etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

StaticRoleBased: commands.properties is actually cfg for this plugin 

Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
This commit is contained in:
Rohit Yadav 2013-01-14 18:58:23 -08:00
parent c318561d6c
commit 3ec985f46f
1 changed files with 13 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java
View File

@ -21,15 +21,14 @@ import com.cloud.server.ManagementServer;
import com.cloud.user.Account;
import com.cloud.user.AccountService;
import com.cloud.user.User;
import com.cloud.utils.PropertiesUtil;
import com.cloud.utils.component.AdapterBase;
import com.cloud.utils.component.ComponentLocator;
import com.cloud.utils.component.PluggableService;
import javax.ejb.Local;
import javax.naming.ConfigurationException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
@ -37,7 +36,7 @@ import org.apache.log4j.Logger;
// This is the default API access checker that grab's the user's account
// based on the account type, access is granted
@Local(value=APIChecker.class)
@Local(value = APIChecker.class)
public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIChecker {
protected static final Logger s_logger = Logger.getLogger(StaticRoleBasedAPIAccessChecker.class);
@ -49,7 +48,7 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIC
protected StaticRoleBasedAPIAccessChecker() {
super();
for (RoleType roleType: RoleType.values())
for (RoleType roleType : RoleType.values())
s_roleBasedApisMap.put(roleType, new HashSet<String>());
}
@ -57,6 +56,10 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIC
public boolean checkAccess(User user, String commandName)
throws PermissionDeniedException {
Account account = s_accountService.getAccount(user.getAccountId());
if (account == null) {
throw new PermissionDeniedException("The account id=" + user.getAccountId() + "for user id=" + user.getId() + "is null");
}
RoleType roleType = s_accountService.getRoleType(account);
boolean isAllowed = s_roleBasedApisMap.get(roleType).contains(commandName);
if (!isAllowed) {
@ -71,32 +74,26 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIC
// Read command properties files to build the static map per role.
ComponentLocator locator = ComponentLocator.getLocator(ManagementServer.Name);
s_accountService = locator.getManager(AccountService.class);
List<PluggableService> services = locator.getAllPluggableServices();
services.add((PluggableService) ComponentLocator.getComponent(ManagementServer.Name));
processMapping(PropertiesUtil.processConfigFile(new String[]
{"commands.properties"}));
for (PluggableService service : services) {
processConfigFiles(service.getProperties(), service.getClass().toString());
s_logger.info("Processed role based acl for: " + service.toString());
}
return true;
}
private void processConfigFiles(Map<String, String> configMap, String service) {
for (Map.Entry<String, String> entry: configMap.entrySet()) {
private void processMapping(Map<String, String> configMap) {
for (Map.Entry<String, String> entry : configMap.entrySet()) {
String apiName = entry.getKey();
String roleMask = entry.getValue();
try {
short cmdPermissions = Short.parseShort(roleMask);
for (RoleType roleType: RoleType.values()) {
for (RoleType roleType : RoleType.values()) {
if ((cmdPermissions & roleType.getValue()) != 0)
s_roleBasedApisMap.get(roleType).add(apiName);
}
} catch (NumberFormatException nfe) {
s_logger.info("Malformed getProperties() value for service: " + service
+ " for entry: " + entry.toString());
s_logger.info("Malformed key=value pair for entry: " + entry.toString());
}
}
}