cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bhais...@apache.org
Subject [20/50] [abbrv] git commit: server: Reformat DomainChecker
Date Wed, 09 Jan 2013 04:37:25 GMT
server: Reformat DomainChecker

Signed-off-by: Rohit Yadav <bhaisaab@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/21d6cd30
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/21d6cd30
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/21d6cd30

Branch: refs/heads/master
Commit: 21d6cd304b9a32a5b09b7e96547903e8337c11cf
Parents: 6a112bd
Author: Rohit Yadav <bhaisaab@apache.org>
Authored: Sat Jan 5 17:00:13 2013 -0800
Committer: Rohit Yadav <bhaisaab@apache.org>
Committed: Sat Jan 5 17:00:13 2013 -0800

----------------------------------------------------------------------
 server/src/com/cloud/acl/DomainChecker.java |  317 ++++++++++------------
 1 files changed, 148 insertions(+), 169 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/21d6cd30/server/src/com/cloud/acl/DomainChecker.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/acl/DomainChecker.java b/server/src/com/cloud/acl/DomainChecker.java
index 5ae296e..290c7bf 100755
--- a/server/src/com/cloud/acl/DomainChecker.java
+++ b/server/src/com/cloud/acl/DomainChecker.java
@@ -21,7 +21,6 @@ import javax.ejb.Local;
 import org.apache.cloudstack.api.BaseCmd;
 import com.cloud.dc.DataCenter;
 import com.cloud.domain.Domain;
-import com.cloud.domain.DomainVO;
 import com.cloud.domain.dao.DomainDao;
 import com.cloud.exception.PermissionDeniedException;
 import com.cloud.network.Network;
@@ -39,27 +38,33 @@ import com.cloud.user.dao.AccountDao;
 import com.cloud.utils.component.AdapterBase;
 import com.cloud.utils.component.Inject;
 
-@Local(value=SecurityChecker.class)
+@Local(value = SecurityChecker.class)
 public class DomainChecker extends AdapterBase implements SecurityChecker {
-    
-    @Inject DomainDao _domainDao;
-    @Inject AccountDao _accountDao;
-    @Inject LaunchPermissionDao _launchPermissionDao;
-    @Inject ProjectManager _projectMgr;
-    @Inject ProjectAccountDao _projecAccountDao;
-    @Inject NetworkManager _networkMgr;
-    
+
+    @Inject
+    DomainDao _domainDao;
+    @Inject
+    AccountDao _accountDao;
+    @Inject
+    LaunchPermissionDao _launchPermissionDao;
+    @Inject
+    ProjectManager _projectMgr;
+    @Inject
+    ProjectAccountDao _projecAccountDao;
+    @Inject
+    NetworkManager _networkMgr;
+
     protected DomainChecker() {
         super();
     }
-    
+
     @Override
     public boolean checkAccess(Account caller, Domain domain) throws PermissionDeniedException
{
         if (caller.getState() != Account.State.enabled) {
             throw new PermissionDeniedException(caller + " is disabled.");
         }
         long domainId = domain.getId();
-        
+
         if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) {
             if (caller.getDomainId() != domainId) {
                 throw new PermissionDeniedException(caller + " does not have permission to
operate within domain id=" + domain.getId());
@@ -67,7 +72,7 @@ public class DomainChecker extends AdapterBase implements SecurityChecker
{
         } else if (!_domainDao.isChildDomain(caller.getDomainId(), domainId)) {
             throw new PermissionDeniedException(caller + " does not have permission to operate
within domain id=" + domain.getId());
         }
-        
+
         return true;
     }
 
