cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From prachida...@apache.org
Subject [1/3] git commit: updated refs/heads/master to acfdd51
Date Wed, 19 Mar 2014 18:01:31 GMT
Repository: cloudstack
Updated Branches:
  refs/heads/master 289ac0465 -> acfdd519b


Adding support for 'readOnly' access. AccessType.ListEntry introduced.


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/e09f97aa
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/e09f97aa
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/e09f97aa

Branch: refs/heads/master
Commit: e09f97aa63144ed4df0a4a0549961f7c4dba70d0
Parents: 289ac04
Author: Prachi Damle <prachi@cloud.com>
Authored: Fri Mar 14 16:44:34 2014 -0700
Committer: Prachi Damle <prachi@cloud.com>
Committed: Wed Mar 19 11:00:20 2014 -0700

----------------------------------------------------------------------
 api/src/org/apache/cloudstack/acl/SecurityChecker.java   |  3 ++-
 api/src/org/apache/cloudstack/api/ApiConstants.java      |  1 +
 .../api/command/iam/AddIAMPermissionToIAMPolicyCmd.java  | 10 +++++++++-
 .../src/org/apache/cloudstack/iam/IAMApiService.java     |  2 +-
 .../src/org/apache/cloudstack/iam/IAMApiServiceImpl.java | 11 +++++++++--
 5 files changed, 22 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e09f97aa/api/src/org/apache/cloudstack/acl/SecurityChecker.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/SecurityChecker.java b/api/src/org/apache/cloudstack/acl/SecurityChecker.java
index 614f604..8ca34d0 100644
--- a/api/src/org/apache/cloudstack/acl/SecurityChecker.java
+++ b/api/src/org/apache/cloudstack/acl/SecurityChecker.java
@@ -33,7 +33,8 @@ public interface SecurityChecker extends Adapter {
     public enum AccessType {
         ModifyProject,
         OperateEntry,
-        UseEntry
+        UseEntry,
+        ListEntry
     }
 
     /**

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e09f97aa/api/src/org/apache/cloudstack/api/ApiConstants.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/ApiConstants.java b/api/src/org/apache/cloudstack/api/ApiConstants.java
index 6dc5c18..b8f720a 100755
--- a/api/src/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/org/apache/cloudstack/api/ApiConstants.java
@@ -591,6 +591,7 @@ public class ApiConstants {
     public static final String VGPUTYPE = "vgputype";
     public static final String REMAININGCAPACITY = "remainingcapacity";
     public static final String DISTRIBUTED_VPC_ROUTER = "distributedvpcrouter";
+    public static final String READ_ONLY = "readOnly";
 
 
     public enum HostDetails {

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e09f97aa/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
index d37cc3c..e7c5650 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
@@ -29,6 +29,7 @@ import org.apache.cloudstack.api.ApiErrorCode;
 import org.apache.cloudstack.api.BaseAsyncCmd;
 import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.BaseCmd.CommandType;
 import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.iam.IAMApiService;
@@ -72,6 +73,9 @@ public class AddIAMPermissionToIAMPolicyCmd extends BaseAsyncCmd {
     @Parameter(name = ApiConstants.IAM_SCOPE_ID, type = CommandType.STRING, required = false,
description = "The UUID of the permission scope id")
     private String scopeId;
 
+    @Parameter(name = ApiConstants.READ_ONLY, type = CommandType.BOOLEAN, required = false,
description = "Read Only access is added; Only applicable when action = List/Read api name")
+    private Boolean readOnly;
+
 
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
@@ -100,6 +104,10 @@ public class AddIAMPermissionToIAMPolicyCmd extends BaseAsyncCmd {
         return _iamApiSrv.getPermissionScopeId(scope, entityType, scopeId);
     }
 
+    public Boolean isReadOnly() {
+        return (readOnly != null) ? readOnly : false;
+    }
+
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////
@@ -123,7 +131,7 @@ public class AddIAMPermissionToIAMPolicyCmd extends BaseAsyncCmd {
         CallContext.current().setEventDetails("IAM policy Id: " + getId());
         // Only explicit ALLOW is supported for this release, no explicit deny
         IAMPolicy result = _iamApiSrv.addIAMPermissionToIAMPolicy(id, entityType, PermissionScope.valueOf(scope),
-                getScopeId(), action, Permission.Allow, false);
+                getScopeId(), action, Permission.Allow, false, isReadOnly());
         if (result != null) {
             IAMPolicyResponse response = _iamApiSrv.createIAMPolicyResponse(result);
             response.setResponseName(getCommandName());

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e09f97aa/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiService.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiService.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiService.java
index bb8f03b..6735d48 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiService.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiService.java
@@ -60,7 +60,7 @@ public interface IAMApiService extends PluggableService {
     void removeIAMPolicyFromAccounts(Long policyId, List<Long> accountIds);
 
     IAMPolicy addIAMPermissionToIAMPolicy(long iamPolicyId, String entityType, PermissionScope
scope, Long scopeId,
-            String action, Permission perm, Boolean recursive);
+            String action, Permission perm, Boolean recursive, Boolean readOnly);
 
     IAMPolicy removeIAMPermissionFromIAMPolicy(long iamPolicyId, String entityType, PermissionScope
scope, Long scopeId, String action);
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/e09f97aa/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
index e128cf1..467caed 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
@@ -40,6 +40,7 @@ import org.apache.cloudstack.acl.PermissionScope;
 import org.apache.cloudstack.acl.SecurityChecker.AccessType;
 import org.apache.cloudstack.affinity.AffinityGroup;
 import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseAsyncCreateCmd;
 import org.apache.cloudstack.api.BaseListCmd;
 import org.apache.cloudstack.api.InternalIdentity;
 import org.apache.cloudstack.api.command.iam.AddAccountToIAMGroupCmd;
@@ -506,11 +507,17 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService,
Man
     @Override
     @ActionEvent(eventType = EventTypes.EVENT_IAM_POLICY_GRANT, eventDescription = "Granting
acl permission to IAM Policy")
     public IAMPolicy addIAMPermissionToIAMPolicy(long iamPolicyId, String entityType, PermissionScope
scope,
-            Long scopeId, String action, Permission perm, Boolean recursive) {
+            Long scopeId, String action, Permission perm, Boolean recursive, Boolean readOnly)
{
         Class<?> cmdClass = _apiServer.getCmdClass(action);
         AccessType accessType = null;
         if (BaseListCmd.class.isAssignableFrom(cmdClass)) {
-            accessType = AccessType.UseEntry;
+            if (readOnly) {
+                accessType = AccessType.ListEntry;
+            } else {
+                accessType = AccessType.UseEntry;
+            }
+        } else if (!(BaseAsyncCreateCmd.class.isAssignableFrom(cmdClass))) {
+            accessType = AccessType.OperateEntry;
         }
         String accessTypeStr = (accessType != null) ? accessType.toString() : null;
         return _iamSrv.addIAMPermissionToIAMPolicy(iamPolicyId, entityType, scope.toString(),
scopeId, action,


Mime
View raw message