You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by mc...@apache.org on 2013/12/07 00:10:08 UTC
[3/3] git commit: updated refs/heads/rbac to a416f6c
Fix API build error based on new DB schema, now only
RoleBasedEntityAccessChecker needs to be fixed.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/a416f6c3
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/a416f6c3
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/a416f6c3
Branch: refs/heads/rbac
Commit: a416f6c3c3cbb4b8a47242fafa737fe717f638c6
Parents: c3f480e
Author: Min Chen <mi...@citrix.com>
Authored: Fri Dec 6 15:09:00 2013 -0800
Committer: Min Chen <mi...@citrix.com>
Committed: Fri Dec 6 15:09:00 2013 -0800
----------------------------------------------------------------------
api/src/com/cloud/event/EventTypes.java | 8 +-
.../org/apache/cloudstack/acl/AclService.java | 66 +-
.../cloudstack/api/ApiCommandJobType.java | 2 +-
.../org/apache/cloudstack/api/ApiConstants.java | 7 +-
.../cloudstack/api/ResponseGenerator.java | 6 +-
.../acl/AddAclPermissionToAclPolicyCmd.java | 144 ++++
.../admin/acl/AddAclRoleToAclGroupCmd.java | 121 ----
.../admin/acl/AttachAclPolicyToAclGroupCmd.java | 121 ++++
.../command/admin/acl/CreateAclGroupCmd.java | 30 +-
.../command/admin/acl/CreateAclPolicyCmd.java | 169 +++++
.../api/command/admin/acl/CreateAclRoleCmd.java | 145 ----
.../command/admin/acl/DeleteAclPolicyCmd.java | 96 +++
.../api/command/admin/acl/DeleteAclRoleCmd.java | 96 ---
.../admin/acl/GrantPermissionToAclGroupCmd.java | 131 ----
.../admin/acl/GrantPermissionToAclRoleCmd.java | 120 ----
.../command/admin/acl/ListAclPoliciesCmd.java | 82 +++
.../api/command/admin/acl/ListAclRolesCmd.java | 82 ---
.../RemoveAclPermissionFromAclPolicyCmd.java | 141 ++++
.../acl/RemoveAclPolicyFromAclGroupCmd.java | 121 ++++
.../admin/acl/RemoveAclRoleFromAclGroupCmd.java | 121 ----
.../acl/RevokePermissionFromAclGroupCmd.java | 131 ----
.../acl/RevokePermissionFromAclRoleCmd.java | 120 ----
.../response/AclEntityPermissionResponse.java | 112 ---
.../api/response/AclRoleResponse.java | 134 ----
.../apache/cloudstack/query/QueryService.java | 4 +-
.../org/apache/cloudstack/acl/AclGroupVO.java | 4 +
.../cloudstack/acl/AclPolicyPermissionVO.java | 4 +
.../org/apache/cloudstack/acl/AclPolicyVO.java | 4 +
.../acl/dao/AclPolicyPermissionDao.java | 9 +
.../acl/dao/AclPolicyPermissionDaoImpl.java | 18 +-
.../acl/api/RoleBasedAPIAccessChecker.java | 4 +-
.../entity/RoleBasedEntityAccessChecker.java | 2 +-
server/src/com/cloud/api/ApiDBUtils.java | 26 +-
server/src/com/cloud/api/ApiResponseHelper.java | 16 +-
server/src/com/cloud/api/ApiServer.java | 67 +-
server/src/com/cloud/api/ApiServerService.java | 2 +
.../com/cloud/api/query/QueryManagerImpl.java | 68 +-
.../com/cloud/api/query/ViewResponseHelper.java | 20 +-
.../api/query/dao/AclPolicyJoinDaoImpl.java | 2 +-
.../com/cloud/api/query/dao/AclRoleJoinDao.java | 36 -
.../cloud/api/query/dao/AclRoleJoinDaoImpl.java | 145 ----
.../com/cloud/server/ManagementServerImpl.java | 32 +-
.../src/com/cloud/user/AccountManagerImpl.java | 28 +-
.../apache/cloudstack/acl/AclServiceImpl.java | 695 +++++++++----------
44 files changed, 1441 insertions(+), 2051 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/api/src/com/cloud/event/EventTypes.java
----------------------------------------------------------------------
diff --git a/api/src/com/cloud/event/EventTypes.java b/api/src/com/cloud/event/EventTypes.java
index 0406c3e..0ccea74 100755
--- a/api/src/com/cloud/event/EventTypes.java
+++ b/api/src/com/cloud/event/EventTypes.java
@@ -449,10 +449,10 @@ public class EventTypes {
public static final String EVENT_UCS_ASSOCIATED_PROFILE = "UCS.ASSOCIATEPROFILE";
- public static final String EVENT_ACL_ROLE_CREATE = "ACLROLE.CREATE";
- public static final String EVENT_ACL_ROLE_DELETE = "ACLROLE.DELETE";
- public static final String EVENT_ACL_ROLE_GRANT = "ACLROLE.GRANT";
- public static final String EVENT_ACL_ROLE_REVOKE = "ACLROLE.REVOKE";
+ public static final String EVENT_ACL_POLICY_CREATE = "ACLPOLICY.CREATE";
+ public static final String EVENT_ACL_POLICY_DELETE = "ACLPOLICY.DELETE";
+ public static final String EVENT_ACL_POLICY_GRANT = "ACLPOLICY.GRANT";
+ public static final String EVENT_ACL_POLICY_REVOKE = "ACLPOLICY.REVOKE";
public static final String EVENT_ACL_GROUP_UPDATE = "ACLGROUP.UPDATE";
public static final String EVENT_ACL_GROUP_CREATE = "ACLGROUP.CREATE";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/api/src/org/apache/cloudstack/acl/AclService.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/AclService.java b/api/src/org/apache/cloudstack/acl/AclService.java
index dbdcf0b..0c0ec69 100644
--- a/api/src/org/apache/cloudstack/acl/AclService.java
+++ b/api/src/org/apache/cloudstack/acl/AclService.java
@@ -18,77 +18,45 @@ package org.apache.cloudstack.acl;
import java.util.List;
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.acl.AclPolicyPermission.Permission;
import com.cloud.user.Account;
-import com.cloud.utils.Pair;
public interface AclService {
- /**
- * Creates an acl role for the given domain.
