cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mc...@apache.org
Subject [44/50] [abbrv] git commit: updated refs/heads/master to 8ff9460
Date Thu, 13 Mar 2014 23:55:37 GMT
After merge, fix isRootAdmin() calls to use accountId instead of type


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/d9696b26
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/d9696b26
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/d9696b26

Branch: refs/heads/master
Commit: d9696b26e101af6596b60bc3d22b01acf9e88677
Parents: 99bdc8d
Author: Prachi Damle <prachi@cloud.com>
Authored: Thu Mar 13 13:27:04 2014 -0700
Committer: Prachi Damle <prachi@cloud.com>
Committed: Thu Mar 13 13:28:40 2014 -0700

----------------------------------------------------------------------
 api/src/com/cloud/user/AccountService.java      |  4 +-
 .../com/cloud/api/query/QueryManagerImpl.java   |  2 +-
 .../deploy/DeploymentPlanningManagerImpl.java   |  2 +-
 .../com/cloud/network/NetworkServiceImpl.java   |  2 +-
 .../com/cloud/storage/VolumeApiServiceImpl.java |  2 +-
 .../src/com/cloud/user/AccountManagerImpl.java  | 45 +++++++++++---------
 .../com/cloud/uuididentity/UUIDManagerImpl.java |  2 +-
 .../com/cloud/user/MockAccountManagerImpl.java  |  5 ++-
 .../iam/RoleBasedEntityAccessChecker.java       |  3 ++
 9 files changed, 37 insertions(+), 30 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9696b26/api/src/com/cloud/user/AccountService.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/user/AccountService.java b/api/src/com/cloud/user/AccountService.java
index 85c71ca..7e37b38 100755
--- a/api/src/com/cloud/user/AccountService.java
+++ b/api/src/com/cloud/user/AccountService.java
@@ -88,9 +88,9 @@ public interface AccountService {
 
     User getUserIncludingRemoved(long userId);
 
-    boolean isRootAdmin(long accountId);
+    boolean isRootAdmin(Long accountId);
 
-    boolean isDomainAdmin(long accountId);
+    boolean isDomainAdmin(Long accountId);
 
     boolean isNormalUser(long accountId);
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9696b26/server/src/com/cloud/api/query/QueryManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/QueryManagerImpl.java b/server/src/com/cloud/api/query/QueryManagerImpl.java
index 0554e3a..b932d42 100644
--- a/server/src/com/cloud/api/query/QueryManagerImpl.java
+++ b/server/src/com/cloud/api/query/QueryManagerImpl.java
@@ -520,7 +520,7 @@ public class QueryManagerImpl extends ManagerBase implements QueryService
{
         _accountMgr.buildACLViewSearchCriteria(sc, aclSc, isRecursive, permittedDomains,
permittedAccounts, permittedResources, listProjectResourcesCriteria);
 
         // For end users display only enabled events
-        if(!_accountMgr.isRootAdmin(caller.getType())){
+        if (!_accountMgr.isRootAdmin(caller.getId())) {
             sc.setParameters("displayEvent", true);
         }
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9696b26/server/src/com/cloud/deploy/DeploymentPlanningManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/deploy/DeploymentPlanningManagerImpl.java b/server/src/com/cloud/deploy/DeploymentPlanningManagerImpl.java
index 74c141e..c1f336c 100644
--- a/server/src/com/cloud/deploy/DeploymentPlanningManagerImpl.java
+++ b/server/src/com/cloud/deploy/DeploymentPlanningManagerImpl.java
@@ -508,7 +508,7 @@ public class DeploymentPlanningManagerImpl extends ManagerBase implements
Deploy
 
         // check if zone is dedicated. if yes check if vm owner has acess to it.
         DedicatedResourceVO dedicatedZone = _dedicatedDao.findByZoneId(dc.getId());
-        if (dedicatedZone != null && !_accountMgr.isRootAdmin(vmProfile.getOwner().getType()))
{
+        if (dedicatedZone != null && !_accountMgr.isRootAdmin(vmProfile.getOwner().getId()))
{
             long accountDomainId = vmProfile.getOwner().getDomainId();
             long accountId = vmProfile.getOwner().getAccountId();
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9696b26/server/src/com/cloud/network/NetworkServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/network/NetworkServiceImpl.java b/server/src/com/cloud/network/NetworkServiceImpl.java
index be95a36..9185d84 100755
--- a/server/src/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/com/cloud/network/NetworkServiceImpl.java
@@ -1805,7 +1805,7 @@ public class NetworkServiceImpl extends ManagerBase implements  NetworkService
{
         // Perform permission check
         _accountMgr.checkAccess(caller, null, true, network);
 
-        if (forced && !_accountMgr.isRootAdmin(caller.getType())) {
+        if (forced && !_accountMgr.isRootAdmin(caller.getId())) {
             throw new InvalidParameterValueException("Delete network with 'forced' option
can only be called by root admins");
         }
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9696b26/server/src/com/cloud/storage/VolumeApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/storage/VolumeApiServiceImpl.java b/server/src/com/cloud/storage/VolumeApiServiceImpl.java
index 5ce07f0..30b5479 100644
--- a/server/src/com/cloud/storage/VolumeApiServiceImpl.java
+++ b/server/src/com/cloud/storage/VolumeApiServiceImpl.java
@@ -386,7 +386,7 @@ public class VolumeApiServiceImpl extends ManagerBase implements VolumeApiServic
         if (displayVolume == null) {
             displayVolume = true;
         } else {
-            if (!_accountMgr.isRootAdmin(caller.getType())) {
+            if (!_accountMgr.isRootAdmin(caller.getId())) {
                 throw new PermissionDeniedException("Cannot update parameter displayvolume,
only admin permitted ");
             }
         }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9696b26/server/src/com/cloud/user/AccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
index 04d3e23..1b68b0c 100755
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -366,37 +366,40 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager,
M
     }
 
