cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From prachida...@apache.org
Subject git commit: updated refs/heads/rbac to bb27192
Date Wed, 02 Oct 2013 01:13:15 GMT
Updated Branches:
  refs/heads/rbac 5583506c0 -> bb271926f


WIP AccessChecker plugin


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/bb271926
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/bb271926
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/bb271926

Branch: refs/heads/rbac
Commit: bb271926fb6193a61015c80d434644855c99637b
Parents: 5583506
Author: Prachi Damle <prachi@cloud.com>
Authored: Tue Oct 1 18:11:30 2013 -0700
Committer: Prachi Damle <prachi@cloud.com>
Committed: Tue Oct 1 18:11:30 2013 -0700

----------------------------------------------------------------------
 api/src/org/apache/cloudstack/acl/AclService.java    |  7 +++++--
 plugins/pom.xml                                      |  1 +
 server/src/com/cloud/user/AccountManagerImpl.java    |  8 +++-----
 .../org/apache/cloudstack/acl/AclServiceImpl.java    | 15 +++++++++++++--
 4 files changed, 22 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bb271926/api/src/org/apache/cloudstack/acl/AclService.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/AclService.java b/api/src/org/apache/cloudstack/acl/AclService.java
index e01c3b6..0866b2f 100644
--- a/api/src/org/apache/cloudstack/acl/AclService.java
+++ b/api/src/org/apache/cloudstack/acl/AclService.java
@@ -40,9 +40,9 @@ public interface AclService {
      */
     boolean deleteAclRole(long aclRoleId);
 
-    AclRole grantPermissionToAclRole(long aclRoleId, List<String> apiNames);
+    AclRole grantApiPermissionToAclRole(long aclRoleId, List<String> apiNames);
 
-    AclRole revokePermissionFromAclRole(long aclRoleId, List<String> apiNames);
+    AclRole revokeApiPermissionFromAclRole(long aclRoleId, List<String> apiNames);
 
     AclGroup addAclRolesToGroup(List<Long> roleIds, Long groupId);
 
@@ -74,5 +74,8 @@ public interface AclService {
      */
     boolean deleteAclGroup(Long aclGroupId);
 
+    List<AclRole> getAclRoles(long accountId);
+
+    boolean isAPIAccessibleForRoles(String apiName, List<AclRole> roles);
 
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bb271926/plugins/pom.xml
----------------------------------------------------------------------
diff --git a/plugins/pom.xml b/plugins/pom.xml
index 0812642..a218bde 100755
--- a/plugins/pom.xml
+++ b/plugins/pom.xml
@@ -62,6 +62,7 @@
     <module>alert-handlers/snmp-alerts</module>
     <module>alert-handlers/syslog-alerts</module>
     <module>network-elements/internal-loadbalancer</module>
+	<module>acl/role-based-access-checkers</module>
   </modules>
 
   <dependencies>

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bb271926/server/src/com/cloud/user/AccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
index cb0a65f..270ab79 100755
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -353,11 +353,9 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager,
M
 
     @Override
     public boolean isRootAdmin(long accountId) {
-        // refer to account_group_map and check if account is in Root 'Admin'
-        // group
-        
-        AclGroupAccountMapVO adminGroupMember = _aclGroupAccountDao.findAccountInAdminGroup(accountId);
-        if (adminGroupMember != null) {
+        // refer to account_group_map and check if account is in Root 'Admin' group
+        AclGroupAccountMapVO rootAdminGroupMember = _aclGroupAccountDao.findAccountInAdminGroup(accountId);
+        if (rootAdminGroupMember != null) {
             return true;
         }
         return false;

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/bb271926/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
index 1e5ad15..c8fc54c 100644
--- a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
+++ b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
@@ -165,7 +165,7 @@ public class AclServiceImpl extends ManagerBase implements AclService,
Manager {
     @DB
     @Override
     @ActionEvent(eventType = EventTypes.EVENT_ACL_ROLE_GRANT, eventDescription = "Granting
permission to Acl Role")
-    public AclRole grantPermissionToAclRole(long aclRoleId, List<String> apiNames)
{
+    public AclRole grantApiPermissionToAclRole(long aclRoleId, List<String> apiNames)
{
         Account caller = CallContext.current().getCallingAccount();
         // get the Acl Role entity
         AclRole role = _aclRoleDao.findById(aclRoleId);
@@ -195,7 +195,7 @@ public class AclServiceImpl extends ManagerBase implements AclService,
Manager {
     @DB
     @Override
     @ActionEvent(eventType = EventTypes.EVENT_ACL_ROLE_REVOKE, eventDescription = "Revoking
permission from Acl Role")
-    public AclRole revokePermissionFromAclRole(long aclRoleId, List<String> apiNames)
{
+    public AclRole revokeApiPermissionFromAclRole(long aclRoleId, List<String> apiNames)
{
         Account caller = CallContext.current().getCallingAccount();
         // get the Acl Role entity
         AclRole role = _aclRoleDao.findById(aclRoleId);
@@ -505,5 +505,16 @@ public class AclServiceImpl extends ManagerBase implements AclService,
Manager {
         return true;
     }
 
+    @Override
+    public List<AclRole> getAclRoles(long accountId) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public boolean isAPIAccessibleForRoles(String apiName, List<AclRole> roles) {
+        // TODO Auto-generated method stub
+        return false;
+    }
 
 }


Mime
View raw message