More APIs permission for new ONOS APIs

Change-Id: I43fee65254adca451f77431bfbf5accdf95b81ab
diff --git a/core/store/dist/src/main/java/org/onosproject/store/cluster/messaging/impl/ClusterCommunicationManager.java b/core/store/dist/src/main/java/org/onosproject/store/cluster/messaging/impl/ClusterCommunicationManager.java
index 1d962d0..6ce41b3 100644
--- a/core/store/dist/src/main/java/org/onosproject/store/cluster/messaging/impl/ClusterCommunicationManager.java
+++ b/core/store/dist/src/main/java/org/onosproject/store/cluster/messaging/impl/ClusterCommunicationManager.java
@@ -50,6 +50,8 @@
 
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.CLUSTER_WRITE;
 
 @Component(immediate = true)
 @Service
@@ -94,6 +96,7 @@
     public <M> void broadcast(M message,
                               MessageSubject subject,
                               Function<M, byte[]> encoder) {
+        checkPermission(CLUSTER_WRITE);
         multicast(message,
                   subject,
                   encoder,
@@ -108,6 +111,7 @@
     public <M> void broadcastIncludeSelf(M message,
                                          MessageSubject subject,
                                          Function<M, byte[]> encoder) {
+        checkPermission(CLUSTER_WRITE);
         multicast(message,
                   subject,
                   encoder,
@@ -122,6 +126,7 @@
                                                MessageSubject subject,
                                                Function<M, byte[]> encoder,
                                                NodeId toNodeId) {
+        checkPermission(CLUSTER_WRITE);
         try {
             byte[] payload = new ClusterMessage(
                     localNodeId,
@@ -139,6 +144,7 @@
                               MessageSubject subject,
                               Function<M, byte[]> encoder,
                               Set<NodeId> nodes) {
+        checkPermission(CLUSTER_WRITE);
         byte[] payload = new ClusterMessage(
                 localNodeId,
                 subject,
@@ -153,6 +159,7 @@
                                                       Function<M, byte[]> encoder,
                                                       Function<byte[], R> decoder,
                                                       NodeId toNodeId) {
+        checkPermission(CLUSTER_WRITE);
         try {
             ClusterMessage envelope = new ClusterMessage(
                     clusterService.getLocalNode().id(),
@@ -193,6 +200,7 @@
     public void addSubscriber(MessageSubject subject,
                               ClusterMessageHandler subscriber,
                               ExecutorService executor) {
+        checkPermission(CLUSTER_WRITE);
         messagingService.registerHandler(subject.value(),
                 new InternalClusterMessageHandler(subscriber),
                 executor);
@@ -200,6 +208,7 @@
 
     @Override
     public void removeSubscriber(MessageSubject subject) {
+        checkPermission(CLUSTER_WRITE);
         messagingService.unregisterHandler(subject.value());
     }
 
@@ -209,6 +218,7 @@
             Function<M, R> handler,
             Function<R, byte[]> encoder,
             Executor executor) {
+        checkPermission(CLUSTER_WRITE);
         messagingService.registerHandler(subject.value(),
                 new InternalMessageResponder<M, R>(decoder, encoder, m -> {
                     CompletableFuture<R> responseFuture = new CompletableFuture<>();
@@ -228,6 +238,7 @@
             Function<byte[], M> decoder,
             Function<M, CompletableFuture<R>> handler,
             Function<R, byte[]> encoder) {
+        checkPermission(CLUSTER_WRITE);
         messagingService.registerHandler(subject.value(),
                 new InternalMessageResponder<>(decoder, encoder, handler));
     }
@@ -237,6 +248,7 @@
             Function<byte[], M> decoder,
             Consumer<M> handler,
             Executor executor) {
+        checkPermission(CLUSTER_WRITE);
         messagingService.registerHandler(subject.value(),
                 new InternalMessageConsumer<>(decoder, handler),
                 executor);
diff --git a/core/store/dist/src/main/java/org/onosproject/store/cluster/messaging/impl/NettyMessagingManager.java b/core/store/dist/src/main/java/org/onosproject/store/cluster/messaging/impl/NettyMessagingManager.java
index 2f883e1..53611f3 100644
--- a/core/store/dist/src/main/java/org/onosproject/store/cluster/messaging/impl/NettyMessagingManager.java
+++ b/core/store/dist/src/main/java/org/onosproject/store/cluster/messaging/impl/NettyMessagingManager.java
@@ -82,6 +82,9 @@
 import java.util.function.BiFunction;
 import java.util.function.Consumer;
 
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.CLUSTER_WRITE;
+
 /**
  * Netty based MessagingService.
  */
@@ -213,6 +216,7 @@
 
