You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by mc...@apache.org on 2013/10/08 01:09:43 UTC
[1/3] git commit: updated refs/heads/rbac to b87b9e5
Updated Branches:
refs/heads/rbac 579806440 -> b87b9e5c6
Populate acl_group_account_map table in creating an account.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/7342c97f
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/7342c97f
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/7342c97f
Branch: refs/heads/rbac
Commit: 7342c97fa905555502c163115f015e09fd6d44e7
Parents: ddd4f80
Author: Min Chen <mi...@citrix.com>
Authored: Mon Oct 7 13:20:49 2013 -0700
Committer: Min Chen <mi...@citrix.com>
Committed: Mon Oct 7 13:20:49 2013 -0700
----------------------------------------------------------------------
server/src/com/cloud/user/AccountManagerImpl.java | 10 ++++++++++
1 file changed, 10 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/7342c97f/server/src/com/cloud/user/AccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
index 270ab79..de528f1 100755
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -599,6 +599,9 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
//delete the account from project accounts
_projectAccountDao.removeAccountFromProjects(accountId);
+ //delete the account from group
+ _aclGroupAccountDao.removeAccountFromGroups(accountId);
+
// delete all vm groups belonging to accont
List<InstanceGroupVO> groups = _vmGroupDao.listByAccountId(accountId);
for (InstanceGroupVO group : groups) {
@@ -943,6 +946,13 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
String registrationToken = UUID.nameUUIDFromBytes(bytes).toString();
user.setRegistrationToken(registrationToken);
}
+
+ // create correct account and group association based on accountType
+ if (accountType != Account.ACCOUNT_TYPE_PROJECT) {
+ AclGroupAccountMapVO grpAcct = new AclGroupAccountMapVO(accountType + 1, accountId);
+ _aclGroupAccountDao.persist(grpAcct);
+ }
+
txn.commit();
CallContext.current().putContextParameter(Account.class, account.getUuid());
[2/3] git commit: updated refs/heads/rbac to b87b9e5
Posted by mc...@apache.org.
Merge branch 'rbac' of https://git-wip-us.apache.org/repos/asf/cloudstack into rbac
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/4499a7bf
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/4499a7bf
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/4499a7bf
Branch: refs/heads/rbac
Commit: 4499a7bfa0a62128e2a3517bec5f788514e9cc78
Parents: 7342c97 5798064
Author: Min Chen <mi...@citrix.com>
Authored: Mon Oct 7 14:32:29 2013 -0700
Committer: Min Chen <mi...@citrix.com>
Committed: Mon Oct 7 14:32:29 2013 -0700
----------------------------------------------------------------------
.../cloudstack/acl/AclEntityPermission.java | 2 +
.../cloudstack/acl/AclRolePermission.java | 31 ++++++
.../cloudstack/acl/AclEntityPermissionVO.java | 17 +++-
.../cloudstack/acl/AclRolePermissionVO.java | 99 ++++++++++++++++++++
.../acl/dao/AclRolePermissionDao.java | 28 ++++++
.../acl/dao/AclRolePermissionDaoImpl.java | 62 ++++++++++++
.../acl/api/RoleBasedAPIAccessChecker.java | 11 +--
.../entity/RoleBasedEntityAccessChecker.java | 78 +++++++++++++++
.../apache/cloudstack/acl/AclServiceImpl.java | 55 ++++++++++-
setup/db/db/schema-420to430.sql | 12 ++-
10 files changed, 377 insertions(+), 18 deletions(-)
----------------------------------------------------------------------
[3/3] git commit: updated refs/heads/rbac to b87b9e5
Posted by mc...@apache.org.
