etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Loading api permissions from commands.properties during startup

This commit is contained in:
Prachi Damle 2013-11-25 10:58:45 -08:00
parent 015d06e7fc
commit f231cec5b7
7 changed files with 200 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
api/src/org/apache/cloudstack/acl/PermissionScope.java
View File

@ -4,7 +4,7 @@ public enum PermissionScope {
RESOURCE(0),
ACCOUNT(1),
DOMAIN(2),
REGION(3);
REGION(3), ALL(4);
private int _scale;

10
engine/schema/src/org/apache/cloudstack/acl/AclPermissionVO.java
View File

@ -71,7 +71,15 @@ public class AclPermissionVO implements AclPermission {
}
public AclPermissionVO(String action, String entityType, AccessType accessType, PermissionScope scope,
Long scopeId, Permission permission) {
this.action = action;
this.entityType = entityType;
this.accessType = accessType;
this.scope = scope;
this.scopeId = scopeId;
this.permission = permission;
}
@Override
public long getId() {

24
engine/schema/src/org/apache/cloudstack/acl/dao/AclPermissionDao.java Normal file
View File

@ -0,0 +1,24 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.acl.dao;
import org.apache.cloudstack.acl.AclPermissionVO;
import com.cloud.utils.db.GenericDao;
public interface AclPermissionDao extends GenericDao<AclPermissionVO, Long> {
}

41
engine/schema/src/org/apache/cloudstack/acl/dao/AclPermissionDaoImpl.java Normal file
View File

@ -0,0 +1,41 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.acl.dao;
import java.util.Map;
import javax.naming.ConfigurationException;
import org.apache.cloudstack.acl.AclPermissionVO;
import com.cloud.utils.db.GenericDaoBase;
public class AclPermissionDaoImpl extends GenericDaoBase<AclPermissionVO, Long> implements AclPermissionDao {
public AclPermissionDaoImpl()
{
}
@Override
public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
super.configure(name, params);
return true;
}
}

25
engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionMapDao.java Normal file
View File

@ -0,0 +1,25 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.acl.dao;
import org.apache.cloudstack.acl.AclPolicyPermissionMapVO;
import com.cloud.utils.db.GenericDao;
public interface AclPolicyPermissionMapDao extends GenericDao<AclPolicyPermissionMapVO, Long> {
}

43
engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionMapDaoImpl.java Normal file
View File

@ -0,0 +1,43 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.acl.dao;
import java.util.Map;
import javax.naming.ConfigurationException;
import org.apache.cloudstack.acl.AclPolicyPermissionMapVO;
import com.cloud.utils.db.GenericDaoBase;
public class AclPolicyPermissionMapDaoImpl extends GenericDaoBase<AclPolicyPermissionMapVO, Long> implements
AclPolicyPermissionMapDao {
public AclPolicyPermissionMapDaoImpl()
{
}
@Override
public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
super.configure(name, params);
return true;
}
}

57
server/src/com/cloud/api/ApiServer.java
View File

@ -52,6 +52,14 @@ import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.cloudstack.acl.APIChecker;
import org.apache.cloudstack.acl.AclPermissionVO;
import org.apache.cloudstack.acl.AclPolicyPermissionMapVO;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.acl.AclPermission.Permission;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.acl.dao.AclPermissionDao;
import org.apache.cloudstack.acl.dao.AclPolicyPermissionMapDao;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCmd;
@ -171,6 +179,10 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
List<PluggableService> _pluggableServices;
List<APIChecker> _apiAccessCheckers;
@Inject
private AclPermissionDao _aclPermissionDao;
@Inject
private AclPolicyPermissionMapDao _aclPolicyPermissionMapDao;
@Inject
protected ApiAsyncJobDispatcher _asyncDispatcher;
@ -233,6 +245,51 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
_apiNameCmdClassMap.put(apiName, apiCmdList);
}
apiCmdList.add(cmdClass);
boolean isReadCommand = false;
BaseCmd cmdObj;
try {
cmdObj = (BaseCmd) cmdClass.newInstance();
if (cmdObj instanceof BaseListCmd) {
isReadCommand = true;
}
} catch (Exception e) {
}
for (RoleType role : at.authorized()) {
AclPermissionVO apiPermission = null;
switch (role) {
case User:
apiPermission = new AclPermissionVO(apiName, null, null, PermissionScope.ACCOUNT, null,
Permission.Allow);
break;
case Admin:
apiPermission = new AclPermissionVO(apiName, null, null, PermissionScope.ALL, null,
Permission.Allow);
break;
case DomainAdmin:
apiPermission = new AclPermissionVO(apiName, null, null, PermissionScope.DOMAIN, null,
Permission.Allow);
break;
case ResourceAdmin:
apiPermission = new AclPermissionVO(apiName, null, null, PermissionScope.DOMAIN, null,
Permission.Allow);
break;
}
if (apiPermission != null) {
if (isReadCommand) {
apiPermission.setAccessType(AccessType.ListEntry);
}
_aclPermissionDao.persist(apiPermission);
AclPolicyPermissionMapVO policyPermMapEntry = new AclPolicyPermissionMapVO(role.ordinal() + 1,
apiPermission.getId());
_aclPolicyPermissionMapDao.persist(policyPermMapEntry);
}
}
}
encodeApiResponse = Boolean.valueOf(_configDao.getValue(Config.EncodeApiResponse.key()));