- *
- * @param domainId
- * @param name
- * @param description
- * @return AclRole
- */
+ /* ACL group related interfaces */
+ AclGroup createAclGroup(Account caller, String aclGroupName, String description);
- AclRole createAclRole(Long domainId, String aclRoleName, String description, Long parentRoleId);
-
- /**
- * Delete an acl role.
- *
- * @param aclRoleId
- */
- boolean deleteAclRole(long aclRoleId);
-
- AclRole grantApiPermissionToAclRole(long aclRoleId, List<String> apiNames);
-
- AclRole revokeApiPermissionFromAclRole(long aclRoleId, List<String> apiNames);
-
- AclGroup addAclRolesToGroup(List<Long> roleIds, Long groupId);
+ boolean deleteAclGroup(Long aclGroupId);
- AclGroup removeAclRolesFromGroup(List<Long> roleIds, Long groupId);
+ List<AclGroup> listAclGroups(long accountId);
AclGroup addAccountsToGroup(List<Long> acctIds, Long groupId);
AclGroup removeAccountsFromGroup(List<Long> acctIds, Long groupId);
- AclGroup grantEntityPermissionToAclGroup(long aclGroupId, String entityType, long entityId, AccessType accessType);
-
- AclGroup revokeEntityPermissionFromAclGroup(long aclGroupId, String entityType, long entityId, AccessType accessType);
+ /* ACL Policy related interfaces */
+ AclPolicy createAclPolicy(Account caller, String aclPolicyName, String description, Long parentPolicyId);
- /**
- * Creates an acl group for the given domain.
- *
- * @param domainId
- * @param name
- * @param description
- * @return AclGroup
- */
+ boolean deleteAclPolicy(long aclPolicyId);
- AclGroup createAclGroup(Long domainId, String aclGroupName, String description);
+ List<AclPolicy> listAclPolicies(long accountId);
- /**
- * Delete an acl group.
- *
- * @param aclGroupId
- */
- boolean deleteAclGroup(Long aclGroupId);
+ AclGroup attachAclPoliciesToGroup(List<Long> roleIds, Long groupId);
- List<AclRole> getAclRoles(long accountId);
+ AclGroup removeAclPoliciesFromGroup(List<Long> roleIds, Long groupId);
- List<AclGroup> getAclGroups(long accountId);
+ AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId, String action, Permission perm);
- AclRolePermission getAclRolePermission(long accountId, String entityType, AccessType accessType);
+ AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId, String action);
- Pair<List<Long>, List<Long>> getAclEntityPermission(long accountId, String entityType, AccessType accessType);
+ AclPolicyPermission getAclPolicyPermission(long accountId, String entityType, String action);
- boolean isAPIAccessibleForRoles(String apiName, List<AclRole> roles);
+ boolean isAPIAccessibleForPolicies(String apiName, List<AclPolicy> policies);
- List<AclRole> getEffectiveRoles(Account caller, ControlledEntity entity);
+ List<AclPolicy> getEffectivePolicies(Account caller, ControlledEntity entity);
+ /* Visibility related interfaces */
List<Long> getGrantedDomains(long accountId, AclEntityType entityType, String action);
List<Long> getGrantedAccounts(long accountId, AclEntityType entityType, String action);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/api/src/org/apache/cloudstack/api/ApiCommandJobType.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/ApiCommandJobType.java b/api/src/org/apache/cloudstack/api/ApiCommandJobType.java
index 6f9ac2d..0e79e66 100644
--- a/api/src/org/apache/cloudstack/api/ApiCommandJobType.java
+++ b/api/src/org/apache/cloudstack/api/ApiCommandJobType.java
@@ -50,6 +50,6 @@ public enum ApiCommandJobType {
AffinityGroup,
InternalLbVm,
DedicatedGuestVlanRange,
- AclRole,
+ AclPolicy,
AclGroup
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/api/src/org/apache/cloudstack/api/ApiConstants.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/ApiConstants.java b/api/src/org/apache/cloudstack/api/ApiConstants.java
index 0d1878d..50a2bfd 100755
--- a/api/src/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/org/apache/cloudstack/api/ApiConstants.java
@@ -524,10 +524,9 @@ public class ApiConstants {
