Package org.apache.cloudstack.acl

Examples of org.apache.cloudstack.acl.PermissionScope

218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
    private void addDefaultAclPolicyPermission(String apiName, Class<?> cmdClass, RoleType role) {
        AccessType accessType = null;
        Class<?>[] entityTypes = null;

        PermissionScope permissionScope = PermissionScope.ACCOUNT;
        Long policyId = getDefaultPolicyId(role);
        switch (role) {
        case User:
            permissionScope = PermissionScope.ACCOUNT;
            break;

        case Admin:
            permissionScope = PermissionScope.ALL;
            break;

        case DomainAdmin:
            permissionScope = PermissionScope.DOMAIN;
            break;

        case ResourceAdmin:
            permissionScope = PermissionScope.DOMAIN;
            break;
         }

        boolean addAccountScopedUseEntry = false;

        if (cmdClass != null) {
            BaseCmd cmdObj;
            try {
                cmdObj = (BaseCmd) cmdClass.newInstance();
                if (cmdObj instanceof BaseListCmd) {
                    accessType = AccessType.ListEntry;
                    addAccountScopedUseEntry = true;
                } else {
                    accessType = AccessType.OperateEntry;
                }
            } catch (Exception e) {
                throw new CloudRuntimeException(String.format(
                        "%s is claimed as an API command, but it cannot be instantiated", cmdClass.getName()));
            }

            APICommand at = cmdClass.getAnnotation(APICommand.class);
            entityTypes = at.entityType();
        }

        if (entityTypes == null || entityTypes.length == 0) {
            _iamSrv.addIAMPermissionToIAMPolicy(policyId, null, permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
                    apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
            if (addAccountScopedUseEntry) {
                _iamSrv.addIAMPermissionToIAMPolicy(policyId, null, PermissionScope.ACCOUNT.toString(), new Long(
                        IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER), apiName, AccessType.UseEntry.toString(), Permission.Allow, false);
            }
        } else {
            for (Class<?> entityType : entityTypes) {
                _iamSrv.addIAMPermissionToIAMPolicy(policyId, entityType.getSimpleName(), permissionScope.toString(), new Long(
                        IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER),
                        apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
                if (addAccountScopedUseEntry) {
                    _iamSrv.addIAMPermissionToIAMPolicy(policyId, entityType.getSimpleName(), PermissionScope.ACCOUNT.toString(), new Long(
                            IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER), apiName, AccessType.UseEntry.toString(), Permission.Allow, false);
View Full Code Here
798
799
800
801
802
803
804
805
806
807
808
    @Override
    public Long getPermissionScopeId(String scope, String entityType, String scopeId) {
        if (scopeId.equals("-1")) {
            return -1L;
        }
        PermissionScope permScope = PermissionScope.valueOf(scope);
        InternalIdentity entity = null;
        switch (permScope) {
        case DOMAIN:
            entity = _domainDao.findByUuid(scopeId);
            break;
View Full Code Here
TOP

Related Classes of org.apache.cloudstack.acl.PermissionScope

  • org.apache.cloudstack.iam.IAMApiServiceImpl
  • org.apache.cloudstack.iam.RoleBasedAPIAccessChecker
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.