import org.opendaylight.controller.forwardingrulesmanager.FlowConfig;
import org.opendaylight.controller.forwardingrulesmanager.IForwardingRulesManager;
+import org.opendaylight.controller.sal.authorization.Privilege;
import org.opendaylight.controller.sal.authorization.UserLevel;
import org.opendaylight.controller.sal.core.Name;
import org.opendaylight.controller.sal.core.Node;
import org.opendaylight.controller.sal.core.NodeConnector;
+import org.opendaylight.controller.sal.utils.GlobalConstants;
import org.opendaylight.controller.sal.utils.ServiceHelper;
import org.opendaylight.controller.sal.utils.Status;
import org.opendaylight.controller.sal.utils.StatusCode;
import org.opendaylight.controller.switchmanager.ISwitchManager;
import org.opendaylight.controller.switchmanager.Switch;
import org.opendaylight.controller.switchmanager.SwitchConfig;
-import org.opendaylight.controller.usermanager.IUserManager;
import org.opendaylight.controller.web.DaylightWebUtil;
import org.opendaylight.controller.web.IDaylightWeb;
import org.springframework.stereotype.Controller;
@RequestMapping(value = "/main")
@ResponseBody
- public Set<Map<String, Object>> getFlows(HttpServletRequest request, @RequestParam(required = false) String container) {
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
-
+ public Map<String, Object> getFlows(HttpServletRequest request, @RequestParam(required = false) String container) {
+ String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+ // Derive the privilege this user has on the current container
+ String userName = request.getUserPrincipal().getName();
+ Privilege privilege = DaylightWebUtil.getContainerPrivilege(userName, containerName, this);
+ if (privilege == Privilege.NONE) {
+ return null;
+ }
+
// fetch frm
IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper
.getInstance(IForwardingRulesManager.class, containerName, this);
// get static flow list
List<FlowConfig> staticFlowList = frm.getStaticFlows();
- Set<Map<String, Object>> output = new HashSet<Map<String, Object>>();
+ Set<Map<String, Object>> flowSet = new HashSet<Map<String, Object>>();
for (FlowConfig flowConfig : staticFlowList) {
Map<String, Object> entry = new HashMap<String, Object>();
entry.put("flow", flowConfig);
entry.put("node", (description.isEmpty() || description
.equalsIgnoreCase("none")) ? node.toString() : description);
entry.put("nodeId", node.toString());
- output.add(entry);
+ flowSet.add(entry);
}
+ Map <String, Object> output = new HashMap<String, Object>(2);
+ output.put("flows", flowSet);
+ output.put("privilege", privilege);
return output;
}
@RequestMapping(value = "/node-ports")
@ResponseBody
public Map<String, Object> getNodePorts(HttpServletRequest request, @RequestParam(required = false) String container) {
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
-
+ String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+ // Derive the privilege this user has on the current container
+ String userName = request.getUserPrincipal().getName();
+ if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) == Privilege.NONE) {
+ return null;
+ }
+
ISwitchManager switchManager = (ISwitchManager) ServiceHelper
.getInstance(ISwitchManager.class, containerName, this);
if (switchManager == null) {
@RequestMapping(value = "/node-flows")
@ResponseBody
public Map<String, Object> getNodeFlows(HttpServletRequest request, @RequestParam(required = false) String container) {
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
-
+ String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+ // Derive the privilege this user has on the current container
+ String userName = request.getUserPrincipal().getName();
+ if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) == Privilege.NONE) {
+ return null;
+ }
+
ISwitchManager switchManager = (ISwitchManager) ServiceHelper
.getInstance(ISwitchManager.class, containerName, this);
if (switchManager == null) {
@RequestParam(required = false) String body,
@RequestParam(required = true) String nodeId,
HttpServletRequest request, @RequestParam(required = false) String container) {
- if (!isUserAuthorized(UserLevel.NETWORKADMIN, request)) {
+ String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+ // Authorization check
+ String userName = request.getUserPrincipal().getName();
+ if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) != Privilege.WRITE) {
return "Operation not authorized";
}
-
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper
.getInstance(IForwardingRulesManager.class, containerName, this);
.getDescription();
}
- @RequestMapping(value = "/flow/{nodeId}/{name}", method = RequestMethod.POST)
+ @RequestMapping(value = "/flow/{nodeId}/{name:.*}", method = RequestMethod.POST)
@ResponseBody
public String removeFlow(@PathVariable("nodeId") String nodeId,
@PathVariable("name") String name,
@RequestParam(required = true) String action,
HttpServletRequest request, @RequestParam(required = false) String container) {
- if (!isUserAuthorized(UserLevel.NETWORKADMIN, request)) {
+ String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+ // Authorization check
+ String userName = request.getUserPrincipal().getName();
+ if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) != Privilege.WRITE) {
return "Operation not authorized";
}
-
- String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper
.getInstance(IForwardingRulesManager.class, containerName, this);
return (result.isSuccess()) ? StatusCode.SUCCESS.toString() : result
.getDescription();
}
-
- /**
- * Returns whether the current user's level is same or above the required
- * authorization level.
- *
- * @param requiredLevel
- * the authorization level required
- */
- private boolean isUserAuthorized(UserLevel requiredLevel,
- HttpServletRequest request) {
- IUserManager userManager = (IUserManager) ServiceHelper
- .getGlobalInstance(IUserManager.class, this);
- if (userManager == null) {
- return false;
- }
-
- String username = request.getUserPrincipal().getName();
- UserLevel userLevel = userManager.getUserLevel(username);
- return (userLevel.ordinal() <= requiredLevel.ordinal());
- }
-
}