Return-Path: X-Original-To: apmail-cloudstack-commits-archive@www.apache.org Delivered-To: apmail-cloudstack-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 55946102AE for ; Mon, 6 Jan 2014 21:27:50 +0000 (UTC) Received: (qmail 82063 invoked by uid 500); 6 Jan 2014 21:27:50 -0000 Delivered-To: apmail-cloudstack-commits-archive@cloudstack.apache.org Received: (qmail 82038 invoked by uid 500); 6 Jan 2014 21:27:50 -0000 Mailing-List: contact commits-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list commits@cloudstack.apache.org Received: (qmail 82029 invoked by uid 99); 6 Jan 2014 21:27:50 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 06 Jan 2014 21:27:50 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id E6623882D7C; Mon, 6 Jan 2014 21:27:49 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: mchen@apache.org To: commits@cloudstack.apache.org Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: git commit: updated refs/heads/rbac to 7114d49 Date: Mon, 6 Jan 2014 21:27:49 +0000 (UTC) Updated Branches: refs/heads/rbac e02e19a6f -> 7114d49c1 Some cleanup on AclApiService and remove array copy in some implementations of IAMServiceImpl Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/7114d49c Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/7114d49c Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/7114d49c Branch: refs/heads/rbac Commit: 7114d49c14989b82ad2232adc3e9c38806d5706a Parents: e02e19a Author: Min Chen Authored: Mon Jan 6 13:27:29 2014 -0800 Committer: Min Chen Committed: Mon Jan 6 13:27:29 2014 -0800 ---------------------------------------------------------------------- .../acl/RoleBasedEntityAccessChecker.java | 19 +++++-- .../cloudstack/acl/api/AclApiService.java | 3 -- .../cloudstack/acl/api/AclApiServiceImpl.java | 16 ------ .../cloudstack/iam/server/IAMServiceImpl.java | 56 +++++++++++--------- 4 files changed, 47 insertions(+), 47 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7114d49c/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java ---------------------------------------------------------------------- diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java index e180000..040a3e5 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java +++ b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java @@ -24,7 +24,6 @@ import javax.inject.Inject; import org.apache.log4j.Logger; -import org.apache.cloudstack.acl.api.AclApiService; import org.apache.cloudstack.iam.api.AclPolicy; import org.apache.cloudstack.iam.api.AclPolicyPermission; import org.apache.cloudstack.iam.api.IAMService; @@ -41,8 +40,6 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur @Inject AccountService _accountService; - @Inject - AclApiService _aclService; @Inject DomainDao _domainDao; @@ -67,7 +64,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur } // get all Policies of this caller w.r.t the entity - List policies = _aclService.getEffectivePolicies(caller, entity); + List policies = getEffectivePolicies(caller, entity); HashMap policyPermissionMap = new HashMap(); for (AclPolicy policy : policies) { @@ -120,4 +117,18 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur return false; } + + private List getEffectivePolicies(Account caller, ControlledEntity entity) { + + // Get the static Policies of the Caller + List policies = _iamSrv.listAclPolicies(caller.getId()); + + // add any dynamic policies w.r.t the entity + if (caller.getId() == entity.getAccountId()) { + // The caller owns the entity + policies.add(_iamSrv.getResourceOwnerPolicy()); + } + + return policies; + } } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7114d49c/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java ---------------------------------------------------------------------- diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java index 12ecf8b..3d7bb3c 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java +++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java @@ -18,7 +18,6 @@ package org.apache.cloudstack.acl.api; import java.util.List; -import org.apache.cloudstack.acl.ControlledEntity; import org.apache.cloudstack.acl.PermissionScope; import org.apache.cloudstack.acl.api.response.AclGroupResponse; import org.apache.cloudstack.acl.api.response.AclPolicyResponse; @@ -60,8 +59,6 @@ public interface AclApiService { AclPolicyPermission getAclPolicyPermission(long accountId, String entityType, String action); - List getEffectivePolicies(Account caller, ControlledEntity entity); - /* Response Generation */ AclPolicyResponse createAclPolicyResponse(AclPolicy policy); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7114d49c/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java ---------------------------------------------------------------------- diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java index b117d0c..3fca5d5 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java +++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java @@ -25,7 +25,6 @@ import javax.inject.Inject; import org.apache.log4j.Logger; import org.apache.cloudstack.acl.AclEntityType; -import org.apache.cloudstack.acl.ControlledEntity; import