public static final String SERVICE_STATE = "servicestate";
public static final String ACL_ACCOUNT_IDS = "accountids";
public static final String ACL_MEMBER_ACCOUNTS = "memberaccounts";
- public static final String ACL_PARENT_ROLE_ID = "parentroleid";
- public static final String ACL_PARENT_ROLE_NAME = "parentrolename";
- public static final String ACL_ROLES = "roles";
- public static final String ACL_ROLE_IDS = "roleids";
+ public static final String ACL_PARENT_POLICY_ID = "parentpolicyid";
+ public static final String ACL_PARENT_POLICY_NAME = "parentpolicyname";
+ public static final String ACL_POLICY_IDS = "policyids";
public static final String ACL_POLICIES = "policies";
public static final String ACL_APIS = "apis";
public static final String ACL_GROUPS = "groups";
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/api/src/org/apache/cloudstack/api/ResponseGenerator.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/ResponseGenerator.java b/api/src/org/apache/cloudstack/api/ResponseGenerator.java
index f70f6ca..4b222d2 100644
--- a/api/src/org/apache/cloudstack/api/ResponseGenerator.java
+++ b/api/src/org/apache/cloudstack/api/ResponseGenerator.java
@@ -23,7 +23,7 @@ import java.util.List;
import java.util.Map;
import org.apache.cloudstack.acl.AclGroup;
-import org.apache.cloudstack.acl.AclRole;
+import org.apache.cloudstack.acl.AclPolicy;
import org.apache.cloudstack.affinity.AffinityGroup;
import org.apache.cloudstack.affinity.AffinityGroupResponse;
import org.apache.cloudstack.api.ApiConstants.HostDetails;
@@ -32,7 +32,7 @@ import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.command.user.job.QueryAsyncJobResultCmd;
import org.apache.cloudstack.api.response.AccountResponse;
import org.apache.cloudstack.api.response.AclGroupResponse;
-import org.apache.cloudstack.api.response.AclRoleResponse;
+import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.response.ApplicationLoadBalancerResponse;
import org.apache.cloudstack.api.response.AsyncJobResponse;
import org.apache.cloudstack.api.response.AutoScalePolicyResponse;
@@ -455,7 +455,7 @@ public interface ResponseGenerator {
IsolationMethodResponse createIsolationMethodResponse(IsolationType method);
- AclRoleResponse createAclRoleResponse(AclRole role);
+ AclPolicyResponse createAclPolicyResponse(AclPolicy policy);
AclGroupResponse createAclGroupResponse(AclGroup group);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/api/src/org/apache/cloudstack/api/command/admin/acl/AddAclPermissionToAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/AddAclPermissionToAclPolicyCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/AddAclPermissionToAclPolicyCmd.java
new file mode 100644
index 0000000..6a634be
--- /dev/null
+++ b/api/src/org/apache/cloudstack/api/command/admin/acl/AddAclPermissionToAclPolicyCmd.java
@@ -0,0 +1,144 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.admin.acl;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.AclPolicy;
+import org.apache.cloudstack.acl.AclPolicyPermission.Permission;
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.AclPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "addAclPermissionToAclPolicy", description = "Add Acl permission to an acl policy", responseObject = AclPolicyResponse.class)
+public class AddAclPermissionToAclPolicyCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(AddAclPermissionToAclPolicyCmd.class.getName());
+ private static final String s_name = "addaclpermissiontoaclpolicyresponse";
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
+ required = true, description = "The ID of the acl policy")
+ private Long id;
+
+ @Parameter(name = ApiConstants.ACL_ACTION, type = CommandType.STRING, required = true, description = "action api name.")
+ private String action;
+
+ @Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = false, description = "entity class simple name.")
