[jira] [Commented] (CLOUDSTACK-639) API Refactoring: Adapters for ACL

Thu, 03 Jan 2013 10:40:17 -0800 

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-639?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13543177#comment-13543177
 ] 

Rohit Yadav commented on CLOUDSTACK-639:
----------------------------------------

Part1 and the plugin for that was committed on api_refactoring:

commit bc8e0af0a3eff4d3e73796ffd4a8481b6f8c2f6e
Author: Rohit Yadav <bhais...@apache.org>
Date: Wed Jan 2 16:56:48 2013 -0800

    plugin: ACL Static Role Based api access checker
    
    Signed-off-by: Rohit Yadav <bhais...@apache.org>

commit d235859168569fcd344e2210891b7611dbb3da12
Author: Rohit Yadav <bhais...@apache.org>
Date: Wed Jan 2 16:29:39 2013 -0800

    Fix PluggableService to provide interface for ACL adapters etc. to get 
configs
    
    - Fix interface to return array of strings, or filenames
    - Fix StaticRoleBased ACL adapter to process config files by going through 
all pluggable services
    - Refactor interface names
    
    Signed-off-by: Rohit Yadav <bhais...@apache.org> 
                
> API Refactoring: Adapters for ACL
> ---------------------------------
>
>                 Key: CLOUDSTACK-639
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-639
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: API
>            Reporter: Rohit Yadav
>            Assignee: Rohit Yadav
>             Fix For: 4.1.0
>
>
> The work is to do the access control checks and entities checks using 
> adapters.
> Part 1: APIAccessChecker to check if caller can evoke given API command. 
> Implement a static role based checker using commands.properties file to check 
> necessary roles for the command (the old school way CS used to do it)
> Part 2: Entity access checkers to check is caller can do operations on an 
> entity. May use existing DomainChecker implementation. We may need to group 
> entities in two groups (Infra entity like datacenter, disk offering etc. and 
> controlled entity like those which have domain and accountid)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to