From 8c8e6489429fadeef138a33cbd0880f60379c438 Mon Sep 17 00:00:00 2001 From: Alessandro Boch Date: Wed, 23 Oct 2013 19:19:39 -0700 Subject: [PATCH] Add group modification methods to IResourceAuthorization - They were already iplemented by Authorization - Add isApplicationUser() to Authorization Change-Id: I057738d752aeea52b56993f2c3952a11440f9c96 Signed-off-by: Alessandro Boch --- opendaylight/appauth/pom.xml | 2 +- .../appauth/authorization/Authorization.java | 63 ++++++++++++++++--- opendaylight/commons/opendaylight/pom.xml | 2 +- opendaylight/sal/api/pom.xml | 2 +- .../authorization/IResourceAuthorization.java | 37 ++++++++++- 5 files changed, 92 insertions(+), 14 deletions(-) diff --git a/opendaylight/appauth/pom.xml b/opendaylight/appauth/pom.xml index fa273b6e92..cba2bb89ba 100644 --- a/opendaylight/appauth/pom.xml +++ b/opendaylight/appauth/pom.xml @@ -50,7 +50,7 @@ org.opendaylight.controller sal - 0.5.1-SNAPSHOT + 0.6.0-SNAPSHOT org.opendaylight.controller diff --git a/opendaylight/appauth/src/main/java/org/opendaylight/controller/appauth/authorization/Authorization.java b/opendaylight/appauth/src/main/java/org/opendaylight/controller/appauth/authorization/Authorization.java index b872f49130..1992f59711 100644 --- a/opendaylight/appauth/src/main/java/org/opendaylight/controller/appauth/authorization/Authorization.java +++ b/opendaylight/appauth/src/main/java/org/opendaylight/controller/appauth/authorization/Authorization.java @@ -144,6 +144,7 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class try { toBeAdded.add((T) obj); } catch (ClassCastException e) { + logger.debug("Attempt to add a resource with invalid type"); allAdded = false; } } @@ -152,23 +153,48 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class new Status(StatusCode.SUCCESS, "One or more resources couldn't be added")); } - public Status addResourceToGroup(String groupName, T resource) { + @SuppressWarnings("unchecked") + @Override + public Status addResourceToGroup(String groupName, Object resource) { if (groupName == null || groupName.trim().isEmpty()) { return new Status(StatusCode.BADREQUEST, "Invalid group name"); } + if (resource == null) { + return new Status(StatusCode.BADREQUEST, "Null resource"); + } + + T castedResource = null; + try { + castedResource = (T) resource; + } catch (ClassCastException e) { + logger.debug("Attempt to add a resource with invalid type"); + return new Status(StatusCode.BADREQUEST, "Incompatible resource"); + } + Set group = resourceGroups.get(groupName); - if (group != null && resource != null) { - group.add(resource); - // Update cluster - resourceGroups.put(groupName, group); - return new Status(StatusCode.SUCCESS, "Resource added successfully"); + if (group == null) { + return new Status(StatusCode.NOTFOUND, "Group not found"); } - return new Status(StatusCode.NOTFOUND, "Group not found or incompatible resource"); + return addResourceToGroupInternal(groupName, castedResource); + } + + /* + * Method child classes can overload if they need application specific + * checks on the resource + */ + protected Status addResourceToGroupInternal(String groupName, T resource) { + Set group = resourceGroups.get(groupName); + // Update group and cluster + group.add(resource); + resourceGroups.put(groupName, group); + + return new Status(StatusCode.SUCCESS, "Resource added successfully"); + } - public Status removeRoleResourceGroupMapping(String groupName) { + private Status removeRoleResourceGroupMapping(String groupName) { List affectedRoles = new ArrayList(); Status result; for (Entry> pairs : groupsAuthorizations.entrySet()) { @@ -215,7 +241,8 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class } - public Status removeResourceFromGroup(String groupName, T resource) { + @Override + public Status removeResourceFromGroup(String groupName, Object resource) { if (groupName == null || groupName.trim().isEmpty()) { return new Status(StatusCode.BADREQUEST, "Invalid group name"); } @@ -535,6 +562,24 @@ private static final Logger logger = LoggerFactory.getLogger(Authorization.class return roles.containsKey(roleName); } + @Override + public boolean isApplicationUser(String userName) { + IUserManager userManager = (IUserManager) ServiceHelper + .getGlobalInstance(IUserManager.class, this); + if (userManager == null) { + return false; + } + List roles = userManager.getUserRoles(userName); + if (roles != null && !roles.isEmpty()) { + for (String role : roles) { + if (isApplicationRole(role)) { + return true; + } + } + } + return false; + } + @Override public AppRoleLevel getApplicationRoleLevel(String roleName) { if (roleName == null || roleName.trim().isEmpty()) { diff --git a/opendaylight/commons/opendaylight/pom.xml b/opendaylight/commons/opendaylight/pom.xml index 6bbb2ac048..f3b2dc3440 100644 --- a/opendaylight/commons/opendaylight/pom.xml +++ b/opendaylight/commons/opendaylight/pom.xml @@ -82,7 +82,7 @@ 0.5.1-SNAPSHOT 0.5.1-SNAPSHOT 0.1.1-SNAPSHOT - 0.5.1-SNAPSHOT + 0.6.0-SNAPSHOT 0.0.2-SNAPSHOT 0.1.1-SNAPSHOT 0.0.2-SNAPSHOT diff --git a/opendaylight/sal/api/pom.xml b/opendaylight/sal/api/pom.xml index 1ac4e325af..60e17e264e 100644 --- a/opendaylight/sal/api/pom.xml +++ b/opendaylight/sal/api/pom.xml @@ -16,7 +16,7 @@ sal - 0.5.1-SNAPSHOT + 0.6.0-SNAPSHOT bundle diff --git a/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/IResourceAuthorization.java b/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/IResourceAuthorization.java index 088f9da9a8..b7b36fae37 100644 --- a/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/IResourceAuthorization.java +++ b/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/IResourceAuthorization.java @@ -27,8 +27,8 @@ public interface IResourceAuthorization { * * @param role the role name * @param userLevel the user level in the application context - * @return the status of the request - */ + * @return the status of the request + */ public Status createRole(String role, AppRoleLevel userLevel); /** @@ -192,4 +192,37 @@ public interface IResourceAuthorization { */ public Privilege getResourcePrivilege(String userName, Object resource); + /** + * Add a resource to a group + * + * @param groupName + * the resource group + * @param resource + * the resource object + * @return the status of the request + */ + public Status addResourceToGroup(String groupName, Object resource); + + /** + * Remove a resource from a group + * + * @param groupName + * the resource group + * @param resource + * the resource object + * @return the status of the request + */ + public Status removeResourceFromGroup(String groupName, Object resource); + + /** + * Return whether the specified user has access to this application. In + * other words if the user is associated any roles belonging to this + * application. + * + * @param userName + * the user name + * @return true if the user has access to this application's resources, + * false otherwise + */ + boolean isApplicationUser(String userName); } -- 2.36.6