commit 541ef71e6c20aa008ce4facb5a70a4d2bce83284
author Changhoon Yoon <chyoon87@kaist.ac.kr> Sat May 23 17:18:34 2015 +0900
committer Gerrit Code Review <gerrit@onlab.us> Thu May 28 07:06:12 2015 +0000
tree 778b459d5545f2f0dcd522af1760723a4f49191c
parent 52c98bd074ef2c52eb59fdc91a07b353eb6451a5

ONOS-1993 Implement API-level permission checking + security util code location replacement

Change-Id: I7bf20eda9c12ed2a44334504333b093057764cd2

core/net/src/main/java/org/onosproject/net/group/impl/GroupManager.java

diff --git a/core/net/src/main/java/org/onosproject/net/group/impl/GroupManager.java b/core/net/src/main/java/org/onosproject/net/group/impl/GroupManager.java
index b54e468..352059a 100644
--- a/core/net/src/main/java/org/onosproject/net/group/impl/GroupManager.java
+++ b/core/net/src/main/java/org/onosproject/net/group/impl/GroupManager.java
@@ -27,6 +27,7 @@
 import org.apache.felix.scr.annotations.ReferenceCardinality;
 import org.apache.felix.scr.annotations.Service;
 import org.onosproject.core.ApplicationId;
+import org.onosproject.core.Permission;
 import org.onosproject.event.EventDeliveryService;
 import org.onosproject.event.ListenerRegistry;
 import org.onosproject.net.DeviceId;
@@ -52,6 +53,9 @@
 import org.onosproject.net.provider.AbstractProviderService;
 import org.slf4j.Logger;
 
+import static org.onosproject.security.AppGuard.checkPermission;
+
+
 /**
  * Provides implementation of the group service APIs.
  */
@@ -100,6 +104,8 @@
      */
     @Override
     public void addGroup(GroupDescription groupDesc) {
+        checkPermission(Permission.GROUP_WRITE);
+
         log.trace("In addGroup API");
         store.storeGroupDescription(groupDesc);
     }
@@ -119,6 +125,8 @@
      */
     @Override
     public Group getGroup(DeviceId deviceId, GroupKey appCookie) {
+        checkPermission(Permission.GROUP_READ);
+
         log.trace("In getGroup API");
         return store.getGroup(deviceId, appCookie);
     }
@@ -141,6 +149,8 @@
                            GroupBuckets buckets,
                            GroupKey newCookie,
                            ApplicationId appId) {
+        checkPermission(Permission.GROUP_WRITE);
+
         log.trace("In addBucketsToGroup API");
         store.updateGroupDescription(deviceId,
                                      oldCookie,
@@ -167,6 +177,8 @@
                                 GroupBuckets buckets,
                                 GroupKey newCookie,
                                 ApplicationId appId) {
+        checkPermission(Permission.GROUP_WRITE);
+
         log.trace("In removeBucketsFromGroup API");
         store.updateGroupDescription(deviceId,
                                      oldCookie,
@@ -189,6 +201,8 @@
     public void removeGroup(DeviceId deviceId,
                             GroupKey appCookie,
                             ApplicationId appId) {
+        checkPermission(Permission.GROUP_WRITE);
+
         log.trace("In removeGroup API");
         store.deleteGroupDescription(deviceId, appCookie);
     }
@@ -204,12 +218,16 @@
     @Override
     public Iterable<Group> getGroups(DeviceId deviceId,
                                      ApplicationId appId) {
+        checkPermission(Permission.GROUP_READ);
+
         log.trace("In getGroups API");
         return store.getGroups(deviceId);
     }
 
     @Override
     public Iterable<Group> getGroups(DeviceId deviceId) {
+        checkPermission(Permission.GROUP_READ);
+
         log.trace("In getGroups API");
         return store.getGroups(deviceId);
     }
@@ -221,6 +239,8 @@
      */
     @Override
     public void addListener(GroupListener listener) {
+        checkPermission(Permission.GROUP_EVENT);
+
         log.trace("In addListener API");
         listenerRegistry.addListener(listener);
     }
@@ -232,6 +252,8 @@
      */
     @Override
     public void removeListener(GroupListener listener) {
+        checkPermission(Permission.GROUP_EVENT);
+
         log.trace("In removeListener API");
         listenerRegistry.removeListener(listener);
     }