From f0a9b3b510d569d7f3e32fe0d0af274cee96dfcd Mon Sep 17 00:00:00 2001 From: Prachi Damle Date: Fri, 7 Feb 2014 14:36:55 -0800 Subject: [PATCH] @ACL from some commands --- .../api/command/user/vmsnapshot/RevertToVMSnapshotCmd.java | 3 +++ .../api/command/user/vpn/DeleteVpnCustomerGatewayCmd.java | 3 +++ .../com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java | 7 +++++-- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/RevertToVMSnapshotCmd.java b/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/RevertToVMSnapshotCmd.java index 0bb99136e55..84916ce6902 100644 --- a/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/RevertToVMSnapshotCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/vmsnapshot/RevertToVMSnapshotCmd.java @@ -18,6 +18,8 @@ package org.apache.cloudstack.api.command.user.vmsnapshot; import java.util.logging.Logger; +import org.apache.cloudstack.acl.SecurityChecker.AccessType; +import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.ApiErrorCode; @@ -43,6 +45,7 @@ public class RevertToVMSnapshotCmd extends BaseAsyncCmd { public static final Logger s_logger = Logger.getLogger(RevertToVMSnapshotCmd.class.getName()); private static final String s_name = "reverttovmsnapshotresponse"; + @ACL(accessType = AccessType.OperateEntry, pointerToEntity = "getVmId()") @Parameter(name = ApiConstants.VM_SNAPSHOT_ID, type = CommandType.UUID, required = true, diff --git a/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnCustomerGatewayCmd.java b/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnCustomerGatewayCmd.java index dc02c85309f..927aa532ed5 100644 --- a/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnCustomerGatewayCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/vpn/DeleteVpnCustomerGatewayCmd.java @@ -19,6 +19,8 @@ package org.apache.cloudstack.api.command.user.vpn; import org.apache.log4j.Logger; import org.apache.cloudstack.acl.AclEntityType; +import org.apache.cloudstack.acl.SecurityChecker.AccessType; +import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.ApiErrorCode; @@ -41,6 +43,7 @@ public class DeleteVpnCustomerGatewayCmd extends BaseAsyncCmd { ///////////////////////////////////////////////////// //////////////// API parameters ///////////////////// ///////////////////////////////////////////////////// + @ACL(accessType = AccessType.OperateEntry) @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = Site2SiteCustomerGatewayResponse.class, diff --git a/server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java b/server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java index 446e385adbd..4afd063038b 100755 --- a/server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java +++ b/server/src/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java @@ -25,13 +25,16 @@ import javax.ejb.Local; import javax.inject.Inject; import javax.naming.ConfigurationException; +import org.apache.log4j.Logger; + +import org.apache.cloudstack.acl.SecurityChecker.AccessType; +import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.command.user.vpn.ListRemoteAccessVpnsCmd; import org.apache.cloudstack.api.command.user.vpn.ListVpnUsersCmd; import org.apache.cloudstack.context.CallContext; import org.apache.cloudstack.framework.config.ConfigKey; import org.apache.cloudstack.framework.config.Configurable; import org.apache.cloudstack.framework.config.dao.ConfigurationDao; -import org.apache.log4j.Logger; import com.cloud.configuration.Config; import com.cloud.domain.DomainVO; @@ -286,7 +289,7 @@ public class RemoteAccessVpnManagerImpl extends ManagerBase implements RemoteAcc return; } - _accountMgr.checkAccess(caller, null, true, vpn); + _accountMgr.checkAccess(caller, AccessType.OperateEntry, true, vpn); vpn.setState(RemoteAccessVpn.State.Removed); _remoteAccessVpnDao.update(vpn.getId(), vpn);