Skip to content

Commit 345c179

Browse files
yadvryadvr
committed
plugins: Check access based on roleType, remove unnecessary properties.in file
- Fix StaticRoleBasedAPIAccessChecker to check api access based on roletype - Remove properties file which is not needed now for api discovery plugin Signed-off-by: Rohit Yadav <bhaisaab@apache.org>
1 parent 8f26e17 commit 345c179

2 files changed

Lines changed: 49 additions & 112 deletions

File tree

client/tomcatconf/api-discovery_commands.properties.in

Lines changed: 0 additions & 23 deletions
This file was deleted.

plugins/acl/static-role-based/src/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java

Lines changed: 49 additions & 89 deletions
Original file line numberDiff line numberDiff line change
@@ -16,28 +16,23 @@
1616
// under the License.
1717
package org.apache.cloudstack.acl;
1818

19-
import java.io.File;
20-
import java.io.FileInputStream;
21-
import java.io.FileNotFoundException;
22-
import java.io.IOException;
23-
import java.io.InputStream;
24-
import java.util.*;
19+
import com.cloud.exception.PermissionDeniedException;
20+
import com.cloud.server.ManagementServer;
21+
import com.cloud.utils.component.AdapterBase;
22+
import com.cloud.utils.component.ComponentLocator;
23+
import com.cloud.utils.component.PluggableService;
2524

2625
import javax.ejb.Local;
2726
import javax.naming.ConfigurationException;
27+
import java.util.HashMap;
28+
import java.util.HashSet;
29+
import java.util.List;
30+
import java.util.Map;
31+
import java.util.Set;
2832

29-
import org.apache.cloudstack.acl.APIAccessChecker;
30-
import org.apache.cloudstack.acl.RoleType;
3133
import static org.apache.cloudstack.acl.RoleType.*;
3234
import org.apache.log4j.Logger;
3335

34-
import com.cloud.exception.PermissionDeniedException;
35-
import com.cloud.server.ManagementServer;
36-
import com.cloud.utils.PropertiesUtil;
37-
import com.cloud.utils.component.AdapterBase;
38-
import com.cloud.utils.component.ComponentLocator;
39-
import com.cloud.utils.component.PluggableService;
40-
4136
// This is the default API access checker that grab's the user's account
4237
// based on the account type, access is granted
4338
@Local(value=APIAccessChecker.class)
@@ -60,35 +55,29 @@ protected StaticRoleBasedAPIAccessChecker() {
6055
}
6156

6257
@Override
63-
public boolean canAccessAPI(RoleType roleType, String apiCommandName)
64-
throws PermissionDeniedException{
65-
66-
boolean commandExists = s_allCommands.contains(apiCommandName);
67-
68-
if(commandExists) {
69-
return isCommandAvailableForAccount(roleType, apiCommandName);
70-
}
71-
72-
return commandExists;
73-
}
74-
75-
private static boolean isCommandAvailableForAccount(RoleType roleType, String commandName) {
76-
boolean isCommandAvailable = false;
77-
switch (roleType) {
78-
case Admin:
79-
isCommandAvailable = s_adminCommands.contains(commandName);
80-
break;
81-
case DomainAdmin:
82-
isCommandAvailable = s_resellerCommands.contains(commandName);
83-
break;
84-
case ResourceAdmin:
85-
isCommandAvailable = s_resourceDomainAdminCommands.contains(commandName);
86-
break;
87-
case User:
88-
isCommandAvailable = s_userCommands.contains(commandName);
89-
break;
58+
public boolean canAccessAPI(RoleType roleType, String commandName)
59+
throws PermissionDeniedException {
60+
61+
boolean commandExists = s_allCommands.contains(commandName);
62+
boolean commandAccessible = false;
63+
64+
if (commandExists) {
65+
switch (roleType) {
66+
case Admin:
67+
commandAccessible = s_adminCommands.contains(commandName);
68+
break;
69+
case DomainAdmin:
70+
commandAccessible = s_resellerCommands.contains(commandName);
71+
break;
72+
case ResourceAdmin:
73+
commandAccessible = s_resourceDomainAdminCommands.contains(commandName);
74+
break;
75+
case User:
76+
commandAccessible = s_userCommands.contains(commandName);
77+
break;
78+
}
9079
}
91-
return isCommandAvailable;
80+
return commandExists && commandAccessible;
9281
}
9382