@@ -83,15 +88,15 @@ public class DomainChecker extends AdapterBase implements SecurityChecker
{
     @Override
     public boolean checkAccess(Account caller, ControlledEntity entity, AccessType accessType)
throws PermissionDeniedException {
         if (entity instanceof VirtualMachineTemplate) {
-            
-            VirtualMachineTemplate template = (VirtualMachineTemplate)entity;
+
+            VirtualMachineTemplate template = (VirtualMachineTemplate) entity;
             Account owner = _accountDao.findById(template.getAccountId());
             // validate that the template is usable by the account
             if (!template.isPublicTemplate()) {
                 if (BaseCmd.isRootAdmin(caller.getType()) || (owner.getId() == caller.getId()))
{
                     return true;
                 }
-                
+
                 // since the current account is not the owner of the template, check the
launch permissions table to see if the
                 // account can launch a VM from this template
                 LaunchPermissionVO permission = _launchPermissionDao.findByTemplateAndAccount(template.getId(),
caller.getId());
@@ -106,31 +111,31 @@ public class DomainChecker extends AdapterBase implements SecurityChecker
{
                     }
                 }
             }
-            
+
             return true;
         } else if (entity instanceof Network && accessType != null && accessType
== AccessType.UseNetwork) {
-        	_networkMgr.checkNetworkPermissions(caller, (Network)entity);
+            _networkMgr.checkNetworkPermissions(caller, (Network) entity);
         } else {
             if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) {
                 Account account = _accountDao.findById(entity.getAccountId());
-                
+
                 if (account != null && account.getType() == Account.ACCOUNT_TYPE_PROJECT)
{
                     //only project owner can delete/modify the project
                     if (accessType != null && accessType == AccessType.ModifyProject)
{
                         if (!_projectMgr.canModifyProjectAccount(caller, account.getId()))
{
                             throw new PermissionDeniedException(caller + " does not have
permission to operate with resource " + entity);
                         }
-                    } else if (!_projectMgr.canAccessProjectAccount(caller, account.getId())){
+                    } else if (!_projectMgr.canAccessProjectAccount(caller, account.getId()))
{
                         throw new PermissionDeniedException(caller + " does not have permission
to operate with resource " + entity);
                     }
                 } else {
                     if (caller.getId() != entity.getAccountId()) {
                         throw new PermissionDeniedException(caller + " does not have permission
to operate with resource " + entity);
                     }
-                }  
+                }
             }
         }
-        
+
         return true;
     }
 
@@ -140,168 +145,142 @@ public class DomainChecker extends AdapterBase implements SecurityChecker
{
         return checkAccess(account, entity, null);
     }
 
-	@Override
-	public boolean checkAccess(Account account, DiskOffering dof) throws PermissionDeniedException

-	{
-		if(account == null || dof.getDomainId() == null)
-		{//public offering
-			return true;
-		}
-		else
-		{
-			//admin has all permissions
-			if(account.getType() == Account.ACCOUNT_TYPE_ADMIN)
-			{
-				return true;
-			}		
-			//if account is normal user or domain admin
-			//check if account's domain is a child of zone's domain (Note: This is made consistent
with the list command for disk offering)
-			else if(account.getType() == Account.ACCOUNT_TYPE_NORMAL || account.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN
|| account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)
-			{
-				if(account.getDomainId() == dof.getDomainId())
-				{
-					return true; //disk offering and account at exact node
-				}
-				else
-				{
-		    		DomainVO domainRecord = _domainDao.findById(account.getDomainId());
-		    		if(domainRecord != null)
-		    		{
-		    			while(true)
-		    			{
-		    				if(domainRecord.getId() == dof.getDomainId())
-		    				{
-		    					//found as a child
-		    					return true;
-		    				}
-		    				if(domainRecord.getParent() != null) {
+    @Override
+    public boolean checkAccess(Account account, DiskOffering dof) throws PermissionDeniedException
{
+        if (account == null || dof.getDomainId() == null) {//public offering
+            return true;
+        } else {
+            //admin has all permissions
+            if (account.getType() == Account.ACCOUNT_TYPE_ADMIN) {
+                return true;
+            }
+            //if account is normal user or domain admin
+            //check if account's domain is a child of zone's domain (Note: This is made consistent
with the list command for disk offering)
+            else if (account.getType() == Account.ACCOUNT_TYPE_NORMAL || account.getType()
== Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN || account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)
{
+                if (account.getDomainId() == dof.getDomainId()) {
+                    return true; //disk offering and account at exact node
+                } else {
+                    Domain domainRecord = _domainDao.findById(account.getDomainId());
+                    if (domainRecord != null) {
+                        while (true) {
+                            if (domainRecord.getId() == dof.getDomainId()) {
+                                //found as a child
+                                return true;
+                            }
+                            if (domainRecord.getParent() != null) {
                                 domainRecord = _domainDao.findById(domainRecord.getParent());
                             } else {
                                 break;
                             }
-		    			}
-		    		}
-				}
-			}
-		}
-		//not found
-		return false;
-	}	
+                        }
+                    }
+                }
+            }
+        }
+        //not found
+        return false;
+    }
 
