cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mc...@apache.org
Subject [2/4] Remove usage of sameOwner checkAccess invocation, and convert to OperateEntry IAM check.
Date Wed, 02 Apr 2014 00:39:24 GMT
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c89eb733/server/src/org/apache/cloudstack/region/gslb/GlobalLoadBalancingRulesServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/org/apache/cloudstack/region/gslb/GlobalLoadBalancingRulesServiceImpl.java
b/server/src/org/apache/cloudstack/region/gslb/GlobalLoadBalancingRulesServiceImpl.java
index c84fea2..516b3ab 100644
--- a/server/src/org/apache/cloudstack/region/gslb/GlobalLoadBalancingRulesServiceImpl.java
+++ b/server/src/org/apache/cloudstack/region/gslb/GlobalLoadBalancingRulesServiceImpl.java
@@ -183,7 +183,7 @@ public class GlobalLoadBalancingRulesServiceImpl implements GlobalLoadBalancingR
             throw new InvalidParameterValueException("Invalid global load balancer rule id:
" + gslbRuleId);
         }
 
-        _accountMgr.checkAccess(caller, SecurityChecker.AccessType.OperateEntry, true, gslbRule);
+        _accountMgr.checkAccess(caller, SecurityChecker.AccessType.OperateEntry, gslbRule);
 
         if (gslbRule.getState() == GlobalLoadBalancerRule.State.Revoke) {
             throw new InvalidParameterValueException("global load balancer rule id: " + gslbRule.getUuid()
+ " is in revoked state");
@@ -224,7 +224,7 @@ public class GlobalLoadBalancingRulesServiceImpl implements GlobalLoadBalancingR
                 throw new InvalidParameterValueException("Specified load balancer rule ID
does not exist.");
             }
 
-            _accountMgr.checkAccess(caller, null, true, loadBalancer);
+            _accountMgr.checkAccess(caller, null, loadBalancer);
 
             if (gslbRule.getAccountId() != loadBalancer.getAccountId()) {
                 throw new InvalidParameterValueException("GSLB rule and load balancer rule
does not belong to same account");
@@ -319,7 +319,7 @@ public class GlobalLoadBalancingRulesServiceImpl implements GlobalLoadBalancingR
             throw new InvalidParameterValueException("Invalid global load balancer rule id:
" + gslbRuleId);
         }
 
-        _accountMgr.checkAccess(caller, SecurityChecker.AccessType.OperateEntry, true, gslbRule);
+        _accountMgr.checkAccess(caller, SecurityChecker.AccessType.OperateEntry, gslbRule);
 
         if (gslbRule.getState() == GlobalLoadBalancerRule.State.Revoke) {
             throw new InvalidParameterValueException("global load balancer rule id: " + gslbRuleId
+ " is already in revoked state");
@@ -346,7 +346,7 @@ public class GlobalLoadBalancingRulesServiceImpl implements GlobalLoadBalancingR
                 throw new InvalidParameterValueException("Specified load balancer rule ID
does not exist.");
             }
 
-            _accountMgr.checkAccess(caller, null, true, loadBalancer);
+            _accountMgr.checkAccess(caller, null, loadBalancer);
         }
 
         for (GlobalLoadBalancerLbRuleMapVO gslbLbMapVo : gslbLbMapVos) {
@@ -445,7 +445,7 @@ public class GlobalLoadBalancingRulesServiceImpl implements GlobalLoadBalancingR
             throw new InvalidParameterValueException("Invalid global load balancer rule id:
" + gslbRuleId);
         }
 
-        _accountMgr.checkAccess(caller, SecurityChecker.AccessType.OperateEntry, true, gslbRule);
+        _accountMgr.checkAccess(caller, SecurityChecker.AccessType.OperateEntry, gslbRule);
 
         if (gslbRule.getState() == com.cloud.region.ha.GlobalLoadBalancerRule.State.Staged)
{
             if (s_logger.isDebugEnabled()) {
@@ -523,7 +523,7 @@ public class GlobalLoadBalancingRulesServiceImpl implements GlobalLoadBalancingR
         CallContext ctx = CallContext.current();
         Account caller = ctx.getCallingAccount();
 
-        _accountMgr.checkAccess(caller, SecurityChecker.AccessType.OperateEntry, true, gslbRule);
+        _accountMgr.checkAccess(caller, SecurityChecker.AccessType.OperateEntry, gslbRule);
 
         if (algorithm != null && !GlobalLoadBalancerRule.Algorithm.isValidAlgorithm(algorithm))
{
             throw new InvalidParameterValueException("Invalid Algorithm: " + algorithm);
@@ -583,7 +583,7 @@ public class GlobalLoadBalancingRulesServiceImpl implements GlobalLoadBalancingR
             if (gslbRule == null) {
                 throw new InvalidParameterValueException("Invalid gslb rule id specified");
             }
-            _accountMgr.checkAccess(caller, org.apache.cloudstack.acl.SecurityChecker.AccessType.UseEntry,
false, gslbRule);
+            _accountMgr.checkAccess(caller, org.apache.cloudstack.acl.SecurityChecker.AccessType.UseEntry,
gslbRule);
 
             response.add(gslbRule);
             return response;

