@Override public void checkAccess(Account caller, Domain domain) throws PermissionDeniedException { for (SecurityChecker checker : _securityCheckers) { if (checker.checkAccess(caller, domain)) { if (s_logger.isDebugEnabled()) { s_logger.debug("Access granted to " + caller + " to " + domain + " by " + checker.getName()); } return; } } throw new PermissionDeniedException("There's no way to confirm " + caller + " has access to " + domain); }
@Override public void checkAccess(Account account, ServiceOffering so) throws PermissionDeniedException { for (SecurityChecker checker : _securityCheckers) { if (checker.checkAccess(account, so)) { if (s_logger.isDebugEnabled()) { s_logger.debug("Access granted to " + account + " to " + so + " by " + checker.getName()); } return; } } assert false : "How can all of the security checkers pass on checking this caller?"; throw new PermissionDeniedException("There's no way to confirm " + account + " has access to " + so); }
@Override public void checkAccess(User user, ControlledEntity entity) throws PermissionDeniedException { for (SecurityChecker checker : _securityCheckers) { if (checker.checkAccess(user, entity)) { if (s_logger.isDebugEnabled()) { s_logger.debug("Access granted to " + user + "to " + entity + "by " + checker.getName()); } return; } } throw new PermissionDeniedException("There's no way to confirm " + user + " has access to " + entity); }
@Override public void checkAccess(Account account, DiskOffering dof) throws PermissionDeniedException { for (SecurityChecker checker : _securityCheckers) { if (checker.checkAccess(account, dof)) { if (s_logger.isDebugEnabled()) { s_logger.debug("Access granted to " + account + " to " + dof + " by " + checker.getName()); } return; } } assert false : "How can all of the security checkers pass on checking this caller?"; throw new PermissionDeniedException("There's no way to confirm " + account + " has access to " + dof); }
public boolean isResourceDomainAdmin(Long accountId) { if (accountId != null) { AccountVO acct = _accountDao.findById(accountId); if (acct == null) { return false; //account is deleted or does not exist } for (SecurityChecker checker : _securityCheckers) { try { if (checker.checkAccess(acct, null, null, "DomainResourceCapability")) { if (s_logger.isTraceEnabled()) { s_logger.trace("ResourceDomainAdmin Access granted to " + acct + " by " + checker.getName()); } return true; } } catch (PermissionDeniedException ex) { return false; } } } return false; }
@Override public boolean isDomainAdmin(Long accountId) { if (accountId != null) { AccountVO acct = _accountDao.findById(accountId); if (acct == null) { return false; //account is deleted or does not exist } for (SecurityChecker checker : _securityCheckers) { try { if (checker.checkAccess(acct, null, null, "DomainCapability")) { if (s_logger.isTraceEnabled()) { s_logger.trace("DomainAdmin Access granted to " + acct + " by " + checker.getName()); } return true; } } catch (PermissionDeniedException ex) { return false; } } } return false; }
@Override public boolean isRootAdmin(Long accountId) { if (accountId != null) { AccountVO acct = _accountDao.findById(accountId); if (acct == null) { return false; //account is deleted or does not exist } for (SecurityChecker checker : _securityCheckers) { try { if (checker.checkAccess(acct, null, null, "SystemCapability")) { if (s_logger.isTraceEnabled()) { s_logger.trace("Root Access granted to " + acct + " by " + checker.getName()); } return true; } } catch (PermissionDeniedException ex) { return false; } } } return false; }
@Override public void checkDiskOfferingAccess(final Account caller, final DiskOffering dof) { for (final SecurityChecker checker : _secChecker) { if (checker.checkAccess(caller, dof)) { if (s_logger.isDebugEnabled()) { s_logger.debug("Access granted to " + caller + " to disk offering:" + dof.getId() + " by " + checker.getName()); } return; } else { throw new PermissionDeniedException("Access denied to " + caller + " by " + checker.getName()); } } assert false : "How can all of the security checkers pass on checking this caller?"; throw new PermissionDeniedException("There's no way to confirm " + caller + " has access to disk offering:" + dof.getId()); }
@Override public void checkZoneAccess(final Account caller, final DataCenter zone) { for (final SecurityChecker checker : _secChecker) { if (checker.checkAccess(caller, zone)) { if (s_logger.isDebugEnabled()) { s_logger.debug("Access granted to " + caller + " to zone:" + zone.getId() + " by " + checker.getName()); } return; } else { throw new PermissionDeniedException("Access denied to " + caller + " by " + checker.getName() + " for zone " + zone.getId()); } } assert false : "How can all of the security checkers pass on checking this caller?"; throw new PermissionDeniedException("There's no way to confirm " + caller + " has access to zone:" + zone.getId()); }
if (checker.checkAccess(caller, entity, accessType, apiName)) { if (s_logger.isDebugEnabled()) { s_logger.debug("Access to " + entity + " granted to " + caller + " by " + checker.getName()); checker.checkAccess(caller, d); } catch (PermissionDeniedException e) { e.addDetails(caller, domain.getValue());