Return-Path: 
 <commits-return-40309-apmail-cloudstack-commits-archive=cloudstack.apache.org@cloudstack.apache.org>
X-Original-To: apmail-cloudstack-commits-archive@www.apache.org
Delivered-To: apmail-cloudstack-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id C479010E5A
	for <apmail-cloudstack-commits-archive@www.apache.org>;
 Wed,  2 Apr 2014 00:39:28 +0000 (UTC)
Received: (qmail 46783 invoked by uid 500); 2 Apr 2014 00:39:25 -0000
Delivered-To: apmail-cloudstack-commits-archive@cloudstack.apache.org
Received: (qmail 46706 invoked by uid 500); 2 Apr 2014 00:39:24 -0000
Mailing-List: contact commits-help@cloudstack.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cloudstack.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cloudstack.apache.org>
List-Post: <mailto:commits@cloudstack.apache.org>
List-Id: <commits.cloudstack.apache.org>
Reply-To: dev@cloudstack.apache.org
Delivered-To: mailing list commits@cloudstack.apache.org
Received: (qmail 46688 invoked by uid 99); 2 Apr 2014 00:39:24 -0000
Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org)
 (140.211.11.114)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 02 Apr 2014 00:39:24 +0000
Received: by tyr.zones.apache.org (Postfix, from userid 65534)
	id C1A2892521A; Wed,  2 Apr 2014 00:39:23 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: mchen@apache.org
To: commits@cloudstack.apache.org
Date: Wed, 02 Apr 2014 00:39:24 -0000
Message-Id: <a89d82d62e6e4ddea9fe405a2d6b6e1e@git.apache.org>
In-Reply-To: <490a59e1335241a680f0a74e5ae11014@git.apache.org>
References: <490a59e1335241a680f0a74e5ae11014@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [2/4] Remove usage of sameOwner checkAccess invocation,
 and convert to OperateEntry IAM check.

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c89eb733/server/src/org/apache/cloudstack/region/gslb/GlobalLoadBalancingRulesServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/org/apache/cloudstack/region/gslb/GlobalLoadBalancingRulesServiceImpl.java b/server/src/org/apache/cloudstack/region/gslb/GlobalLoadBalancingRulesServiceImpl.java
index c84fea2..516b3ab 100644
--- a/server/src/org/apache/cloudstack/region/gslb/GlobalLoadBalancingRulesServiceImpl.java
+++ b/server/src/org/apache/cloudstack/region/gslb/GlobalLoadBalancingRulesServiceImpl.java
@@ -183,7 +183,7 @@ public class GlobalLoadBalancingRulesServiceImpl implements GlobalLoadBalancingR
             throw new InvalidParameterValueException("Invalid global load balancer rule id: " + gslbRuleId);
         }
 
-        _accountMgr.checkAccess(caller, SecurityChecker.AccessType.OperateEntry, true, gslbRule);
+        _accountMgr.checkAccess(caller, SecurityChecker.AccessType.OperateEntry, gslbRule);
 
         if (gslbRule.getState() == GlobalLoadBalancerRule.State.Revoke) {
             throw new InvalidParameterValueException("global load balancer rule id: " + gslbRule.getUuid() + " is in revoked state");
@@ -224,7 +224,7 @@ public class GlobalLoadBalancingRulesServiceImpl implements GlobalLoadBalancingR
                 throw new InvalidParameterValueException("Specified load balancer rule ID does not exist.");
             }
 
-            _accountMgr.checkAccess(caller, null, true, loadBalancer);
+            _accountMgr.checkAccess(caller, null, loadBalancer);
 
             if (gslbRule.getAccountId() != loadBalancer.getAccountId()) {
                 throw new InvalidParameterValueException("GSLB rule and load balancer rule does not belong to same account");
@@ -319,7 +319,7 @@ public class GlobalLoadBalancingRulesServiceImpl implements GlobalLoadBalancingR
             throw new InvalidParameterValueException("Invalid global load balancer rule id: " + gslbRuleId);
         }
 
-        _accountMgr.checkAccess(caller, SecurityChecker.AccessType.OperateEntry, true, gslbRule);
+        _accountMgr.checkAccess(caller, SecurityChecker.AccessType.OperateEntry, gslbRule);
 
         if (gslbRule.getState() == GlobalLoadBalancerRule.State.Revoke) {
             throw new InvalidParameterValueException("global load balancer rule id: " + gslbRuleId + " is already in revoked state");
@@ -346,7 +346,7 @@ public class GlobalLoadBalancingRulesServiceImpl implements GlobalLoadBalancingR
                 throw new InvalidParameterValueException("Specified load balancer rule ID does not exist.");
             }
 