+ private String entityType;
+
+ @Parameter(name = ApiConstants.ACL_SCOPE, type = CommandType.STRING,
+ required = false, description = "acl permission scope")
+ private String scope;
+
+ @Parameter(name = ApiConstants.ACL_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
+ private Long scopeId;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public String getAction() {
+ return action;
+ }
+
+ public String getEntityType() {
+ return entityType;
+ }
+
+ public String getScope() {
+ return scope;
+ }
+
+ public Long getScopeId() {
+ return scopeId;
+ }
+
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("Acl policy Id: " + getId());
+ // Only explicit ALLOW is supported for this release, no explicit deny
+ AclPolicy result = _aclService.addAclPermissionToAclPolicy(id, entityType, PermissionScope.valueOf(scope), scopeId, action, Permission.Allow);
+ if (result != null) {
+ AclPolicyResponse response = _responseGenerator.createAclPolicyResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to grant permission to acl policy " + getId());
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_POLICY_GRANT;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "granting permission to acl policy";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclPolicy;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/api/src/org/apache/cloudstack/api/command/admin/acl/AddAclRoleToAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/AddAclRoleToAclGroupCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/AddAclRoleToAclGroupCmd.java
deleted file mode 100644
index 4a6fcca..0000000
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/AddAclRoleToAclGroupCmd.java
+++ /dev/null
@@ -1,121 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.admin.acl;
-
-import java.util.List;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.AclGroup;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AclGroupResponse;
-import org.apache.cloudstack.api.response.AclRoleResponse;
-import org.apache.cloudstack.context.CallContext;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "addAclRoleToAclGroup", description = "add acl role to an acl group", responseObject = AclGroupResponse.class)
-public class AddAclRoleToAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(AddAclRoleToAclGroupCmd.class.getName());
- private static final String s_name = "addaclroletoaclgroupresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACL_ROLES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclRoleResponse.class, description = "comma separated list of acl role id that are going to be applied to the acl group.")
- private List<Long> roleIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getRoleIdList() {
- return roleIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclService.addAclRolesToGroup(roleIdList, id);
- if (result != null){
- AclGroupResponse response = _responseGenerator.createAclGroupResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "adding acl roles to acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/api/src/org/apache/cloudstack/api/command/admin/acl/AttachAclPolicyToAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/AttachAclPolicyToAclGroupCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/AttachAclPolicyToAclGroupCmd.java
new file mode 100644
index 0000000..33cb59f
--- /dev/null
+++ b/api/src/org/apache/cloudstack/api/command/admin/acl/AttachAclPolicyToAclGroupCmd.java
@@ -0,0 +1,121 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.admin.acl;
+
+import java.util.List;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.AclGroup;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.AclGroupResponse;
+import org.apache.cloudstack.api.response.AclPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "attachAclPolicyToAclGroup", description = "attach acl policy to an acl group", responseObject = AclGroupResponse.class)
+public class AttachAclPolicyToAclGroupCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(AttachAclPolicyToAclGroupCmd.class.getName());
+ private static final String s_name = "attachaclpolicytoaclgroupresponse";
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
+ required = true, description = "The ID of the acl group")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.ACL_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.")
+ private List<Long> policyIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getPolicyIdList() {
+ return policyIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("Acl group Id: " + getId());
+ AclGroup result = _aclService.attachAclPoliciesToGroup(policyIdList, id);
+ if (result != null){
+ AclGroupResponse response = _responseGenerator.createAclGroupResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to acl group");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_GROUP_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "adding acl roles to acl group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclGroup;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java
index 2f100c3..d6d965f 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java
@@ -44,6 +44,9 @@ public class CreateAclGroupCmd extends BaseAsyncCreateCmd {
// ////////////// API parameters /////////////////////
// ///////////////////////////////////////////////////
+ @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the acl group. Must be used with domainId.")
+ private String accountName;
+
@Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the acl group", entityType = DomainResponse.class)
private Long domainId;
@@ -58,6 +61,9 @@ public class CreateAclGroupCmd extends BaseAsyncCreateCmd {
// ///////////////// Accessors ///////////////////////
// ///////////////////////////////////////////////////
+ public String getAccountName() {
+ return accountName;
+ }
public String getDescription() {
return description;
@@ -76,6 +82,7 @@ public class CreateAclGroupCmd extends BaseAsyncCreateCmd {
// ///////////// API Implementation///////////////////
// ///////////////////////////////////////////////////
+
@Override
public String getCommandName() {
return s_name;
@@ -84,19 +91,29 @@ public class CreateAclGroupCmd extends BaseAsyncCreateCmd {
@Override
public long getEntityOwnerId() {
Account account = CallContext.current().getCallingAccount();
+ if ((account == null) || _accountService.isAdmin(account.getType())) {
+ if ((domainId != null) && (accountName != null)) {
+ Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
+ if (userAccount != null) {
+ return userAccount.getId();
+ }
+ }
+ }
+
if (account != null) {
return account.getId();
}
- return Account.ACCOUNT_ID_SYSTEM;
-
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this
+ // command to SYSTEM so ERROR events
+ // are tracked
}
@Override
public void execute() {
- AclGroup role = _entityMgr.findById(AclGroup.class, getEntityId());
- if (role != null) {
- AclGroupResponse response = _responseGenerator.createAclGroupResponse(role);
+ AclGroup grp = _entityMgr.findById(AclGroup.class, getEntityId());
+ if (grp != null) {
+ AclGroupResponse response = _responseGenerator.createAclGroupResponse(grp);
response.setResponseName(getCommandName());
setResponseObject(response);
} else {
@@ -106,7 +123,8 @@ public class CreateAclGroupCmd extends BaseAsyncCreateCmd {
@Override
public void create() throws ResourceAllocationException {
- AclGroup result = _aclService.createAclGroup(domainId, name, description);
+ Account account = CallContext.current().getCallingAccount();
+ AclGroup result = _aclService.createAclGroup(account, name, description);
if (result != null) {
setEntityId(result.getId());
setEntityUuid(result.getUuid());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclPolicyCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclPolicyCmd.java
new file mode 100644
index 0000000..b423dab
--- /dev/null
+++ b/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclPolicyCmd.java
@@ -0,0 +1,169 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.admin.acl;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.AclPolicy;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCreateCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.AclPolicyResponse;
+import org.apache.cloudstack.api.response.DomainResponse;
+import org.apache.cloudstack.context.CallContext;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.user.Account;
+
+@APICommand(name = "createAclPolicy", responseObject = AclPolicyResponse.class, description = "Creates an acl policy")
+public class CreateAclPolicyCmd extends BaseAsyncCreateCmd {
+ public static final Logger s_logger = Logger.getLogger(CreateAclPolicyCmd.class.getName());
+
+ private static final String s_name = "createaclpolicyresponse";
+
+ // ///////////////////////////////////////////////////
+ // ////////////// API parameters /////////////////////
+ // ///////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the acl policy. Must be used with domainId.")
