From 3f092d14ccc2957baf5fd0abe217aa3680a224c4 Mon Sep 17 00:00:00 2001 From: Prachi Damle Date: Fri, 13 Dec 2013 15:35:34 -0800 Subject: [PATCH] Adding the AclEntityType attribute to APICommand annotation --- .../org/apache/cloudstack/api/APICommand.java | 5 ++- .../api/command/user/vm/ScaleVMCmd.java | 3 +- .../api/command/user/vm/StartVMCmd.java | 3 +- .../api/command/user/vm/StopVMCmd.java | 3 +- .../api/command/user/vm/UpgradeVMCmd.java | 3 +- server/src/com/cloud/api/ApiServer.java | 43 +++++++++++++------ 6 files changed, 42 insertions(+), 18 deletions(-) diff --git a/api/src/org/apache/cloudstack/api/APICommand.java b/api/src/org/apache/cloudstack/api/APICommand.java index 192d6ad0168..eaadf6218c6 100644 --- a/api/src/org/apache/cloudstack/api/APICommand.java +++ b/api/src/org/apache/cloudstack/api/APICommand.java @@ -24,6 +24,7 @@ import java.lang.annotation.Target; import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.api.ResponseObject.ResponseView; +import org.apache.cloudstack.acl.AclEntityType; @Retention(RetentionPolicy.RUNTIME) @Target({ TYPE }) @@ -39,8 +40,10 @@ public @interface APICommand { boolean includeInApiDoc() default true; String since() default ""; - + ResponseView responseView() default ResponseView.Full; RoleType[] authorized() default {}; + + AclEntityType[] entityType() default {}; } diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java index dfec0cc71be..c0650198d70 100644 --- a/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/vm/ScaleVMCmd.java @@ -20,6 +20,7 @@ import java.util.List; import org.apache.log4j.Logger; +import org.apache.cloudstack.acl.AclEntityType; import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; @@ -41,7 +42,7 @@ import com.cloud.user.Account; import com.cloud.uservm.UserVm; -@APICommand(name = "scaleVirtualMachine", description = "Scales the virtual machine to a new service offering.", responseObject = SuccessResponse.class, responseView = ResponseView.Restricted) +@APICommand(name = "scaleVirtualMachine", description = "Scales the virtual machine to a new service offering.", responseObject = SuccessResponse.class, responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine }) public class ScaleVMCmd extends BaseAsyncCmd { public static final Logger s_logger = Logger.getLogger(ScaleVMCmd.class.getName()); private static final String s_name = "scalevirtualmachineresponse"; diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java index 98a7ece77d4..21883d672bc 100644 --- a/api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/vm/StartVMCmd.java @@ -18,6 +18,7 @@ package org.apache.cloudstack.api.command.user.vm; import org.apache.log4j.Logger; +import org.apache.cloudstack.acl.AclEntityType; import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiCommandJobType; @@ -42,7 +43,7 @@ import com.cloud.user.Account; import com.cloud.uservm.UserVm; import com.cloud.utils.exception.ExecutionException; -@APICommand(name = "startVirtualMachine", responseObject = UserVmResponse.class, description = "Starts a virtual machine.", responseView = ResponseView.Restricted) +@APICommand(name = "startVirtualMachine", responseObject = UserVmResponse.class, description = "Starts a virtual machine.", responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine }) public class StartVMCmd extends BaseAsyncCmd { public static final Logger s_logger = Logger.getLogger(StartVMCmd.class.getName()); diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/StopVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/StopVMCmd.java index 638e423cbcd..34f8ebf86a1 100644 --- a/api/src/org/apache/cloudstack/api/command/user/vm/StopVMCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/vm/StopVMCmd.java @@ -18,6 +18,7 @@ package org.apache.cloudstack.api.command.user.vm; import org.apache.log4j.Logger; +import org.apache.cloudstack.acl.AclEntityType; import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiCommandJobType; @@ -35,7 +36,7 @@ import com.cloud.exception.ConcurrentOperationException; import com.cloud.user.Account; import com.cloud.uservm.UserVm; -@APICommand(name = "stopVirtualMachine", responseObject = UserVmResponse.class, description = "Stops a virtual machine.", responseView = ResponseView.Restricted) +@APICommand(name = "stopVirtualMachine", responseObject = UserVmResponse.class, description = "Stops a virtual machine.", responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine }) public class StopVMCmd extends BaseAsyncCmd { public static final Logger s_logger = Logger.getLogger(StopVMCmd.class.getName()); diff --git