etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

WIP AccessChecker plugin

This commit is contained in:
Prachi Damle 2013-10-01 18:11:30 -07:00
parent 5583506c0c
commit bb271926fb
4 changed files with 22 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
api/src/org/apache/cloudstack/acl/AclService.java
View File

@ -40,9 +40,9 @@ public interface AclService {
*/
boolean deleteAclRole(long aclRoleId);
AclRole grantPermissionToAclRole(long aclRoleId, List<String> apiNames);
AclRole grantApiPermissionToAclRole(long aclRoleId, List<String> apiNames);
AclRole revokePermissionFromAclRole(long aclRoleId, List<String> apiNames);
AclRole revokeApiPermissionFromAclRole(long aclRoleId, List<String> apiNames);
AclGroup addAclRolesToGroup(List<Long> roleIds, Long groupId);
@ -74,5 +74,8 @@ public interface AclService {
*/
boolean deleteAclGroup(Long aclGroupId);
List<AclRole> getAclRoles(long accountId);
boolean isAPIAccessibleForRoles(String apiName, List<AclRole> roles);
}

1
plugins/pom.xml
View File

@ -62,6 +62,7 @@
<module>alert-handlers/snmp-alerts</module>
<module>alert-handlers/syslog-alerts</module>
<module>network-elements/internal-loadbalancer</module>
<module>acl/role-based-access-checkers</module>
</modules>
<dependencies>

8
server/src/com/cloud/user/AccountManagerImpl.java
View File

@ -353,11 +353,9 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
@Override
public boolean isRootAdmin(long accountId) {
// refer to account_group_map and check if account is in Root 'Admin'
// group
AclGroupAccountMapVO adminGroupMember = _aclGroupAccountDao.findAccountInAdminGroup(accountId);
if (adminGroupMember != null) {
// refer to account_group_map and check if account is in Root 'Admin' group
AclGroupAccountMapVO rootAdminGroupMember = _aclGroupAccountDao.findAccountInAdminGroup(accountId);
if (rootAdminGroupMember != null) {
return true;
}
return false;

15
server/src/org/apache/cloudstack/acl/AclServiceImpl.java
View File

@ -165,7 +165,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACL_ROLE_GRANT, eventDescription = "Granting permission to Acl Role")
public AclRole grantPermissionToAclRole(long aclRoleId, List<String> apiNames) {
public AclRole grantApiPermissionToAclRole(long aclRoleId, List<String> apiNames) {
Account caller = CallContext.current().getCallingAccount();
// get the Acl Role entity
AclRole role = _aclRoleDao.findById(aclRoleId);
@ -195,7 +195,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACL_ROLE_REVOKE, eventDescription = "Revoking permission from Acl Role")
public AclRole revokePermissionFromAclRole(long aclRoleId, List<String> apiNames) {
public AclRole revokeApiPermissionFromAclRole(long aclRoleId, List<String> apiNames) {
Account caller = CallContext.current().getCallingAccount();
// get the Acl Role entity
AclRole role = _aclRoleDao.findById(aclRoleId);
@ -505,5 +505,16 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
return true;
}
@Override
public List<AclRole> getAclRoles(long accountId) {
// TODO Auto-generated method stub
return null;
}
@Override
public boolean isAPIAccessibleForRoles(String apiName, List<AclRole> roles) {
// TODO Auto-generated method stub
return false;
}
}