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c89eb733/server/test/com/cloud/event/EventControlsUnitTest.java
----------------------------------------------------------------------
diff --git a/server/test/com/cloud/event/EventControlsUnitTest.java b/server/test/com/cloud/event/EventControlsUnitTest.java
index 91dc921..0dc5742 100644
--- a/server/test/com/cloud/event/EventControlsUnitTest.java
+++ b/server/test/com/cloud/event/EventControlsUnitTest.java
@@ -60,7 +60,7 @@ public class EventControlsUnitTest extends TestCase {
         MockitoAnnotations.initMocks(this);
         _mgmtServer._eventDao = _eventDao;
         _mgmtServer._accountMgr = _accountMgr;
-        doNothing().when(_accountMgr).checkAccess(any(Account.class), any(AccessType.class),
any(Boolean.class), any(ControlledEntity.class));
+        doNothing().when(_accountMgr).checkAccess(any(Account.class), any(AccessType.class),
any(ControlledEntity.class));
         when(_eventDao.listToArchiveOrDeleteEvents(anyList(), anyString(), any(Date.class),
any(Date.class), anyList())).thenReturn(_events);
     }
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c89eb733/server/test/com/cloud/user/MockAccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/test/com/cloud/user/MockAccountManagerImpl.java b/server/test/com/cloud/user/MockAccountManagerImpl.java
index f373cba..f76f345 100644
--- a/server/test/com/cloud/user/MockAccountManagerImpl.java
+++ b/server/test/com/cloud/user/MockAccountManagerImpl.java
@@ -356,5 +356,16 @@ public class MockAccountManagerImpl extends ManagerBase implements Manager,
Acco
         return null;
     }
 
+    @Override
+    public void checkAccess(Account account, AccessType accessType, ControlledEntity... entities)
throws PermissionDeniedException {
+        // TODO Auto-generated method stub
+    }
+
+    @Override
+    public void checkAccess(Account account, AccessType accessType, String apiName, ControlledEntity...
entities) throws PermissionDeniedException {
+        // TODO Auto-generated method stub
+
+    }
+
 
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c89eb733/server/test/com/cloud/vm/UserVmManagerTest.java
----------------------------------------------------------------------
diff --git a/server/test/com/cloud/vm/UserVmManagerTest.java b/server/test/com/cloud/vm/UserVmManagerTest.java
index b67c164..927d5e3 100755
--- a/server/test/com/cloud/vm/UserVmManagerTest.java
+++ b/server/test/com/cloud/vm/UserVmManagerTest.java
@@ -283,7 +283,7 @@ public class UserVmManagerTest {
         doReturn(3L).when(_volumeMock).getTemplateId();
         doReturn(ImageFormat.VHD).when(_templateMock).getFormat();
         when(_templateDao.findById(anyLong())).thenReturn(_templateMock);
-        doNothing().when(_accountMgr).checkAccess(_account, null, true, _templateMock);
+        doNothing().when(_accountMgr).checkAccess(_account, null, _templateMock);
         when(_storageMgr.allocateDuplicateVolume(_volumeMock, 14L)).thenReturn(_volumeMock);
         when(_templateMock.getGuestOSId()).thenReturn(5L);
         doNothing().when(_vmMock).setGuestOSId(anyLong());
@@ -327,7 +327,7 @@ public class UserVmManagerTest {
         doReturn(3L).when(_vmMock).getIsoId();
         doReturn(ImageFormat.ISO).when(_templateMock).getFormat();
         when(_templateDao.findById(anyLong())).thenReturn(_templateMock);
-        doNothing().when(_accountMgr).checkAccess(_account, null, true, _templateMock);
+        doNothing().when(_accountMgr).checkAccess(_account, null, _templateMock);
         when(_storageMgr.allocateDuplicateVolume(_volumeMock, null)).thenReturn(_volumeMock);
         doNothing().when(_vmMock).setIsoId(14L);
         when(_templateMock.getGuestOSId()).thenReturn(5L);
@@ -413,7 +413,7 @@ public class UserVmManagerTest {
 
         doReturn(VirtualMachine.State.Running).when(_vmInstance).getState();
 
-        doNothing().when(_accountMgr).checkAccess(_account, null, true, _templateMock);
+        doNothing().when(_accountMgr).checkAccess(_account, null, _templateMock);
 
         doNothing().when(_itMgr).checkIfCanUpgrade(_vmMock, _offeringVo);
 
@@ -606,7 +606,7 @@ public class UserVmManagerTest {
 
         when(_accountService.getActiveAccountByName(anyString(), anyLong())).thenReturn(newAccount);
 
-        doThrow(new PermissionDeniedException("Access check failed")).when(_accountMgr).checkAccess(any(Account.class),
any(AccessType.class), any(Boolean.class),
+        doThrow(new PermissionDeniedException("Access check failed")).when(_accountMgr).checkAccess(any(Account.class),
any(AccessType.class),
             any(ControlledEntity.class));
 
         CallContext.register(user, caller);

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c89eb733/server/test/com/cloud/vm/snapshot/VMSnapshotManagerTest.java
----------------------------------------------------------------------
diff --git a/server/test/com/cloud/vm/snapshot/VMSnapshotManagerTest.java b/server/test/com/cloud/vm/snapshot/VMSnapshotManagerTest.java
index 9d5c2b4..03afdbd 100644
--- a/server/test/com/cloud/vm/snapshot/VMSnapshotManagerTest.java
+++ b/server/test/com/cloud/vm/snapshot/VMSnapshotManagerTest.java
@@ -125,7 +125,7 @@ public class VMSnapshotManagerTest {
         _vmSnapshotMgr._guestOSDao = _guestOSDao;
         _vmSnapshotMgr._hypervisorCapabilitiesDao = _hypervisorCapabilitiesDao;
 
-        doNothing().when(_accountMgr).checkAccess(any(Account.class), any(AccessType.class),
any(Boolean.class), any(ControlledEntity.class));
+        doNothing().when(_accountMgr).checkAccess(any(Account.class), any(AccessType.class),
any(ControlledEntity.class));
 
         _vmSnapshotMgr._vmSnapshotMax = _vmSnapshotMax;
 


Mime
View raw message