[
https://issues.apache.org/jira/browse/CLOUDSTACK-639?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13532560#comment-13532560
]
Rohit Yadav commented on CLOUDSTACK-639:
----------------------------------------
Part 1 was mostly already done by Prachi on api_refactoring:
commit a2306f4917a6705819b0112fcb085ebafe752ed0
Author: Prachi Damle <[email protected]>
Date: Tue Nov 13 11:47:38 2012 -0800
some more poc work
commit 073863249abf36b6879359889f5731984391fa41
Author: Prachi Damle <[email protected]>
Date: Thu Nov 29 16:09:47 2012 -0800
Some ACL POC work
Conflicts:
server/src/com/cloud/api/ApiDispatcher.java
commit 79b54e6ac1eea7ccc6a76255be3770f4e8b03703
Author: Rohit Yadav <[email protected]>
AuthorDate: Tue Dec 11 14:16:25 2012 -0800
Commit: Rohit Yadav <[email protected]>
CommitDate: Tue Dec 11 14:16:25 2012 -0800
api: Fix obj injections in ApiServer
- Inject classes using Inject annotation
- Don't misuse component locator
commit 6ce68b93ccfe23c4001713ae38c6422029891726
Author: Rohit Yadav <[email protected]>
AuthorDate: Tue Dec 11 14:10:36 2012 -0800
Commit: Rohit Yadav <[email protected]>
CommitDate: Tue Dec 11 14:10:36 2012 -0800
api: Fix APIAccessChecker and StaticRoleBasedAPIAccessChecker
- Add getCmd api interface in APIAccessChecker adapter to get cmd properties
- Add mechanism in StaticRoleBasedAPIAccessChecker to get config properties
- Add public interface to get the cmd properties for the adapter impl
> API Refactoring: Adapters for ACL
> ---------------------------------
>
> Key: CLOUDSTACK-639
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-639
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: API
> Reporter: Rohit Yadav
> Assignee: Rohit Yadav
> Fix For: 4.1.0
>
>
> The work is to do the access control checks and entities checks using
> adapters.
> Part 1: APIAccessChecker to check if caller can evoke given API command.
> Implement a static role based checker using commands.properties file to check
> necessary roles for the command (the old school way CS used to do it)
> Part 2: Entity access checkers to check is caller can do operations on an
> entity. May use existing DomainChecker implementation. We may need to group
> entities in two groups (Infra entity like datacenter, disk offering etc. and
> controlled entity like those which have domain and accountid)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
