Examples with PermissionScope - org.apache.cloudstack.acl.PermissionScope

Example 1 with PermissionScope

use of org.apache.cloudstack.acl.PermissionScope in project cloudstack by apache.

the class IAMApiServiceImpl method getPermissionScopeId.

@Override
public Long getPermissionScopeId(String scope, String entityType, String scopeId) {
    if (scopeId.equals("-1")) {
        return -1L;
    }
    PermissionScope permScope = PermissionScope.valueOf(scope);
    InternalIdentity entity = null;
    switch(permScope) {
        case DOMAIN:
            entity = _domainDao.findByUuid(scopeId);
            break;
        case ACCOUNT:
            entity = _accountDao.findByUuid(scopeId);
            break;
        case RESOURCE:
            Class<?> clazz = s_typeMap.get(entityType);
            entity = (InternalIdentity) _entityMgr.findByUuid(clazz, scopeId);
    }
    if (entity != null) {
        return entity.getId();
    }
    throw new InvalidParameterValueException("Unable to find scopeId " + scopeId + " with scope " + scope + " and type " + entityType);
}

Also used : InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException) InternalIdentity(org.apache.cloudstack.api.InternalIdentity) PermissionScope(org.apache.cloudstack.acl.PermissionScope)

Example 2 with PermissionScope

use of org.apache.cloudstack.acl.PermissionScope in project cloudstack by apache.

the class RoleBasedAPIAccessChecker method addDefaultAclPolicyPermission.

private void addDefaultAclPolicyPermission(String apiName, Class<?> cmdClass, RoleType role) {
    AccessType accessType = null;
    Class<?>[] entityTypes = null;
    PermissionScope permissionScope = PermissionScope.ACCOUNT;
    Long policyId = getDefaultPolicyId(role);
    switch(role) {
        case User:
            permissionScope = PermissionScope.ACCOUNT;
            break;
        case Admin:
            permissionScope = PermissionScope.ALL;
            break;
        case DomainAdmin:
            permissionScope = PermissionScope.DOMAIN;
            break;
        case ResourceAdmin:
            permissionScope = PermissionScope.DOMAIN;
            break;
    }
    boolean addAccountScopedUseEntry = false;
    if (cmdClass != null) {
        BaseCmd cmdObj;
        try {
            cmdObj = (BaseCmd) cmdClass.newInstance();
            if (cmdObj instanceof BaseListCmd) {
                if (permissionScope == PermissionScope.ACCOUNT) {
                    accessType = AccessType.UseEntry;
                } else {
                    accessType = AccessType.ListEntry;
                    addAccountScopedUseEntry = true;
                }
            } else {
                accessType = AccessType.OperateEntry;
            }
        } catch (Exception e) {
            throw new CloudRuntimeException(String.format("%s is claimed as an API command, but it cannot be instantiated", cmdClass.getName()));
        }
        APICommand at = cmdClass.getAnnotation(APICommand.class);
        entityTypes = at.entityType();
    }
    if (entityTypes == null || entityTypes.length == 0) {
        _iamSrv.addIAMPermissionToIAMPolicy(policyId, null, permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER), apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
        if (addAccountScopedUseEntry) {
            _iamSrv.addIAMPermissionToIAMPolicy(policyId, null, PermissionScope.ACCOUNT.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER), apiName, AccessType.UseEntry.toString(), Permission.Allow, false);
        }
    } else {
        for (Class<?> entityType : entityTypes) {
            _iamSrv.addIAMPermissionToIAMPolicy(policyId, entityType.getSimpleName(), permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER), apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
            if (addAccountScopedUseEntry) {
                _iamSrv.addIAMPermissionToIAMPolicy(policyId, entityType.getSimpleName(), PermissionScope.ACCOUNT.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER), apiName, AccessType.UseEntry.toString(), Permission.Allow, false);
            }
        }
    }
}

Also used : BaseListCmd(org.apache.cloudstack.api.BaseListCmd) CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException) BaseCmd(org.apache.cloudstack.api.BaseCmd) APICommand(org.apache.cloudstack.api.APICommand) AccessType(org.apache.cloudstack.acl.SecurityChecker.AccessType) PermissionScope(org.apache.cloudstack.acl.PermissionScope) ConfigurationException(javax.naming.ConfigurationException) CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException) PermissionDeniedException(com.cloud.exception.PermissionDeniedException)

Aggregations

PermissionScope (org.apache.cloudstack.acl.PermissionScope)2 InvalidParameterValueException (com.cloud.exception.InvalidParameterValueException)1 PermissionDeniedException (com.cloud.exception.PermissionDeniedException)1 CloudRuntimeException (com.cloud.utils.exception.CloudRuntimeException)1 ConfigurationException (javax.naming.ConfigurationException)1 AccessType (org.apache.cloudstack.acl.SecurityChecker.AccessType)1 APICommand (org.apache.cloudstack.api.APICommand)1 BaseCmd (org.apache.cloudstack.api.BaseCmd)1 BaseListCmd (org.apache.cloudstack.api.BaseListCmd)1 InternalIdentity (org.apache.cloudstack.api.InternalIdentity)1