You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by mc...@apache.org on 2014/01/29 03:17:26 UTC
git commit: updated refs/heads/rbac to 0063b60
Updated Branches:
refs/heads/rbac 72812cdf2 -> 0063b6070
Remove ACL permission for a particular entity when it is deleted. The
hook is currently only done for deleteTemplateCmd.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/0063b607
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/0063b607
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/0063b607
Branch: refs/heads/rbac
Commit: 0063b607019acf72a4963b77e0df692dc59beb2d
Parents: 72812cd
Author: Min Chen <mi...@citrix.com>
Authored: Tue Jan 28 18:17:01 2014 -0800
Committer: Min Chen <mi...@citrix.com>
Committed: Tue Jan 28 18:17:01 2014 -0800
----------------------------------------------------------------------
.../com/cloud/template/HypervisorTemplateAdapter.java | 8 ++++++++
.../apache/cloudstack/acl/api/AclApiServiceImpl.java | 14 ++++++++++++++
.../src/org/apache/cloudstack/iam/api/IAMService.java | 2 ++
.../apache/cloudstack/iam/server/IAMServiceImpl.java | 14 ++++++++++++++
.../iam/server/dao/AclPolicyPermissionDao.java | 3 ++-
.../iam/server/dao/AclPolicyPermissionDaoImpl.java | 14 ++++++++++++++
utils/src/com/cloud/utils/db/EntityManager.java | 2 ++
7 files changed, 56 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0063b607/server/src/com/cloud/template/HypervisorTemplateAdapter.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/template/HypervisorTemplateAdapter.java b/server/src/com/cloud/template/HypervisorTemplateAdapter.java
index deda42a..96e3fca 100755
--- a/server/src/com/cloud/template/HypervisorTemplateAdapter.java
+++ b/server/src/com/cloud/template/HypervisorTemplateAdapter.java
@@ -27,6 +27,7 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.AclEntityType;
import org.apache.cloudstack.api.command.user.iso.DeleteIsoCmd;
import org.apache.cloudstack.api.command.user.iso.RegisterIsoCmd;
import org.apache.cloudstack.api.command.user.template.DeleteTemplateCmd;
@@ -69,8 +70,10 @@ import com.cloud.storage.VMTemplateZoneVO;
import com.cloud.storage.dao.VMTemplateZoneDao;
import com.cloud.storage.download.DownloadMonitor;
import com.cloud.user.Account;
+import com.cloud.utils.Pair;
import com.cloud.utils.UriUtils;
import com.cloud.utils.db.DB;
+import com.cloud.utils.db.EntityManager;
import com.cloud.utils.exception.CloudRuntimeException;
@Local(value = TemplateAdapter.class)
@@ -399,6 +402,11 @@ public class HypervisorTemplateAdapter extends TemplateAdapterBase {
_resourceLimitMgr.recalculateResourceCount(template.getAccountId(), account.getDomainId(), ResourceType.secondary_storage.getOrdinal());
}
}
+
+ // remove its related ACL permission
+ Pair<AclEntityType, Long> tmplt = new Pair<AclEntityType, Long>(AclEntityType.VirtualMachineTemplate, template.getId());
+ _messageBus.publish(_name, EntityManager.MESSAGE_REMOVE_ENTITY_EVENT, PublishScope.LOCAL, tmplt);
+
}
return success;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0063b607/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
index 35f7d96..c3c9caa 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
@@ -75,6 +75,7 @@ import com.cloud.utils.Pair;
import com.cloud.utils.component.Manager;
import com.cloud.utils.component.ManagerBase;
import com.cloud.utils.db.DB;
+import com.cloud.utils.db.EntityManager;
@Local(value = {AclApiService.class})
public class AclApiServiceImpl extends ManagerBase implements AclApiService, Manager {
@@ -165,6 +166,19 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
}
});
+ _messageBus.subscribe(EntityManager.MESSAGE_REMOVE_ENTITY_EVENT, new MessageSubscriber() {
+ @Override
+ public void onPublishMessage(String senderAddress, String subject, Object obj) {
+ Pair<AclEntityType, Long> entity = (Pair<AclEntityType, Long>)obj;
+ if (entity != null) {
+ String entityType = entity.first().toString();
+ Long entityId = entity.second();
+ s_logger.debug("MessageBus message: delete an entity: (" + entityType + "," + entityId + "), remove its related permission");
+ _iamSrv.removeAclPermissionForEntity(entityType, entityId);
+ }
+ }
+ });
+
return super.configure(name, params);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0063b607/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
index aad982b..98aec5d 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
@@ -64,6 +64,8 @@ public interface IAMService {
AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
String action);
+ void removeAclPermissionForEntity(final String entityType, final Long entityId);
+
AclPolicy getResourceOwnerPolicy();
List<AclPolicyPermission> listPolicyPermissions(long policyId);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0063b607/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
index 0745e62..d2b173e 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
@@ -579,6 +579,20 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
return policy;
}
+ @DB
+ @Override
+ public void removeAclPermissionForEntity(final String entityType, final Long entityId) {
+ Transaction.execute(new TransactionCallbackNoReturn() {
+ @Override
+ public void doInTransactionWithoutResult(TransactionStatus status) {
+ // remove entry from acl_entity_permission table
+ List<AclPolicyPermissionVO> permitList = _policyPermissionDao.listByEntity(entityType, entityId);
+ for (AclPolicyPermissionVO permit : permitList) {
+ _policyPermissionDao.remove(permit.getId());
+ }
+ }
+ });
+ }
@DB
@Override
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0063b607/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDao.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDao.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDao.java
index 53c8983..2a49243 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDao.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDao.java
@@ -16,10 +16,10 @@
// under the License.
