Return-Path: X-Original-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org Delivered-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4373FE44A for ; Fri, 14 Dec 2012 19:20:13 +0000 (UTC) Received: (qmail 83133 invoked by uid 500); 14 Dec 2012 19:20:12 -0000 Delivered-To: apmail-incubator-cloudstack-dev-archive@incubator.apache.org Received: (qmail 83094 invoked by uid 500); 14 Dec 2012 19:20:12 -0000 Mailing-List: contact cloudstack-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cloudstack-dev@incubator.apache.org Delivered-To: mailing list cloudstack-dev@incubator.apache.org Received: (qmail 83086 invoked by uid 99); 14 Dec 2012 19:20:12 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 14 Dec 2012 19:20:12 +0000 Date: Fri, 14 Dec 2012 19:20:12 +0000 (UTC) From: "Rohit Yadav (JIRA)" To: cloudstack-dev@incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CLOUDSTACK-639) API Refactoring: Adapters for ACL MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CLOUDSTACK-639?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13532560#comment-13532560 ] Rohit Yadav commented on CLOUDSTACK-639: ---------------------------------------- Part 1 was mostly already done by Prachi on api_refactoring: commit a2306f4917a6705819b0112fcb085ebafe752ed0 Author: Prachi Damle Date: Tue Nov 13 11:47:38 2012 -0800 some more poc work commit 073863249abf36b6879359889f5731984391fa41 Author: Prachi Damle Date: Thu Nov 29 16:09:47 2012 -0800 Some ACL POC work Conflicts: server/src/com/cloud/api/ApiDispatcher.java commit 79b54e6ac1eea7ccc6a76255be3770f4e8b03703 Author: Rohit Yadav AuthorDate: Tue Dec 11 14:16:25 2012 -0800 Commit: Rohit Yadav CommitDate: Tue Dec 11 14:16:25 2012 -0800 api: Fix obj injections in ApiServer - Inject classes using Inject annotation - Don't misuse component locator commit 6ce68b93ccfe23c4001713ae38c6422029891726 Author: Rohit Yadav AuthorDate: Tue Dec 11 14:10:36 2012 -0800 Commit: Rohit Yadav CommitDate: Tue Dec 11 14:10:36 2012 -0800 api: Fix APIAccessChecker and StaticRoleBasedAPIAccessChecker - Add getCmd api interface in APIAccessChecker adapter to get cmd properties - Add mechanism in StaticRoleBasedAPIAccessChecker to get config properties - Add public interface to get the cmd properties for the adapter impl > API Refactoring: Adapters for ACL > --------------------------------- > > Key: CLOUDSTACK-639 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-639 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the default.) > Components: API > Reporter: Rohit Yadav > Assignee: Rohit Yadav > Fix For: 4.1.0 > > > The work is to do the access control checks and entities checks using adapters. > Part 1: APIAccessChecker to check if caller can evoke given API command. Implement a static role based checker using commands.properties file to check necessary roles for the command (the old school way CS used to do it) > Part 2: Entity access checkers to check is caller can do operations on an entity. May use existing DomainChecker implementation. We may need to group entities in two groups (Infra entity like datacenter, disk offering etc. and controlled entity like those which have domain and accountid) -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira