4.4 to 0cc6b30

prachidamle Wed, 19 Mar 2014 11:46:48 -0700

More changes to support 'readOnly' access

Conflicts:
        api/src/org/apache/cloudstack/api/ApiConstants.java



Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/b3e22191
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/b3e22191
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/b3e22191

Branch: refs/heads/4.4
Commit: b3e22191cb53145abd064d09264407b7e000c49f
Parents: a919f74
Author: Prachi Damle <pra...@cloud.com>
Authored: Tue Mar 18 17:04:27 2014 -0700
Committer: Prachi Damle <pra...@cloud.com>
Committed: Wed Mar 19 11:31:06 2014 -0700

----------------------------------------------------------------------
 api/src/org/apache/cloudstack/api/ApiConstants.java      |  2 +-
 server/src/com/cloud/acl/DomainChecker.java              | 11 +++++++++++
 .../api/command/iam/AddIAMPermissionToIAMPolicyCmd.java  |  1 -
 .../src/org/apache/cloudstack/iam/IAMApiServiceImpl.java |  3 ++-
 .../apache/cloudstack/iam/test/IAMApiServiceTest.java    |  4 ++--
 5 files changed, 16 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b3e22191/api/src/org/apache/cloudstack/api/ApiConstants.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/ApiConstants.java 
b/api/src/org/apache/cloudstack/api/ApiConstants.java
index aa7c2d4..cc2c93b 100755
--- a/api/src/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/org/apache/cloudstack/api/ApiConstants.java
@@ -594,7 +594,7 @@ public class ApiConstants {
     public static final String SUPPORTS_REGION_LEVEL_VPC = 
"supportsregionLevelvpc";
     public static final String SUPPORTS_STRECHED_L2_SUBNET = 
"supportsstrechedl2subnet";
     public static final String REGION_LEVEL_VPC = "regionlevelvpc";
-    public static final String READ_ONLY = "readOnly";
+    public static final String READ_ONLY = "readonly";
 
 
     public enum HostDetails {

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b3e22191/server/src/com/cloud/acl/DomainChecker.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/acl/DomainChecker.java 
b/server/src/com/cloud/acl/DomainChecker.java
index cb6921d..ea129f7 100755
--- a/server/src/com/cloud/acl/DomainChecker.java
+++ b/server/src/com/cloud/acl/DomainChecker.java
@@ -328,6 +328,17 @@ public class DomainChecker extends AdapterBase implements 
SecurityChecker {
     @Override
     public boolean checkAccess(Account caller, ControlledEntity entity, 
AccessType accessType, String action)
             throws PermissionDeniedException {
+
+        if (action != null && ("SystemCapability".equals(action))) {
+            if (caller != null && caller.getType() == 
Account.ACCOUNT_TYPE_ADMIN) {
+                return true;
+            }
+
+        } else if (action != null && ("DomainCapability".equals(action))) {
+            if (caller != null && caller.getType() == 
Account.ACCOUNT_TYPE_DOMAIN_ADMIN) {
+                return true;
+            }
+        }
         return checkAccess(caller, entity, accessType);
     }
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b3e22191/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
----------------------------------------------------------------------
diff --git 
a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
 
b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
index e7c5650..d69f3d0 100644
--- 
a/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
+++ 
b/services/iam/plugin/src/org/apache/cloudstack/api/command/iam/AddIAMPermissionToIAMPolicyCmd.java
@@ -29,7 +29,6 @@ import org.apache.cloudstack.api.ApiErrorCode;
 import org.apache.cloudstack.api.BaseAsyncCmd;
 import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.BaseCmd.CommandType;
 import org.apache.cloudstack.api.response.iam.IAMPolicyResponse;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.iam.IAMApiService;

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b3e22191/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
----------------------------------------------------------------------
diff --git 
a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java 
b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
index 467caed..5d35ee2 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
@@ -721,7 +721,8 @@ public class IAMApiServiceImpl extends ManagerBase 
implements IAMApiService, Man
             String description = "Policy to grant permission to " + entityType 
+ entityId;
             policy = createIAMPolicy(caller, aclPolicyName, description, null);
             // add permission to this policy
-            addIAMPermissionToIAMPolicy(policy.getId(), entityType, 
PermissionScope.RESOURCE, entityId, action, Permission.Allow, false);
+            addIAMPermissionToIAMPolicy(policy.getId(), entityType, 
PermissionScope.RESOURCE, entityId, action,
+                    Permission.Allow, false, false);
         }
         // attach this policy to list of accounts if not attached already
         Long policyId = policy.getId();

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b3e22191/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
----------------------------------------------------------------------
diff --git 
a/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
 
b/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
index 49c4c9f..1f09720 100644
--- 
a/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
+++ 
b/services/iam/plugin/test/org/apache/cloudstack/iam/test/IAMApiServiceTest.java
@@ -295,8 +295,8 @@ public class IAMApiServiceTest {
                 _iamSrv.addIAMPermissionToIAMPolicy(policyId, 
VirtualMachine.class.getSimpleName(),
                         PermissionScope.RESOURCE.toString(), resId, 
"listVirtualMachines",
                         AccessType.UseEntry.toString(), Permission.Allow, 
false)).thenReturn(policy);
-        _aclSrv.addIAMPermissionToIAMPolicy(policyId, 
VirtualMachine.class.getSimpleName(),
-                PermissionScope.RESOURCE, resId, "listVirtualMachines", 
Permission.Allow, false);
+        _aclSrv.addIAMPermissionToIAMPolicy(policyId, 
IAMEntityType.VirtualMachine.toString(),
+                PermissionScope.RESOURCE, resId, "listVirtualMachines", 
Permission.Allow, false, false);
         Pair<List<IAMPolicy>, Integer> policyList = new Pair<List<IAMPolicy>, 
Integer>(policies, 1);
         List<IAMPolicyPermission> policyPerms = new 
ArrayList<IAMPolicyPermission>();
         IAMPolicyPermission perm = new IAMPolicyPermissionVO(policyId, 
"listVirtualMachines",

[2/3] git commit: updated refs/heads/4.4 to 0cc6b30

Reply via email to