cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From prachida...@apache.org
Subject git commit: updated refs/heads/master to 6a9d6f8
Date Sat, 29 Mar 2014 01:57:48 GMT
Repository: cloudstack
Updated Branches:
  refs/heads/master 58b2b6b9e -> 6a9d6f879


RoleBasedEntityAccessChecker should skip Project resources. IAM does not support Projects
yet.


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/6a9d6f87
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/6a9d6f87
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/6a9d6f87

Branch: refs/heads/master
Commit: 6a9d6f8796949a2de97c9fd55af2a88a6f143e24
Parents: 58b2b6b
Author: Prachi Damle <prachi@cloud.com>
Authored: Fri Mar 28 18:53:18 2014 -0700
Committer: Prachi Damle <prachi@cloud.com>
Committed: Fri Mar 28 18:56:30 2014 -0700

----------------------------------------------------------------------
 .../apache/cloudstack/iam/RoleBasedEntityAccessChecker.java   | 7 +++++++
 1 file changed, 7 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6a9d6f87/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
index 3ab3749..bcc483f 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
@@ -81,6 +81,12 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements
Secur
             throw new InvalidParameterValueException("Entity and action cannot be both NULL
in checkAccess!");
         }
 
+        // if a Project entity, skip
+        Account entityAccount = _accountService.getAccount(entity.getAccountId());
+        if (entityAccount != null && entityAccount.getType() == Account.ACCOUNT_TYPE_PROJECT)
{
+            return false;
+        }
+
         String entityType = null;
         if (entity.getEntityType() != null) {
             entityType = entity.getEntityType().getSimpleName();
@@ -128,6 +134,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements
Secur
 
         if (!policies.isEmpty()) { // Since we reach this point, none of the
                                    // roles granted access
+
             if (s_logger.isDebugEnabled()) {
                 s_logger.debug("Account " + caller + " does not have permission to access
resource " + entity
                         + " for access type: " + accessType);


Mime
View raw message