cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From prachida...@apache.org
Subject git commit: updated refs/heads/rbac to b444136
Date Sat, 18 Jan 2014 00:56:20 GMT
Updated Branches:
  refs/heads/rbac 0ce176c0d -> b44413616


Adding the correct policyIds for the command permission loading


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/b4441361
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/b4441361
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/b4441361

Branch: refs/heads/rbac
Commit: b444136166066afa3a118f0d7ead6550e971446e
Parents: 0ce176c
Author: Prachi Damle <prachi@cloud.com>
Authored: Fri Jan 17 16:55:32 2014 -0800
Committer: Prachi Damle <prachi@cloud.com>
Committed: Fri Jan 17 16:55:32 2014 -0800

----------------------------------------------------------------------
 .../acl/RoleBasedAPIAccessChecker.java          | 31 ++++++++++++++++++--
 1 file changed, 28 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b4441361/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java
b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java
index c81c31a..11110b2 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java
@@ -105,7 +105,8 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements
APIChecker
         // commands.properties.
 
         for (RoleType role : RoleType.values()) {
-            _iamSrv.resetAclPolicy(role.ordinal() + 1);
+            Long policyId = getDefaultPolicyId(role);
+            _iamSrv.resetAclPolicy(policyId);
          }
 
         for (PluggableService service : _services) {
@@ -135,6 +136,29 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements
APIChecker
         return super.start();
      }
 
+    private Long getDefaultPolicyId(RoleType role) {
+        Long policyId = null;
+        switch (role) {
+        case User:
+            policyId = new Long(Account.ACCOUNT_TYPE_NORMAL + 1);
+            break;
+
+        case Admin:
+            policyId = new Long(Account.ACCOUNT_TYPE_ADMIN + 1);
+            break;
+
+        case DomainAdmin:
+            policyId = new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1);
+            break;
+
+        case ResourceAdmin:
+            policyId = new Long(Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN + 1);
+            break;
+        }
+
+        return policyId;
+    }
+
     private void processMapping(Map<String, String> configMap) {
         for (Map.Entry<String, String> entry : configMap.entrySet()) {
             String apiName = entry.getKey();
@@ -182,6 +206,7 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements
APIChecker
         }
 
         PermissionScope permissionScope = PermissionScope.ACCOUNT;
+        Long policyId = getDefaultPolicyId(role);
         switch (role) {
         case User:
             permissionScope = PermissionScope.ACCOUNT;
@@ -202,11 +227,11 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements
APIChecker
 
 
         if (entityTypes == null || entityTypes.length == 0) {
-            _iamSrv.addAclPermissionToAclPolicy(new Long(role.ordinal()) + 1, null, permissionScope.toString(),
new Long(-1),
+            _iamSrv.addAclPermissionToAclPolicy(policyId, null, permissionScope.toString(),
new Long(-1),
                     apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow);
         } else {
             for (AclEntityType entityType : entityTypes) {
-                _iamSrv.addAclPermissionToAclPolicy(new Long(role.ordinal()) + 1, entityType.toString(),
permissionScope.toString(), new Long(-1),
+                _iamSrv.addAclPermissionToAclPolicy(policyId, entityType.toString(), permissionScope.toString(),
new Long(-1),
                         apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow);
             }
          }


Mime
View raw message