Add group modification methods to IResourceAuthorization 53/2153/2
authorAlessandro Boch <aboch@cisco.com>
Thu, 24 Oct 2013 02:19:39 +0000 (19:19 -0700)
committerGerrit Code Review <gerrit@opendaylight.org>
Thu, 24 Oct 2013 22:28:30 +0000 (22:28 +0000)
- They were already iplemented by Authorization
- Add isApplicationUser() to Authorization

Change-Id: I057738d752aeea52b56993f2c3952a11440f9c96
Signed-off-by: Alessandro Boch <aboch@cisco.com>
opendaylight/appauth/pom.xml
opendaylight/appauth/src/main/java/org/opendaylight/controller/appauth/authorization/Authorization.java
opendaylight/commons/opendaylight/pom.xml
opendaylight/sal/api/pom.xml
opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/IResourceAuthorization.java

index fa273b6..cba2bb8 100644 (file)
@@ -50,7 +50,7 @@
         <dependency>
          <groupId>org.opendaylight.controller</groupId>
            <artifactId>sal</artifactId>
-          <version>0.5.1-SNAPSHOT</version>
+          <version>0.6.0-SNAPSHOT</version>
         </dependency>
         <dependency>
          <groupId>org.opendaylight.controller</groupId>
index b872f49..1992f59 100644 (file)
@@ -144,6 +144,7 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class
             try {
                 toBeAdded.add((T) obj);
             } catch (ClassCastException e) {
+                logger.debug("Attempt to add a resource with invalid type");
                 allAdded = false;
             }
         }
@@ -152,23 +153,48 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class
             new Status(StatusCode.SUCCESS, "One or more resources couldn't be added"));
     }
 
-    public Status addResourceToGroup(String groupName, T resource) {
+    @SuppressWarnings("unchecked")
+    @Override
+    public Status addResourceToGroup(String groupName, Object resource) {
         if (groupName == null || groupName.trim().isEmpty()) {
             return new Status(StatusCode.BADREQUEST, "Invalid group name");
         }
 
+        if (resource == null) {
+            return new Status(StatusCode.BADREQUEST, "Null resource");
+        }
+
+        T castedResource = null;
+        try {
+            castedResource = (T) resource;
+        } catch (ClassCastException e) {
+            logger.debug("Attempt to add a resource with invalid type");
+            return new Status(StatusCode.BADREQUEST, "Incompatible resource");
+        }
+
         Set<T> group = resourceGroups.get(groupName);
-        if (group != null && resource != null) {
-            group.add(resource);
-            // Update cluster
-            resourceGroups.put(groupName, group);
-            return new Status(StatusCode.SUCCESS, "Resource added successfully");
+        if (group == null) {
+            return new Status(StatusCode.NOTFOUND, "Group not found");
         }
 
-        return new Status(StatusCode.NOTFOUND, "Group not found or incompatible resource");
+        return addResourceToGroupInternal(groupName, castedResource);
+    }
+
+    /*
+     * Method child classes can overload if they need application specific
+     * checks on the resource
+     */
+    protected Status addResourceToGroupInternal(String groupName, T resource) {
+        Set<T> group = resourceGroups.get(groupName);
+        // Update group and cluster
+        group.add(resource);
+        resourceGroups.put(groupName, group);
+
+        return new Status(StatusCode.SUCCESS, "Resource added successfully");
+
     }
 
-    public Status removeRoleResourceGroupMapping(String groupName) {
+    private Status removeRoleResourceGroupMapping(String groupName) {
         List<String> affectedRoles = new ArrayList<String>();
         Status result;
         for (Entry<String, Set<ResourceGroup>> pairs : groupsAuthorizations.entrySet()) {
@@ -215,7 +241,8 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class
     }
 
 
-    public Status removeResourceFromGroup(String groupName, T resource) {
+    @Override
+    public Status removeResourceFromGroup(String groupName, Object resource) {
         if (groupName == null || groupName.trim().isEmpty()) {
             return new Status(StatusCode.BADREQUEST, "Invalid group name");
         }
@@ -535,6 +562,24 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class
         return roles.containsKey(roleName);
     }
 
+    @Override
+    public boolean isApplicationUser(String userName) {
+        IUserManager userManager = (IUserManager) ServiceHelper
+                .getGlobalInstance(IUserManager.class, this);
+        if (userManager == null) {
+            return false;
+        }
+        List<String> roles = userManager.getUserRoles(userName);
+        if (roles != null && !roles.isEmpty()) {
+            for (String role : roles) {
+                if (isApplicationRole(role)) {
+                    return true;
+                }
+            }
+        }
+        return false;
+    }
+
     @Override
     public AppRoleLevel getApplicationRoleLevel(String roleName) {
         if (roleName == null || roleName.trim().isEmpty()) {
index 6bbb2ac..f3b2dc3 100644 (file)
@@ -82,7 +82,7 @@
     <containermanager.version>0.5.1-SNAPSHOT</containermanager.version>
     <switchmanager.api.version>0.5.1-SNAPSHOT</switchmanager.api.version>
     <connectionmanager.version>0.1.1-SNAPSHOT</connectionmanager.version>
-    <sal.version>0.5.1-SNAPSHOT</sal.version>
+    <sal.version>0.6.0-SNAPSHOT</sal.version>
     <sal.networkconfiguration.version>0.0.2-SNAPSHOT</sal.networkconfiguration.version>
     <sal.connection.version>0.1.1-SNAPSHOT</sal.connection.version>
     <networkconfig.bridgedomain.northbound.version>0.0.2-SNAPSHOT</networkconfig.bridgedomain.northbound.version>
index 1ac4e32..60e17e2 100644 (file)
@@ -16,7 +16,7 @@
   </scm>
 
   <artifactId>sal</artifactId>
-  <version>0.5.1-SNAPSHOT</version>
+  <version>0.6.0-SNAPSHOT</version>
   <packaging>bundle</packaging>
 
   <build>
index 088f9da..b7b36fa 100644 (file)
@@ -27,8 +27,8 @@ public interface IResourceAuthorization {
      *
      * @param role  the role name
      * @param userLevel the user level in the application context
-         * @return the status of the request
-         */
+     * @return the status of the request
+     */
     public Status createRole(String role, AppRoleLevel userLevel);
 
     /**
@@ -192,4 +192,37 @@ public interface IResourceAuthorization {
      */
     public Privilege getResourcePrivilege(String userName, Object resource);
 
+    /**
+     * Add a resource to a group
+     *
+     * @param groupName
+     *            the resource group
+     * @param resource
+     *            the resource object
+     * @return the status of the request
+     */
+    public Status addResourceToGroup(String groupName, Object resource);
+
+    /**
+     * Remove a resource from a group
+     *
+     * @param groupName
+     *            the resource group
+     * @param resource
+     *            the resource object
+     * @return the status of the request
+     */
+    public Status removeResourceFromGroup(String groupName, Object resource);
+
+    /**
+     * Return whether the specified user has access to this application. In
+     * other words if the user is associated any roles belonging to this
+     * application.
+     *
+     * @param userName
+     *            the user name
+     * @return true if the user has access to this application's resources,
+     *         false otherwise
+     */
+    boolean isApplicationUser(String userName);
 }