-            _accountMgr.checkAccess(caller, null, true, loadBalancer);
+            _accountMgr.checkAccess(caller, null, loadBalancer);
         }
 
         for (GlobalLoadBalancerLbRuleMapVO gslbLbMapVo : gslbLbMapVos) {
@@ -445,7 +445,7 @@ public class GlobalLoadBalancingRulesServiceImpl implements GlobalLoadBalancingR
             throw new InvalidParameterValueException("Invalid global load balancer rule id: " + gslbRuleId);
         }
 
-        _accountMgr.checkAccess(caller, SecurityChecker.AccessType.OperateEntry, true, gslbRule);
+        _accountMgr.checkAccess(caller, SecurityChecker.AccessType.OperateEntry, gslbRule);
 
         if (gslbRule.getState() == com.cloud.region.ha.GlobalLoadBalancerRule.State.Staged) {
             if (s_logger.isDebugEnabled()) {
@@ -523,7 +523,7 @@ public class GlobalLoadBalancingRulesServiceImpl implements GlobalLoadBalancingR
         CallContext ctx = CallContext.current();
         Account caller = ctx.getCallingAccount();
 
-        _accountMgr.checkAccess(caller, SecurityChecker.AccessType.OperateEntry, true, gslbRule);
+        _accountMgr.checkAccess(caller, SecurityChecker.AccessType.OperateEntry, gslbRule);
 
         if (algorithm != null && !GlobalLoadBalancerRule.Algorithm.isValidAlgorithm(algorithm)) {
             throw new InvalidParameterValueException("Invalid Algorithm: " + algorithm);
@@ -583,7 +583,7 @@ public class GlobalLoadBalancingRulesServiceImpl implements GlobalLoadBalancingR
             if (gslbRule == null) {
                 throw new InvalidParameterValueException("Invalid gslb rule id specified");
             }
-            _accountMgr.checkAccess(caller, org.apache.cloudstack.acl.SecurityChecker.AccessType.UseEntry, false, gslbRule);
+            _accountMgr.checkAccess(caller, org.apache.cloudstack.acl.SecurityChecker.AccessType.UseEntry, gslbRule);
 
             response.add(gslbRule);
             return response;

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c89eb733/server/test/com/cloud/event/EventControlsUnitTest.java
----------------------------------------------------------------------
diff --git a/server/test/com/cloud/event/EventControlsUnitTest.java b/server/test/com/cloud/event/EventControlsUnitTest.java
index 91dc921..0dc5742 100644
--- a/server/test/com/cloud/event/EventControlsUnitTest.java
+++ b/server/test/com/cloud/event/EventControlsUnitTest.java
@@ -60,7 +60,7 @@ public class EventControlsUnitTest extends TestCase {
         MockitoAnnotations.initMocks(this);
         _mgmtServer._eventDao = _eventDao;
         _mgmtServer._accountMgr = _accountMgr;
-        doNothing().when(_accountMgr).checkAccess(any(Account.class), any(AccessType.class), any(Boolean.class), any(ControlledEntity.class));
+        doNothing().when(_accountMgr).checkAccess(any(Account.class), any(AccessType.class), any(ControlledEntity.class));
         when(_eventDao.listToArchiveOrDeleteEvents(anyList(), anyString(), any(Date.class), any(Date.class), anyList())).thenReturn(_events);
     }
 

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c89eb733/server/test/com/cloud/user/MockAccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/test/com/cloud/user/MockAccountManagerImpl.java b/server/test/com/cloud/user/MockAccountManagerImpl.java
index f373cba..f76f345 100644
--- a/server/test/com/cloud/user/MockAccountManagerImpl.java
+++ b/server/test/com/cloud/user/MockAccountManagerImpl.java
@@ -356,5 +356,16 @@ public class MockAccountManagerImpl extends ManagerBase implements Manager, Acco
         return null;
     }
 
