2121import com .cloud .user .Account ;
2222import com .cloud .user .AccountService ;
2323import com .cloud .user .User ;
24+ import com .cloud .utils .PropertiesUtil ;
2425import com .cloud .utils .component .AdapterBase ;
2526import com .cloud .utils .component .ComponentLocator ;
26- import com .cloud .utils .component .PluggableService ;
2727
2828import javax .ejb .Local ;
2929import javax .naming .ConfigurationException ;
3030import java .util .HashMap ;
3131import java .util .HashSet ;
32- import java .util .List ;
3332import java .util .Map ;
3433import java .util .Set ;
3534
3635import org .apache .log4j .Logger ;
3736
3837// This is the default API access checker that grab's the user's account
3938// based on the account type, access is granted
40- @ Local (value = APIChecker .class )
39+ @ Local (value = APIChecker .class )
4140public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIChecker {
4241
4342 protected static final Logger s_logger = Logger .getLogger (StaticRoleBasedAPIAccessChecker .class );
@@ -49,14 +48,18 @@ public class StaticRoleBasedAPIAccessChecker extends AdapterBase implements APIC
4948
5049 protected StaticRoleBasedAPIAccessChecker () {
5150 super ();
52- for (RoleType roleType : RoleType .values ())
51+ for (RoleType roleType : RoleType .values ())
5352 s_roleBasedApisMap .put (roleType , new HashSet <String >());
5453 }
5554
5655 @ Override
5756 public boolean checkAccess (User user , String commandName )
5857 throws PermissionDeniedException {
5958 Account account = s_accountService .getAccount (user .getAccountId ());
59+ if (account == null ) {
60+ throw new PermissionDeniedException ("The account id=" + user .getAccountId () + "for user id=" + user .getId () + "is null" );
61+ }
62+
6063 RoleType roleType = s_accountService .getRoleType (account );
6164 boolean isAllowed = s_roleBasedApisMap .get (roleType ).contains (commandName );
6265 if (!isAllowed ) {
@@ -71,32 +74,26 @@ public boolean configure(String name, Map<String, Object> params) throws Configu
7174
7275 // Read command properties files to build the static map per role.
7376 ComponentLocator locator = ComponentLocator .getLocator (ManagementServer .Name );
74-
7577 s_accountService = locator .getManager (AccountService .class );
7678
77- List < PluggableService > services = locator . getAllPluggableServices ();
78- services . add (( PluggableService ) ComponentLocator . getComponent ( ManagementServer . Name ));
79+ processMapping ( PropertiesUtil . processConfigFile ( new String []
80+ { "commands.properties" } ));
7981
80- for (PluggableService service : services ) {
81- processConfigFiles (service .getProperties (), service .getClass ().toString ());
82- s_logger .info ("Processed role based acl for: " + service .toString ());
83- }
8482 return true ;
8583 }
8684
87- private void processConfigFiles (Map <String , String > configMap , String service ) {
88- for (Map .Entry <String , String > entry : configMap .entrySet ()) {
85+ private void processMapping (Map <String , String > configMap ) {
86+ for (Map .Entry <String , String > entry : configMap .entrySet ()) {
8987 String apiName = entry .getKey ();
9088 String roleMask = entry .getValue ();
9189 try {
9290 short cmdPermissions = Short .parseShort (roleMask );
93- for (RoleType roleType : RoleType .values ()) {
91+ for (RoleType roleType : RoleType .values ()) {
9492 if ((cmdPermissions & roleType .getValue ()) != 0 )
9593 s_roleBasedApisMap .get (roleType ).add (apiName );
9694 }
9795 } catch (NumberFormatException nfe ) {
98- s_logger .info ("Malformed getProperties() value for service: " + service
99- + " for entry: " + entry .toString ());
96+ s_logger .info ("Malformed key=value pair for entry: " + entry .toString ());
10097 }
10198 }
10299 }
0 commit comments