Search in sources :

Example 1 with InfrastructureEntity

use of com.cloud.acl.InfrastructureEntity in project cosmic by MissionCriticalCloud.

the class ApiDispatcher method doAccessChecks.

private void doAccessChecks(final BaseCmd cmd, final Map<Object, AccessType> entitiesToAccess) {
    final Account caller = CallContext.current().getCallingAccount();
    final APICommand commandAnnotation = cmd.getClass().getAnnotation(APICommand.class);
    final String apiName = commandAnnotation != null ? commandAnnotation.name() : null;
    if (!entitiesToAccess.isEmpty()) {
        for (final Object entity : entitiesToAccess.keySet()) {
            if (entity instanceof ControlledEntity) {
                _accountMgr.checkAccess(caller, entitiesToAccess.get(entity), false, apiName, (ControlledEntity) entity);
            } else if (entity instanceof InfrastructureEntity) {
            // FIXME: Move this code in adapter, remove code from Account manager
            }
        }
    }
}
Also used : Account(com.cloud.user.Account) ControlledEntity(com.cloud.acl.ControlledEntity) InfrastructureEntity(com.cloud.acl.InfrastructureEntity)

Example 2 with InfrastructureEntity

use of com.cloud.acl.InfrastructureEntity in project cosmic by MissionCriticalCloud.

the class ParamProcessWorker method doAccessChecks.

private void doAccessChecks(final BaseCmd cmd, final Map<Object, AccessType> entitiesToAccess) {
    final Account caller = CallContext.current().getCallingAccount();
    // due to deleteAccount design flaw CLOUDSTACK-6588, we should still include those removed account as well to clean up leftover resources from that account
    final Account owner = _accountMgr.getAccount(cmd.getEntityOwnerId());
    if (cmd instanceof BaseAsyncCreateCmd) {
        // check that caller can access the owner account.
        _accountMgr.checkAccess(caller, null, false, owner);
    }
    if (!entitiesToAccess.isEmpty()) {
        // check that caller can access the owner account.
        _accountMgr.checkAccess(caller, null, false, owner);
        for (final Map.Entry<Object, AccessType> entry : entitiesToAccess.entrySet()) {
            final Object entity = entry.getKey();
            if (entity instanceof ControlledEntity) {
                _accountMgr.checkAccess(caller, entry.getValue(), true, (ControlledEntity) entity);
            } else if (entity instanceof InfrastructureEntity) {
            // FIXME: Move this code in adapter, remove code from
            // Account manager
            }
        }
    }
}
Also used : Account(com.cloud.user.Account) ControlledEntity(com.cloud.acl.ControlledEntity) BaseAsyncCreateCmd(com.cloud.api.BaseAsyncCreateCmd) InfrastructureEntity(com.cloud.acl.InfrastructureEntity) HashMap(java.util.HashMap) Map(java.util.Map) AccessType(com.cloud.acl.SecurityChecker.AccessType)

Aggregations

ControlledEntity (com.cloud.acl.ControlledEntity)2 InfrastructureEntity (com.cloud.acl.InfrastructureEntity)2 Account (com.cloud.user.Account)2 AccessType (com.cloud.acl.SecurityChecker.AccessType)1 BaseAsyncCreateCmd (com.cloud.api.BaseAsyncCreateCmd)1 HashMap (java.util.HashMap)1 Map (java.util.Map)1