apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

security checker

Browse Source
This commit is contained in:
Alex Huang 2010-08-19 09:23:03 -07:00
parent 52e6f3a85b
commit afc0adf28a
3 changed files with 66 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
api/src/com/cloud/acl/SecurityChecker.java Normal file
View File

@ -0,0 +1,64 @@
/**
*
*/
package com.cloud.acl;
import com.cloud.domain.PartOf;
import com.cloud.exception.PermissionDeniedException;
import com.cloud.user.Account;
import com.cloud.user.OwnedBy;
import com.cloud.user.User;
import com.cloud.utils.component.Adapter;
/**
* SecurityChecker checks the ownership and access control to objects within
* the management stack for users and accounts.
*/
public interface SecurityChecker extends Adapter {
/**
* Checks if the account owns the object.
*
* @param account account to check against.
* @param object object that the account is trying to access.
* @return true if access allowed. false if this adapter cannot authenticate ownership.
* @throws PermissionDeniedException if this adapter is suppose to authenticate ownership and the check failed.
*/
boolean checkOwnership(Account account, OwnedBy object) throws PermissionDeniedException;
/**
* Checks if the user belongs to an account that owns the object.
*
* @param user user to check against.
* @param object object that the account is trying to access.
* @return true if access allowed. false if this adapter cannot authenticate ownership.
* @throws PermissionDeniedException if this adapter is suppose to authenticate ownership and the check failed.
*/
boolean checkOwnership(User user, OwnedBy object) throws PermissionDeniedException;
/**
* Checks if the account can access the object.
*
* @param account account to check against.
* @param object object that the account is trying to access.
* @return true if access allowed. false if this adapter cannot provide permission.
* @throws PermissionDeniedException if this adapter is suppose to authenticate ownership and the check failed.
*/
boolean checkAccess(Account account, PartOf object) throws PermissionDeniedException;
/**
* Checks if the user belongs to an account that can access the object.
*
* @param user user to check against.
* @param object object that the account is trying to access.
* @return true if access allowed. false if this adapter cannot authenticate ownership.
* @throws PermissionDeniedException if this adapter is suppose to authenticate ownership and the check failed.
*/
boolean checkAccess(User user, PartOf object) throws PermissionDeniedException;
// We should be able to use this method to check against commands. For example, we can
// annotate the command with access annotations and this method can use it to extract
// OwnedBy and PartOf interfaces on the object and use it to verify against a user.
// I leave this empty for now so Kris and the API team can see if it is useful.
// boolean checkAuthorization(User user, Command cmd) throws PermissionDeniedException;
}

0
core/src/com/cloud/user/User.java → api/src/com/cloud/user/User.java
View File

4
build/build.number
View File

@ -1,3 +1,3 @@
#Build Number for ANT. Do not edit! #Build Number for ANT. Do not edit!
#Wed Aug 18 11:29:13 PDT 2010 #Thu Aug 19 09:21:10 PDT 2010
build.number=64 build.number=65