mirror of https://github.com/apache/cloudstack.git
Adding the AclEntityType attribute to APICommand annotation
This commit is contained in:
Prachi Damle
parent
d2922b9254
commit
3f092d14cc
|
|
@ -24,6 +24,7 @@ import java.lang.annotation.Target;
|
|||
|
||||
import org.apache.cloudstack.acl.RoleType;
|
||||
import org.apache.cloudstack.api.ResponseObject.ResponseView;
|
||||
import org.apache.cloudstack.acl.AclEntityType;
|
||||
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target({ TYPE })
|
||||
|
|
@ -39,8 +40,10 @@ public @interface APICommand {
|
|||
boolean includeInApiDoc() default true;
|
||||
|
||||
String since() default "";
|
||||
|
||||
|
||||
ResponseView responseView() default ResponseView.Full;
|
||||
|
||||
RoleType[] authorized() default {};
|
||||
|
||||
AclEntityType[] entityType() default {};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ import java.util.List;
|
|||
|
||||
import org.apache.log4j.Logger;
|
||||
|
||||
import org.apache.cloudstack.acl.AclEntityType;
|
||||
import org.apache.cloudstack.api.ACL;
|
||||
import org.apache.cloudstack.api.APICommand;
|
||||
import org.apache.cloudstack.api.ApiConstants;
|
||||
|
|
@ -41,7 +42,7 @@ import com.cloud.user.Account;
|
|||
import com.cloud.uservm.UserVm;
|
||||
|
||||
|
||||
@APICommand(name = "scaleVirtualMachine", description = "Scales the virtual machine to a new service offering.", responseObject = SuccessResponse.class, responseView = ResponseView.Restricted)
|
||||
@APICommand(name = "scaleVirtualMachine", description = "Scales the virtual machine to a new service offering.", responseObject = SuccessResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
|
||||
public class ScaleVMCmd extends BaseAsyncCmd {
|
||||
public static final Logger s_logger = Logger.getLogger(ScaleVMCmd.class.getName());
|
||||
private static final String s_name = "scalevirtualmachineresponse";
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ package org.apache.cloudstack.api.command.user.vm;
|
|||
|
||||
import org.apache.log4j.Logger;
|
||||
|
||||
import org.apache.cloudstack.acl.AclEntityType;
|
||||
import org.apache.cloudstack.api.ACL;
|
||||
import org.apache.cloudstack.api.APICommand;
|
||||
import org.apache.cloudstack.api.ApiCommandJobType;
|
||||
|
|
@ -42,7 +43,7 @@ import com.cloud.user.Account;
|
|||
import com.cloud.uservm.UserVm;
|
||||
import com.cloud.utils.exception.ExecutionException;
|
||||
|
||||
@APICommand(name = "startVirtualMachine", responseObject = UserVmResponse.class, description = "Starts a virtual machine.", responseView = ResponseView.Restricted)
|
||||
@APICommand(name = "startVirtualMachine", responseObject = UserVmResponse.class, description = "Starts a virtual machine.", responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
|
||||
public class StartVMCmd extends BaseAsyncCmd {
|
||||
public static final Logger s_logger = Logger.getLogger(StartVMCmd.class.getName());
|
||||
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ package org.apache.cloudstack.api.command.user.vm;
|
|||
|
||||
import org.apache.log4j.Logger;
|
||||
|
||||
import org.apache.cloudstack.acl.AclEntityType;
|
||||
import org.apache.cloudstack.api.ACL;
|
||||
import org.apache.cloudstack.api.APICommand;
|
||||
import org.apache.cloudstack.api.ApiCommandJobType;
|
||||
|
|
@ -35,7 +36,7 @@ import com.cloud.exception.ConcurrentOperationException;
|
|||
import com.cloud.user.Account;
|
||||
import com.cloud.uservm.UserVm;
|
||||
|
||||
@APICommand(name = "stopVirtualMachine", responseObject = UserVmResponse.class, description = "Stops a virtual machine.", responseView = ResponseView.Restricted)
|
||||
@APICommand(name = "stopVirtualMachine", responseObject = UserVmResponse.class, description = "Stops a virtual machine.", responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
|
||||
public class StopVMCmd extends BaseAsyncCmd {
|
||||
public static final Logger s_logger = Logger.getLogger(StopVMCmd.class.getName());
|
||||
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ package org.apache.cloudstack.api.command.user.vm;
|
|||
|
||||
import org.apache.log4j.Logger;
|
||||
|
||||
import org.apache.cloudstack.acl.AclEntityType;
|
||||
import org.apache.cloudstack.api.APICommand;
|
||||
import org.apache.cloudstack.api.ApiConstants;
|
||||
import org.apache.cloudstack.api.ApiErrorCode;
|
||||
|
|
@ -37,7 +38,7 @@ import com.cloud.uservm.UserVm;
|
|||
|
||||
@APICommand(name = "changeServiceForVirtualMachine", responseObject=UserVmResponse.class, description="Changes the service offering for a virtual machine. " +
|
||||
"The virtual machine must be in a \"Stopped\" state for " +
|
||||
"this command to take effect.", responseView = ResponseView.Restricted)
|
||||
"this command to take effect.", responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine })
|
||||
public class UpgradeVMCmd extends BaseCmd {
|
||||
public static final Logger s_logger = Logger.getLogger(UpgradeVMCmd.class.getName());
|
||||
private static final String s_name = "changeserviceforvirtualmachineresponse";
|
||||
|
|
|
|||
|
|
@ -83,6 +83,7 @@ import org.apache.log4j.Logger;
|
|||
import org.springframework.stereotype.Component;
|
||||
|
||||
import org.apache.cloudstack.acl.APIChecker;
|
||||
import org.apache.cloudstack.acl.AclEntityType;
|
||||
import org.apache.cloudstack.acl.AclPolicyPermission.Permission;
|
||||
import org.apache.cloudstack.acl.AclPolicyPermissionVO;
|
||||
import org.apache.cloudstack.acl.PermissionScope;
|
||||
|
|
@ -242,7 +243,6 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
|
|||
// commands.properties.
