apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix ACL processor and methods in ApiDispatcher and their usages

Browse Source 
Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
This commit is contained in:
Rohit Yadav 2013-01-06 17:18:45 -08:00
parent 19cf665094
commit 96b9164e4b
4 changed files with 85 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
api/src/org/apache/cloudstack/api/command/user/vm/StopVMCmd.java
View File

@ -39,7 +39,6 @@ public class StopVMCmd extends BaseAsyncCmd {
// ////////////// API parameters /////////////////////
// ///////////////////////////////////////////////////
@ACL
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType=UserVmResponse.class,
required = true, description = "The ID of the virtual machine")
private Long id;

172
server/src/com/cloud/api/ApiDispatcher.java
View File

@ -32,6 +32,7 @@ import java.util.regex.Matcher;
import com.cloud.dao.EntityManager;
import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.acl.InfrastructureEntity;
import org.apache.cloudstack.acl.Role;
import org.apache.cloudstack.api.*;
import org.apache.log4j.Logger;
@ -106,10 +107,7 @@ public class ApiDispatcher {
}
public void dispatchCreateCmd(BaseAsyncCreateCmd cmd, Map<String, String> params) {
List<ControlledEntity> entitiesToAccess = new ArrayList<ControlledEntity>();
setupParameters(cmd, params, entitiesToAccess);
doAccessChecks(cmd, entitiesToAccess);
processParameters(cmd, params);
try {
UserContext ctx = UserContext.current();
@ -150,60 +148,54 @@ public class ApiDispatcher {
}
}
private void doAccessChecks(BaseAsyncCreateCmd cmd, List<ControlledEntity> entitiesToAccess) {
private void checkACLOnCommand(BaseCmd cmd) {
// TODO Auto-generated method stub
//need to write an commandACLChecker adapter framework to check ACL on commands - default one will use the static roles by referring to commands.properties.
//one can write another commandACLChecker to check access via custom roles.
}
private List<Role> determineRole(Account caller) {
// TODO Auto-generated method stub
List<Role> effectiveRoles = new ArrayList<Role>();
return effectiveRoles;
}
private void doAccessChecks(BaseCmd cmd, List<Object> entitiesToAccess) {
//owner
Account caller = UserContext.current().getCaller();
Account owner = _accountMgr.getActiveAccountById(cmd.getEntityOwnerId());
List<Role> callerRoles = determineRole(caller);
List<Role> ownerRoles = determineRole(owner);
// REMOVE ME:
// List<Role> callerRoles = determineRole(caller);
// List<Role> ownerRoles = determineRole(owner);
// check permission to call this command for the caller
// this needs checking of static roles of the caller
// Role based acl is done in ApiServer before api gets to ApiDispatcher
// checkACLOnCommand(cmd);
//check permission to call this command for the caller
//this needs checking of static roles of the caller
checkACLOnCommand(cmd);
//check that caller can access the owner account.
_accountMgr.checkAccess(caller, null, true, owner);
checkACLOnEntities(caller, entitiesToAccess);
}
private void checkACLOnCommand(BaseAsyncCreateCmd cmd) {
// TODO Auto-generated method stub
//need to write an commandACLChecker adapter framework to check ACL on commands - default one will use the static roles by referring to commands.properties.
//one can write another commandACLChecker to check access via custom roles.
}
private List<Role> determineRole(Account caller) {
// TODO Auto-generated method stub
List<Role> effectiveRoles = new ArrayList<Role>();
return effectiveRoles;
}
private void checkACLOnEntities(Account caller, List<ControlledEntity> entitiesToAccess){
//checkACLOnEntities
if(!entitiesToAccess.isEmpty()){
for(ControlledEntity entity : entitiesToAccess)
_accountMgr.checkAccess(caller, null, true, entity);
}
}
public void dispatch(BaseCmd cmd, Map<String, String> params) {
List<ControlledEntity> entitiesToAccess = new ArrayList<ControlledEntity>();
setupParameters(cmd, params, entitiesToAccess);
if(!entitiesToAccess.isEmpty()){
//owner
Account caller = UserContext.current().getCaller();
Account owner = s_instance._accountMgr.getActiveAccountById(cmd.getEntityOwnerId());
s_instance._accountMgr.checkAccess(caller, null, true, owner);
for(ControlledEntity entity : entitiesToAccess)
s_instance._accountMgr.checkAccess(caller, null, true, entity);
if(cmd instanceof BaseAsyncCreateCmd) {
//check that caller can access the owner account.
_accountMgr.checkAccess(caller, null, true, owner);
}
if(!entitiesToAccess.isEmpty()){
//check that caller can access the owner account.
_accountMgr.checkAccess(caller, null, true, owner);
for(Object entity : entitiesToAccess) {
if (entity instanceof ControlledEntity) {
_accountMgr.checkAccess(caller, null, true, (ControlledEntity) entity);
}
else if (entity instanceof InfrastructureEntity) {
//do something here:D
}
}
}
}
public void dispatch(BaseCmd cmd, Map<String, String> params) {
try {
processParameters(cmd, params);
UserContext ctx = UserContext.current();
ctx.setAccountId(cmd.getEntityOwnerId());
if (cmd instanceof BaseAsyncCmd) {
@ -362,7 +354,8 @@ public class ApiDispatcher {
}
@SuppressWarnings({ "unchecked", "rawtypes" })
public static void setupParameters(BaseCmd cmd, Map<String, String> params, List<ControlledEntity> entitiesToAccess) {
public static void processParameters(BaseCmd cmd, Map<String, String> params) {
List<Object> entitiesToAccess = new ArrayList<Object>();
Map<String, Object> unpackedParams = cmd.unpackParams(params);
if (cmd instanceof BaseListCmd) {
@ -459,58 +452,57 @@ public class ApiDispatcher {
// find the controlled entity DBid by uuid
if (parameterAnnotation.entityType() != null) {
Class<?>[] entityList = parameterAnnotation.entityType()[0].getAnnotation(EntityReference.class).value();
for (Class entity : entityList){
if (ControlledEntity.class.isAssignableFrom(entity)) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("entity name is:" + entity.getName());
}
if (s_instance._daoNameMap.containsKey(entity.getName())) {
Class<? extends GenericDao> daoClass = s_instance._daoNameMap.get(entity.getName());
GenericDao daoClassInstance = s_instance._locator.getDao(daoClass);
// Check if the parameter type is a single
// Id or list of id's/name's
switch (fieldType) {
case LIST:
CommandType listType = parameterAnnotation.collectionType();
switch (listType) {
for (Class entity : entityList) {
// Check if the parameter type is a single
// Id or list of id's/name's
switch (fieldType) {
case LIST:
CommandType listType = parameterAnnotation.collectionType();
switch (listType) {
case LONG:
case UUID:
List<Long> listParam = new ArrayList<Long>();
listParam = (List) field.get(cmd);
for (Long entityId : listParam) {
ControlledEntity entityObj = (ControlledEntity) daoClassInstance.findById(entityId);
Object entityObj = s_instance._entityMgr.findById(entity, (Long) field.get(cmd));
entitiesToAccess.add(entityObj);
}
break;
/*
* case STRING: List<String> listParam =
* new ArrayList<String>(); listParam =
* (List)field.get(cmd); for(String
* entityName: listParam){
* ControlledEntity entityObj =
* (ControlledEntity
* )daoClassInstance(entityId);
* entitiesToAccess.add(entityObj); }
* break;
*/
/*
* case STRING: List<String> listParam =
* new ArrayList<String>(); listParam =
* (List)field.get(cmd); for(String
* entityName: listParam){
* ControlledEntity entityObj =
* (ControlledEntity
* )daoClassInstance(entityId);
* entitiesToAccess.add(entityObj); }
* break;
*/
default:
break;
}
break;
case LONG:
case UUID:
Long entityId = (Long) field.get(cmd);
ControlledEntity entityObj = (ControlledEntity) daoClassInstance.findById(entityId);
entitiesToAccess.add(entityObj);
break;
default:
break;
}
break;
case LONG:
case UUID:
Object entityObj = s_instance._entityMgr.findById(entity, (Long) field.get(cmd));
entitiesToAccess.add(entityObj);
break;
default:
break;
}
if (ControlledEntity.class.isAssignableFrom(entity)) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("ControlledEntity name is:" + entity.getName());
}
}
if (InfrastructureEntity.class.isAssignableFrom(entity)) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("InfrastructureEntity name is:" + entity.getName());
}
}
}
@ -529,6 +521,8 @@ public class ApiDispatcher {
}
//check access on the entities.
s_instance.doAccessChecks(cmd, entitiesToAccess);
}
private static Long translateUuidToInternalId(String uuid, Parameter annotation)