9483
@Override
@@ -100,69 +89,40 @@ public boolean configure(String name, Map<String, Object> params) throws Configu
10089
List<PluggableService> services = locator.getAllPluggableServices();
10190
services.add((PluggableService) ComponentLocator.getComponent(ManagementServer.Name));
10291

103-
List<String> configFiles = new ArrayList<String>();
92+
Map<String, String> configPropertiesMap = new HashMap<String, String>();
10493
for (PluggableService service : services) {
105-
configFiles.addAll(Arrays.asList(service.getPropertiesFiles()));
94+
configPropertiesMap.putAll(service.getProperties());
10695
}
10796

108-
processConfigFiles(configFiles);
97+
processConfigFiles(configPropertiesMap);
10998
return true;
11099
}
111100

112-
private void processConfigFiles(List<String> configFiles) {
113-
Properties preProcessedCommands = new Properties();
114-
115-
for (String configFile : configFiles) {
116-
File commandsFile = PropertiesUtil.findConfigFile(configFile);
117-
if (commandsFile != null) {
118-
try {
119-
preProcessedCommands.load(new FileInputStream(commandsFile));
120-
} catch (FileNotFoundException fnfex) {
121-
// in case of a file within a jar in classpath, try to open stream using url
122-
InputStream stream = PropertiesUtil.openStreamFromURL(configFile);
123-
if (stream != null) {
124-
try {
125-
preProcessedCommands.load(stream);
126-
} catch (IOException e) {
127-
s_logger.error("IO Exception, unable to find properties file:", fnfex);
128-
}
129-
} else {
130-
s_logger.error("Unable to find properites file", fnfex);
131-
}
132-
} catch (IOException ioe) {
133-
s_logger.error("IO Exception loading properties file", ioe);
134-
}
135-
}
136-
}
137-
138-
for (Object key : preProcessedCommands.keySet()) {
139-
String preProcessedCommand = preProcessedCommands.getProperty((String) key);
140-
int splitIndex = preProcessedCommand.lastIndexOf(";");
141-
// Backward compatible to old style, apiname=pkg;mask
142-
String mask = preProcessedCommand.substring(splitIndex+1);
143-
101+
private void processConfigFiles(Map<String, String> config) {
102+
for (Map.Entry<String, String> entry: config.entrySet()) {
103+
String apiName = entry.getKey();
104+
String roleMask = entry.getValue();
144105
try {
145-
short cmdPermissions = Short.parseShort(mask);
106+
short cmdPermissions = Short.parseShort(roleMask);
146107
if ((cmdPermissions & Admin.getValue()) != 0) {
147-
s_adminCommands.add((String) key);
108+
s_adminCommands.add(apiName);
148109
}
149110
if ((cmdPermissions & ResourceAdmin.getValue()) != 0) {
150-
s_resourceDomainAdminCommands.add((String) key);
111+
s_resourceDomainAdminCommands.add(apiName);
151112
}
152113
if ((cmdPermissions & DomainAdmin.getValue()) != 0) {
153-
s_resellerCommands.add((String) key);
114+
s_resellerCommands.add(apiName);
154115
}
155116
if ((cmdPermissions & User.getValue()) != 0) {
156-
s_userCommands.add((String) key);
117+
s_userCommands.add(apiName);
157118
}
158-
s_allCommands.addAll(s_adminCommands);
159-
s_allCommands.addAll(s_resourceDomainAdminCommands);
160-
s_allCommands.addAll(s_userCommands);
161-
s_allCommands.addAll(s_resellerCommands);
162119
} catch (NumberFormatException nfe) {
163-
s_logger.info("Malformed command.properties permissions value, key = " + key + ", value = " + preProcessedCommand);
120+
s_logger.info("Malformed commands.properties permissions value, for entry: " + entry.toString());
164121
}
165122
}
123+
s_allCommands.addAll(s_adminCommands);
124+
s_allCommands.addAll(s_resourceDomainAdminCommands);
125+
s_allCommands.addAll(s_userCommands);
126+
s_allCommands.addAll(s_resellerCommands);
166127
}
167-
168128
}

0 commit comments

Comments
 (0)