     @Override
-    public boolean isRootAdmin(long accountId) {
-        AccountVO acct = _accountDao.findById(accountId);
-        for (SecurityChecker checker : _securityCheckers) {
-            try {
-                if (checker.checkAccess(acct, null, null, "SystemCapability")) {
-                    if (s_logger.isDebugEnabled()) {
-                        s_logger.debug("Root Access granted to " + acct + " by " + checker.getName());
+    public boolean isRootAdmin(Long accountId) {
+        if (accountId != null) {
+            AccountVO acct = _accountDao.findById(accountId);
+            for (SecurityChecker checker : _securityCheckers) {
+                try {
+                    if (checker.checkAccess(acct, null, null, "SystemCapability")) {
+                        if (s_logger.isDebugEnabled()) {
+                            s_logger.debug("Root Access granted to " + acct + " by " + checker.getName());
+                        }
+                        return true;
                     }
-                    return true;
+                } catch (PermissionDeniedException ex) {
+                    return false;
                 }
-            } catch (PermissionDeniedException ex) {
-                return false;
             }
         }
-
         return false;
     }
 
     @Override
-    public boolean isDomainAdmin(long accountId) {
-        AccountVO acct = _accountDao.findById(accountId);
-        for (SecurityChecker checker : _securityCheckers) {
-            try {
-                if (checker.checkAccess(acct, null, null, "DomainCapability")) {
-                    if (s_logger.isDebugEnabled()) {
-                        s_logger.debug("Root Access granted to " + acct + " by " + checker.getName());
+    public boolean isDomainAdmin(Long accountId) {
+        if (accountId != null) {
+            AccountVO acct = _accountDao.findById(accountId);
+            for (SecurityChecker checker : _securityCheckers) {
+                try {
+                    if (checker.checkAccess(acct, null, null, "DomainCapability")) {
+                        if (s_logger.isDebugEnabled()) {
+                            s_logger.debug("Root Access granted to " + acct + " by " + checker.getName());
+                        }
+                        return true;
                     }
-                    return true;
+                } catch (PermissionDeniedException ex) {
+                    return false;
                 }
-            } catch (PermissionDeniedException ex) {
-                return false;
             }
         }
         return false;

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9696b26/server/src/com/cloud/uuididentity/UUIDManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/uuididentity/UUIDManagerImpl.java b/server/src/com/cloud/uuididentity/UUIDManagerImpl.java
index c514746..a1d1452 100644
--- a/server/src/com/cloud/uuididentity/UUIDManagerImpl.java
+++ b/server/src/com/cloud/uuididentity/UUIDManagerImpl.java
@@ -50,7 +50,7 @@ public class UUIDManagerImpl implements UUIDManager {
         Account caller = CallContext.current().getCallingAccount();
 
         // Only admin and system allowed to do this
-        if (!(caller.getId() == Account.ACCOUNT_ID_SYSTEM || _accountMgr.isRootAdmin(caller.getType())))
{
+        if (!(caller.getId() == Account.ACCOUNT_ID_SYSTEM || _accountMgr.isRootAdmin(caller.getId())))
{
             throw new PermissionDeniedException("Please check your permissions, you are not
allowed to create/update custom id");
         }
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9696b26/server/test/com/cloud/user/MockAccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/test/com/cloud/user/MockAccountManagerImpl.java b/server/test/com/cloud/user/MockAccountManagerImpl.java
index b411b18..f373cba 100644
--- a/server/test/com/cloud/user/MockAccountManagerImpl.java
+++ b/server/test/com/cloud/user/MockAccountManagerImpl.java
@@ -162,7 +162,7 @@ public class MockAccountManagerImpl extends ManagerBase implements Manager,
Acco
     }
 
     @Override
-    public boolean isRootAdmin(long accountId) {
+    public boolean isRootAdmin(Long accountId) {
         // TODO Auto-generated method stub
         return false;
     }
@@ -298,7 +298,7 @@ public class MockAccountManagerImpl extends ManagerBase implements Manager,
Acco
     }
 
     @Override
-    public boolean isDomainAdmin(long accountId) {
+    public boolean isDomainAdmin(Long accountId) {
         // TODO Auto-generated method stub
         return false;
     }
@@ -356,4 +356,5 @@ public class MockAccountManagerImpl extends ManagerBase implements Manager,
Acco
         return null;
     }
 
+
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9696b26/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
index 02bb702..3fe854a 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
@@ -63,6 +63,9 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements
Secur
     public boolean checkAccess(Account caller, ControlledEntity entity, AccessType accessType,
String action)
             throws PermissionDeniedException {
 
+        if (caller == null) {
+            throw new InvalidParameterValueException("Caller cannot be passed as NULL to
IAM!");
+        }
         if (entity == null && action != null) {
             // check if caller can do this action
             List<IAMPolicy> policies = _iamSrv.listIAMPolicies(caller.getAccountId());


Mime
View raw message