cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rohit Yadav (JIRA)" <>
Subject [jira] [Commented] (CLOUDSTACK-639) API Refactoring: Adapters for ACL
Date Fri, 04 Jan 2013 07:26:14 GMT


Rohit Yadav commented on CLOUDSTACK-639:

Smoke tests on devcloud, all passed now! api_refactoring branch is much stable now:

commit 6929bd947348c3912c19a260428c063bb0aea0ea
Author: Rohit Yadav <>
Date:   Thu Jan 3 22:18:27 2013 -0800

    server: Don't silently ignore uuid param translation for required param in case they fail
    Signed-off-by: Rohit Yadav <>

commit 6fa8c708eeed0b511780b900b7869385091cac1d
Author: Rohit Yadav <>
Date:   Thu Jan 3 22:16:51 2013 -0800

    api: Fix service and disk offering annotations
    Signed-off-by: Rohit Yadav <>

commit 98d5719b57e34b5852fb9e27ea939361a75a2099
Author: Rohit Yadav <>
Date:   Thu Jan 3 17:17:21 2013 -0800

    server: Make ApiDispatcher backward compatible to not throw error on incorrect params
    Incorrect params are silently ignored in 4.0 and before. The fix would log the error
    in debug log, but will continue processing. In case of an issue with uuid or param
    an empty response is sent, for ex. in case of deleted entities as well.
    Signed-off-by: Rohit Yadav <>

Next, the ACL adapters will be moved in separate artifacts in plugins/acl and logic for processing
acl annotation will be fixed in ApiDispatcher.
> API Refactoring: Adapters for ACL
> ---------------------------------
>                 Key: CLOUDSTACK-639
>                 URL:
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: API
>            Reporter: Rohit Yadav
>            Assignee: Rohit Yadav
>             Fix For: 4.1.0
> The work is to do the access control checks and entities checks using adapters.
> Part 1: APIAccessChecker to check if caller can evoke given API command. Implement a
static role based checker using file to check necessary roles for the
command (the old school way CS used to do it)
> Part 2: Entity access checkers to check is caller can do operations on an entity. May
use existing DomainChecker implementation. We may need to group entities in two groups (Infra
entity like datacenter, disk offering etc. and controlled entity like those which have domain
and accountid)

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message