     @Override
     public CompletableFuture<Void> sendAsync(Endpoint ep, String type, byte[] payload) {
+        checkPermission(CLUSTER_WRITE);
         InternalMessage message = new InternalMessage(messageIdGenerator.incrementAndGet(),
                                                       localEp,
                                                       type,
@@ -221,6 +225,7 @@
     }
 
     protected CompletableFuture<Void> sendAsync(Endpoint ep, InternalMessage message) {
+        checkPermission(CLUSTER_WRITE);
         if (ep.equals(localEp)) {
             try {
                 dispatchLocally(message);
@@ -247,11 +252,13 @@
 
     @Override
     public CompletableFuture<byte[]> sendAndReceive(Endpoint ep, String type, byte[] payload) {
+        checkPermission(CLUSTER_WRITE);
         return sendAndReceive(ep, type, payload, MoreExecutors.directExecutor());
     }
 
     @Override
     public CompletableFuture<byte[]> sendAndReceive(Endpoint ep, String type, byte[] payload, Executor executor) {
+        checkPermission(CLUSTER_WRITE);
         CompletableFuture<byte[]> response = new CompletableFuture<>();
         Callback callback = new Callback(response, executor);
         Long messageId = messageIdGenerator.incrementAndGet();
@@ -266,11 +273,13 @@
 
     @Override
     public void registerHandler(String type, BiConsumer<Endpoint, byte[]> handler, Executor executor) {
+        checkPermission(CLUSTER_WRITE);
         handlers.put(type, message -> executor.execute(() -> handler.accept(message.sender(), message.payload())));
     }
 
     @Override
     public void registerHandler(String type, BiFunction<Endpoint, byte[], byte[]> handler, Executor executor) {
+        checkPermission(CLUSTER_WRITE);
         handlers.put(type, message -> executor.execute(() -> {
             byte[] responsePayload = null;
             Status status = Status.OK;
@@ -285,6 +294,7 @@
 
     @Override
     public void registerHandler(String type, BiFunction<Endpoint, byte[], CompletableFuture<byte[]>> handler) {
+        checkPermission(CLUSTER_WRITE);
         handlers.put(type, message -> {
             handler.apply(message.sender(), message.payload()).whenComplete((result, error) -> {
                 Status status = error == null ? Status.OK : Status.ERROR_HANDLER_EXCEPTION;
@@ -295,6 +305,7 @@
 
     @Override
     public void unregisterHandler(String type) {
+        checkPermission(CLUSTER_WRITE);
         handlers.remove(type);
     }
 
diff --git a/core/store/dist/src/main/java/org/onosproject/store/core/impl/LogicalClockManager.java b/core/store/dist/src/main/java/org/onosproject/store/core/impl/LogicalClockManager.java
index 4b2f780..c094425 100644
--- a/core/store/dist/src/main/java/org/onosproject/store/core/impl/LogicalClockManager.java
+++ b/core/store/dist/src/main/java/org/onosproject/store/core/impl/LogicalClockManager.java
@@ -30,6 +30,9 @@
 import org.onosproject.store.service.StorageService;
 import org.slf4j.Logger;
 
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.CLOCK_WRITE;
+
 /**
  * LogicalClockService implementation based on a AtomicCounter.
  */
@@ -62,6 +65,7 @@
 
     @Override
     public Timestamp getTimestamp() {
+        checkPermission(CLOCK_WRITE);
         return new LogicalTimestamp(atomicCounter.incrementAndGet());
     }
 }
\ No newline at end of file
diff --git a/core/store/persistence/src/main/java/org/onosproject/persistence/impl/PersistenceManager.java b/core/store/persistence/src/main/java/org/onosproject/persistence/impl/PersistenceManager.java
index 05c577c..b7dc6ab 100644
--- a/core/store/persistence/src/main/java/org/onosproject/persistence/impl/PersistenceManager.java
+++ b/core/store/persistence/src/main/java/org/onosproject/persistence/impl/PersistenceManager.java
@@ -36,6 +36,8 @@
 import java.util.Timer;
 import java.util.TimerTask;
 
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.PERSISTENCE_WRITE;
 import static org.slf4j.LoggerFactory.getLogger;
 
 /**
@@ -122,10 +124,12 @@
     }
 
     public <K, V> PersistentMapBuilder<K, V> persistentMapBuilder() {
+        checkPermission(PERSISTENCE_WRITE);
         return new DefaultPersistentMapBuilder<>(localDB);
     }
 
     public <E> PersistentSetBuilder<E> persistentSetBuilder() {
+        checkPermission(PERSISTENCE_WRITE);
         return new DefaultPersistentSetBuilder<>(localDB);
     }
 
diff --git a/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/MutexExecutionManager.java b/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/MutexExecutionManager.java
index 5946fdb..431a240 100644
--- a/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/MutexExecutionManager.java
+++ b/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/MutexExecutionManager.java
@@ -50,7 +50,8 @@
 import com.google.common.base.MoreObjects;
 import com.google.common.collect.Lists;
 import com.google.common.collect.Maps;
-
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.MUTEX_WRITE;
 /**
  * Implementation of a MutexExecutionService.
  */
@@ -103,6 +104,7 @@
 
