Пример #1
0
  @Override
  public boolean isActionAllowedForPolicies(String action, List<IAMPolicy> policies) {

    boolean allowed = false;

    if (policies == null || policies.size() == 0) {
      return allowed;
    }

    List<Long> policyIds = new ArrayList<Long>();
    for (IAMPolicy policy : policies) {
      policyIds.add(policy.getId());
    }

    SearchBuilder<IAMPolicyPermissionVO> sb = _policyPermissionDao.createSearchBuilder();
    sb.and("action", sb.entity().getAction(), Op.EQ);
    sb.and("policyId", sb.entity().getAclPolicyId(), Op.IN);

    SearchCriteria<IAMPolicyPermissionVO> sc = sb.create();
    sc.setParameters("policyId", policyIds.toArray(new Object[policyIds.size()]));
    sc.setParameters("action", action);

    List<IAMPolicyPermissionVO> permissions = _policyPermissionDao.customSearch(sc, null);

    if (permissions != null && !permissions.isEmpty()) {
      allowed = true;
    }

    return allowed;
  }
Пример #2
0
 @Override
 public List<Long> getGrantedEntities(long accountId, String action, String scope) {
   // Get the static Policies of the Caller
   List<IAMPolicy> policies = listIAMPolicies(accountId);
   // for each policy, find granted permission within the given scope
   List<Long> entityIds = new ArrayList<Long>();
   for (IAMPolicy policy : policies) {
     List<IAMPolicyPermissionVO> pp =
         _policyPermissionDao.listGrantedByActionAndScope(policy.getId(), action, scope);
     if (pp != null) {
       for (IAMPolicyPermissionVO p : pp) {
         if (p.getScopeId() != null) {
           entityIds.add(p.getScopeId());
         }
       }
     }
   }
   return entityIds;
 }