cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mc...@apache.org
Subject [10/32] git commit: plugins: Check access based on roleType, remove unnecessary properties.in file
Date Fri, 11 Jan 2013 23:51:03 GMT
plugins: Check access based on roleType, remove unnecessary properties.in file

- Fix StaticRoleBasedAPIAccessChecker to check api access based on roletype
- Remove properties file which is not needed now for api discovery plugin

Signed-off-by: Rohit Yadav <bhaisaab@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/345c179e
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/345c179e
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/345c179e

Branch: refs/heads/api_limit
Commit: 345c179e77dce7ba471f6846fac785bd34bda294
Parents: 8f26e17
Author: Rohit Yadav <bhaisaab@apache.org>
Authored: Thu Jan 10 15:53:18 2013 -0800
Committer: Rohit Yadav <bhaisaab@apache.org>
Committed: Thu Jan 10 15:55:02 2013 -0800

----------------------------------------------------------------------
 .../api-discovery_commands.properties.in           |   23 ---
 .../acl/StaticRoleBasedAPIAccessChecker.java       |  138 +++++---------
 2 files changed, 49 insertions(+), 112 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/345c179e/client/tomcatconf/api-discovery_commands.properties.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/api-discovery_commands.properties.in b/client/tomcatconf/api-discovery_commands.properties.in
deleted file mode 100644
index 49ddfde..0000000
--- a/client/tomcatconf/api-discovery_commands.properties.in
+++ /dev/null
@@ -1,23 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-# bitmap of permissions at the end of each classname, 1 = ADMIN, 2 =
-# RESOURCE_DOMAIN_ADMIN, 4 = DOMAIN_ADMIN, 8 = USER
-# Please standardize naming conventions to camel-case (even for acronyms).
-
-# CloudStack API Discovery service command
-listApis=15

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/345c179e/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java
----------------------------------------------------------------------
diff --git a/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java
b/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java
index 43ca403..689540a 100644
--- a/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java
+++ b/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java
@@ -16,28 +16,23 @@
 // under the License.
 package org.apache.cloudstack.acl;
 
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.*;
+import com.cloud.exception.PermissionDeniedException;
+import com.cloud.server.ManagementServer;
+import com.cloud.utils.component.AdapterBase;
+import com.cloud.utils.component.ComponentLocator;
+import com.cloud.utils.component.PluggableService;
 
 import javax.ejb.Local;
 import javax.naming.ConfigurationException;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
 
-import org.apache.cloudstack.acl.APIAccessChecker;
-import org.apache.cloudstack.acl.RoleType;
 import static org.apache.cloudstack.acl.RoleType.*;
 import org.apache.log4j.Logger;
 
-import com.cloud.exception.PermissionDeniedException;
-import com.cloud.server.ManagementServer;
-import com.cloud.utils.PropertiesUtil;
-import com.cloud.utils.component.AdapterBase;
-import com.cloud.utils.component.ComponentLocator;
-import com.cloud.utils.component.PluggableService;
-
 // This is the default API access checker that grab's the user's account
 // based on the account type, access is granted
 @Local(value=APIAccessChecker.class)
@@ -60,35 +55,29 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements
APIA
     }
 
     @Override
-    public boolean canAccessAPI(RoleType roleType, String apiCommandName)
-            throws PermissionDeniedException{
-
-        boolean commandExists = s_allCommands.contains(apiCommandName);
-
-        if(commandExists) {
-            return isCommandAvailableForAccount(roleType, apiCommandName);
-        }
-
-        return commandExists;
-    }
-
-    private static boolean isCommandAvailableForAccount(RoleType roleType, String commandName)
{
-        boolean isCommandAvailable = false;
-        switch (roleType) {
-            case Admin:
-                isCommandAvailable = s_adminCommands.contains(commandName);
-                break;
-            case DomainAdmin:
-                isCommandAvailable = s_resellerCommands.contains(commandName);
-                break;
-            case ResourceAdmin:
-                isCommandAvailable = s_resourceDomainAdminCommands.contains(commandName);
-                break;
-            case User:
-                isCommandAvailable = s_userCommands.contains(commandName);
-                break;
+    public boolean canAccessAPI(RoleType roleType, String commandName)
+            throws PermissionDeniedException {
+
+        boolean commandExists = s_allCommands.contains(commandName);
+        boolean commandAccessible = false;
+
+        if (commandExists) {
+            switch (roleType) {
+                case Admin:
+                    commandAccessible = s_adminCommands.contains(commandName);
+                    break;
+                case DomainAdmin:
+                    commandAccessible = s_resellerCommands.contains(commandName);
+                    break;
+                case ResourceAdmin:
+                    commandAccessible = s_resourceDomainAdminCommands.contains(commandName);
+                    break;
+                case User:
+                    commandAccessible = s_userCommands.contains(commandName);
+                    break;
+            }
         }
-        return isCommandAvailable;
+        return commandExists && commandAccessible;
     }
 