|
||||
SearchBuilder<AclPolicyPermissionVO> sb = _aclPermissionDao.createSearchBuilder();
|
||||
sb.and("policyId", sb.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
|
||||
sb.and("resourceType", sb.entity().getEntityType(), SearchCriteria.Op.NULL);
|
||||
sb.and("scope", sb.entity().getScope(), SearchCriteria.Op.EQ);
|
||||
sb.done();
|
||||
|
||||
|
|
@ -343,6 +343,7 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
|
|||
private void addDefaultAclPolicyPermission(String apiName, Class<?> cmdClass, RoleType role) {
|
||||
|
||||
boolean isReadCommand = false;
|
||||
AclEntityType[] entityTypes = null;
|
||||
if (cmdClass != null) {
|
||||
BaseCmd cmdObj;
|
||||
try {
|
||||
|
|
@ -354,37 +355,53 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
|
|||
throw new CloudRuntimeException(String.format(
|
||||
"%s is claimed as an API command, but it cannot be instantiated", cmdClass.getName()));
|
||||
}
|
||||
|
||||
APICommand at = cmdClass.getAnnotation(APICommand.class);
|
||||
entityTypes = at.entityType();
|
||||
}
|
||||
|
||||
AclPolicyPermissionVO apiPermission = null;
|
||||
PermissionScope permissionScope = PermissionScope.ACCOUNT;
|
||||
switch (role) {
|
||||
case User:
|
||||
apiPermission = new AclPolicyPermissionVO(role.ordinal() + 1, apiName, null, null, PermissionScope.ACCOUNT,
|
||||
null, Permission.Allow);
|
||||
permissionScope = PermissionScope.ACCOUNT;
|
||||
break;
|
||||
|
||||
case Admin:
|
||||
apiPermission = new AclPolicyPermissionVO(role.ordinal() + 1, apiName, null, null, PermissionScope.ALL,
|
||||
null, Permission.Allow);
|
||||
permissionScope = PermissionScope.ALL;
|
||||
break;
|
||||
|
||||
case DomainAdmin:
|
||||
apiPermission = new AclPolicyPermissionVO(role.ordinal() + 1, apiName, null, null, PermissionScope.DOMAIN,
|
||||
null, Permission.Allow);
|
||||
permissionScope = PermissionScope.DOMAIN;
|
||||
break;
|
||||
|
||||
case ResourceAdmin:
|
||||
apiPermission = new AclPolicyPermissionVO(role.ordinal() + 1, apiName, null, null, PermissionScope.DOMAIN,
|
||||
null, Permission.Allow);
|
||||
permissionScope = PermissionScope.DOMAIN;
|
||||
break;
|
||||
}
|
||||
|
||||
if (apiPermission != null) {
|
||||
if (isReadCommand) {
|
||||
apiPermission.setAccessType(AccessType.ListEntry);
|
||||
if (entityTypes == null || entityTypes.length == 0) {
|
||||
apiPermission = new AclPolicyPermissionVO(role.ordinal() + 1, apiName, null, null, permissionScope,
|
||||
new Long(-1), Permission.Allow);
|
||||
if (apiPermission != null) {
|
||||
if (isReadCommand) {
|
||||
apiPermission.setAccessType(AccessType.ListEntry);
|
||||
}
|
||||
_aclPermissionDao.persist(apiPermission);
|
||||
}
|
||||
_aclPermissionDao.persist(apiPermission);
|
||||
}
|
||||
|
||||
for (AclEntityType entityType : entityTypes) {
|
||||
apiPermission = new AclPolicyPermissionVO(role.ordinal() + 1, apiName, entityType.toString(), null,
|
||||
permissionScope, new Long(-1), Permission.Allow);
|
||||
if (apiPermission != null) {
|
||||
if (isReadCommand) {
|
||||
apiPermission.setAccessType(AccessType.ListEntry);
|
||||
}
|
||||
_aclPermissionDao.persist(apiPermission);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// NOTE: handle() only handles over the wire (OTW) requests from integration.api.port 8096
|
||||
|
|
|
|||
Loading…
Reference in New Issue