X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?p=controller.git;a=blobdiff_plain;f=opendaylight%2Fappauth%2Fsrc%2Fmain%2Fjava%2Forg%2Fopendaylight%2Fcontroller%2Fappauth%2Fauthorization%2FAuthorization.java;h=b872f49130205d239f9ee9bfac647b09eb7a241e;hp=fd8799f4f31fdac7f49576f2b49fbb0d8e034867;hb=9293aee68cd3cf39a39d13b448e16b5c9872e9ca;hpb=18e1184615fd939644d3660e5edcfbb676c187fa;ds=sidebyside

diff --git a/opendaylight/appauth/src/main/java/org/opendaylight/controller/appauth/authorization/Authorization.java b/opendaylight/appauth/src/main/java/org/opendaylight/controller/appauth/authorization/Authorization.java
index fd8799f4f3..b872f49130 100644
--- a/opendaylight/appauth/src/main/java/org/opendaylight/controller/appauth/authorization/Authorization.java
+++ b/opendaylight/appauth/src/main/java/org/opendaylight/controller/appauth/authorization/Authorization.java
@@ -16,6 +16,7 @@ import java.util.Map.Entry;
 import java.util.Set;
 import java.util.concurrent.ConcurrentMap;
 
+import org.opendaylight.controller.containermanager.IContainerAuthorization;
 import org.opendaylight.controller.sal.authorization.AppRoleLevel;
 import org.opendaylight.controller.sal.authorization.IResourceAuthorization;
 import org.opendaylight.controller.sal.authorization.Privilege;
@@ -66,6 +67,11 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class
                     "Controller roles cannot be explicitely "
                             + "created in App context");
         }
+        if (isContainerRole(role)) {
+            return new Status(StatusCode.NOTALLOWED,
+                    "Container roles cannot be explicitely "
+                            + "created in App context");
+        }
         if (isRoleInUse(role)) {
             return new Status(StatusCode.CONFLICT, "Role already in use");
         }
@@ -96,7 +102,10 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class
             return new Status(StatusCode.NOTALLOWED,
                     "Controller roles cannot be removed");
         }
-
+        if (isContainerRole(role)) {
+            return new Status(StatusCode.NOTALLOWED,
+                    "Container roles cannot be removed");
+        }
         return removeRoleInternal(role);
     }
 
@@ -599,6 +608,15 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class
                     .equals(UserLevel.NETWORKOPERATOR.toString()));
     }
 
+    private boolean isContainerRole(String role) {
+        IContainerAuthorization containerAuth = (IContainerAuthorization) ServiceHelper.getGlobalInstance(
+                IContainerAuthorization.class, this);
+        if (containerAuth == null) {
+            return false;
+        }
+        return containerAuth.isApplicationRole(role);
+    }
+
     private boolean isRoleInUse(String role) {
         IUserManager userManager = (IUserManager) ServiceHelper
                 .getGlobalInstance(IUserManager.class, this);