+    @Override
+    public void checkAccess(Account account, AccessType accessType, ControlledEntity... entities) throws PermissionDeniedException {
+        // TODO Auto-generated method stub
+    }
+
+    @Override
+    public void checkAccess(Account account, AccessType accessType, String apiName, ControlledEntity... entities) throws PermissionDeniedException {
+        // TODO Auto-generated method stub
+
+    }
+
 
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c89eb733/server/test/com/cloud/vm/UserVmManagerTest.java
----------------------------------------------------------------------
diff --git a/server/test/com/cloud/vm/UserVmManagerTest.java b/server/test/com/cloud/vm/UserVmManagerTest.java
index b67c164..927d5e3 100755
--- a/server/test/com/cloud/vm/UserVmManagerTest.java
+++ b/server/test/com/cloud/vm/UserVmManagerTest.java
@@ -283,7 +283,7 @@ public class UserVmManagerTest {
         doReturn(3L).when(_volumeMock).getTemplateId();
         doReturn(ImageFormat.VHD).when(_templateMock).getFormat();
         when(_templateDao.findById(anyLong())).thenReturn(_templateMock);
-        doNothing().when(_accountMgr).checkAccess(_account, null, true, _templateMock);
+        doNothing().when(_accountMgr).checkAccess(_account, null, _templateMock);
         when(_storageMgr.allocateDuplicateVolume(_volumeMock, 14L)).thenReturn(_volumeMock);
         when(_templateMock.getGuestOSId()).thenReturn(5L);
         doNothing().when(_vmMock).setGuestOSId(anyLong());
@@ -327,7 +327,7 @@ public class UserVmManagerTest {
         doReturn(3L).when(_vmMock).getIsoId();
         doReturn(ImageFormat.ISO).when(_templateMock).getFormat();
         when(_templateDao.findById(anyLong())).thenReturn(_templateMock);
-        doNothing().when(_accountMgr).checkAccess(_account, null, true, _templateMock);
+        doNothing().when(_accountMgr).checkAccess(_account, null, _templateMock);
         when(_storageMgr.allocateDuplicateVolume(_volumeMock, null)).thenReturn(_volumeMock);
         doNothing().when(_vmMock).setIsoId(14L);
         when(_templateMock.getGuestOSId()).thenReturn(5L);
@@ -413,7 +413,7 @@ public class UserVmManagerTest {
 
         doReturn(VirtualMachine.State.Running).when(_vmInstance).getState();
 
-        doNothing().when(_accountMgr).checkAccess(_account, null, true, _templateMock);
+        doNothing().when(_accountMgr).checkAccess(_account, null, _templateMock);
 
         doNothing().when(_itMgr).checkIfCanUpgrade(_vmMock, _offeringVo);
 
@@ -606,7 +606,7 @@ public class UserVmManagerTest {
 
         when(_accountService.getActiveAccountByName(anyString(), anyLong())).thenReturn(newAccount);
 
-        doThrow(new PermissionDeniedException("Access check failed")).when(_accountMgr).checkAccess(any(Account.class), any(AccessType.class), any(Boolean.class),
+        doThrow(new PermissionDeniedException("Access check failed")).when(_accountMgr).checkAccess(any(Account.class), any(AccessType.class),
             any(ControlledEntity.class));
 
         CallContext.register(user, caller);

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c89eb733/server/test/com/cloud/vm/snapshot/VMSnapshotManagerTest.java
----------------------------------------------------------------------
diff --git a/server/test/com/cloud/vm/snapshot/VMSnapshotManagerTest.java b/server/test/com/cloud/vm/snapshot/VMSnapshotManagerTest.java
index 9d5c2b4..03afdbd 100644
--- a/server/test/com/cloud/vm/snapshot/VMSnapshotManagerTest.java
+++ b/server/test/com/cloud/vm/snapshot/VMSnapshotManagerTest.java
@@ -125,7 +125,7 @@ public class VMSnapshotManagerTest {
         _vmSnapshotMgr._guestOSDao = _guestOSDao;
         _vmSnapshotMgr._hypervisorCapabilitiesDao = _hypervisorCapabilitiesDao;
 
-        doNothing().when(_accountMgr).checkAccess(any(Account.class), any(AccessType.class), any(Boolean.class), any(ControlledEntity.class));
+        doNothing().when(_accountMgr).checkAccess(any(Account.class), any(AccessType.class), any(ControlledEntity.class));
 
         _vmSnapshotMgr._vmSnapshotMax = _vmSnapshotMax;