Updated Branches: refs/heads/master 5ad85be27 -> 47f406d6b
populating authorization object and injecting it in the router for renderers Project: http://git-wip-us.apache.org/repos/asf/incubator-stratos/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-stratos/commit/f5769e68 Tree: http://git-wip-us.apache.org/repos/asf/incubator-stratos/tree/f5769e68 Diff: http://git-wip-us.apache.org/repos/asf/incubator-stratos/diff/f5769e68 Branch: refs/heads/master Commit: f5769e68fb35d97ea4c9aa9e99c595533f88c713 Parents: 39207f6 Author: Pradeep Fernando <[email protected]> Authored: Thu Jan 16 14:23:37 2014 +0530 Committer: Pradeep Fernando <[email protected]> Committed: Thu Jan 16 14:23:37 2014 +0530 ---------------------------------------------------------------------- .../console/config/acl.json | 10 +++++-- .../console/controllers/router.jag | 4 +++ .../console/util/acl.jag | 31 ++++++++++++++++++-- 3 files changed, 41 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/f5769e68/components/org.apache.stratos.manager.console/console/config/acl.json ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.manager.console/console/config/acl.json b/components/org.apache.stratos.manager.console/console/config/acl.json index e6ae1bd..8b4b6c2 100644 --- a/components/org.apache.stratos.manager.console/console/config/acl.json +++ b/components/org.apache.stratos.manager.console/console/config/acl.json @@ -1,4 +1,10 @@ { - "admin":["view","edit","add","tenant-edit"], - "user" :["view","tenant-edit"] + "carbonsuper": { + "admin": ["view", "edit", "add", "tenant-edit"], + "Internal/Everyone": ["view", "tenant-edit"] + }, + "tenants": { + "admin": ["view", "post"], + "Internal/Everyone": ["test1","test2","view"] + } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/f5769e68/components/org.apache.stratos.manager.console/console/controllers/router.jag ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.manager.console/console/controllers/router.jag b/components/org.apache.stratos.manager.console/console/controllers/router.jag index feb4cfd..3eb6925 100644 --- a/components/org.apache.stratos.manager.console/console/controllers/router.jag +++ b/components/org.apache.stratos.manager.console/console/controllers/router.jag @@ -8,6 +8,7 @@ var EXT_PATH=config.paths.ASSET_EXT_PATH; var DEFAULT_PATH=config.paths.ASSET_DEFAULT_PATH; var URL=config.urls.MGT; + var acl = require('/util/acl.jag'); var MSG_404='Asset not found'; //Eror 404 message @@ -73,6 +74,9 @@ request.getMappedPath = function() { return path; }; + var permissionObject = acl.authorizationUtil.getPermissionObj("carbon.super",["admin","Internal/Everyone"]); + log.info(permissionObject); + request.permissions = permissionObject; include(path); return; } http://git-wip-us.apache.org/repos/asf/incubator-stratos/blob/f5769e68/components/org.apache.stratos.manager.console/console/util/acl.jag ---------------------------------------------------------------------- diff --git a/components/org.apache.stratos.manager.console/console/util/acl.jag b/components/org.apache.stratos.manager.console/console/util/acl.jag index ec20ec4..97f64b2 100644 --- a/components/org.apache.stratos.manager.console/console/util/acl.jag +++ b/components/org.apache.stratos.manager.console/console/util/acl.jag @@ -22,7 +22,6 @@ authorizationUtil = new function(){ }; // user roles: {[admin,Internal]} // permission config : - //{ // "admin": ["view", "edit", "add_tenant", "tenant-edit"], // "everyone": ["view", "tenant-edit"] //} @@ -41,10 +40,38 @@ authorizationUtil = new function(){ } return false; }; + + this.getPermissionObj = function(tenant,roleArray) { + var aclconfig = require('/config/acl.json'); + if(tenant == null){ // check for undefine as well + return false; + }else if(tenant == "carbon.super"){ + return this.getUnionOfPermissions(roleArray,aclconfig.carbonsuper); + }else{ + return this.getUnionOfPermissions(roleArray,aclconfig.tenants); + } + }; + + this.getUnionOfPermissions = function(roleArray,permissionConfig) { // i dont like these methods. O(n^4) :(( + var permObj = {}; + for(var i=0; i < roleArray.length; i++){ + for(var permissionKey in permissionConfig) { + if(permissionKey == roleArray[i]){ + var permissionArray = permissionConfig[permissionKey]; + for(var j=0;j< permissionArray.length;j++){ + if(!permObj[permissionArray[j]]){ + permObj[permissionArray[j]] = true; + } + } + } + } + } + return permObj; + }; }; //var testLog = new Log(); -//testLog.info(authorizationUtil.isAllowed("carbon.super",["admin","Internal/Everyone"],"view")); +//testLog.info(authorizationUtil.getPermissionObj("carbon.super",["admin"])); //testLog.info(authorizationUtil.isAllowed("pradeep.org",["admin","Internal/Everyone"],"edit")); //testLog.info(authorizationUtil.isAllowed("pradeep.org",["admin","Internal/Everyone"],"tenant-edit")); //testLog.info(authorizationUtil.isAllowed("test.org",["Internal/Everyone"],"view"));