+ private String accountName;
+
+ @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the acl policy", entityType = DomainResponse.class)
+ private Long domainId;
+
+ @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the acl policy")
+ private String description;
+
+ @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the acl policy")
+ private String name;
+
+ @ACL
+ @Parameter(name = ApiConstants.ACL_PARENT_POLICY_ID, type = CommandType.UUID, description = "The ID of parent acl policy.", entityType = AclPolicyResponse.class)
+ private Long parentPolicyId;
+
+
+ // ///////////////////////////////////////////////////
+ // ///////////////// Accessors ///////////////////////
+ // ///////////////////////////////////////////////////
+
+ public String getAccountName() {
+ return accountName;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public Long getDomainId() {
+ return domainId;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public Long getParentPolicyId() {
+ return parentPolicyId;
+ }
+
+ // ///////////////////////////////////////////////////
+ // ///////////// API Implementation///////////////////
+ // ///////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ Account account = CallContext.current().getCallingAccount();
+ if ((account == null) || _accountService.isAdmin(account.getType())) {
+ if ((domainId != null) && (accountName != null)) {
+ Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
+ if (userAccount != null) {
+ return userAccount.getId();
+ }
+ }
+ }
+
+ if (account != null) {
+ return account.getId();
+ }
+
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this
+ // command to SYSTEM so ERROR events
+ // are tracked
+ }
+
+ @Override
+ public void execute() {
+ AclPolicy policy = _entityMgr.findById(AclPolicy.class, getEntityId());
+ if (policy != null) {
+ AclPolicyResponse response = _responseGenerator.createAclPolicyResponse(policy);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl policy:" + name);
+ }
+ }
+
+ @Override
+ public void create() throws ResourceAllocationException {
+ Account account = CallContext.current().getCallingAccount();
+ AclPolicy result = _aclService.createAclPolicy(account, name, description, parentPolicyId);
+ if (result != null) {
+ setEntityId(result.getId());
+ setEntityUuid(result.getUuid());
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl policy entity" + name);
+ }
+
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_POLICY_CREATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "creating Acl policy";
+ }
+
+ @Override
+ public String getCreateEventType() {
+ return EventTypes.EVENT_ACL_POLICY_CREATE;
+ }
+
+ @Override
+ public String getCreateEventDescription() {
+ return "creating acl policy";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclPolicy;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java
deleted file mode 100644
index 5663ac5..0000000
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java
+++ /dev/null
@@ -1,145 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.admin.acl;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.AclRole;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCreateCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AclRoleResponse;
-import org.apache.cloudstack.api.response.DomainResponse;
-import org.apache.cloudstack.context.CallContext;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.ResourceAllocationException;
-
-@APICommand(name = "createAclRole", responseObject = AclRoleResponse.class, description = "Creates an acl role")
-public class CreateAclRoleCmd extends BaseAsyncCreateCmd {
- public static final Logger s_logger = Logger.getLogger(CreateAclRoleCmd.class.getName());
-
- private static final String s_name = "createaclroleresponse";
-
- // ///////////////////////////////////////////////////
- // ////////////// API parameters /////////////////////
- // ///////////////////////////////////////////////////
-
- @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the acl role", entityType = DomainResponse.class)
- private Long domainId;
-
- @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the acl role")
- private String description;
-
- @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the acl group")
- private String name;
-
- @ACL
- @Parameter(name = ApiConstants.ACL_PARENT_ROLE_ID, type = CommandType.UUID, description = "The ID of parent acl role.", entityType = AclRoleResponse.class)
- private Long parentRoleId;
-
-
- // ///////////////////////////////////////////////////
- // ///////////////// Accessors ///////////////////////
- // ///////////////////////////////////////////////////
-
-
- public String getDescription() {
- return description;
- }
-
- public Long getDomainId() {
- return domainId;
- }
-
- public String getName() {
- return name;
- }
-
- public Long getParentRoleId() {
- return parentRoleId;
- }
-
- // ///////////////////////////////////////////////////
- // ///////////// API Implementation///////////////////
- // ///////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public long getEntityOwnerId() {
- return CallContext.current().getCallingAccount().getId();
- }
-
- @Override
- public void execute() {
- AclRole role = _entityMgr.findById(AclRole.class, getEntityId());
- if (role != null) {
- AclRoleResponse response = _responseGenerator.createAclRoleResponse(role);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl role:" + name);
