cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rohit Yadav (JIRA)" <>
Subject [jira] [Commented] (CLOUDSTACK-639) API Refactoring: Adapters for ACL
Date Fri, 14 Dec 2012 19:20:12 GMT


Rohit Yadav commented on CLOUDSTACK-639:

Part 1 was mostly already done by Prachi on api_refactoring:

commit a2306f4917a6705819b0112fcb085ebafe752ed0
Author: Prachi Damle <>
Date:   Tue Nov 13 11:47:38 2012 -0800

    some more poc work

commit 073863249abf36b6879359889f5731984391fa41
Author: Prachi Damle <>
Date:   Thu Nov 29 16:09:47 2012 -0800

    Some ACL POC work

commit 79b54e6ac1eea7ccc6a76255be3770f4e8b03703
Author:     Rohit Yadav <>
AuthorDate: Tue Dec 11 14:16:25 2012 -0800
Commit:     Rohit Yadav <>
CommitDate: Tue Dec 11 14:16:25 2012 -0800

    api: Fix obj injections in ApiServer

    - Inject classes using Inject annotation
    - Don't misuse component locator

commit 6ce68b93ccfe23c4001713ae38c6422029891726
Author:     Rohit Yadav <>
AuthorDate: Tue Dec 11 14:10:36 2012 -0800
Commit:     Rohit Yadav <>
CommitDate: Tue Dec 11 14:10:36 2012 -0800

    api: Fix APIAccessChecker and StaticRoleBasedAPIAccessChecker

    - Add getCmd api interface in APIAccessChecker adapter to get cmd properties
    - Add mechanism in StaticRoleBasedAPIAccessChecker to get config properties
    - Add public interface to get the cmd properties for the adapter impl
> API Refactoring: Adapters for ACL
> ---------------------------------
>                 Key: CLOUDSTACK-639
>                 URL:
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: API
>            Reporter: Rohit Yadav
>            Assignee: Rohit Yadav
>             Fix For: 4.1.0
> The work is to do the access control checks and entities checks using adapters.
> Part 1: APIAccessChecker to check if caller can evoke given API command. Implement a
static role based checker using file to check necessary roles for the
command (the old school way CS used to do it)
> Part 2: Entity access checkers to check is caller can do operations on an entity. May
use existing DomainChecker implementation. We may need to group entities in two groups (Infra
entity like datacenter, disk offering etc. and controlled entity like those which have domain
and accountid)

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message