClusterBean[] availableKubernetesClusters = StratosApiV41Utils.getAvailableKubernetesClusters(); if (availableKubernetesClusters == null || availableKubernetesClusters.length == 0) { @@ -1950,7 +1950,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/kubernetesClusters/{kubernetesClusterId}") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/getKubernetesHostClusters") + @AuthorizationAction("/permission/protected/manage/getKubernetesHostClusters") public Response getKubernetesHostCluster( @PathParam("kubernetesClusterId") String kubernetesClusterId) throws RestAPIException { try { @@ -1972,7 +1972,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/kubernetesClusters/{kubernetesClusterId}/hosts") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/getKubernetesHostClusters") + @AuthorizationAction("/permission/protected/manage/getKubernetesHostClusters") public Response getKubernetesHostsOfKubernetesCluster( @PathParam("kubernetesClusterId") String kubernetesClusterId) throws RestAPIException { try { @@ -1994,7 +1994,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/kubernetesClusters/{kubernetesClusterId}/master") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/getKubernetesHostClusters") + @AuthorizationAction("/permission/protected/manage/getKubernetesHostClusters") public Response getKubernetesMasterOfKubernetesCluster( @PathParam("kubernetesClusterId") String kubernetesClusterId) throws RestAPIException { try { @@ -2016,7 +2016,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/kubernetesClusters/{kubernetesClusterId}") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/removeKubernetesHostCluster") + @AuthorizationAction("/permission/protected/manage/removeKubernetesHostCluster") public Response removeKubernetesHostCluster( @PathParam("kubernetesClusterId") String kubernetesClusterId) throws RestAPIException { try { @@ -2044,7 +2044,7 @@ public class StratosApiV41 extends AbstractApi { @Path("/kubernetesClusters/{kubernetesClusterId}/hosts/{hostId}") @Produces("application/json") @Consumes("application/json") - @AuthorizationAction("/permission/admin/manage/removeKubernetesHostCluster") + @AuthorizationAction("/permission/protected/manage/removeKubernetesHostCluster") public Response removeKubernetesHostOfKubernetesCluster( @PathParam("hostId") String kubernetesHostId) throws RestAPIException { try { @@ -2057,5 +2057,4 @@ public class StratosApiV41 extends AbstractApi { String.format("Kubernetes Host removed successfully: [kub-host] %s", kubernetesHostId))) .build(); } - } http://git-wip-us.apache.org/repos/asf/stratos/blob/497a90df/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41Utils.java ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41Utils.java b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41Utils.java index d89ea35..42612a7 100644 --- a/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41Utils.java +++ b/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/api/StratosApiV41Utils.java @@ -55,6 +55,7 @@ import org.apache.stratos.common.beans.topology.GroupInstanceBean; import org.apache.stratos.common.client.AutoscalerServiceClient; import org.apache.stratos.common.client.CloudControllerServiceClient; import org.apache.stratos.common.client.StratosManagerServiceClient; +import org.apache.stratos.common.exception.ApacheStratosException; import org.apache.stratos.common.exception.InvalidEmailException; import org.apache.stratos.common.util.ClaimsMgtUtil; import org.apache.stratos.common.util.CommonUtil; @@ -64,6 +65,7 @@ import org.apache.stratos.manager.service.stub.domain.application.signup.Applica import org.apache.stratos.manager.service.stub.domain.application.signup.ArtifactRepository; import org.apache.stratos.manager.service.stub.domain.application.signup.DomainMapping; import org.apache.stratos.manager.user.management.StratosUserManagerUtils; +import org.apache.stratos.manager.user.management.TenantUserRoleManager; import org.apache.stratos.manager.user.management.exception.UserManagerException; import org.apache.stratos.manager.utils.ApplicationManagementUtil; import org.apache.stratos.messaging.domain.application.Application; @@ -2891,6 +2893,16 @@ public class StratosApiV41Utils { log.error(msg, e); throw new RestAPIException(msg); } + + try { + TenantUserRoleManager tenantUserRoleManager = new TenantUserRoleManager(); + tenantUserRoleManager.onTenantCreate(tenantInfoBean); + } catch (ApacheStratosException e) { + String message = "Could create Internal/user role for tenant"; + log.error(message, e); + throw new RestAPIException(message); + } + // For the super tenant tenant creation, tenants are always activated as they are created. try { TenantMgtUtil.activateTenantInitially(