org.apache.cloudstack.acl.PermissionScope; import org.apache.cloudstack.acl.SecurityChecker.AccessType; import org.apache.cloudstack.acl.api.response.AclGroupResponse; @@ -192,21 +191,6 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man @Override - public List getEffectivePolicies(Account caller, ControlledEntity entity) { - - // Get the static Policies of the Caller - List policies = _iamSrv.listAclPolicies(caller.getId()); - - // add any dynamic policies w.r.t the entity - if (caller.getId() == entity.getAccountId()) { - // The caller owns the entity - policies.add(_iamSrv.getResourceOwnerPolicy()); - } - - return policies; - } - - @Override public AclPolicyResponse createAclPolicyResponse(AclPolicy policy) { AclPolicyResponse response = new AclPolicyResponse(); response.setId(policy.getUuid()); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7114d49c/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java ---------------------------------------------------------------------- diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java index e6fcdcd..98a0793 100644 --- a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java +++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java @@ -131,6 +131,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { return true; } + @SuppressWarnings("unchecked") @Override public List listAclGroups(long accountId) { @@ -145,9 +146,9 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { sb.and("ids", sb.entity().getId(), Op.IN); SearchCriteria sc = sb.create(); sc.setParameters("ids", groupIds.toArray(new Object[groupIds.size()])); - List groups = _aclGroupDao.search(sc, null); - - return new ArrayList(groups); + @SuppressWarnings("rawtypes") + List groups = _aclGroupDao.search(sc, null); + return groups; } @DB @@ -324,6 +325,7 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { } + @SuppressWarnings("unchecked") @Override public List listAclPolicies(long accountId) { @@ -345,11 +347,13 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { sb.and("ids", sb.entity().getId(), Op.IN); SearchCriteria sc = sb.create(); sc.setParameters("ids", policyIds.toArray(new Object[policyIds.size()])); - List policies = _aclPolicyDao.customSearch(sc, null); + @SuppressWarnings("rawtypes") + List policies = _aclPolicyDao.customSearch(sc, null); + return policies; - return new ArrayList(policies); } + @SuppressWarnings("unchecked") @Override public List listAclPoliciesByGroup(long groupId) { List policyGrpMap = _aclGroupPolicyMapDao.listByGroupId(groupId); @@ -366,11 +370,13 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { sb.and("ids", sb.entity().getId(), Op.IN); SearchCriteria sc = sb.create(); sc.setParameters("ids", policyIds.toArray(new Object[policyIds.size()])); - List policies = _aclPolicyDao.customSearch(sc, null); + @SuppressWarnings("rawtypes") + List policies = _aclPolicyDao.customSearch(sc, null); - return new ArrayList(policies); + return policies; } + @SuppressWarnings("unchecked") @Override public Pair, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize) { @@ -401,7 +407,9 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { sc.setParameters("path", path + "%"); Pair, Integer> policies = _aclPolicyDao.searchAndCount(sc, searchFilter); - return new Pair, Integer>(new ArrayList(policies.first()), policies.second()); + @SuppressWarnings("rawtypes") + List policyList = policies.first(); + return new Pair, Integer>(policyList, policies.second()); } @DB @@ -649,35 +657,35 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { } @Override + @SuppressWarnings("unchecked") public List listPolicyPermissions(long policyId) { - List pp = _policyPermissionDao.listByPolicy(policyId); - List pl = new ArrayList(); - pl.addAll(pp); - return pl; + @SuppressWarnings("rawtypes") + List pp = _policyPermissionDao.listByPolicy(policyId); + return pp; } + @SuppressWarnings("unchecked") @Override public List listPolicyPermissionsByScope(long policyId, String action, String scope) { - List pp = _policyPermissionDao.listGrantedByActionAndScope(policyId, action, scope); - List pl = new ArrayList(); - pl.addAll(pp); - return pl; + @SuppressWarnings("rawtypes") + List pp = _policyPermissionDao.listGrantedByActionAndScope(policyId, action, scope); + return pp; } + @SuppressWarnings("unchecked") @Override public List listPolicyPermissionByEntityType(long policyId, String action, String entityType) { - List pp = _policyPermissionDao.listByPolicyActionAndEntity(policyId, action, entityType); - List pl = new ArrayList(); - pl.addAll(pp); - return pl; + @SuppressWarnings("rawtypes") + List pp = _policyPermissionDao.listByPolicyActionAndEntity(policyId, action, entityType); + return pp; } + @SuppressWarnings("unchecked") @Override public List listPolicyPermissionByAccessType(long policyId, String accessType, String entityType, String action) { - List pp = _policyPermissionDao.listByPolicyAccessAndEntity(policyId, accessType, entityType, action); - List pl = new ArrayList(); - pl.addAll(pp); - return pl; + @SuppressWarnings("rawtypes") + List pp = _policyPermissionDao.listByPolicyAccessAndEntity(policyId, accessType, entityType, action); + return pp; } @Override