etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

RoleBasedEntityAccessChecker should skip Project resources. IAM does not support Projects yet.

This commit is contained in:
Prachi Damle 2014-03-28 18:53:18 -07:00
parent 58b2b6b9e1
commit 6a9d6f8796
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
View File

@ -81,6 +81,12 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
throw new InvalidParameterValueException("Entity and action cannot be both NULL in checkAccess!");
}
// if a Project entity, skip
Account entityAccount = _accountService.getAccount(entity.getAccountId());
if (entityAccount != null && entityAccount.getType() == Account.ACCOUNT_TYPE_PROJECT) {
return false;
}
String entityType = null;
if (entity.getEntityType() != null) {
entityType = entity.getEntityType().getSimpleName();
@ -128,6 +134,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
if (!policies.isEmpty()) { // Since we reach this point, none of the
// roles granted access
if (s_logger.isDebugEnabled()) {
s_logger.debug("Account " + caller + " does not have permission to access resource " + entity
+ " for access type: " + accessType);