From bb271926fb6193a61015c80d434644855c99637b Mon Sep 17 00:00:00 2001
From: Prachi Damle <prachi@cloud.com>
Date: Tue, 1 Oct 2013 18:11:30 -0700
Subject: [PATCH] WIP AccessChecker plugin

---
 api/src/org/apache/cloudstack/acl/AclService.java |  7 +++++--
 plugins/pom.xml                                   |  1 +
 server/src/com/cloud/user/AccountManagerImpl.java |  8 +++-----
 .../org/apache/cloudstack/acl/AclServiceImpl.java | 15 +++++++++++++--
 4 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/api/src/org/apache/cloudstack/acl/AclService.java b/api/src/org/apache/cloudstack/acl/AclService.java
index e01c3b6afa3..0866b2f199f 100644
--- a/api/src/org/apache/cloudstack/acl/AclService.java
+++ b/api/src/org/apache/cloudstack/acl/AclService.java
@@ -40,9 +40,9 @@ public interface AclService {
      */
     boolean deleteAclRole(long aclRoleId);
 
-    AclRole grantPermissionToAclRole(long aclRoleId, List<String> apiNames);
+    AclRole grantApiPermissionToAclRole(long aclRoleId, List<String> apiNames);
 
-    AclRole revokePermissionFromAclRole(long aclRoleId, List<String> apiNames);
+    AclRole revokeApiPermissionFromAclRole(long aclRoleId, List<String> apiNames);
 
     AclGroup addAclRolesToGroup(List<Long> roleIds, Long groupId);
 
@@ -74,5 +74,8 @@ public interface AclService {
      */
     boolean deleteAclGroup(Long aclGroupId);
 
+    List<AclRole> getAclRoles(long accountId);
+
+    boolean isAPIAccessibleForRoles(String apiName, List<AclRole> roles);
 
 }
diff --git a/plugins/pom.xml b/plugins/pom.xml
index 0812642b7c0..a218bde32a8 100755
--- a/plugins/pom.xml
+++ b/plugins/pom.xml
@@ -62,6 +62,7 @@
     <module>alert-handlers/snmp-alerts</module>
     <module>alert-handlers/syslog-alerts</module>
     <module>network-elements/internal-loadbalancer</module>
+	<module>acl/role-based-access-checkers</module>
   </modules>
 
   <dependencies>
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
index cb0a65fd7d9..270ab7910df 100755
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -353,11 +353,9 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
 
     @Override
     public boolean isRootAdmin(long accountId) {
-        // refer to account_group_map and check if account is in Root 'Admin'
-        // group
-        
-        AclGroupAccountMapVO adminGroupMember = _aclGroupAccountDao.findAccountInAdminGroup(accountId);
-        if (adminGroupMember != null) {
+        // refer to account_group_map and check if account is in Root 'Admin' group
+        AclGroupAccountMapVO rootAdminGroupMember = _aclGroupAccountDao.findAccountInAdminGroup(accountId);
+        if (rootAdminGroupMember != null) {
             return true;
         }
         return false;
diff --git a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
index 1e5ad158920..c8fc54cf59a 100644
--- a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
+++ b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
@@ -165,7 +165,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
     @DB
     @Override
     @ActionEvent(eventType = EventTypes.EVENT_ACL_ROLE_GRANT, eventDescription = "Granting permission to Acl Role")
-    public AclRole grantPermissionToAclRole(long aclRoleId, List<String> apiNames) {
+    public AclRole grantApiPermissionToAclRole(long aclRoleId, List<String> apiNames) {
         Account caller = CallContext.current().getCallingAccount();
         // get the Acl Role entity
         AclRole role = _aclRoleDao.findById(aclRoleId);
@@ -195,7 +195,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
     @DB
     @Override
     @ActionEvent(eventType = EventTypes.EVENT_ACL_ROLE_REVOKE, eventDescription = "Revoking permission from Acl Role")
-    public AclRole revokePermissionFromAclRole(long aclRoleId, List<String> apiNames) {
+    public AclRole revokeApiPermissionFromAclRole(long aclRoleId, List<String> apiNames) {
         Account caller = CallContext.current().getCallingAccount();
         // get the Acl Role entity
         AclRole role = _aclRoleDao.findById(aclRoleId);
@@ -505,5 +505,16 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
         return true;
     }
 
+    @Override
+    public List<AclRole> getAclRoles(long accountId) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public boolean isAPIAccessibleForRoles(String apiName, List<AclRole> roles) {
+        // TODO Auto-generated method stub
+        return false;
+    }
 
 }