Examples with IAMPolicy org.apache.cloudstack.iam.api.IAMPolicy used on opensource projects

Example 6 with IAMPolicy

use of org.apache.cloudstack.iam.api.IAMPolicy in project cloudstack by apache.

the class IAMServiceImpl method resetIAMPolicy.

@DB
@Override
public IAMPolicy resetIAMPolicy(long iamPolicyId) {
    // get the Acl Policy entity
    IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId);
    if (policy == null) {
        throw new InvalidParameterValueException("Unable to find acl policy: " + iamPolicyId + "; failed to reset the policy.");
    }
    SearchBuilder<IAMPolicyPermissionVO> sb = _policyPermissionDao.createSearchBuilder();
    sb.and("policyId", sb.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
    sb.and("scope", sb.entity().getScope(), SearchCriteria.Op.EQ);
    sb.done();
    SearchCriteria<IAMPolicyPermissionVO> permissionSC = sb.create();
    permissionSC.setParameters("policyId", iamPolicyId);
    _policyPermissionDao.expunge(permissionSC);
    invalidateIAMCache();
    return policy;
}

Example 7 with IAMPolicy

use of org.apache.cloudstack.iam.api.IAMPolicy in project cloudstack by apache.

the class IAMApiServiceImpl method listIAMPolicies.

@Override
public ListResponse<IAMPolicyResponse> listIAMPolicies(Long iamPolicyId, String iamPolicyName, Long domainId, Long startIndex, Long pageSize) {
    // acl check
    Account caller = CallContext.current().getCallingAccount();
    Domain domain = null;
    if (domainId != null) {
        domain = _domainDao.findById(domainId);
        if (domain == null) {
            throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
        }
        _accountMgr.checkAccess(caller, domain);
    } else {
        domain = _domainDao.findById(caller.getDomainId());
    }
    String domainPath = domain.getPath();
    // search for policies
    Pair<List<IAMPolicy>, Integer> result = _iamSrv.listIAMPolicies(iamPolicyId, iamPolicyName, domainPath, startIndex, pageSize);
    // generate policy response
    ListResponse<IAMPolicyResponse> response = new ListResponse<IAMPolicyResponse>();
    List<IAMPolicyResponse> policyResponses = new ArrayList<IAMPolicyResponse>();
    for (IAMPolicy policy : result.first()) {
        IAMPolicyResponse resp = createIAMPolicyResponse(policy);
        policyResponses.add(resp);
    }
    response.setResponses(policyResponses, result.second());
    return response;
}

Example 8 with IAMPolicy

use of org.apache.cloudstack.iam.api.IAMPolicy in project cloudstack by apache.

the class RoleBasedAPIAccessChecker method checkAccess.

@Override
public boolean checkAccess(User user, String commandName) throws PermissionDeniedException {
    Account account = _accountService.getAccount(user.getAccountId());
    if (account == null) {
        throw new PermissionDeniedException("The account id=" + user.getAccountId() + "for user id=" + user.getId() + "is null");
    }
    List<IAMPolicy> policies = _iamSrv.listIAMPolicies(account.getAccountId());
    boolean isAllowed = _iamSrv.isActionAllowedForPolicies(commandName, policies);
    if (!isAllowed) {
        throw new PermissionDeniedException("The API does not exist or is blacklisted. api: " + commandName);
    }
    return isAllowed;
}

Example 9 with IAMPolicy

use of org.apache.cloudstack.iam.api.IAMPolicy in project cloudstack by apache.

the class IAMServiceImpl method listIAMPolicies.

@SuppressWarnings("unchecked")
@Override
public Pair<List<IAMPolicy>, Integer> listIAMPolicies(Long iamPolicyId, String iamPolicyName, String path, Long startIndex, Long pageSize) {
    if (iamPolicyId != null) {
        IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId);
        if (policy == null) {
            throw new InvalidParameterValueException("Unable to find acl policy by id " + iamPolicyId);
        }
    }
    Filter searchFilter = new Filter(IAMPolicyVO.class, "id", true, startIndex, pageSize);
    SearchBuilder<IAMPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
    sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ);
    sb.and("path", sb.entity().getPath(), SearchCriteria.Op.LIKE);
    sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
    SearchCriteria<IAMPolicyVO> sc = sb.create();
    if (iamPolicyName != null) {
        sc.setParameters("name", iamPolicyName);
    }
    if (iamPolicyId != null) {
        sc.setParameters("id", iamPolicyId);
    }
    sc.setParameters("path", path + "%");
    Pair<List<IAMPolicyVO>, Integer> policies = _aclPolicyDao.searchAndCount(sc, searchFilter);
    @SuppressWarnings("rawtypes") List policyList = policies.first();
    return new Pair<List<IAMPolicy>, Integer>(policyList, policies.second());
}

Example 10 with IAMPolicy

use of org.apache.cloudstack.iam.api.IAMPolicy in project cloudstack by apache.

the class RoleBasedEntityAccessChecker method getEffectivePolicies.

private List<IAMPolicy> getEffectivePolicies(Account caller) {
    List<IAMPolicy> policies = _iamSrv.listIAMPolicies(caller.getId());
    List<IAMGroup> groups = _iamSrv.listIAMGroups(caller.getId());
    for (IAMGroup group : groups) {
        // for each group find the grand parent groups.
        List<IAMGroup> parentGroups = _iamSrv.listParentIAMGroups(group.getId());
        for (IAMGroup parentGroup : parentGroups) {
            policies.addAll(_iamSrv.listRecursiveIAMPoliciesByGroup(parentGroup.getId()));
        }
    }
    return policies;
}