a/api/src/org/apache/cloudstack/api/command/user/vm/UpgradeVMCmd.java b/api/src/org/apache/cloudstack/api/command/user/vm/UpgradeVMCmd.java index c98a484da9a..fecfde2f3d8 100644 --- a/api/src/org/apache/cloudstack/api/command/user/vm/UpgradeVMCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/vm/UpgradeVMCmd.java @@ -18,6 +18,7 @@ package org.apache.cloudstack.api.command.user.vm; import org.apache.log4j.Logger; +import org.apache.cloudstack.acl.AclEntityType; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.ApiErrorCode; @@ -37,7 +38,7 @@ import com.cloud.uservm.UserVm; @APICommand(name = "changeServiceForVirtualMachine", responseObject=UserVmResponse.class, description="Changes the service offering for a virtual machine. " + "The virtual machine must be in a \"Stopped\" state for " + - "this command to take effect.", responseView = ResponseView.Restricted) + "this command to take effect.", responseView = ResponseView.Restricted, entityType = { AclEntityType.VirtualMachine }) public class UpgradeVMCmd extends BaseCmd { public static final Logger s_logger = Logger.getLogger(UpgradeVMCmd.class.getName()); private static final String s_name = "changeserviceforvirtualmachineresponse"; diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java index d28a51ca105..882a5b1fe12 100755 --- a/server/src/com/cloud/api/ApiServer.java +++ b/server/src/com/cloud/api/ApiServer.java @@ -83,6 +83,7 @@ import org.apache.log4j.Logger; import org.springframework.stereotype.Component; import org.apache.cloudstack.acl.APIChecker; +import org.apache.cloudstack.acl.AclEntityType; import org.apache.cloudstack.acl.AclPolicyPermission.Permission; import org.apache.cloudstack.acl.AclPolicyPermissionVO; import org.apache.cloudstack.acl.PermissionScope; @@ -242,7 +243,6 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer // commands.properties. SearchBuilder sb = _aclPermissionDao.createSearchBuilder(); sb.and("policyId", sb.entity().getAclPolicyId(), SearchCriteria.Op.EQ); - sb.and("resourceType", sb.entity().getEntityType(), SearchCriteria.Op.NULL); sb.and("scope", sb.entity().getScope(), SearchCriteria.Op.EQ); sb.done(); @@ -343,6 +343,7 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer private void addDefaultAclPolicyPermission(String apiName, Class cmdClass, RoleType role) { boolean isReadCommand = false; + AclEntityType[] entityTypes = null; if (cmdClass != null) { BaseCmd cmdObj; try { @@ -354,37 +355,53 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer throw new CloudRuntimeException(String.format( "%s is claimed as an API command, but it cannot be instantiated", cmdClass.getName())); } + + APICommand at = cmdClass.getAnnotation(APICommand.class); + entityTypes = at.entityType(); } AclPolicyPermissionVO apiPermission = null; + PermissionScope permissionScope = PermissionScope.ACCOUNT; switch (role) { case User: - apiPermission = new AclPolicyPermissionVO(role.ordinal() + 1, apiName, null, null, PermissionScope.ACCOUNT, - null, Permission.Allow); + permissionScope = PermissionScope.ACCOUNT; break; case Admin: - apiPermission = new AclPolicyPermissionVO(role.ordinal() + 1, apiName, null, null, PermissionScope.ALL, - null, Permission.Allow); + permissionScope = PermissionScope.ALL; break; case DomainAdmin: - apiPermission = new AclPolicyPermissionVO(role.ordinal() + 1, apiName, null, null, PermissionScope.DOMAIN, - null, Permission.Allow); + permissionScope = PermissionScope.DOMAIN; break; case ResourceAdmin: - apiPermission = new AclPolicyPermissionVO(role.ordinal() + 1, apiName, null, null, PermissionScope.DOMAIN, - null, Permission.Allow); + permissionScope = PermissionScope.DOMAIN; break; } - if (apiPermission != null) { - if (isReadCommand) { - apiPermission.setAccessType(AccessType.ListEntry); + if (entityTypes == null || entityTypes.length == 0) { + apiPermission = new AclPolicyPermissionVO(role.ordinal() + 1, apiName, null, null, permissionScope, + new Long(-1), Permission.Allow); + if (apiPermission != null) { + if (isReadCommand) { + apiPermission.setAccessType(AccessType.ListEntry); + } + _aclPermissionDao.persist(apiPermission); } - _aclPermissionDao.persist(apiPermission); } + + for (AclEntityType entityType : entityTypes) { + apiPermission = new AclPolicyPermissionVO(role.ordinal() + 1, apiName, entityType.toString(), null, + permissionScope, new Long(-1), Permission.Allow); + if (apiPermission != null) { + if (isReadCommand) { + apiPermission.setAccessType(AccessType.ListEntry); + } + _aclPermissionDao.persist(apiPermission); + } + } + } // NOTE: handle() only handles over the wire (OTW) requests from integration.api.port 8096