apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Changes to QuerySelector to list the parent group resources with recursive = true access

Browse Source
This commit is contained in:
Prachi Damle 2014-02-03 17:49:33 -08:00
parent 939b15169c
commit a6d07c873c
5 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java
View File

@ -172,7 +172,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
List<AclGroup> groups = _iamSrv.listAclGroups(caller.getId());
for (AclGroup group : groups) {
// for each group find the grand parent groups.
List<AclGroup> parentGroups = _iamSrv.listParentAclGroupsOnPath(group.getPath());
List<AclGroup> parentGroups = _iamSrv.listParentAclGroups(group.getId());
for (AclGroup parentGroup : parentGroups) {
policies.addAll(_iamSrv.listRecursiveAclPoliciesByGroup(parentGroup.getId()));
}

11
services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityQuerySelector.java
View File

@ -83,6 +83,17 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
long accountId = caller.getAccountId();
// Get the static Policies of the Caller
List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
// add the policies that grant recursive access
List<AclGroup> groups = _iamService.listAclGroups(caller.getId());
for (AclGroup group : groups) {
// for each group find the grand parent groups.
List<AclGroup> parentGroups = _iamService.listParentAclGroups(group.getId());
for (AclGroup parentGroup : parentGroups) {
policies.addAll(_iamService.listRecursiveAclPoliciesByGroup(parentGroup.getId()));
}
}
// for each policy, find granted permission with Resource scope
List<Long> entityIds = new ArrayList<Long>();
for (AclPolicy policy : policies) {

2
services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
View File

@ -85,7 +85,7 @@ public interface IAMService {
List<AclPolicyPermission> listPolicyPermissionByAccessAndEntity(long policyId, String accessType,
String entityType);
List<AclGroup> listParentAclGroupsOnPath(String path);
List<AclGroup> listParentAclGroups(long groupId);
List<AclPolicy> listRecursiveAclPoliciesByGroup(long groupId);

7
services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
View File

@ -257,8 +257,13 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
@Override
public List<AclGroup> listParentAclGroupsOnPath(String path) {
public List<AclGroup> listParentAclGroups(long groupId) {
AclGroup group = _aclGroupDao.findById(groupId);
if (group == null) {
throw new InvalidParameterValueException("Unable to find acl group by id " + groupId);
}
String path = group.getPath();
List<String> pathList = new ArrayList<String>();
String[] parts = path.split("/");