git commit: updated refs/heads/4.4-forward to b2b59ed

Tue, 29 Apr 2014 12:04:21 -0700 

Repository: cloudstack
Updated Branches:
  refs/heads/4.4-forward 1b74f3f3c -> b2b59ed83

CLOUDSTACK-6533: IAM - Templates - Public templates do not have
permissions to be used by ROOT group.


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/b2b59ed8
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/b2b59ed8
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/b2b59ed8

Branch: refs/heads/4.4-forward
Commit: b2b59ed83a566762c960371717b7998b4719ba70
Parents: 1b74f3f
Author: Min Chen <min.c...@citrix.com>
Authored: Tue Apr 29 11:48:45 2014 -0700
Committer: Min Chen <min.c...@citrix.com>
Committed: Tue Apr 29 11:49:16 2014 -0700

----------------------------------------------------------------------
 .../plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java | 5 ++++-
 .../org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java    | 2 ++
 2 files changed, 6 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2b59ed8/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
----------------------------------------------------------------------
diff --git 
a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java 
b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
index f9f76c1..b4c2d4d 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/iam/IAMApiServiceImpl.java
@@ -257,7 +257,10 @@ public class IAMApiServiceImpl extends ManagerBase 
implements IAMApiService, Man
             public void onPublishMessage(String senderAddress, String subject, 
Object obj) {
                 Long templateId = (Long)obj;
                 if (templateId != null) {
-                    s_logger.debug("MessageBus message: new public template 
registered: " + templateId + ", grant permission to domain admin and normal 
user policies");
+                    s_logger.debug("MessageBus message: new public template 
registered: " + templateId
+                            + ", grant permission to default root admin, 
domain admin and normal user policies");
+                    _iamSrv.addIAMPermissionToIAMPolicy(new 
Long(Account.ACCOUNT_TYPE_ADMIN + 1), 
VirtualMachineTemplate.class.getSimpleName(),
+                            PermissionScope.RESOURCE.toString(), templateId, 
"listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
                     _iamSrv.addIAMPermissionToIAMPolicy(new 
Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), 
VirtualMachineTemplate.class.getSimpleName(),
                             PermissionScope.RESOURCE.toString(), templateId, 
"listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
                     _iamSrv.addIAMPermissionToIAMPolicy(new 
Long(Account.ACCOUNT_TYPE_NORMAL + 1), 
VirtualMachineTemplate.class.getSimpleName(),

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b2b59ed8/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
----------------------------------------------------------------------
diff --git 
a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
 
b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
index fe71912..3a3ba4d 100644
--- 
a/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
+++ 
b/services/iam/plugin/src/org/apache/cloudstack/iam/RoleBasedAPIAccessChecker.java
@@ -132,6 +132,8 @@ public class RoleBasedAPIAccessChecker extends AdapterBase 
implements APIChecker
         // add permissions for public templates
         List<VMTemplateVO> pTmplts = _templateDao.listByPublic();
         for (VMTemplateVO tmpl : pTmplts){
+            _iamSrv.addIAMPermissionToIAMPolicy(new 
Long(Account.ACCOUNT_TYPE_ADMIN + 1), 
VirtualMachineTemplate.class.getSimpleName(),
+                    PermissionScope.RESOURCE.toString(), tmpl.getId(), 
"listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
             _iamSrv.addIAMPermissionToIAMPolicy(new 
Long(Account.ACCOUNT_TYPE_DOMAIN_ADMIN + 1), 
VirtualMachineTemplate.class.getSimpleName(),
                     PermissionScope.RESOURCE.toString(), tmpl.getId(), 
"listTemplates", AccessType.UseEntry.toString(), Permission.Allow, false);
             _iamSrv.addIAMPermissionToIAMPolicy(new 
Long(Account.ACCOUNT_TYPE_NORMAL + 1), 
VirtualMachineTemplate.class.getSimpleName(),

Reply via email to