Package org.apache.cloudstack.acl.SecurityChecker

Examples of org.apache.cloudstack.acl.SecurityChecker.AccessType

215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
    public void setServices(List<PluggableService> services) {
        _services = services;
     }

    private void addDefaultAclPolicyPermission(String apiName, Class<?> cmdClass, RoleType role) {
        AccessType accessType = null;
        Class<?>[] entityTypes = null;

        PermissionScope permissionScope = PermissionScope.ACCOUNT;
        Long policyId = getDefaultPolicyId(role);
        switch (role) {
        case User:
            permissionScope = PermissionScope.ACCOUNT;
            break;

        case Admin:
            permissionScope = PermissionScope.ALL;
            break;

        case DomainAdmin:
            permissionScope = PermissionScope.DOMAIN;
            break;

        case ResourceAdmin:
            permissionScope = PermissionScope.DOMAIN;
            break;
         }

        boolean addAccountScopedUseEntry = false;

        if (cmdClass != null) {
            BaseCmd cmdObj;
            try {
                cmdObj = (BaseCmd) cmdClass.newInstance();
                if (cmdObj instanceof BaseListCmd) {
                    accessType = AccessType.ListEntry;
                    addAccountScopedUseEntry = true;
                } else {
                    accessType = AccessType.OperateEntry;
                }
            } catch (Exception e) {
                throw new CloudRuntimeException(String.format(
                        "%s is claimed as an API command, but it cannot be instantiated", cmdClass.getName()));
            }

            APICommand at = cmdClass.getAnnotation(APICommand.class);
            entityTypes = at.entityType();
        }

        if (entityTypes == null || entityTypes.length == 0) {
            _iamSrv.addIAMPermissionToIAMPolicy(policyId, null, permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
                    apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
            if (addAccountScopedUseEntry) {
                _iamSrv.addIAMPermissionToIAMPolicy(policyId, null, PermissionScope.ACCOUNT.toString(), new Long(
                        IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER), apiName, AccessType.UseEntry.toString(), Permission.Allow, false);
            }
        } else {
            for (Class<?> entityType : entityTypes) {
                _iamSrv.addIAMPermissionToIAMPolicy(policyId, entityType.getSimpleName(), permissionScope.toString(), new Long(
                        IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
                        apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
                if (addAccountScopedUseEntry) {
                    _iamSrv.addIAMPermissionToIAMPolicy(policyId, entityType.getSimpleName(), PermissionScope.ACCOUNT.toString(), new Long(
                            IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER), apiName, AccessType.UseEntry.toString(), Permission.Allow, false);
                }
            }
View Full Code Here
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
            public void onPublishMessage(String senderAddress, String subject, Object obj) {
                Map<String, Object> permit = (Map<String, Object>)obj;
                if (permit != null) {
                    Class<?> entityType = (Class<?>)permit.get(ApiConstants.ENTITY_TYPE);
                    Long entityId = (Long)permit.get(ApiConstants.ENTITY_ID);
                    AccessType accessType = (AccessType)permit.get(ApiConstants.ACCESS_TYPE);
                    String action = (String)permit.get(ApiConstants.IAM_ACTION);
                    List<Long> acctIds = (List<Long>)permit.get(ApiConstants.ACCOUNTS);
                    s_logger.debug("MessageBus message: grant accounts permission to an entity: (" + entityType + "," + entityId + ")");
                    grantEntityPermissioinToAccounts(entityType.getSimpleName(), entityId, accessType, action, acctIds);
                }
            }
        });

        _messageBus.subscribe(EntityManager.MESSAGE_REVOKE_ENTITY_EVENT, new MessageSubscriber() {
            @Override
            public void onPublishMessage(String senderAddress, String subject, Object obj) {
                Map<String, Object> permit = (Map<String, Object>)obj;
                if (permit != null) {
                    Class<?> entityType = (Class<?>)permit.get(ApiConstants.ENTITY_TYPE);
                    Long entityId = (Long)permit.get(ApiConstants.ENTITY_ID);
                    AccessType accessType = (AccessType)permit.get(ApiConstants.ACCESS_TYPE);
                    String action = (String)permit.get(ApiConstants.IAM_ACTION);
                    List<Long> acctIds = (List<Long>)permit.get(ApiConstants.ACCOUNTS);
                    s_logger.debug("MessageBus message: revoke from accounts permission to an entity: (" + entityType + "," + entityId + ")");
                    revokeEntityPermissioinFromAccounts(entityType.getSimpleName(), entityId, accessType, action, acctIds);
                }
View Full Code Here
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
    @Override
    @ActionEvent(eventType = EventTypes.EVENT_IAM_POLICY_GRANT, eventDescription = "Granting acl permission to IAM Policy")
    public IAMPolicy addIAMPermissionToIAMPolicy(long iamPolicyId, String entityType, PermissionScope scope,
            Long scopeId, String action, Permission perm, Boolean recursive, Boolean readOnly) {
        Class<?> cmdClass = _apiServer.getCmdClass(action);
        AccessType accessType = null;
        if (BaseListCmd.class.isAssignableFrom(cmdClass)) {
            if (readOnly) {
                accessType = AccessType.ListEntry;
            } else {
                accessType = AccessType.UseEntry;
            }
        } else {
            accessType = AccessType.OperateEntry;
        }
        String accessTypeStr = (accessType != null) ? accessType.toString() : null;
        return _iamSrv.addIAMPermissionToIAMPolicy(iamPolicyId, entityType, scope.toString(), scopeId, action,
                accessTypeStr, perm, recursive);
    }
View Full Code Here
TOP

Related Classes of org.apache.cloudstack.acl.SecurityChecker.AccessType

  • org.apache.cloudstack.iam.IAMApiServiceImpl
  • org.apache.cloudstack.iam.RoleBasedAPIAccessChecker
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.