package org.apache.cloudstack.iam.server.dao;
import java.util.List;
+
import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
import org.apache.cloudstack.iam.server.AclPolicyPermissionVO;
-
import com.cloud.utils.db.GenericDao;
public interface AclPolicyPermissionDao extends GenericDao<AclPolicyPermissionVO, Long> {
@@ -35,4 +35,5 @@ public interface AclPolicyPermissionDao extends GenericDao<AclPolicyPermissionVO
List<AclPolicyPermissionVO> listByPolicyAccessAndEntity(long policyId, String accessType, String entityType);
+ List<AclPolicyPermissionVO> listByEntity(String entityType, Long entityId);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0063b607/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDaoImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDaoImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDaoImpl.java
index d738e00..1b26616 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDaoImpl.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/dao/AclPolicyPermissionDaoImpl.java
@@ -34,6 +34,7 @@ public class AclPolicyPermissionDaoImpl extends GenericDaoBase<AclPolicyPermissi
private SearchBuilder<AclPolicyPermissionVO> policyIdSearch;
private SearchBuilder<AclPolicyPermissionVO> fullSearch;
private SearchBuilder<AclPolicyPermissionVO> actionScopeSearch;
+ private SearchBuilder<AclPolicyPermissionVO> entitySearch;
@Override
public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
@@ -60,6 +61,11 @@ public class AclPolicyPermissionDaoImpl extends GenericDaoBase<AclPolicyPermissi
actionScopeSearch.and("permission", actionScopeSearch.entity().getPermission(), SearchCriteria.Op.EQ);
actionScopeSearch.done();
+ entitySearch = createSearchBuilder();
+ entitySearch.and("entityType", fullSearch.entity().getEntityType(), SearchCriteria.Op.EQ);
+ entitySearch.and("scopeId", fullSearch.entity().getScopeId(), SearchCriteria.Op.EQ);
+ entitySearch.done();
+
return true;
}
@@ -112,4 +118,12 @@ public class AclPolicyPermissionDaoImpl extends GenericDaoBase<AclPolicyPermissi
return listBy(sc);
}
+ @Override
+ public List<AclPolicyPermissionVO> listByEntity(String entityType, Long entityId) {
+ SearchCriteria<AclPolicyPermissionVO> sc = fullSearch.create();
+ sc.setParameters("entityType", entityType);
+ sc.setParameters("scopeId", entityId);
+ return listBy(sc);
+ }
+
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/0063b607/utils/src/com/cloud/utils/db/EntityManager.java
----------------------------------------------------------------------
diff --git a/utils/src/com/cloud/utils/db/EntityManager.java b/utils/src/com/cloud/utils/db/EntityManager.java
index 0ab19fc..aed5bcb 100644
--- a/utils/src/com/cloud/utils/db/EntityManager.java
+++ b/utils/src/com/cloud/utils/db/EntityManager.java
@@ -70,4 +70,6 @@ public interface EntityManager {
public <T> List<? extends T> list(Class<T> entityType);
public <T, K extends Serializable> void remove(Class<T> entityType, K id);
+
+ public static final String MESSAGE_REMOVE_ENTITY_EVENT = "Message.RemoveEntity.Event";
}