incubator-cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bhais...@apache.org
Subject [2/3] git commit: APIChecker: Rename refactor and add interface checkExistence
Date Fri, 11 Jan 2013 02:52:09 GMT
APIChecker: Rename refactor and add interface checkExistence

Signed-off-by: Rohit Yadav <bhaisaab@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/74bb043c
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/74bb043c
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/74bb043c

Branch: refs/heads/master
Commit: 74bb043c37d28bad586ff8a42d8aa6533cef4aa8
Parents: 18bdc58
Author: Rohit Yadav <bhaisaab@apache.org>
Authored: Thu Jan 10 18:49:18 2013 -0800
Committer: Rohit Yadav <bhaisaab@apache.org>
Committed: Thu Jan 10 18:51:30 2013 -0800

----------------------------------------------------------------------
 .../apache/cloudstack/acl/APIAccessChecker.java    |   28 ---------------
 api/src/org/apache/cloudstack/acl/APIChecker.java  |   28 +++++++++++++++
 client/tomcatconf/components.xml.in                |    2 +-
 .../acl/StaticRoleBasedAPIAccessChecker.java       |   16 ++++++--
 server/src/com/cloud/api/ApiServer.java            |   25 ++++++++-----
 5 files changed, 57 insertions(+), 42 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/74bb043c/api/src/org/apache/cloudstack/acl/APIAccessChecker.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/APIAccessChecker.java b/api/src/org/apache/cloudstack/acl/APIAccessChecker.java
deleted file mode 100644
index 1645fa2..0000000
--- a/api/src/org/apache/cloudstack/acl/APIAccessChecker.java
+++ /dev/null
@@ -1,28 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements.  See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership.  The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License.  You may obtain a copy of the License at
-//
-//   http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied.  See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl;
-
-import org.apache.cloudstack.acl.RoleType;
-import com.cloud.utils.component.Adapter;
-
-/**
- * APIAccessChecker checks the ownership and access control to API requests
- */
-public interface APIAccessChecker extends Adapter {
-    // Interface for checking access to an API for an user
-    boolean canAccessAPI(RoleType roleType, String apiCommandName);
-}

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/74bb043c/api/src/org/apache/cloudstack/acl/APIChecker.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/APIChecker.java b/api/src/org/apache/cloudstack/acl/APIChecker.java
new file mode 100644
index 0000000..61dd7de
--- /dev/null
+++ b/api/src/org/apache/cloudstack/acl/APIChecker.java
@@ -0,0 +1,28 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.acl;
+
+import org.apache.cloudstack.acl.RoleType;
+import com.cloud.utils.component.Adapter;
+
+// APIChecker checks the ownership and access control to API requests
+public interface APIChecker extends Adapter {
+    // Interface for checking access for a role using apiname
+    boolean checkAccess(RoleType roleType, String apiCommandName);
+    // Interface for checking existence of an api by name
+    boolean checkExistence(String apiCommandName);
+}

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/74bb043c/client/tomcatconf/components.xml.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/components.xml.in b/client/tomcatconf/components.xml.in
index b779c86..bb39839 100755
--- a/client/tomcatconf/components.xml.in
+++ b/client/tomcatconf/components.xml.in
@@ -53,7 +53,7 @@ under the License.
         <dao name="Configuration configuration server" class="com.cloud.configuration.dao.ConfigurationDaoImpl">
              <param name="premium">true</param>
         </dao>
-        <adapters key="org.apache.cloudstack.acl.APIAccessChecker">
+        <adapters key="org.apache.cloudstack.acl.APIChecker">
             <adapter name="StaticRoleBasedAPIAccessChecker" class="org.apache.cloudstack.acl.StaticRoleBasedAPIAccessChecker"/>
         </adapters>
         <adapters key="com.cloud.agent.manager.allocator.HostAllocator">

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/74bb043c/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java
----------------------------------------------------------------------
diff --git a/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java
b/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java
index d6bf3f6..740fbbc 100644
--- a/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java
+++ b/plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java
@@ -29,13 +29,12 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
-import static org.apache.cloudstack.acl.RoleType.*;
 import org.apache.log4j.Logger;
 
