Repository: cloudstack Updated Branches: refs/heads/4.4 d17c299fb -> 1085695b5
CLOUDSTACK-6569: IAM - Regular user is able to listNetworks of another user in the same domain , by passing account and domainId. Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/1085695b Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/1085695b Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/1085695b Branch: refs/heads/4.4 Commit: 1085695b5cd179e29fff98aa62a7d61415243064 Parents: d17c299 Author: Min Chen <min.c...@citrix.com> Authored: Fri May 2 14:53:44 2014 -0700 Committer: Daan Hoogland <d...@onecht.net> Committed: Sat May 3 00:44:25 2014 +0200 ---------------------------------------------------------------------- api/src/com/cloud/user/AccountService.java | 4 ---- .../network/contrail/management/MockAccountManager.java | 7 ------- server/src/com/cloud/api/query/QueryManagerImpl.java | 6 +++--- server/src/com/cloud/network/NetworkServiceImpl.java | 2 +- server/src/com/cloud/user/AccountManagerImpl.java | 8 -------- server/test/com/cloud/user/MockAccountManagerImpl.java | 6 ------ 6 files changed, 4 insertions(+), 29 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1085695b/api/src/com/cloud/user/AccountService.java ---------------------------------------------------------------------- diff --git a/api/src/com/cloud/user/AccountService.java b/api/src/com/cloud/user/AccountService.java index 10be650..6cc86cd 100755 --- a/api/src/com/cloud/user/AccountService.java +++ b/api/src/com/cloud/user/AccountService.java @@ -24,7 +24,6 @@ import org.apache.cloudstack.acl.SecurityChecker.AccessType; import org.apache.cloudstack.api.command.admin.user.RegisterCmd; import com.cloud.domain.Domain; -import com.cloud.domain.PartOf; import com.cloud.exception.PermissionDeniedException; public interface AccountService { @@ -110,9 +109,6 @@ public interface AccountService { void checkAccess(Account caller, AccessType accessType, String apiName, ControlledEntity... entities) throws PermissionDeniedException; - //TO be implemented, to check accessibility for an entity owned by domain - void checkAccess(Account caller, AccessType accessType, boolean sameOwner, PartOf... entities) throws PermissionDeniedException; - Long finalyzeAccountId(String accountName, Long domainId, Long projectId, boolean enabledOnly); /** http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1085695b/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java b/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java index e12a4bf..a39fb43 100644 --- a/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java +++ b/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java @@ -37,7 +37,6 @@ import org.apache.cloudstack.context.CallContext; import com.cloud.configuration.ResourceLimit; import com.cloud.configuration.dao.ResourceCountDao; import com.cloud.domain.Domain; -import com.cloud.domain.PartOf; import com.cloud.exception.ConcurrentOperationException; import com.cloud.exception.PermissionDeniedException; import com.cloud.exception.ResourceUnavailableException; @@ -194,12 +193,6 @@ public class MockAccountManager extends ManagerBase implements AccountManager { return false; } - @Override - public void checkAccess(Account account, AccessType accessType, boolean sameOwner, PartOf... entities) throws PermissionDeniedException { - // TODO Auto-generated method stub - - } - @Override public void buildACLSearchParameters(Account caller, Long id, String accountName, Long projectId, List<Long> permittedDomains, List<Long> permittedAccounts, http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1085695b/server/src/com/cloud/api/query/QueryManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/api/query/QueryManagerImpl.java b/server/src/com/cloud/api/query/QueryManagerImpl.java index 8e020fc..6848ba0 100644 --- a/server/src/com/cloud/api/query/QueryManagerImpl.java +++ b/server/src/com/cloud/api/query/QueryManagerImpl.java @@ -3111,7 +3111,7 @@ public class QueryManagerImpl extends ManagerBase implements QueryService { } if (userAccount != null) { - _accountMgr.checkAccess(caller, null, false, userAccount); + _accountMgr.checkAccess(caller, null, userAccount); // check permissions permittedAccounts.add(userAccount.getId()); } else { @@ -3251,7 +3251,7 @@ public class QueryManagerImpl extends ManagerBase implements QueryService { // if template is not public, perform permission check here if (!template.isPublicTemplate() && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) { Account owner = _accountMgr.getAccount(template.getAccountId()); - _accountMgr.checkAccess(caller, null, true, owner); + _accountMgr.checkAccess(caller, null, owner); } // if templateId is specified, then we will just use the id to @@ -3576,7 +3576,7 @@ public class QueryManagerImpl extends ManagerBase implements QueryService { throw new InvalidParameterValueException("Unable to list affinity groups for virtual machine instance " + vmId + "; instance not found."); } - _accountMgr.checkAccess(caller, null, true, userVM); + _accountMgr.checkAccess(caller, null, userVM); return listAffinityGroupsByVM(vmId.longValue(), startIndex, pageSize); } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1085695b/server/src/com/cloud/network/NetworkServiceImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/network/NetworkServiceImpl.java b/server/src/com/cloud/network/NetworkServiceImpl.java index 2820135..05c2725 100755 --- a/server/src/com/cloud/network/NetworkServiceImpl.java +++ b/server/src/com/cloud/network/NetworkServiceImpl.java @@ -1432,7 +1432,7 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService { throw new InvalidParameterValueException("Unable to find account " + accountName + " in specified domain"); } - _accountMgr.checkAccess(caller, null, true, owner); + _accountMgr.checkAccess(caller, null, owner); permittedAccounts.add(owner.getId()); } } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1085695b/server/src/com/cloud/user/AccountManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java index 4b78141..22be83c 100755 --- a/server/src/com/cloud/user/AccountManagerImpl.java +++ b/server/src/com/cloud/user/AccountManagerImpl.java @@ -75,7 +75,6 @@ import com.cloud.dc.dao.DataCenterVnetDao; import com.cloud.dc.dao.DedicatedResourceDao; import com.cloud.domain.Domain; import com.cloud.domain.DomainVO; -import com.cloud.domain.PartOf; import com.cloud.domain.dao.DomainDao; import com.cloud.event.ActionEvent; import com.cloud.event.ActionEventUtils; @@ -465,13 +464,6 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M throw new PermissionDeniedException("There's no way to confirm " + caller + " has access to " + domain); } - @Override - public void checkAccess(Account caller, AccessType accessType, boolean sameOwner, PartOf... entities) throws PermissionDeniedException { - // TODO Auto-generated method stub - - //TO BE IMPLEMENTED - - } @Override public void checkAccess(Account caller, AccessType accessType, ControlledEntity... entities) throws PermissionDeniedException { http://git-wip-us.apache.org/repos/asf/cloudstack/blob/1085695b/server/test/com/cloud/user/MockAccountManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/test/com/cloud/user/MockAccountManagerImpl.java b/server/test/com/cloud/user/MockAccountManagerImpl.java index 4a7d4eb..a2b8a85 100644 --- a/server/test/com/cloud/user/MockAccountManagerImpl.java +++ b/server/test/com/cloud/user/MockAccountManagerImpl.java @@ -33,7 +33,6 @@ import org.apache.cloudstack.api.command.admin.user.RegisterCmd; import org.apache.cloudstack.api.command.admin.user.UpdateUserCmd; import com.cloud.domain.Domain; -import com.cloud.domain.PartOf; import com.cloud.exception.ConcurrentOperationException; import com.cloud.exception.PermissionDeniedException; import com.cloud.exception.ResourceUnavailableException; @@ -220,11 +219,6 @@ public class MockAccountManagerImpl extends ManagerBase implements Manager, Acco } - @Override - public void checkAccess(Account account, AccessType accessType, boolean sameOwner, PartOf... entities) throws PermissionDeniedException { - // TODO Auto-generated method stub - - } @Override public UserAccount getUserAccountById(Long userId) {
