Examples with InfrastructureEntity - org.apache.cloudstack.acl.InfrastructureEntity

Example 1 with InfrastructureEntity

use of org.apache.cloudstack.acl.InfrastructureEntity in project cloudstack by apache.

the class ApiDispatcher method doAccessChecks.

private void doAccessChecks(BaseCmd cmd, Map<Object, AccessType> entitiesToAccess) {
    Account caller = CallContext.current().getCallingAccount();
    APICommand commandAnnotation = cmd.getClass().getAnnotation(APICommand.class);
    String apiName = commandAnnotation != null ? commandAnnotation.name() : null;
    if (!entitiesToAccess.isEmpty()) {
        for (Object entity : entitiesToAccess.keySet()) {
            if (entity instanceof ControlledEntity) {
                _accountMgr.checkAccess(caller, entitiesToAccess.get(entity), false, apiName, (ControlledEntity) entity);
            } else if (entity instanceof InfrastructureEntity) {
            //FIXME: Move this code in adapter, remove code from Account manager
            }
        }
    }
}

Also used : Account(com.cloud.user.Account) ControlledEntity(org.apache.cloudstack.acl.ControlledEntity) InfrastructureEntity(org.apache.cloudstack.acl.InfrastructureEntity) APICommand(org.apache.cloudstack.api.APICommand)

Example 2 with InfrastructureEntity

use of org.apache.cloudstack.acl.InfrastructureEntity in project cloudstack by apache.

the class ParamProcessWorker method doAccessChecks.

private void doAccessChecks(BaseCmd cmd, Map<Object, AccessType> entitiesToAccess) {
    Account caller = CallContext.current().getCallingAccount();
    // due to deleteAccount design flaw CLOUDSTACK-6588, we should still include those removed account as well to clean up leftover resources from that account
    Account owner = _accountMgr.getAccount(cmd.getEntityOwnerId());
    if (cmd instanceof BaseAsyncCreateCmd) {
        // check that caller can access the owner account.
        _accountMgr.checkAccess(caller, null, false, owner);
    }
    if (!entitiesToAccess.isEmpty()) {
        // check that caller can access the owner account.
        _accountMgr.checkAccess(caller, null, false, owner);
        for (Map.Entry<Object, AccessType> entry : entitiesToAccess.entrySet()) {
            Object entity = entry.getKey();
            if (entity instanceof ControlledEntity) {
                _accountMgr.checkAccess(caller, entry.getValue(), true, (ControlledEntity) entity);
            } else if (entity instanceof InfrastructureEntity) {
            // FIXME: Move this code in adapter, remove code from
            // Account manager
            }
        }
    }
}

Also used : Account(com.cloud.user.Account) ControlledEntity(org.apache.cloudstack.acl.ControlledEntity) BaseAsyncCreateCmd(org.apache.cloudstack.api.BaseAsyncCreateCmd) InfrastructureEntity(org.apache.cloudstack.acl.InfrastructureEntity) HashMap(java.util.HashMap) Map(java.util.Map) AccessType(org.apache.cloudstack.acl.SecurityChecker.AccessType)

Aggregations

Account (com.cloud.user.Account)2 ControlledEntity (org.apache.cloudstack.acl.ControlledEntity)2 InfrastructureEntity (org.apache.cloudstack.acl.InfrastructureEntity)2 HashMap (java.util.HashMap)1 Map (java.util.Map)1 AccessType (org.apache.cloudstack.acl.SecurityChecker.AccessType)1 APICommand (org.apache.cloudstack.api.APICommand)1 BaseAsyncCreateCmd (org.apache.cloudstack.api.BaseAsyncCreateCmd)1