     @Override
@@ -100,69 +89,40 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements
APIA
         List<PluggableService> services = locator.getAllPluggableServices();
         services.add((PluggableService) ComponentLocator.getComponent(ManagementServer.Name));
 
-        List<String> configFiles = new ArrayList<String>();
+        Map<String, String> configPropertiesMap = new HashMap<String, String>();
         for (PluggableService service : services) {
-            configFiles.addAll(Arrays.asList(service.getPropertiesFiles()));
+            configPropertiesMap.putAll(service.getProperties());
         }
 
-        processConfigFiles(configFiles);
+        processConfigFiles(configPropertiesMap);
         return true;
     }
 
-    private void processConfigFiles(List<String> configFiles) {
-        Properties preProcessedCommands = new Properties();
-
-        for (String configFile : configFiles) {
-            File commandsFile = PropertiesUtil.findConfigFile(configFile);
-            if (commandsFile != null) {
-                try {
-                    preProcessedCommands.load(new FileInputStream(commandsFile));
-                } catch (FileNotFoundException fnfex) {
-                    // in case of a file within a jar in classpath, try to open stream using
url
-                    InputStream stream = PropertiesUtil.openStreamFromURL(configFile);
-                    if (stream != null) {
-                        try {
-                            preProcessedCommands.load(stream);
-                        } catch (IOException e) {
-                            s_logger.error("IO Exception, unable to find properties file:",
fnfex);
-                        }
-                    } else {
-                        s_logger.error("Unable to find properites file", fnfex);
-                    }
-                } catch (IOException ioe) {
-                    s_logger.error("IO Exception loading properties file", ioe);
-                }
-            }
-        }
-
-        for (Object key : preProcessedCommands.keySet()) {
-            String preProcessedCommand = preProcessedCommands.getProperty((String) key);
-            int splitIndex = preProcessedCommand.lastIndexOf(";");
-            // Backward compatible to old style, apiname=pkg;mask
-            String mask = preProcessedCommand.substring(splitIndex+1);
-
+    private void processConfigFiles(Map<String, String> config) {
+        for (Map.Entry<String, String> entry: config.entrySet()) {
+            String apiName = entry.getKey();
+            String roleMask = entry.getValue();
             try {
-                short cmdPermissions = Short.parseShort(mask);
+                short cmdPermissions = Short.parseShort(roleMask);
                 if ((cmdPermissions & Admin.getValue()) != 0) {
-                    s_adminCommands.add((String) key);
+                    s_adminCommands.add(apiName);
                 }
                 if ((cmdPermissions & ResourceAdmin.getValue()) != 0) {
-                    s_resourceDomainAdminCommands.add((String) key);
+                    s_resourceDomainAdminCommands.add(apiName);
                 }
                 if ((cmdPermissions & DomainAdmin.getValue()) != 0) {
-                    s_resellerCommands.add((String) key);
+                    s_resellerCommands.add(apiName);
                 }
                 if ((cmdPermissions & User.getValue()) != 0) {
-                    s_userCommands.add((String) key);
+                    s_userCommands.add(apiName);
                 }
-                s_allCommands.addAll(s_adminCommands);
-                s_allCommands.addAll(s_resourceDomainAdminCommands);
-                s_allCommands.addAll(s_userCommands);
-                s_allCommands.addAll(s_resellerCommands);
             } catch (NumberFormatException nfe) {
-                s_logger.info("Malformed command.properties permissions value, key = " +
key + ", value = " + preProcessedCommand);
+                s_logger.info("Malformed commands.properties permissions value, for entry:
" + entry.toString());
             }
         }
+        s_allCommands.addAll(s_adminCommands);
+        s_allCommands.addAll(s_resourceDomainAdminCommands);
+        s_allCommands.addAll(s_userCommands);
+        s_allCommands.addAll(s_resellerCommands);
     }
-
 }


Mime
View raw message