- }
- }
-
- @Override
- public void create() throws ResourceAllocationException {
- AclRole result = _aclService.createAclRole(domainId, name, description, parentRoleId);
- if (result != null) {
- setEntityId(result.getId());
- setEntityUuid(result.getUuid());
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl role entity" + name);
- }
-
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_ROLE_CREATE;
- }
-
- @Override
- public String getEventDescription() {
- return "creating Acl role";
- }
-
- @Override
- public String getCreateEventType() {
- return EventTypes.EVENT_ACL_ROLE_CREATE;
- }
-
- @Override
- public String getCreateEventDescription() {
- return "creating acl role";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclRole;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/api/src/org/apache/cloudstack/api/command/admin/acl/DeleteAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/DeleteAclPolicyCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/DeleteAclPolicyCmd.java
new file mode 100644
index 0000000..d7216fa
--- /dev/null
+++ b/api/src/org/apache/cloudstack/api/command/admin/acl/DeleteAclPolicyCmd.java
@@ -0,0 +1,96 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.admin.acl;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.AclPolicyResponse;
+import org.apache.cloudstack.api.response.SuccessResponse;
+
+import com.cloud.event.EventTypes;
+import com.cloud.user.Account;
+
+@APICommand(name = "deleteAclPolicy", description = "Deletes acl policy", responseObject = SuccessResponse.class)
+public class DeleteAclPolicyCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(DeleteAclPolicyCmd.class.getName());
+ private static final String s_name = "deleteaclpolicyresponse";
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "The ID of the acl role.", required = true, entityType = AclPolicyResponse.class)
+ private Long id;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+ public Long getId() {
+ return id;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM;
+ }
+
+ @Override
+ public void execute(){
+ boolean result = _aclService.deleteAclPolicy(id);
+ if (result) {
+ SuccessResponse response = new SuccessResponse(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete acl policy");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_POLICY_DELETE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "Deleting Acl role";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclPolicy;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/api/src/org/apache/cloudstack/api/command/admin/acl/DeleteAclRoleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/DeleteAclRoleCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/DeleteAclRoleCmd.java
deleted file mode 100644
index 5a2afe1..0000000
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/DeleteAclRoleCmd.java
+++ /dev/null
@@ -1,96 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.admin.acl;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AclRoleResponse;
-import org.apache.cloudstack.api.response.SuccessResponse;
-
-import com.cloud.event.EventTypes;
-import com.cloud.user.Account;
-
-@APICommand(name = "deleteAclRole", description = "Deletes acl role", responseObject = SuccessResponse.class)
-public class DeleteAclRoleCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(DeleteAclRoleCmd.class.getName());
- private static final String s_name = "deleteaclroleresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "The ID of the acl role.", required = true, entityType = AclRoleResponse.class)
- private Long id;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
- public Long getId() {
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM;
- }
-
- @Override
- public void execute(){
- boolean result = _aclService.deleteAclRole(id);
- if (result) {
- SuccessResponse response = new SuccessResponse(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete acl role");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_ROLE_DELETE;
- }
-
- @Override
- public String getEventDescription() {
- return "Deleting Acl role";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclRole;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/api/src/org/apache/cloudstack/api/command/admin/acl/GrantPermissionToAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/GrantPermissionToAclGroupCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/GrantPermissionToAclGroupCmd.java
deleted file mode 100644
index 9fefa75..0000000
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/GrantPermissionToAclGroupCmd.java
+++ /dev/null
@@ -1,131 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.admin.acl;
-
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.AclGroup;
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AclGroupResponse;
-import org.apache.cloudstack.context.CallContext;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "grantPermissionToAclGroup", description = "grant entity permission to an acl group", responseObject = AclGroupResponse.class)
-public class GrantPermissionToAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(GrantPermissionToAclGroupCmd.class.getName());
- private static final String s_name = "grantpermissiontoaclgroupresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = true, description = "entity class simple name.")