-	@Override
-	public boolean checkAccess(Account account, ServiceOffering so) throws PermissionDeniedException

-	{
-		if(account == null || so.getDomainId() == null)
-		{//public offering
-			return true;
-		}
-		else
-		{
-			//admin has all permissions
-			if(account.getType() == Account.ACCOUNT_TYPE_ADMIN)
-			{
-				return true;
-			}		
-			//if account is normal user or domain admin
-			//check if account's domain is a child of zone's domain (Note: This is made consistent
with the list command for service offering)
-			else if(account.getType() == Account.ACCOUNT_TYPE_NORMAL || account.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN
|| account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)
-			{
-				if(account.getDomainId() == so.getDomainId())
-				{
-					return true; //service offering and account at exact node
-				}
-				else
-				{
-		    		DomainVO domainRecord = _domainDao.findById(account.getDomainId());
-		    		if(domainRecord != null)
-		    		{
-		    			while(true)
-		    			{
-		    				if(domainRecord.getId() == so.getDomainId())
-		    				{
-		    					//found as a child
-		    					return true;
-		    				}
-		    				if(domainRecord.getParent() != null) {
+    @Override
+    public boolean checkAccess(Account account, ServiceOffering so) throws PermissionDeniedException
{
+        if (account == null || so.getDomainId() == null) {//public offering
+            return true;
+        } else {
+            //admin has all permissions
+            if (account.getType() == Account.ACCOUNT_TYPE_ADMIN) {
+                return true;
+            }
+            //if account is normal user or domain admin
+            //check if account's domain is a child of zone's domain (Note: This is made consistent
with the list command for service offering)
+            else if (account.getType() == Account.ACCOUNT_TYPE_NORMAL || account.getType()
== Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN || account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)
{
+                if (account.getDomainId() == so.getDomainId()) {
+                    return true; //service offering and account at exact node
+                } else {
+                    Domain domainRecord = _domainDao.findById(account.getDomainId());
+                    if (domainRecord != null) {
+                        while (true) {
+                            if (domainRecord.getId() == so.getDomainId()) {
+                                //found as a child
+                                return true;
+                            }
+                            if (domainRecord.getParent() != null) {
                                 domainRecord = _domainDao.findById(domainRecord.getParent());
                             } else {
                                 break;
                             }
-		    			}
-		    		}
-				}
-			}
-		}
-		//not found
-		return false;
-	}	
-    
-	@Override
-	public boolean checkAccess(Account account, DataCenter zone) throws PermissionDeniedException
{
-		if(account == null || zone.getDomainId() == null){//public zone
-			return true;
-		}else{
-			//admin has all permissions
-			if(account.getType() == Account.ACCOUNT_TYPE_ADMIN){
-				return true;
-			}		
-			//if account is normal user
-			//check if account's domain is a child of zone's domain
-			else if(account.getType() == Account.ACCOUNT_TYPE_NORMAL || account.getType() == Account.ACCOUNT_TYPE_PROJECT){
-				if(account.getDomainId() == zone.getDomainId()){
-					return true; //zone and account at exact node
-				}else{
-		    		DomainVO domainRecord = _domainDao.findById(account.getDomainId());
-		    		if(domainRecord != null)
-		    		{
-		    			while(true){
-		    				if(domainRecord.getId() == zone.getDomainId()){
-		    					//found as a child
-		    					return true;
-		    				}
-		    				if(domainRecord.getParent() != null) {
+                        }
+                    }
+                }
+            }
+        }
+        //not found
+        return false;
+    }
+
+    @Override
+    public boolean checkAccess(Account account, DataCenter zone) throws PermissionDeniedException
{
+        if (account == null || zone.getDomainId() == null) {//public zone
