Return-Path: X-Original-To: apmail-cloudstack-commits-archive@www.apache.org Delivered-To: apmail-cloudstack-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B746C10217 for ; Tue, 11 Mar 2014 18:50:19 +0000 (UTC) Received: (qmail 13295 invoked by uid 500); 11 Mar 2014 18:50:18 -0000 Delivered-To: apmail-cloudstack-commits-archive@cloudstack.apache.org Received: (qmail 13277 invoked by uid 500); 11 Mar 2014 18:50:17 -0000 Mailing-List: contact commits-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list commits@cloudstack.apache.org Received: (qmail 13268 invoked by uid 99); 11 Mar 2014 18:50:17 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 11 Mar 2014 18:50:17 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id C68049406E6; Tue, 11 Mar 2014 18:50:16 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: mchen@apache.org To: commits@cloudstack.apache.org Message-Id: <2295118e8e914e1c92476bd3ba80bbdf@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: git commit: updated refs/heads/rbac to b554d4a Date: Tue, 11 Mar 2014 18:50:16 +0000 (UTC) Repository: cloudstack Updated Branches: refs/heads/rbac 1c85af319 -> b554d4ac1 Fix issues found through FindBugs. Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/b554d4ac Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/b554d4ac Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/b554d4ac Branch: refs/heads/rbac Commit: b554d4ac1fa58e4c6ae0b7256bffddab1f539510 Parents: 1c85af3 Author: Min Chen Authored: Tue Mar 11 11:49:48 2014 -0700 Committer: Min Chen Committed: Tue Mar 11 11:49:48 2014 -0700 ---------------------------------------------------------------------- server/src/com/cloud/api/query/QueryManagerImpl.java | 9 ++++++--- .../api/command/iam/AddIAMPermissionToIAMPolicyCmd.java | 3 --- .../api/response/iam/IAMPermissionResponse.java | 8 ++++---- .../src/org/apache/cloudstack/iam/IAMApiServiceImpl.java | 3 ++- .../cloudstack/iam/RoleBasedEntityAccessChecker.java | 10 +++++++++- 5 files changed, 21 insertions(+), 12 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b554d4ac/server/src/com/cloud/api/query/QueryManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/api/query/QueryManagerImpl.java b/server/src/com/cloud/api/query/QueryManagerImpl.java index 564bf4e..96647f8 100644 --- a/server/src/com/cloud/api/query/QueryManagerImpl.java +++ b/server/src/com/cloud/api/query/QueryManagerImpl.java @@ -3314,17 +3314,20 @@ public class QueryManagerImpl extends ManagerBase implements QueryService { if (resourceIdStr != null) { resourceId = _taggedResourceMgr.getResourceId(resourceIdStr, resourceType); } + if (resourceId == null) { + throw new InvalidParameterValueException("Cannot find resource with resourceId " + resourceIdStr + " and of resource type " + resourceType); + } List detailList = new ArrayList(); ResourceDetail requestedDetail = null; - if (key == null) { + if (key == null) { detailList = _resourceMetaDataMgr.getDetailsList(resourceId, resourceType, forDisplay); - } else { + } else { requestedDetail = _resourceMetaDataMgr.getDetail(resourceId, resourceType, key); if (forDisplay != null && requestedDetail.isDisplay() != forDisplay) { requestedDetail = null; } - } + } List responseList = new ArrayList(); if (requestedDetail != null) { http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b554d4ac/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java ---------------------------------------------------------------------- diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java index e991537..d37cc3c 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java +++ b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java @@ -39,7 +39,6 @@ import com.cloud.event.EventTypes; import com.cloud.exception.InsufficientCapacityException; import com.cloud.exception.ResourceUnavailableException; import com.cloud.user.Account; -import com.cloud.utils.db.EntityManager; @APICommand(name = "addIAMPermissionToIAMPolicy", description = "Add IAM permission to an iam policy", responseObject = IAMPolicyResponse.class) @@ -49,8 +48,6 @@ public class AddIAMPermissionToIAMPolicyCmd extends BaseAsyncCmd { @Inject public IAMApiService _iamApiSrv; - @Inject - public EntityManager _entityMgr; ///////////////////////////////////////////////////// //////////////// API parameters ///////////////////// http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b554d4ac/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPermissionResponse.java ---------------------------------------------------------------------- diff --git a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPermissionResponse.java b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPermissionResponse.java index b7af4da..5def248 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPermissionResponse.java +++ b/services/iam/plugin/src/org/apache/cloudstack/api/response/iam/IAMPermissionResponse.java @@ -108,13 +108,13 @@ public class IAMPermissionResponse extends BaseResponse { if (getClass() != obj.getClass()) return false; IAMPermissionResponse other = (IAMPermissionResponse) obj; - if ((entityType == null && other.entityType != null) || !entityType.equals(other.entityType)) { + if ((entityType == null && other.entityType != null) || (entityType != null && !entityType.equals(other.entityType))) { return false; - } else if ((action == null && other.action != null) || !action.equals(other.action)) { + } else if ((action == null && other.action != null) || (action != null && !action.equals(other.action))) { return false; - } else if ((scope == null && other.scope != null) || !scope.equals(other.scope)) { + } else if ((scope == null && other.scope != null) || (scope != null && !scope.equals(other.scope))) { return false; - } else if ((scopeId == null && other.scopeId != null) || !scopeId.equals(other.scopeId)) { + } else if ((scopeId == null && other.scopeId != null) || (scopeId != null && !scopeId.equals(other.scopeId))) { return false; } return true; http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b554d4ac/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java ---------------------------------------------------------------------- diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java index 47b7697..9e941f2 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java +++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java @@ -591,8 +591,9 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService, Man if (BaseListCmd.class.isAssignableFrom(cmdClass)) { accessType = AccessType.UseEntry; } + String accessTypeStr = (accessType != null) ? accessType.toString() : null; return _iamSrv.addIAMPermissionToIAMPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action, - accessType.toString(), perm, recursive); + accessTypeStr, perm, recursive); } @DB http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b554d4ac/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java ---------------------------------------------------------------------- diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java index d0d9d88..02bb702 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java +++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java @@ -35,6 +35,7 @@ import org.apache.cloudstack.iam.api.IAMService; import com.cloud.acl.DomainChecker; import com.cloud.domain.dao.DomainDao; +import com.cloud.exception.InvalidParameterValueException; import com.cloud.exception.PermissionDeniedException; import com.cloud.user.Account; import com.cloud.user.AccountService; @@ -73,7 +74,14 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur return true; } - String entityType = entity.getEntityType().toString(); + if (entity == null) { + throw new InvalidParameterValueException("Entity and action cannot be both NULL in checkAccess!"); + } + + String entityType = null; + if (entity.getEntityType() != null) { + entityType = entity.getEntityType().toString(); + } if (accessType == null) { accessType = AccessType.UseEntry;