     @Override
     public CompletableFuture<Void> execute(MutexTask task, String exclusionPath, Executor executor) {
+        checkPermission(MUTEX_WRITE);
         return lock(exclusionPath)
                     .thenApply(state -> activeTasks.computeIfAbsent(exclusionPath,
                                                                     k -> new InnerMutexTask(exclusionPath,
diff --git a/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/PartitionManager.java b/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/PartitionManager.java
index a083a8b..d4699a2 100644
--- a/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/PartitionManager.java
+++ b/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/PartitionManager.java
@@ -55,6 +55,9 @@
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Maps;
 
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.PARTITION_READ;
+
 /**
  * Implementation of {@code PartitionService} and {@code PartitionAdminService}.
  */
@@ -116,27 +119,32 @@
 
     @Override
     public int getNumberOfPartitions() {
+        checkPermission(PARTITION_READ);
         return partitions.size();
     }
 
     @Override
     public Set<PartitionId> getAllPartitionIds() {
+        checkPermission(PARTITION_READ);
         return partitions.keySet();
     }
 
     @Override
     public DistributedPrimitiveCreator getDistributedPrimitiveCreator(PartitionId partitionId) {
+        checkPermission(PARTITION_READ);
         return partitions.get(partitionId).client();
     }
 
     @Override
     public Set<NodeId> getConfiguredMembers(PartitionId partitionId) {
+        checkPermission(PARTITION_READ);
         StoragePartition partition = partitions.get(partitionId);
         return ImmutableSet.copyOf(partition.getMembers());
     }
 
     @Override
     public Set<NodeId> getActiveMembersMembers(PartitionId partitionId) {
+        checkPermission(PARTITION_READ);
         // TODO: This needs to query metadata to determine currently active
         // members of partition
         return getConfiguredMembers(partitionId);
diff --git a/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/StorageManager.java b/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/StorageManager.java
index 6410a40..6ba2667 100644
--- a/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/StorageManager.java
+++ b/core/store/primitives/src/main/java/org/onosproject/store/primitives/impl/StorageManager.java
@@ -61,6 +61,9 @@
 import com.google.common.collect.Maps;
 import com.google.common.util.concurrent.Futures;
 
+import static org.onosproject.security.AppGuard.checkPermission;
+import static org.onosproject.security.AppPermission.Type.*;
+
 /**
  * Implementation for {@code StorageService} and {@code StorageAdminService}.
  */
@@ -117,6 +120,7 @@
 
     @Override
     public <K, V> EventuallyConsistentMapBuilder<K, V> eventuallyConsistentMapBuilder() {
+        checkPermission(STORAGE_WRITE);
         return new EventuallyConsistentMapBuilderImpl<>(clusterService,
                 clusterCommunicator,
                 persistenceService);
@@ -124,27 +128,32 @@
 
     @Override
     public <K, V> ConsistentMapBuilder<K, V> consistentMapBuilder() {
+        checkPermission(STORAGE_WRITE);
         return new NewDefaultConsistentMapBuilder<>(federatedPrimitiveCreator);
     }
 
     @Override
     public <E> DistributedSetBuilder<E> setBuilder() {
+        checkPermission(STORAGE_WRITE);
         return new DefaultDistributedSetBuilder<>(() -> this.<E, Boolean>consistentMapBuilder());
     }
 
     @Override
     public <E> DistributedQueueBuilder<E> queueBuilder() {
+        checkPermission(STORAGE_WRITE);
         // TODO: implement
         throw new UnsupportedOperationException();
     }
 
     @Override
     public AtomicCounterBuilder atomicCounterBuilder() {
+        checkPermission(STORAGE_WRITE);
         return new NewDefaultAtomicCounterBuilder(federatedPrimitiveCreator);
     }
 
     @Override
     public <V> AtomicValueBuilder<V> atomicValueBuilder() {
+        checkPermission(STORAGE_WRITE);
         Supplier<ConsistentMapBuilder<String, byte[]>> mapBuilderSupplier =
                 () -> this.<String, byte[]>consistentMapBuilder()
                           .withName("onos-atomic-values")
@@ -154,6 +163,7 @@
 
     @Override
     public TransactionContextBuilder transactionContextBuilder() {
+        checkPermission(STORAGE_WRITE);
         return new NewDefaultTransactionContextBuilder(transactionIdGenerator.get(),
                 federatedPrimitiveCreator,
                 transactionCoordinator);
@@ -161,6 +171,7 @@
 
     @Override
     public LeaderElectorBuilder leaderElectorBuilder() {
+        checkPermission(STORAGE_WRITE);
         return new DefaultLeaderElectorBuilder(federatedPrimitiveCreator);
     }