10
server/src/com/cloud/api/ApiServer.java
View File

@ -412,15 +412,7 @@ public class ApiServer implements HttpRequestHandler {
objectEntityTable = createCmd.getEntityTable();
params.put("id", objectId.toString());
} else {
List<ControlledEntity> entitiesToAccess = new ArrayList<ControlledEntity>();
ApiDispatcher.setupParameters(cmdObj, params, entitiesToAccess);
if(!entitiesToAccess.isEmpty()){
Account owner = s_instance._accountMgr.getActiveAccountById(cmdObj.getEntityOwnerId());
s_instance._accountMgr.checkAccess(caller, null, true, owner);
s_instance._accountMgr.checkAccess(caller, null, true, (ControlledEntity[])entitiesToAccess.toArray());
}
ApiDispatcher.processParameters(cmdObj, params);
}
BaseAsyncCmd asyncCmd = (BaseAsyncCmd) cmdObj;

2
server/src/com/cloud/network/as/AutoScaleManagerImpl.java
View File

@ -349,7 +349,7 @@ public class AutoScaleManagerImpl<Type> implements AutoScaleManager, AutoScaleSe
* For ex. if projectId is given as a string instead of an long value, this
* will be throwing an error.
*/
ApiDispatcher.setupParameters(new DeployVMCmd(), deployParams, new ArrayList<ControlledEntity>());
ApiDispatcher.processParameters(new DeployVMCmd(), deployParams);
if (autoscaleUserId == null) {
autoscaleUserId = UserContext.current().getCallerUserId();