Return-Path: 
 <cloudstack-commits-return-8384-apmail-incubator-cloudstack-commits-archive=incubator.apache.org@incubator.apache.org>
X-Original-To: apmail-incubator-cloudstack-commits-archive@minotaur.apache.org
Delivered-To: apmail-incubator-cloudstack-commits-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 62384D4F0
	for <apmail-incubator-cloudstack-commits-archive@minotaur.apache.org>;
 Tue, 15 Jan 2013 23:55:12 +0000 (UTC)
Received: (qmail 13219 invoked by uid 500); 15 Jan 2013 23:55:11 -0000
Delivered-To: apmail-incubator-cloudstack-commits-archive@incubator.apache.org
Received: (qmail 13086 invoked by uid 500); 15 Jan 2013 23:55:10 -0000
Mailing-List: contact cloudstack-commits-help@incubator.apache.org;
 run by ezmlm
Precedence: bulk
List-Help: <mailto:cloudstack-commits-help@incubator.apache.org>
List-Unsubscribe: <mailto:cloudstack-commits-unsubscribe@incubator.apache.org>
List-Post: <mailto:cloudstack-commits@incubator.apache.org>
List-Id: <cloudstack-commits.incubator.apache.org>
Reply-To: cloudstack-dev@incubator.apache.org
Delivered-To: mailing list cloudstack-commits@incubator.apache.org
Received: (qmail 12923 invoked by uid 99); 15 Jan 2013 23:55:10 -0000
Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org)
 (140.211.11.114)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 15 Jan 2013 23:55:10 +0000
Received: by tyr.zones.apache.org (Postfix, from userid 65534)
	id 674A81F118; Tue, 15 Jan 2013 23:55:10 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: mchen@apache.org
To: cloudstack-commits@incubator.apache.org
X-Mailer: ASF-Git Admin Mailer
Subject: [42/43] git commit: We need to catch PermissionDeniedException in
 checking if command is available to an user.
Message-Id: <20130115235510.674A81F118@tyr.zones.apache.org>
Date: Tue, 15 Jan 2013 23:55:10 +0000 (UTC)

We need to catch PermissionDeniedException in checking if command is
available to an user.


Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/7f1486e2
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/7f1486e2
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/7f1486e2

Branch: refs/heads/api_limit
Commit: 7f1486e2dc9f612af94901ab8804e24c48b8122b
Parents: a6b9027
Author: Min Chen <min.chen@citrix.com>
Authored: Tue Jan 15 11:40:49 2013 -0800
Committer: Min Chen <min.chen@citrix.com>
Committed: Tue Jan 15 11:43:59 2013 -0800

----------------------------------------------------------------------
 server/src/com/cloud/api/ApiServer.java |   13 +++++++++----
 1 files changed, 9 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/7f1486e2/server/src/com/cloud/api/ApiServer.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java
index 4d60215..e106f03 100755
--- a/server/src/com/cloud/api/ApiServer.java
+++ b/server/src/com/cloud/api/ApiServer.java
@@ -549,7 +549,10 @@ public class ApiServer implements HttpRequestHandler {
             // if userId not null, that mean that user is logged in
             if (userId != null) {
             	User user = ApiDBUtils.findUserById(userId);
-                if (!isCommandAvailable(user, commandName)) {
+            	try{
+            	    checkCommandAvailable(user, commandName);
+            	}
+            	catch (PermissionDeniedException ex){
                     s_logger.debug("The given command:" + commandName + " does not exist or it is not available for user with id:" + userId);
                     throw new ServerApiException(BaseCmd.UNSUPPORTED_ACTION_ERROR, "The given command does not exist or it is not available for user");
                 }
@@ -649,7 +652,10 @@ public class ApiServer implements HttpRequestHandler {
 
             UserContext.updateContext(user.getId(), account, null);
 
-            if (!isCommandAvailable(user, commandName)) {
+            try{
+                checkCommandAvailable(user, commandName);
+            }
+            catch (PermissionDeniedException ex){
                 s_logger.debug("The given command:" + commandName + " does not exist or it is not available for user");
                 throw new ServerApiException(BaseCmd.UNSUPPORTED_ACTION_ERROR, "The given command:" + commandName + " does not exist or it is not available for user with id:" + userId);
             }
@@ -780,7 +786,7 @@ public class ApiServer implements HttpRequestHandler {
         return true;
     }
 
-    private boolean isCommandAvailable(User user, String commandName) throws PermissionDeniedException {
+    private void checkCommandAvailable(User user, String commandName) throws PermissionDeniedException {
         if (user == null) {
             throw new PermissionDeniedException("User is null for role based API access check for command" + commandName);
         }
@@ -788,7 +794,6 @@ public class ApiServer implements HttpRequestHandler {
         for (APIChecker apiChecker : _apiAccessCheckers) {
             apiChecker.checkAccess(user, commandName);
         }
-        return true;
     }
 
     private Class<?> getCmdClass(String cmdName) {