Example 1 with RoleType
use of com.cloud.acl.RoleType in project cosmic by MissionCriticalCloud.
the class BaseCmd method getParamFields.
/**
* This method doesn't return all the @{link Parameter}, but only the ones exposed
* and allowed for current @{link RoleType}. This method will get the fields for a given
* Cmd class only once and never again, so in case of a dynamic update the result would
* be obsolete (this might be a plugin update. It is agreed upon that we will not do
* upgrades dynamically but in case we come back on that decision we need to revisit this)
*
* @return
*/
public List<Field> getParamFields() {
final List<Field> allFields = getAllFieldsForClass(this.getClass());
final List<Field> validFields = new ArrayList<>();
final Account caller = CallContext.current().getCallingAccount();
for (final Field field : allFields) {
final Parameter parameterAnnotation = field.getAnnotation(Parameter.class);
// TODO: Annotate @Validate on API Cmd classes, FIXME how to process Validate
final RoleType[] allowedRoles = parameterAnnotation.authorized();
boolean roleIsAllowed = true;
if (allowedRoles.length > 0) {
roleIsAllowed = false;
for (final RoleType allowedRole : allowedRoles) {
if (allowedRole.getValue() == caller.getType()) {
roleIsAllowed = true;
break;
}
}
}
if (roleIsAllowed) {
validFields.add(field);
} else {
s_logger.debug("Ignoring paremeter " + parameterAnnotation.name() + " as the caller is not authorized to pass it in");
}
}
return validFields;
}Example 2 with RoleType
use of com.cloud.acl.RoleType in project cosmic by MissionCriticalCloud.
the class ApiResponseSerializer method serializeResponseObjFieldsXML.
private static void serializeResponseObjFieldsXML(final StringBuilder sb, final StringBuilder log, final ResponseObject obj) {
boolean isAsync = false;
if (obj instanceof AsyncJobResponse) {
isAsync = true;
}
final Field[] fields = getFlattenFields(obj.getClass());
for (final Field field : fields) {
if ((field.getModifiers() & Modifier.TRANSIENT) != 0) {
// skip transient fields
continue;
}
final SerializedName serializedName = field.getAnnotation(SerializedName.class);
if (serializedName == null) {
// skip fields w/o serialized name
continue;
}
boolean logField = true;
final Param param = field.getAnnotation(Param.class);
if (param != null) {
final RoleType[] allowedRoles = param.authorized();
if (allowedRoles.length > 0) {
boolean permittedParameter = false;
final Account caller = CallContext.current().getCallingAccount();
for (final RoleType allowedRole : allowedRoles) {
if (allowedRole.getValue() == caller.getType()) {
permittedParameter = true;
break;
}
}
if (!permittedParameter) {
s_logger.trace("Ignoring parameter " + param.name() + " as the caller is not authorized to see it");
continue;
}
}
if (param.isSensitive()) {
logField = false;
}
}
field.setAccessible(true);
final Object fieldValue;
try {
fieldValue = field.get(obj);
} catch (final IllegalArgumentException e) {
throw new CloudRuntimeException("how illegal is it?", e);
} catch (final IllegalAccessException e) {
throw new CloudRuntimeException("come on...we set accessible already", e);
}
if (fieldValue != null) {
if (fieldValue instanceof ResponseObject) {
final ResponseObject subObj = (ResponseObject) fieldValue;
if (isAsync) {
sb.append("<jobresult>");
log.append("<jobresult>");
}
serializeResponseObjXML(sb, log, subObj);
if (isAsync) {
sb.append("</jobresult>");
log.append("</jobresult>");
}
} else if (fieldValue instanceof Collection<?>) {
final Collection<?> subResponseList = (Collection<?>) fieldValue;
boolean usedUuidList = false;
for (final Object value : subResponseList) {
if (value instanceof ResponseObject) {
final ResponseObject subObj = (ResponseObject) value;
if (serializedName != null) {
subObj.setObjectName(serializedName.value());
}
serializeResponseObjXML(sb, log, subObj);
} else if (value instanceof ExceptionProxyObject) {
// Only exception reponses carry a list of
// ExceptionProxyObject objects.
