commit 541ef71e6c20aa008ce4facb5a70a4d2bce83284
author Changhoon Yoon <chyoon87@kaist.ac.kr> Sat May 23 17:18:34 2015 +0900
committer Gerrit Code Review <gerrit@onlab.us> Thu May 28 07:06:12 2015 +0000
tree 778b459d5545f2f0dcd522af1760723a4f49191c
parent 52c98bd074ef2c52eb59fdc91a07b353eb6451a5

ONOS-1993 Implement API-level permission checking + security util code location replacement

Change-Id: I7bf20eda9c12ed2a44334504333b093057764cd2

core/net/src/main/java/org/onosproject/net/flow/impl/FlowRuleManager.java

diff --git a/core/net/src/main/java/org/onosproject/net/flow/impl/FlowRuleManager.java b/core/net/src/main/java/org/onosproject/net/flow/impl/FlowRuleManager.java
index 33e9994..b1de540 100644
--- a/core/net/src/main/java/org/onosproject/net/flow/impl/FlowRuleManager.java
+++ b/core/net/src/main/java/org/onosproject/net/flow/impl/FlowRuleManager.java
@@ -35,6 +35,7 @@
 import org.onosproject.core.ApplicationId;
 import org.onosproject.core.CoreService;
 import org.onosproject.core.IdGenerator;
+import org.onosproject.core.Permission;
 import org.onosproject.event.ListenerRegistry;
 import org.onosproject.event.EventDeliveryService;
 import org.onosproject.net.Device;
@@ -77,6 +78,8 @@
 import static com.google.common.base.Preconditions.checkNotNull;
 import static org.onlab.util.Tools.groupedThreads;
 import static org.slf4j.LoggerFactory.getLogger;
+import static org.onosproject.security.AppGuard.checkPermission;
+
 
 /**
  * Provides implementation of the flow NB & SB APIs.
@@ -167,16 +170,22 @@
 
     @Override
     public int getFlowRuleCount() {
+        checkPermission(Permission.FLOWRULE_READ);
+
         return store.getFlowRuleCount();
     }
 
     @Override
     public Iterable<FlowEntry> getFlowEntries(DeviceId deviceId) {
+        checkPermission(Permission.FLOWRULE_READ);
+
         return store.getFlowEntries(deviceId);
     }
 
     @Override
     public void applyFlowRules(FlowRule... flowRules) {
+        checkPermission(Permission.FLOWRULE_WRITE);
+
         FlowRuleOperations.Builder builder = FlowRuleOperations.builder();
         for (int i = 0; i < flowRules.length; i++) {
             builder.add(flowRules[i]);
@@ -186,6 +195,8 @@
 
     @Override
     public void removeFlowRules(FlowRule... flowRules) {
+        checkPermission(Permission.FLOWRULE_WRITE);
+
         FlowRuleOperations.Builder builder = FlowRuleOperations.builder();
         for (int i = 0; i < flowRules.length; i++) {
             builder.remove(flowRules[i]);
@@ -195,11 +206,15 @@
 
     @Override
     public void removeFlowRulesById(ApplicationId id) {
+        checkPermission(Permission.FLOWRULE_WRITE);
+
         removeFlowRules(Iterables.toArray(getFlowRulesById(id), FlowRule.class));
     }
 
     @Override
     public Iterable<FlowRule> getFlowRulesById(ApplicationId id) {
+        checkPermission(Permission.FLOWRULE_READ);
+
         Set<FlowRule> flowEntries = Sets.newHashSet();
         for (Device d : deviceService.getDevices()) {
             for (FlowEntry flowEntry : store.getFlowEntries(d.id())) {
@@ -213,6 +228,8 @@
 
     @Override
     public Iterable<FlowRule> getFlowRulesByGroupId(ApplicationId appId, short groupId) {
+        checkPermission(Permission.FLOWRULE_READ);
+
         Set<FlowRule> matches = Sets.newHashSet();
         long toLookUp = ((long) appId.id() << 16) | groupId;
         for (Device d : deviceService.getDevices()) {
@@ -227,16 +244,22 @@
 
     @Override
     public void apply(FlowRuleOperations ops) {
+        checkPermission(Permission.FLOWRULE_WRITE);
+
         operationsService.submit(new FlowOperationsProcessor(ops));
     }
 
     @Override
     public void addListener(FlowRuleListener listener) {
+        checkPermission(Permission.FLOWRULE_EVENT);
+
         listenerRegistry.addListener(listener);
     }
 
     @Override
     public void removeListener(FlowRuleListener listener) {
+        checkPermission(Permission.FLOWRULE_EVENT);
+
         listenerRegistry.removeListener(listener);
     }