- private String entityType;
-
- @Parameter(name = ApiConstants.ENTITY_ID, type = CommandType.UUID, required = true, description = "The ID of the entity")
- private Long entityId;
-
- @Parameter(name = ApiConstants.ACCESS_TYPE, type = CommandType.STRING, required = true, description = "access type for the entity")
- private String accessType;
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
- public String getEntityType() {
- return entityType;
- }
-
- public Long getEntityId() {
- return entityId;
- }
-
- public AccessType getAccessType() {
- return AccessType.valueOf(accessType);
- }
-
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclService.grantEntityPermissionToAclGroup(id, entityType, entityId, getAccessType());
- if (result != null){
- AclGroupResponse response = _responseGenerator.createAclGroupResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to grant permission to acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_GRANT;
- }
-
- @Override
- public String getEventDescription() {
- return "granting permission to acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/api/src/org/apache/cloudstack/api/command/admin/acl/GrantPermissionToAclRoleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/GrantPermissionToAclRoleCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/GrantPermissionToAclRoleCmd.java
deleted file mode 100644
index c0c0083..0000000
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/GrantPermissionToAclRoleCmd.java
+++ /dev/null
@@ -1,120 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.admin.acl;
-
-import java.util.List;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.AclRole;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AclRoleResponse;
-import org.apache.cloudstack.context.CallContext;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "grantPermissionToAclRole", description = "Grant api permission to an acl role", responseObject = AclRoleResponse.class)
-public class GrantPermissionToAclRoleCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(GrantPermissionToAclRoleCmd.class.getName());
- private static final String s_name = "grantpermissiontoroleresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclRoleResponse.class,
- required = true, description = "The ID of the acl role")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACL_APIS, type = CommandType.LIST, collectionType = CommandType.STRING, description = "comma separated list of apis granted to the acl role. ")
- private List<String> apiList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<String> getApiList() {
- return apiList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl role Id: " + getId());
- AclRole result = _aclService.grantApiPermissionToAclRole(id, apiList);
- if (result != null) {
- AclRoleResponse response = _responseGenerator.createAclRoleResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to grant permission to acl role " + getId());
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_ROLE_GRANT;
- }
-
- @Override
- public String getEventDescription() {
- return "granting permission to acl role";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclRole;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/api/src/org/apache/cloudstack/api/command/admin/acl/ListAclPoliciesCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/ListAclPoliciesCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/ListAclPoliciesCmd.java
new file mode 100644
index 0000000..7c9cdbe
--- /dev/null
+++ b/api/src/org/apache/cloudstack/api/command/admin/acl/ListAclPoliciesCmd.java
@@ -0,0 +1,82 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.admin.acl;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.response.AclPolicyResponse;
+import org.apache.cloudstack.api.response.ListResponse;
+
+
+@APICommand(name = "listAclPolicies", description = "Lists acl policies", responseObject = AclPolicyResponse.class)
+public class ListAclPoliciesCmd extends BaseListDomainResourcesCmd {
+ public static final Logger s_logger = Logger.getLogger(ListAclPoliciesCmd.class.getName());
+
+ private static final String s_name = "listaclpoliciesresponse";
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "lists acl policies by name")
+ private String aclPolicyName;
+
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "list the acl policy by the id provided", entityType = AclPolicyResponse.class)
+ private Long id;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+ public String getAclPolicyName() {
+ return aclPolicyName;
+ }
+
+
+ public Long getId(){
+ return id;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+ @Override
+ public void execute(){
+
+ ListResponse<AclPolicyResponse> response = _queryService.listAclPolicies(id, aclPolicyName, getDomainId(),
+ getStartIndex(), getPageSizeVal());
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclPolicy;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/api/src/org/apache/cloudstack/api/command/admin/acl/ListAclRolesCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/ListAclRolesCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/ListAclRolesCmd.java
deleted file mode 100644
index e9ebf78..0000000
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/ListAclRolesCmd.java
+++ /dev/null
@@ -1,82 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.admin.acl;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.response.AclRoleResponse;
-import org.apache.cloudstack.api.response.ListResponse;
-
-
-@APICommand(name = "listAclRoles", description = "Lists acl roles", responseObject = AclRoleResponse.class)
-public class ListAclRolesCmd extends BaseListDomainResourcesCmd {
- public static final Logger s_logger = Logger.getLogger(ListAclRolesCmd.class.getName());
-
- private static final String s_name = "listaclrolesresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
- @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "lists acl roles by name")
- private String aclRoleName;
-
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "list the acl role by the id provided", entityType = AclRoleResponse.class)
- private Long id;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
- public String getAclRoleName() {
- return aclRoleName;
- }
-
-
- public Long getId(){
- return id;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
- @Override
- public void execute(){
-
- ListResponse<AclRoleResponse> response = _queryService.listAclRoles(id, aclRoleName, getDomainId(),
- getStartIndex(), getPageSizeVal());
- response.setResponseName(getCommandName());
- setResponseObject(response);
-
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclRole;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclPermissionFromAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclPermissionFromAclPolicyCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclPermissionFromAclPolicyCmd.java
new file mode 100644
index 0000000..84d3530
--- /dev/null
+++ b/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclPermissionFromAclPolicyCmd.java
@@ -0,0 +1,141 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.admin.acl;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.AclPolicy;
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.AclPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "removeAclPermissionFromAclPolicy", description = "Remove acl permission from an acl policy", responseObject = AclPolicyResponse.class)
+public class RemoveAclPermissionFromAclPolicyCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(RemoveAclPermissionFromAclPolicyCmd.class.getName());
+ private static final String s_name = "removeaclpermissionfromaclpolicyresponse";
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
+ required = true, description = "The ID of the acl policy")
+ private Long id;
+
+ @Parameter(name = ApiConstants.ACL_ACTION, type = CommandType.STRING, required = true, description = "action api name.")