+            return true;
+        } else {
+            //admin has all permissions
+            if (account.getType() == Account.ACCOUNT_TYPE_ADMIN) {
+                return true;
+            }
+            //if account is normal user
+            //check if account's domain is a child of zone's domain
+            else if (account.getType() == Account.ACCOUNT_TYPE_NORMAL || account.getType()
== Account.ACCOUNT_TYPE_PROJECT) {
+                if (account.getDomainId() == zone.getDomainId()) {
+                    return true; //zone and account at exact node
+                } else {
+                    Domain domainRecord = _domainDao.findById(account.getDomainId());
+                    if (domainRecord != null) {
+                        while (true) {
+                            if (domainRecord.getId() == zone.getDomainId()) {
+                                //found as a child
+                                return true;
+                            }
+                            if (domainRecord.getParent() != null) {
                                 domainRecord = _domainDao.findById(domainRecord.getParent());
                             } else {
                                 break;
                             }
-		    			}
-		    		}
-				}
-				//not found
-				return false;
-			}
-			//if account is domain admin
-			//check if the account's domain is either child of zone's domain, or if zone's domain
is child of account's domain
-			else if(account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN){
-				if(account.getDomainId() == zone.getDomainId()){
-					return true; //zone and account at exact node
-				}else{
-					DomainVO zoneDomainRecord = _domainDao.findById(zone.getDomainId());
-		    		DomainVO accountDomainRecord = _domainDao.findById(account.getDomainId());
-		    		if(accountDomainRecord != null)
-		    		{
-		    			DomainVO localRecord = accountDomainRecord;
-		    			while(true){
-		    				if(localRecord.getId() == zone.getDomainId()){
-		    					//found as a child
-		    					return true;
-		    				}
-		    				if(localRecord.getParent() != null) {
+                        }
+                    }
+                }
+                //not found
+                return false;
+            }
+            //if account is domain admin
+            //check if the account's domain is either child of zone's domain, or if zone's
domain is child of account's domain
+            else if (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) {
+                if (account.getDomainId() == zone.getDomainId()) {
+                    return true; //zone and account at exact node
+                } else {
+                    Domain zoneDomainRecord = _domainDao.findById(zone.getDomainId());
+                    Domain accountDomainRecord = _domainDao.findById(account.getDomainId());
+                    if (accountDomainRecord != null) {
+                        Domain localRecord = accountDomainRecord;
+                        while (true) {
+                            if (localRecord.getId() == zone.getDomainId()) {
+                                //found as a child
+                                return true;
+                            }
+                            if (localRecord.getParent() != null) {
                                 localRecord = _domainDao.findById(localRecord.getParent());
                             } else {
                                 break;
                             }
-		    			}
-		    		}
-		    		//didn't find in upper tree
-		    		if(zoneDomainRecord.getPath().contains(accountDomainRecord.getPath())){
-		    			return true;
-		    		}
-				}
-				//not found
-				return false;
-			}
-		}
-		return false;
-	}
+                        }
+                    }
+                    //didn't find in upper tree
+                    if (zoneDomainRecord.getPath().contains(accountDomainRecord.getPath()))
{
+                        return true;
+                    }
+                }
+                //not found
+                return false;
+            }
+        }
+        return false;
+    }
 }


Mime
View raw message