cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@apache.org
Subject git commit: updated refs/heads/4.4 to 504bd03
Date Wed, 30 Apr 2014 08:39:03 GMT
Repository: cloudstack
Updated Branches:
  refs/heads/4.4 4ca65496c -> 504bd0377


CLOUDSTACK-6533: IAM - Templates - Public templates do not have
permissions to be used by ROOT group.


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/504bd037
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/504bd037
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/504bd037

Branch: refs/heads/4.4
Commit: 504bd0377d8053a911f9823e06ce288af057446b
Parents: 4ca6549
Author: Min Chen <min.chen@citrix.com>
Authored: Tue Apr 29 11:48:45 2014 -0700
Committer: Daan Hoogland <daan@onecht.net>
Committed: Wed Apr 30 10:38:55 2014 +0200

----------------------------------------------------------------------
 .../plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java | 5 ++++-
 .../org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java    | 2 ++
 2 files changed, 6 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/504bd037/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
index f9f76c1..b4c2d4d 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
@@ -257,7 +257,10 @@ public class IAMApiServiceImpl extends ManagerBase implements IAMApiService,
Man
             public void onPublishMessage(String senderAddress, String subject, Object obj)
{
                 Long templateId = (Long)obj;
                 if (templateId != null) {
-                    s_logger.debug("MessageBus message: new public template registered: "
+ templateId + ", grant permission to domain admin and normal user policies");
+                    s_logger.debug("MessageBus message: new public template registered: "
+ templateId
+                            + ", grant permission to default root admin, domain admin and
normal user policies");
+                    _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_ADMIN
+ 1), VirtualMachineTemplate.class.getSimpleName(),
+                            PermissionScope.RESOURCE.toString(), templateId, "listTemplates",
AccessType.UseEntry.toString(), Permission.Allow, false);
                     _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN
+ 1), VirtualMachineTemplate.class.getSimpleName(),
                             PermissionScope.RESOURCE.toString(), templateId, "listTemplates",
AccessType.UseEntry.toString(), Permission.Allow, false);
                     _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL
+ 1), VirtualMachineTemplate.class.getSimpleName(),

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/504bd037/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
index fe71912..3a3ba4d 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
@@ -132,6 +132,8 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements
APIChecker
         // add permissions for public templates
         List<VMTemplateVO> pTmplts = _templateDao.listByPublic();
         for (VMTemplateVO tmpl : pTmplts){
+            _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_ADMIN + 1),
VirtualMachineTemplate.class.getSimpleName(),
+                    PermissionScope.RESOURCE.toString(), tmpl.getId(), "listTemplates", AccessType.UseEntry.toString(),
Permission.Allow, false);
             _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN
+ 1), VirtualMachineTemplate.class.getSimpleName(),
                     PermissionScope.RESOURCE.toString(), tmpl.getId(), "listTemplates", AccessType.UseEntry.toString(),
Permission.Allow, false);
             _iamSrv.addIAMPermissionToIAMPolicy(new Long(Account.ACCOUNT_TYPE_NORMAL + 1),
VirtualMachineTemplate.class.getSimpleName(),


Mime
View raw message