ONOS-1993 Implement API-level permission checking + security util code location replacement
Change-Id: I7bf20eda9c12ed2a44334504333b093057764cd2
diff --git a/core/net/src/main/java/org/onosproject/net/topology/impl/PathManager.java b/core/net/src/main/java/org/onosproject/net/topology/impl/PathManager.java
index 749a722..0852447 100644
--- a/core/net/src/main/java/org/onosproject/net/topology/impl/PathManager.java
+++ b/core/net/src/main/java/org/onosproject/net/topology/impl/PathManager.java
@@ -24,6 +24,7 @@
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.ReferenceCardinality;
import org.apache.felix.scr.annotations.Service;
+import org.onosproject.core.Permission;
import org.onosproject.net.ConnectPoint;
import org.onosproject.net.DefaultEdgeLink;
import org.onosproject.net.DefaultPath;
@@ -49,6 +50,8 @@
import static com.google.common.base.Preconditions.checkNotNull;
import static org.slf4j.LoggerFactory.getLogger;
+import static org.onosproject.security.AppGuard.checkPermission;
+
/**
* Provides implementation of a path selection service atop the current
@@ -85,11 +88,15 @@
@Override
public Set<Path> getPaths(ElementId src, ElementId dst) {
+ checkPermission(Permission.TOPOLOGY_READ);
+
return getPaths(src, dst, null);
}
@Override
public Set<Path> getPaths(ElementId src, ElementId dst, LinkWeight weight) {
+ checkPermission(Permission.TOPOLOGY_READ);
+
checkNotNull(src, ELEMENT_ID_NULL);
checkNotNull(dst, ELEMENT_ID_NULL);
diff --git a/core/net/src/main/java/org/onosproject/net/topology/impl/TopologyManager.java b/core/net/src/main/java/org/onosproject/net/topology/impl/TopologyManager.java
index 956d7a6..718d75d 100644
--- a/core/net/src/main/java/org/onosproject/net/topology/impl/TopologyManager.java
+++ b/core/net/src/main/java/org/onosproject/net/topology/impl/TopologyManager.java
@@ -21,6 +21,7 @@
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.ReferenceCardinality;
import org.apache.felix.scr.annotations.Service;
+import org.onosproject.core.Permission;
import org.onosproject.event.ListenerRegistry;
import org.onosproject.event.Event;
import org.onosproject.event.EventDeliveryService;
@@ -51,6 +52,7 @@
import static com.google.common.base.Preconditions.checkNotNull;
import static org.slf4j.LoggerFactory.getLogger;
+import static org.onosproject.security.AppGuard.checkPermission;
/**
* Provides basic implementation of the topology SB & NB APIs.
@@ -97,23 +99,31 @@
@Override
public Topology currentTopology() {
+ checkPermission(Permission.TOPOLOGY_READ);
+
return store.currentTopology();
}
@Override
public boolean isLatest(Topology topology) {
+ checkPermission(Permission.TOPOLOGY_READ);
+
checkNotNull(topology, TOPOLOGY_NULL);
return store.isLatest(topology);
}
@Override
public Set<TopologyCluster> getClusters(Topology topology) {
+ checkPermission(Permission.TOPOLOGY_READ);
+
checkNotNull(topology, TOPOLOGY_NULL);
return store.getClusters(topology);
}
@Override
public TopologyCluster getCluster(Topology topology, ClusterId clusterId) {
+ checkPermission(Permission.TOPOLOGY_READ);
+
checkNotNull(topology, TOPOLOGY_NULL);
checkNotNull(topology, CLUSTER_ID_NULL);
return store.getCluster(topology, clusterId);
@@ -121,6 +131,8 @@
@Override
public Set<DeviceId> getClusterDevices(Topology topology, TopologyCluster cluster) {
+ checkPermission(Permission.TOPOLOGY_READ);
+
checkNotNull(topology, TOPOLOGY_NULL);
checkNotNull(topology, CLUSTER_NULL);
return store.getClusterDevices(topology, cluster);
@@ -128,6 +140,8 @@
@Override
public Set<Link> getClusterLinks(Topology topology, TopologyCluster cluster) {
+ checkPermission(Permission.TOPOLOGY_READ);
+
checkNotNull(topology, TOPOLOGY_NULL);
checkNotNull(topology, CLUSTER_NULL);
return store.getClusterLinks(topology, cluster);
@@ -135,12 +149,16 @@
@Override
public TopologyGraph getGraph(Topology topology) {
+ checkPermission(Permission.TOPOLOGY_READ);
+
checkNotNull(topology, TOPOLOGY_NULL);
return store.getGraph(topology);
}
@Override
public Set<Path> getPaths(Topology topology, DeviceId src, DeviceId dst) {
+ checkPermission(Permission.TOPOLOGY_READ);
+
checkNotNull(topology, TOPOLOGY_NULL);
checkNotNull(src, DEVICE_ID_NULL);
checkNotNull(dst, DEVICE_ID_NULL);
@@ -149,6 +167,8 @@
@Override
public Set<Path> getPaths(Topology topology, DeviceId src, DeviceId dst, LinkWeight weight) {
+ checkPermission(Permission.TOPOLOGY_READ);
+
checkNotNull(topology, TOPOLOGY_NULL);
checkNotNull(src, DEVICE_ID_NULL);
checkNotNull(dst, DEVICE_ID_NULL);
@@ -158,6 +178,8 @@
@Override
public boolean isInfrastructure(Topology topology, ConnectPoint connectPoint) {
+ checkPermission(Permission.TOPOLOGY_READ);
+
checkNotNull(topology, TOPOLOGY_NULL);
checkNotNull(connectPoint, CONNECTION_POINT_NULL);
return store.isInfrastructure(topology, connectPoint);
@@ -165,6 +187,8 @@
@Override
public boolean isBroadcastPoint(Topology topology, ConnectPoint connectPoint) {
+ checkPermission(Permission.TOPOLOGY_READ);
+
checkNotNull(topology, TOPOLOGY_NULL);
checkNotNull(connectPoint, CONNECTION_POINT_NULL);
return store.isBroadcastPoint(topology, connectPoint);
@@ -172,11 +196,15 @@
@Override
public void addListener(TopologyListener listener) {
+ checkPermission(Permission.TOPOLOGY_EVENT);
+
listenerRegistry.addListener(listener);
}
@Override
public void removeListener(TopologyListener listener) {
+ checkPermission(Permission.TOPOLOGY_EVENT);
+
listenerRegistry.removeListener(listener);
}