final ExceptionProxyObject idProxy = (ExceptionProxyObject) value;
// encountered, put in a uuidList tag.
if (!usedUuidList) {
sb.append("<" + serializedName.value() + ">");
log.append("<" + serializedName.value() + ">");
usedUuidList = true;
}
sb.append("<" + "uuid" + ">" + idProxy.getUuid() + "</" + "uuid" + ">");
log.append("<" + "uuid" + ">" + idProxy.getUuid() + "</" + "uuid" + ">");
// Append the new descriptive property also.
final String idFieldName = idProxy.getDescription();
if (idFieldName != null) {
sb.append("<" + "uuidProperty" + ">" + idFieldName + "</" + "uuidProperty" + ">");
log.append("<" + "uuidProperty" + ">" + idFieldName + "</" + "uuidProperty" + ">");
}
} else if (value instanceof String) {
sb.append("<").append(serializedName.value()).append(">").append(value).append("</").append(serializedName.value()).append(">");
if (logField) {
log.append("<").append(serializedName.value()).append(">").append(value).append("</").append(serializedName.value()).append(">");
}
}
}
if (usedUuidList) {
// close the uuidList.
sb.append("</").append(serializedName.value()).append(">");
log.append("</").append(serializedName.value()).append(">");
}
} else if (fieldValue instanceof Date) {
sb.append("<").append(serializedName.value()).append(">").append(BaseCmd.getDateString((Date) fieldValue)).append("</").append(serializedName.value()).append(">");
log.append("<").append(serializedName.value()).append(">").append(BaseCmd.getDateString((Date) fieldValue)).append("</").append(serializedName.value()).append(">");
} else {
String resultString = escapeSpecialXmlChars(fieldValue.toString());
if (!(obj instanceof ExceptionResponse)) {
resultString = encodeParam(resultString);
}
sb.append("<").append(serializedName.value()).append(">").append(resultString).append("</").append(serializedName.value()).append(">");
if (logField) {
log.append("<").append(serializedName.value()).append(">").append(resultString).append("</").append(serializedName.value()).append(">");
}
}
}
}
}
Also used :
Account(com.cloud.user.Account)
RoleType(com.cloud.acl.RoleType)
SerializedName(com.google.gson.annotations.SerializedName)
Date(java.util.Date)
Field(java.lang.reflect.Field)
CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException)
Param(com.cloud.serializer.Param)
ResponseObject(com.cloud.api.ResponseObject)
Collection(java.util.Collection)
ExceptionProxyObject(com.cloud.utils.exception.ExceptionProxyObject)
ResponseObject(com.cloud.api.ResponseObject)
ExceptionProxyObject(com.cloud.utils.exception.ExceptionProxyObject)
Example 3 with RoleType
use of com.cloud.acl.RoleType in project cosmic by MissionCriticalCloud.
the class AccountManagerImpl method getRoleType.
@Override
public RoleType getRoleType(final Account account) {
RoleType roleType = RoleType.Unknown;
if (account == null) {
return roleType;
}
final short accountType = account.getType();
// Account type to role type translation
switch(accountType) {
case Account.ACCOUNT_TYPE_ADMIN:
roleType = RoleType.Admin;
break;
case Account.ACCOUNT_TYPE_DOMAIN_ADMIN:
roleType = RoleType.DomainAdmin;
break;
case Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN:
roleType = RoleType.ResourceAdmin;
break;
case Account.ACCOUNT_TYPE_NORMAL:
roleType = RoleType.User;
break;
}
return roleType;
}
Also used :
RoleType(com.cloud.acl.RoleType)
Aggregations
RoleType (com.cloud.acl.RoleType)3
Account (com.cloud.user.Account)2
Field (java.lang.reflect.Field)2
ResponseObject (com.cloud.api.ResponseObject)1
Param (com.cloud.serializer.Param)1
CloudRuntimeException (com.cloud.utils.exception.CloudRuntimeException)1
ExceptionProxyObject (com.cloud.utils.exception.ExceptionProxyObject)1
SerializedName (com.google.gson.annotations.SerializedName)1
ArrayList (java.util.ArrayList)1
Collection (java.util.Collection)1
Date (java.util.Date)1