 // This is the default API access checker that grab's the user's account
 // based on the account type, access is granted
-@Local(value=APIAccessChecker.class)
-public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIAccessChecker
{
+@Local(value=APIChecker.class)
+public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIChecker {
 
     protected static final Logger s_logger = Logger.getLogger(StaticRoleBasedAPIAccessChecker.class);
 
@@ -50,11 +49,20 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements
APIA
     }
 
     @Override
-    public boolean canAccessAPI(RoleType roleType, String commandName) {
+    public boolean checkAccess(RoleType roleType, String commandName) {
             return s_roleBasedApisMap.get(roleType).contains(commandName);
     }
 
     @Override
+    public boolean checkExistence(String apiName) {
+        for (RoleType roleType: RoleType.values()) {
+            if (s_roleBasedApisMap.get(roleType).contains(apiName))
+                return true;
+        }
+        return false;
+    }
+
+    @Override
     public boolean configure(String name, Map<String, Object> params) throws ConfigurationException
{
         super.configure(name, params);
 

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/74bb043c/server/src/com/cloud/api/ApiServer.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java
index be3c087..7663e8e 100755
--- a/server/src/com/cloud/api/ApiServer.java
+++ b/server/src/com/cloud/api/ApiServer.java
@@ -51,8 +51,7 @@ import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
 import com.cloud.utils.ReflectUtil;
-import org.apache.cloudstack.acl.APIAccessChecker;
-import org.apache.cloudstack.acl.ControlledEntity;
+import org.apache.cloudstack.acl.APIChecker;
 import org.apache.cloudstack.acl.RoleType;
 import org.apache.cloudstack.api.*;
 import org.apache.cloudstack.api.command.user.account.ListAccountsCmd;
@@ -146,8 +145,8 @@ public class ApiServer implements HttpRequestHandler {
     @Inject private DomainManager _domainMgr = null;
     @Inject private AsyncJobManager _asyncMgr = null;
 
-    @Inject(adapter = APIAccessChecker.class)
-    protected Adapters<APIAccessChecker> _apiAccessCheckers;
+    @Inject(adapter = APIChecker.class)
+    protected Adapters<APIChecker> _apiAccessCheckers;
 
     private Account _systemAccount = null;
     private User _systemUser = null;
@@ -558,7 +557,7 @@ public class ApiServer implements HttpRequestHandler {
                 return true;
             } else {
                 // check against every available command to see if the command exists or
not
-                if (!isCommandAvailable(null, commandName) && !commandName.equals("login")
&& !commandName.equals("logout")) {
+                if (!doesCommandExist(commandName) && !commandName.equals("login")
&& !commandName.equals("logout")) {
                     s_logger.debug("The given command:" + commandName + " does not exist
or it is not available for user with id:" + userId);
                     throw new ServerApiException(BaseCmd.UNSUPPORTED_ACTION_ERROR, "The given
command does not exist or it is not available for user");
                 }
@@ -790,17 +789,25 @@ public class ApiServer implements HttpRequestHandler {
         return true;
     }
 
-    private boolean isCommandAvailable(User user, String commandName)
-            throws PermissionDeniedException {
+    private boolean doesCommandExist(String apiName) {
+        for (APIChecker apiChecker : _apiAccessCheckers) {
+            // If any checker has api info on the command, return true
+            if (apiChecker.checkExistence(apiName))
+                return true;
+        }
+        return false;
+    }
+
+    private boolean isCommandAvailable(User user, String commandName) {
         if (user == null) {
             return false;
         }
 
         Account account = _accountMgr.getAccount(user.getAccountId());
         RoleType roleType = _accountMgr.getRoleType(account);
-        for (APIAccessChecker apiChecker : _apiAccessCheckers) {
+        for (APIChecker apiChecker : _apiAccessCheckers) {
             // Fail the checking if any checker fails to verify
-            if (!apiChecker.canAccessAPI(roleType, commandName))
+            if (!apiChecker.checkAccess(roleType, commandName))
                 return false;
         }
         return true;


Mime
View raw message