ONOS-1993 Implement API-level permission checking + security util code location replacement
Change-Id: I7bf20eda9c12ed2a44334504333b093057764cd2
diff --git a/core/net/src/main/java/org/onosproject/net/group/impl/GroupManager.java b/core/net/src/main/java/org/onosproject/net/group/impl/GroupManager.java
index b54e468..352059a 100644
--- a/core/net/src/main/java/org/onosproject/net/group/impl/GroupManager.java
+++ b/core/net/src/main/java/org/onosproject/net/group/impl/GroupManager.java
@@ -27,6 +27,7 @@
import org.apache.felix.scr.annotations.ReferenceCardinality;
import org.apache.felix.scr.annotations.Service;
import org.onosproject.core.ApplicationId;
+import org.onosproject.core.Permission;
import org.onosproject.event.EventDeliveryService;
import org.onosproject.event.ListenerRegistry;
import org.onosproject.net.DeviceId;
@@ -52,6 +53,9 @@
import org.onosproject.net.provider.AbstractProviderService;
import org.slf4j.Logger;
+import static org.onosproject.security.AppGuard.checkPermission;
+
+
/**
* Provides implementation of the group service APIs.
*/
@@ -100,6 +104,8 @@
*/
@Override
public void addGroup(GroupDescription groupDesc) {
+ checkPermission(Permission.GROUP_WRITE);
+
log.trace("In addGroup API");
store.storeGroupDescription(groupDesc);
}
@@ -119,6 +125,8 @@
*/
@Override
public Group getGroup(DeviceId deviceId, GroupKey appCookie) {
+ checkPermission(Permission.GROUP_READ);
+
log.trace("In getGroup API");
return store.getGroup(deviceId, appCookie);
}
@@ -141,6 +149,8 @@
GroupBuckets buckets,
GroupKey newCookie,
ApplicationId appId) {
+ checkPermission(Permission.GROUP_WRITE);
+
log.trace("In addBucketsToGroup API");
store.updateGroupDescription(deviceId,
oldCookie,
@@ -167,6 +177,8 @@
GroupBuckets buckets,
GroupKey newCookie,
ApplicationId appId) {
+ checkPermission(Permission.GROUP_WRITE);
+
log.trace("In removeBucketsFromGroup API");
store.updateGroupDescription(deviceId,
oldCookie,
@@ -189,6 +201,8 @@
public void removeGroup(DeviceId deviceId,
GroupKey appCookie,
ApplicationId appId) {
+ checkPermission(Permission.GROUP_WRITE);
+
log.trace("In removeGroup API");
store.deleteGroupDescription(deviceId, appCookie);
}
@@ -204,12 +218,16 @@
@Override
public Iterable<Group> getGroups(DeviceId deviceId,
ApplicationId appId) {
+ checkPermission(Permission.GROUP_READ);
+
log.trace("In getGroups API");
return store.getGroups(deviceId);
}
@Override
public Iterable<Group> getGroups(DeviceId deviceId) {
+ checkPermission(Permission.GROUP_READ);
+
log.trace("In getGroups API");
return store.getGroups(deviceId);
}
@@ -221,6 +239,8 @@
*/
@Override
public void addListener(GroupListener listener) {
+ checkPermission(Permission.GROUP_EVENT);
+
log.trace("In addListener API");
listenerRegistry.addListener(listener);
}
@@ -232,6 +252,8 @@
*/
@Override
public void removeListener(GroupListener listener) {
+ checkPermission(Permission.GROUP_EVENT);
+
log.trace("In removeListener API");
listenerRegistry.removeListener(listener);
}