git commit: updated refs/heads/master to 6a9d6f8

Fri, 28 Mar 2014 18:58:26 -0700 

Repository: cloudstack
Updated Branches:
  refs/heads/master 58b2b6b9e -> 6a9d6f879


RoleBasedEntityAccessChecker should skip Project resources. IAM does not 
support Projects yet.


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/6a9d6f87
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/6a9d6f87
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/6a9d6f87

Branch: refs/heads/master
Commit: 6a9d6f8796949a2de97c9fd55af2a88a6f143e24
Parents: 58b2b6b
Author: Prachi Damle <pra...@cloud.com>
Authored: Fri Mar 28 18:53:18 2014 -0700
Committer: Prachi Damle <pra...@cloud.com>
Committed: Fri Mar 28 18:56:30 2014 -0700

----------------------------------------------------------------------
 .../apache/cloudstack/iam/RoleBasedEntityAccessChecker.java   | 7 +++++++
 1 file changed, 7 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6a9d6f87/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
----------------------------------------------------------------------
diff --git 
a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
 
b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
index 3ab3749..bcc483f 100644
--- 
a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
+++ 
b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedEntityAccessChecker.java
@@ -81,6 +81,12 @@ public class RoleBasedEntityAccessChecker extends 
DomainChecker implements Secur
             throw new InvalidParameterValueException("Entity and action cannot 
be both NULL in checkAccess!");
         }
 
+        // if a Project entity, skip
+        Account entityAccount = 
_accountService.getAccount(entity.getAccountId());
+        if (entityAccount != null && entityAccount.getType() == 
Account.ACCOUNT_TYPE_PROJECT) {
+            return false;
+        }
+
         String entityType = null;
         if (entity.getEntityType() != null) {
             entityType = entity.getEntityType().getSimpleName();
@@ -128,6 +134,7 @@ public class RoleBasedEntityAccessChecker extends 
DomainChecker implements Secur
 
         if (!policies.isEmpty()) { // Since we reach this point, none of the
                                    // roles granted access
+
             if (s_logger.isDebugEnabled()) {
                 s_logger.debug("Account " + caller + " does not have 
permission to access resource " + entity
                         + " for access type: " + accessType);

Reply via email to