1616// under the License.
1717package org .apache .cloudstack .acl ;
1818
19- import com .cloud .exception .PermissionDeniedException ;
2019import com .cloud .server .ManagementServer ;
2120import com .cloud .utils .component .AdapterBase ;
2221import com .cloud .utils .component .ComponentLocator ;
3938public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIAccessChecker {
4039
4140 protected static final Logger s_logger = Logger .getLogger (StaticRoleBasedAPIAccessChecker .class );
42- private static Set <String > s_userCommands = null ;
43- private static Set <String > s_resellerCommands = null ; // AKA domain-admin
44- private static Set <String > s_adminCommands = null ;
45- private static Set <String > s_resourceDomainAdminCommands = null ;
46- private static Set <String > s_allCommands = null ;
41+
42+ private static Map <RoleType , Set <String >> s_roleBasedApisMap =
43+ new HashMap <RoleType , Set <String >>();
4744
4845 protected StaticRoleBasedAPIAccessChecker () {
4946 super ();
50- s_allCommands = new HashSet <String >();
51- s_userCommands = new HashSet <String >();
52- s_resellerCommands = new HashSet <String >();
53- s_adminCommands = new HashSet <String >();
54- s_resourceDomainAdminCommands = new HashSet <String >();
47+ for (RoleType roleType : RoleType .values ()) {
48+ s_roleBasedApisMap .put (roleType , new HashSet <String >());
49+ }
5550 }
5651
5752 @ Override
58- public boolean canAccessAPI (RoleType roleType , String commandName )
59- throws PermissionDeniedException {
60-
61- boolean commandExists = s_allCommands .contains (commandName );
62- boolean commandAccessible = false ;
63-
64- if (commandExists ) {
65- switch (roleType ) {
66- case Admin :
67- commandAccessible = s_adminCommands .contains (commandName );
68- break ;
69- case DomainAdmin :
70- commandAccessible = s_resellerCommands .contains (commandName );
71- break ;
72- case ResourceAdmin :
73- commandAccessible = s_resourceDomainAdminCommands .contains (commandName );
74- break ;
75- case User :
76- commandAccessible = s_userCommands .contains (commandName );
77- break ;
78- }
79- }
80- return commandExists && commandAccessible ;
53+ public boolean canAccessAPI (RoleType roleType , String commandName ) {
54+ return s_roleBasedApisMap .get (roleType ).contains (commandName );
8155 }
8256
8357 @ Override
@@ -98,31 +72,19 @@ public boolean configure(String name, Map<String, Object> params) throws Configu
9872 return true ;
9973 }
10074
101- private void processConfigFiles (Map <String , String > config ) {
102- for (Map .Entry <String , String > entry : config .entrySet ()) {
75+ private void processConfigFiles (Map <String , String > configMap ) {
76+ for (Map .Entry <String , String > entry : configMap .entrySet ()) {
10377 String apiName = entry .getKey ();
10478 String roleMask = entry .getValue ();
10579 try {
10680 short cmdPermissions = Short .parseShort (roleMask );
107- if ((cmdPermissions & Admin .getValue ()) != 0 ) {
108- s_adminCommands .add (apiName );
109- }
110- if ((cmdPermissions & ResourceAdmin .getValue ()) != 0 ) {
111- s_resourceDomainAdminCommands .add (apiName );
112- }
113- if ((cmdPermissions & DomainAdmin .getValue ()) != 0 ) {
114- s_resellerCommands .add (apiName );
115- }
116- if ((cmdPermissions & User .getValue ()) != 0 ) {
117- s_userCommands .add (apiName );
81+ for (RoleType roleType : RoleType .values ()) {
82+ if ((cmdPermissions & roleType .getValue ()) != 0 )
83+ s_roleBasedApisMap .get (roleType ).add (apiName );
11884 }
11985 } catch (NumberFormatException nfe ) {
12086 s_logger .info ("Malformed commands.properties permissions value, for entry: " + entry .toString ());
12187 }
12288 }
123- s_allCommands .addAll (s_adminCommands );
124- s_allCommands .addAll (s_resourceDomainAdminCommands );
125- s_allCommands .addAll (s_userCommands );
126- s_allCommands .addAll (s_resellerCommands );
12789 }
12890}
0 commit comments