cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mc...@apache.org
Subject [25/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Date Thu, 13 Mar 2014 23:55:18 GMT
Adding Operate access check at service layer, since we are not checking access on the command
parameter here


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/a837ac88
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/a837ac88
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/a837ac88

Branch: refs/heads/master
Commit: a837ac8873d8ad4e8300be747cd9dc02549fc415
Parents: e5d7226
Author: Prachi Damle <prachi@cloud.com>
Authored: Mon Mar 3 13:34:26 2014 -0800
Committer: Prachi Damle <prachi@cloud.com>
Committed: Mon Mar 3 13:35:19 2014 -0800

----------------------------------------------------------------------
 .../command/user/securitygroup/RevokeSecurityGroupEgressCmd.java  | 3 ---
 .../src/com/cloud/network/security/SecurityGroupManagerImpl.java  | 3 ++-
 2 files changed, 2 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a837ac88/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java
b/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java
index 0f74784..a93bee5 100644
--- a/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/user/securitygroup/RevokeSecurityGroupEgressCmd.java
@@ -19,8 +19,6 @@ package org.apache.cloudstack.api.command.user.securitygroup;
 import org.apache.log4j.Logger;
 
 import org.apache.cloudstack.acl.IAMEntityType;
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.api.ACL;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiCommandJobType;
 import org.apache.cloudstack.api.ApiConstants;
@@ -47,7 +45,6 @@ public class RevokeSecurityGroupEgressCmd extends BaseAsyncCmd {
     // ////////////// API parameters /////////////////////
     // ///////////////////////////////////////////////////
 
-    @ACL(accessType = AccessType.OperateEntry, pointerToEntity = "securityGroupId")
     @Parameter(name = ApiConstants.ID, type = CommandType.UUID, required = true, description
= "The ID of the egress rule", entityType=SecurityGroupRuleResponse.class)
     private Long id;
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a837ac88/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
index d5f9405..cf71b25 100755
--- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
+++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
@@ -43,6 +43,7 @@ import javax.naming.ConfigurationException;
 import org.apache.commons.codec.digest.DigestUtils;
 import org.apache.log4j.Logger;
 
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
 import org.apache.cloudstack.api.command.user.securitygroup.AuthorizeSecurityGroupEgressCmd;
 import org.apache.cloudstack.api.command.user.securitygroup.AuthorizeSecurityGroupIngressCmd;
 import org.apache.cloudstack.api.command.user.securitygroup.CreateSecurityGroupCmd;
@@ -812,7 +813,7 @@ public class SecurityGroupManagerImpl extends ManagerBase implements SecurityGro
 
         // Check permissions
         SecurityGroup securityGroup = _securityGroupDao.findById(rule.getSecurityGroupId());
-        _accountMgr.checkAccess(caller, null, true, securityGroup);
+        _accountMgr.checkAccess(caller, AccessType.OperateEntry, true, securityGroup);
 
         return Transaction.execute(new TransactionCallback<Boolean>() {
             @Override


Mime
View raw message