X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?a=blobdiff_plain;f=opendaylight%2Fweb%2Fflows%2Fsrc%2Fmain%2Fjava%2Forg%2Fopendaylight%2Fcontroller%2Fflows%2Fweb%2FFlows.java;h=c4341347d088c95944987f1470da8633adece44a;hb=refs%2Fchanges%2F04%2F504%2F1;hp=35237999b810fbe7fd574501087cd5cae6d6db5a;hpb=86a8fcb92de5475f366cda9e79e1b494834267b1;p=controller.git diff --git a/opendaylight/web/flows/src/main/java/org/opendaylight/controller/flows/web/Flows.java b/opendaylight/web/flows/src/main/java/org/opendaylight/controller/flows/web/Flows.java index 35237999b8..c4341347d0 100644 --- a/opendaylight/web/flows/src/main/java/org/opendaylight/controller/flows/web/Flows.java +++ b/opendaylight/web/flows/src/main/java/org/opendaylight/controller/flows/web/Flows.java @@ -18,6 +18,7 @@ import javax.servlet.http.HttpServletRequest; import org.opendaylight.controller.forwardingrulesmanager.FlowConfig; import org.opendaylight.controller.forwardingrulesmanager.IForwardingRulesManager; +import org.opendaylight.controller.sal.authorization.Privilege; import org.opendaylight.controller.sal.authorization.UserLevel; import org.opendaylight.controller.sal.core.Name; import org.opendaylight.controller.sal.core.Node; @@ -29,7 +30,7 @@ import org.opendaylight.controller.sal.utils.StatusCode; import org.opendaylight.controller.switchmanager.ISwitchManager; import org.opendaylight.controller.switchmanager.Switch; import org.opendaylight.controller.switchmanager.SwitchConfig; -import org.opendaylight.controller.usermanager.IUserManager; +import org.opendaylight.controller.web.DaylightWebUtil; import org.opendaylight.controller.web.IDaylightWeb; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.PathVariable; @@ -47,7 +48,6 @@ public class Flows implements IDaylightWeb { private static final String WEB_NAME = "Flows"; private static final String WEB_ID = "flows"; private static final short WEB_ORDER = 2; - private final String containerName = GlobalConstants.DEFAULT.toString(); public Flows() { ServiceHelper.registerGlobalService(IDaylightWeb.class, this, null); @@ -75,7 +75,16 @@ public class Flows implements IDaylightWeb { @RequestMapping(value = "/main") @ResponseBody - public Set> getFlows() { + public Map getFlows(HttpServletRequest request, @RequestParam(required = false) String container) { + String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container; + + // Derive the privilege this user has on the current container + String userName = request.getUserPrincipal().getName(); + Privilege privilege = DaylightWebUtil.getContainerPrivilege(userName, containerName, this); + if (privilege == Privilege.NONE) { + return null; + } + // fetch frm IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper .getInstance(IForwardingRulesManager.class, containerName, this); @@ -92,7 +101,7 @@ public class Flows implements IDaylightWeb { // get static flow list List staticFlowList = frm.getStaticFlows(); - Set> output = new HashSet>(); + Set> flowSet = new HashSet>(); for (FlowConfig flowConfig : staticFlowList) { Map entry = new HashMap(); entry.put("flow", flowConfig); @@ -102,15 +111,26 @@ public class Flows implements IDaylightWeb { entry.put("node", (description.isEmpty() || description .equalsIgnoreCase("none")) ? node.toString() : description); entry.put("nodeId", node.toString()); - output.add(entry); + flowSet.add(entry); } + Map output = new HashMap(2); + output.put("flows", flowSet); + output.put("privilege", privilege); return output; } @RequestMapping(value = "/node-ports") @ResponseBody - public Map getNodePorts() { + public Map getNodePorts(HttpServletRequest request, @RequestParam(required = false) String container) { + String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container; + + // Derive the privilege this user has on the current container + String userName = request.getUserPrincipal().getName(); + if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) == Privilege.NONE) { + return null; + } + ISwitchManager switchManager = (ISwitchManager) ServiceHelper .getInstance(ISwitchManager.class, containerName, this); if (switchManager == null) { @@ -155,14 +175,22 @@ public class Flows implements IDaylightWeb { @RequestMapping(value = "/node-flows") @ResponseBody - public Map getNodeFlows() { + public Map getNodeFlows(HttpServletRequest request, @RequestParam(required = false) String container) { + String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container; + + // Derive the privilege this user has on the current container + String userName = request.getUserPrincipal().getName(); + if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) == Privilege.NONE) { + return null; + } + ISwitchManager switchManager = (ISwitchManager) ServiceHelper .getInstance(ISwitchManager.class, containerName, this); if (switchManager == null) { return null; } IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper - .getInstance(IForwardingRulesManager.class, "default", this); + .getInstance(IForwardingRulesManager.class, containerName, this); if (frm == null) { return null; } @@ -176,7 +204,7 @@ public class Flows implements IDaylightWeb { String nodeDesc = node.toString(); SwitchConfig config = switchManager.getSwitchConfig(node - .getNodeIDString()); + .toString()); if (config != null) { nodeDesc = config.getNodeDescription(); } @@ -192,8 +220,12 @@ public class Flows implements IDaylightWeb { public String actionFlow(@RequestParam(required = true) String action, @RequestParam(required = false) String body, @RequestParam(required = true) String nodeId, - HttpServletRequest request) { - if (!isUserAuthorized(UserLevel.NETWORKADMIN, request)) { + HttpServletRequest request, @RequestParam(required = false) String container) { + String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container; + + // Authorization check + String userName = request.getUserPrincipal().getName(); + if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) != Privilege.WRITE) { return "Operation not authorized"; } @@ -221,9 +253,12 @@ public class Flows implements IDaylightWeb { public String removeFlow(@PathVariable("nodeId") String nodeId, @PathVariable("name") String name, @RequestParam(required = true) String action, - HttpServletRequest request) { - if (!isUserAuthorized(UserLevel.NETWORKADMIN, request)) { + HttpServletRequest request, @RequestParam(required = false) String container) { + String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container; + // Authorization check + String userName = request.getUserPrincipal().getName(); + if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) != Privilege.WRITE) { return "Operation not authorized"; } @@ -249,25 +284,4 @@ public class Flows implements IDaylightWeb { return (result.isSuccess()) ? StatusCode.SUCCESS.toString() : result .getDescription(); } - - /** - * Returns whether the current user's level is same or above the required - * authorization level. - * - * @param requiredLevel - * the authorization level required - */ - private boolean isUserAuthorized(UserLevel requiredLevel, - HttpServletRequest request) { - IUserManager userManager = (IUserManager) ServiceHelper - .getGlobalInstance(IUserManager.class, this); - if (userManager == null) { - return false; - } - - String username = request.getUserPrincipal().getName(); - UserLevel userLevel = userManager.getUserLevel(username); - return (userLevel.ordinal() <= requiredLevel.ordinal()); - } - }