+ private String action;
+
+ @Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = false, description = "entity class simple name.")
+ private String entityType;
+
+ @Parameter(name = ApiConstants.ACL_SCOPE, type = CommandType.STRING,
+ required = false, description = "acl permission scope")
+ private String scope;
+
+ @Parameter(name = ApiConstants.ACL_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
+ private Long scopeId;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public String getAction() {
+ return action;
+ }
+
+ public String getEntityType() {
+ return entityType;
+ }
+
+ public String getScope() {
+ return scope;
+ }
+
+ public Long getScopeId() {
+ return scopeId;
+ }
+
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("Acl policy Id: " + getId());
+ AclPolicy result = _aclService.removeAclPermissionFromAclPolicy(id, entityType, PermissionScope.valueOf(scope), scopeId, action);
+ if (result != null) {
+ AclPolicyResponse response = _responseGenerator.createAclPolicyResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove permission from acl policy " + getId());
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_POLICY_REVOKE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "removing permission from acl policy";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclPolicy;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclPolicyFromAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclPolicyFromAclGroupCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclPolicyFromAclGroupCmd.java
new file mode 100644
index 0000000..4b92a1e
--- /dev/null
+++ b/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclPolicyFromAclGroupCmd.java
@@ -0,0 +1,121 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.admin.acl;
+
+import java.util.List;
+
+import org.apache.log4j.Logger;
+
+import org.apache.cloudstack.acl.AclGroup;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandJobType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.AclGroupResponse;
+import org.apache.cloudstack.api.response.AclPolicyResponse;
+import org.apache.cloudstack.context.CallContext;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+
+@APICommand(name = "removeAclPolicyFromAclGroup", description = "remove acl policy from an acl group", responseObject = AclGroupResponse.class)
+public class RemoveAclPolicyFromAclGroupCmd extends BaseAsyncCmd {
+ public static final Logger s_logger = Logger.getLogger(RemoveAclPolicyFromAclGroupCmd.class.getName());
+ private static final String s_name = "removeaclpolicyfromaclgroupresponse";
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+
+ @ACL
+ @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
+ required = true, description = "The ID of the acl group")
+ private Long id;
+
+ @ACL
+ @Parameter(name = ApiConstants.ACL_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.")
+ private List<Long> policyIdList;
+
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+
+ public Long getId() {
+ return id;
+ }
+
+
+ public List<Long> getRoleIdList() {
+ return policyIdList;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+
+ @Override
+ public String getCommandName() {
+ return s_name;
+ }
+
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
+ }
+
+ @Override
+ public void execute() throws ResourceUnavailableException,
+ InsufficientCapacityException, ServerApiException {
+ CallContext.current().setEventDetails("Acl group Id: " + getId());
+ AclGroup result = _aclService.removeAclPoliciesFromGroup(policyIdList, id);
+ if (result != null){
+ AclGroupResponse response = _responseGenerator.createAclGroupResponse(result);
+ response.setResponseName(getCommandName());
+ setResponseObject(response);
+ } else {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to acl group");
+ }
+ }
+
+ @Override
+ public String getEventType() {
+ return EventTypes.EVENT_ACL_GROUP_UPDATE;
+ }
+
+ @Override
+ public String getEventDescription() {
+ return "removing acl roles from acl group";
+ }
+
+ @Override
+ public ApiCommandJobType getInstanceType() {
+ return ApiCommandJobType.AclGroup;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclRoleFromAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclRoleFromAclGroupCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclRoleFromAclGroupCmd.java
deleted file mode 100644
index b06bb46..0000000
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclRoleFromAclGroupCmd.java
+++ /dev/null
@@ -1,121 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.admin.acl;
-
-import java.util.List;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.AclGroup;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AclGroupResponse;
-import org.apache.cloudstack.api.response.AclRoleResponse;
-import org.apache.cloudstack.context.CallContext;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "removeAclRoleFromAclGroup", description = "remove acl role to an acl group", responseObject = AclGroupResponse.class)
-public class RemoveAclRoleFromAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(RemoveAclRoleFromAclGroupCmd.class.getName());
- private static final String s_name = "removeaclroletoaclgroupresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACL_ROLES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclRoleResponse.class, description = "comma separated list of acl role id that are going to be applied to the acl group.")
- private List<Long> roleIdList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<Long> getRoleIdList() {
- return roleIdList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclService.removeAclRolesFromGroup(roleIdList, id);
- if (result != null){
- AclGroupResponse response = _responseGenerator.createAclGroupResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_UPDATE;
- }
-
- @Override
- public String getEventDescription() {
- return "removing acl roles from acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}