Updated Branches: refs/heads/master 5bc7f7eb3 -> 2e6084c20
console app authorization bits Project: http://git-wip-us.apache.org/repos/asf/incubator-stratos/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-stratos/commit/9c043d5a Tree: http://git-wip-us.apache.org/repos/asf/incubator-stratos/tree/9c043d5a Diff: http://git-wip-us.apache.org/repos/asf/incubator-stratos/diff/9c043d5a Branch: refs/heads/master Commit: 9c043d5a741543ca42e9fa98dd32709b8e4fe562 Parents: f8605c9 Author: Pradeep Fernando <[email protected]> Authored: Tue Jan 14 10:18:17 2014 +0530 Committer: Pradeep Fernando <[email protected]> Committed: Tue Jan 14 10:18:17 2014 +0530 ---------------------------------------------------------------------- .../console/config/acl.json | 4 ++ .../console/controllers/acs.jag | 4 ++ .../console/util/acl.jag | 53 ++++++++++++++++++++ 3 files changed, 61 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/9c043d5a/components/org.apache.stratos.manager.console/console/config/acl.json ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.manager.console/console/config/acl.json b/components/org.apache.stratos.manager.console/console/config/acl.json new file mode 100644 index 0000000..e6ae1bd --- /dev/null +++ b/components/org.apache.stratos.manager.console/console/config/acl.json @@ -0,0 +1,4 @@ +{ + "admin":["view","edit","add","tenant-edit"], + "user" :["view","tenant-edit"] +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/9c043d5a/components/org.apache.stratos.manager.console/console/controllers/acs.jag ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.manager.console/console/controllers/acs.jag b/components/org.apache.stratos.manager.console/console/controllers/acs.jag index a83826e..01f9268 100644 --- a/components/org.apache.stratos.manager.console/console/controllers/acs.jag +++ b/components/org.apache.stratos.manager.console/console/controllers/acs.jag @@ -37,6 +37,10 @@ var sessionObj = sso.client.decodeSAMLLoginResponse(samlRespObj, samlResponse, sessionId); var samlToken = sso.client.getB64EncodedtSAMLAssertion(samlRespObj); log.info("B64 encoded SAML2Token : " + samlToken.b64Encoded); + log.info("Logged in user : " + sessionObj.loggedInUser); + log.info("Tenant domain : " + sso.client.getTenantDomain(samlRespObj)); + log.info("Role List of current tenant : "+ sso.client.getRoleList(samlRespObj)[1]); + log.info("B64 encoded SAML2Token : " + samlToken.b64Encoded); var encodedString = sso.client.b64encode("LATjzZ4FvQc2gFEfwcitay78lQQa:LeZD0oN0ZLTLjLmRqphX4Ulrr5wa"); log.info("encoded string : " + encodedString); var accessToken = util.consoleAppUtil.getOauthAccessToken(samlToken.b64Encoded,encodedString); http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/9c043d5a/components/org.apache.stratos.manager.console/console/util/acl.jag ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.manager.console/console/util/acl.jag b/components/org.apache.stratos.manager.console/console/util/acl.jag new file mode 100644 index 0000000..ec20ec4 --- /dev/null +++ b/components/org.apache.stratos.manager.console/console/util/acl.jag @@ -0,0 +1,53 @@ +<% + +authenticationUtil = new function(){ + var log = new Log(); +}; + +authorizationUtil = new function(){ + var log = new Log(); + + // primitive acl impl. + this.isAllowed = function(tenant,roleObj,resource){ + var aclconfig = require('/config/acl.json'); + if(tenant == null){ // check for undefine as well + return false; + }else if(tenant == "carbon.super"){ + return this.checkPermission(roleObj,aclconfig.carbonsuper,resource); + }else{ + return this.checkPermission(roleObj,aclconfig.tenants,resource); + } + + return false; + }; + // user roles: {[admin,Internal]} + // permission config : + //{ + // "admin": ["view", "edit", "add_tenant", "tenant-edit"], + // "everyone": ["view", "tenant-edit"] + //} + this.checkPermission = function(roleArray, permissionConfig, resource) { + for(var i=0; i < roleArray.length; i++){ + for(var permissionKey in permissionConfig) { + if(permissionKey == roleArray[i]){ + var permissionArray = permissionConfig[permissionKey]; + for(var i=0;i< permissionArray.length;i++){ + if(resource != null && resource == permissionArray[i]){ + return true; + } + } + } + } + } + return false; + }; +}; + +//var testLog = new Log(); +//testLog.info(authorizationUtil.isAllowed("carbon.super",["admin","Internal/Everyone"],"view")); +//testLog.info(authorizationUtil.isAllowed("pradeep.org",["admin","Internal/Everyone"],"edit")); +//testLog.info(authorizationUtil.isAllowed("pradeep.org",["admin","Internal/Everyone"],"tenant-edit")); +//testLog.info(authorizationUtil.isAllowed("test.org",["Internal/Everyone"],"view")); +//testLog.info(authorizationUtil.isAllowed("someorg.com",["admin","Internal/Everyone"],"view")); + +%> \ No newline at end of file
