ONOS-1993 Implement API-level permission checking + security util code location replacement
Change-Id: I7bf20eda9c12ed2a44334504333b093057764cd2
diff --git a/core/net/src/main/java/org/onosproject/net/host/impl/HostManager.java b/core/net/src/main/java/org/onosproject/net/host/impl/HostManager.java
index 0504442..3335f5a 100644
--- a/core/net/src/main/java/org/onosproject/net/host/impl/HostManager.java
+++ b/core/net/src/main/java/org/onosproject/net/host/impl/HostManager.java
@@ -24,6 +24,7 @@
import org.onlab.packet.IpAddress;
import org.onlab.packet.MacAddress;
import org.onlab.packet.VlanId;
+import org.onosproject.core.Permission;
import org.onosproject.event.EventDeliveryService;
import org.onosproject.event.ListenerRegistry;
import org.onosproject.net.ConnectPoint;
@@ -51,6 +52,8 @@
import static com.google.common.base.Preconditions.checkNotNull;
import static org.slf4j.LoggerFactory.getLogger;
+import static org.onosproject.security.AppGuard.checkPermission;
+
/**
* Provides basic implementation of the host SB & NB APIs.
@@ -109,56 +112,76 @@
@Override
public int getHostCount() {
+ checkPermission(Permission.HOST_READ);
+
return store.getHostCount();
}
@Override
public Iterable<Host> getHosts() {
+ checkPermission(Permission.HOST_READ);
+
return store.getHosts();
}
@Override
public Host getHost(HostId hostId) {
+ checkPermission(Permission.HOST_READ);
+
checkNotNull(hostId, HOST_ID_NULL);
return store.getHost(hostId);
}
@Override
public Set<Host> getHostsByVlan(VlanId vlanId) {
+ checkPermission(Permission.HOST_READ);
+
return store.getHosts(vlanId);
}
@Override
public Set<Host> getHostsByMac(MacAddress mac) {
+ checkPermission(Permission.HOST_READ);
+
checkNotNull(mac, "MAC address cannot be null");
return store.getHosts(mac);
}
@Override
public Set<Host> getHostsByIp(IpAddress ip) {
+ checkPermission(Permission.HOST_READ);
+
checkNotNull(ip, "IP address cannot be null");
return store.getHosts(ip);
}
@Override
public Set<Host> getConnectedHosts(ConnectPoint connectPoint) {
+ checkPermission(Permission.HOST_READ);
+
checkNotNull(connectPoint, "Connection point cannot be null");
return store.getConnectedHosts(connectPoint);
}
@Override
public Set<Host> getConnectedHosts(DeviceId deviceId) {
+ checkPermission(Permission.HOST_READ);
+
checkNotNull(deviceId, "Device ID cannot be null");
return store.getConnectedHosts(deviceId);
}
@Override
public void startMonitoringIp(IpAddress ip) {
+ checkPermission(Permission.HOST_EVENT);
+
monitor.addMonitoringFor(ip);
}
@Override
public void stopMonitoringIp(IpAddress ip) {
+ checkPermission(Permission.HOST_EVENT);
+
monitor.stopMonitoring(ip);
}
@@ -169,11 +192,15 @@
@Override
public void addListener(HostListener listener) {
+ checkPermission(Permission.HOST_EVENT);
+
listenerRegistry.addListener(listener);
}
@Override
public void removeListener(HostListener listener) {
+ checkPermission(Permission.HOST_EVENT);
+
listenerRegistry.removeListener(listener);
}
@@ -203,11 +230,15 @@
@Override
public Set<PortAddresses> getAddressBindings() {
+ checkPermission(Permission.HOST_READ);
+
return store.getAddressBindings();
}
@Override
public Set<PortAddresses> getAddressBindingsForPort(ConnectPoint connectPoint) {
+ checkPermission(Permission.HOST_READ);
+
return store.getAddressBindingsForPort(connectPoint);
}