Add Scope to acl_role_permission, remove parent_role_id from acl_role
table, and create PermissionScope and AclEntityType enum types.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/b87b9e5c
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/b87b9e5c
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/b87b9e5c
Branch: refs/heads/rbac
Commit: b87b9e5c6499adcca48fe869f285f1183379bd3c
Parents: 4499a7b
Author: Min Chen <mi...@citrix.com>
Authored: Mon Oct 7 16:09:26 2013 -0700
Committer: Min Chen <mi...@citrix.com>
Committed: Mon Oct 7 16:09:26 2013 -0700
----------------------------------------------------------------------
.../apache/cloudstack/acl/AclEntityType.java | 6 ++++
api/src/org/apache/cloudstack/acl/AclRole.java | 2 +-
.../apache/cloudstack/acl/PermissionScope.java | 7 +++++
.../apache/cloudstack/acl/SecurityChecker.java | 2 +-
.../api/response/AclRoleResponse.java | 15 ----------
client/tomcatconf/applicationContext.xml.in | 1 +
.../org/apache/cloudstack/acl/AclRoleVO.java | 11 -------
.../acl/dao/AclRolePermissionDao.java | 4 +++
.../acl/dao/AclRolePermissionDaoImpl.java | 9 ++++++
.../cloud/api/query/dao/AclRoleJoinDaoImpl.java | 2 --
.../com/cloud/api/query/vo/AclRoleJoinVO.java | 21 --------------
.../apache/cloudstack/acl/AclServiceImpl.java | 21 ++++++++++++--
setup/db/db/schema-420to430.sql | 30 ++++++++++++++------
13 files changed, 69 insertions(+), 62 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b87b9e5c/api/src/org/apache/cloudstack/acl/AclEntityType.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/AclEntityType.java b/api/src/org/apache/cloudstack/acl/AclEntityType.java
new file mode 100644
index 0000000..1ce3a70
--- /dev/null
+++ b/api/src/org/apache/cloudstack/acl/AclEntityType.java
@@ -0,0 +1,6 @@
+package org.apache.cloudstack.acl;
+
+public enum AclEntityType {
+ // currently supported entity, to be added one by one after we support acl on the entity
+ VM;
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b87b9e5c/api/src/org/apache/cloudstack/acl/AclRole.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/AclRole.java b/api/src/org/apache/cloudstack/acl/AclRole.java
index 0aaed71..3324879 100644
--- a/api/src/org/apache/cloudstack/acl/AclRole.java
+++ b/api/src/org/apache/cloudstack/acl/AclRole.java
@@ -27,5 +27,5 @@ public interface AclRole extends PartOf, InternalIdentity, Identity {
String getDescription();
- Long getParentRoleId();
+ // Long getParentRoleId();
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b87b9e5c/api/src/org/apache/cloudstack/acl/PermissionScope.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/PermissionScope.java b/api/src/org/apache/cloudstack/acl/PermissionScope.java
new file mode 100644
index 0000000..f33e4c3
--- /dev/null
+++ b/api/src/org/apache/cloudstack/acl/PermissionScope.java
@@ -0,0 +1,7 @@
+package org.apache.cloudstack.acl;
+
+public enum PermissionScope {
+ ACCOUNT,
+ DOMAIN,
+ REGION;
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b87b9e5c/api/src/org/apache/cloudstack/acl/SecurityChecker.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/SecurityChecker.java b/api/src/org/apache/cloudstack/acl/SecurityChecker.java
index 9943f6b..4348255 100644
--- a/api/src/org/apache/cloudstack/acl/SecurityChecker.java
+++ b/api/src/org/apache/cloudstack/acl/SecurityChecker.java
@@ -36,7 +36,7 @@ public interface SecurityChecker extends Adapter {
ModifyProject,
UseNetwork,
DeleteEntry,
- OperationOnEntry
+ OperateEntry
}
/**
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b87b9e5c/api/src/org/apache/cloudstack/api/response/AclRoleResponse.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/response/AclRoleResponse.java b/api/src/org/apache/cloudstack/api/response/AclRoleResponse.java
index 68a9a59..2056d35 100644
--- a/api/src/org/apache/cloudstack/api/response/AclRoleResponse.java
+++ b/api/src/org/apache/cloudstack/api/response/AclRoleResponse.java
@@ -44,14 +44,6 @@ public class AclRoleResponse extends BaseResponse {
@Param(description = "the description of the acl role")
private String description;
- @SerializedName(ApiConstants.ACL_PARENT_ROLE_ID)
- @Param(description = "parent role id that this acl role is inherited from ")
- private String parentRoleId;
-
- @SerializedName(ApiConstants.ACL_PARENT_ROLE_NAME)
- @Param(description = "parent role name that this acl role is inherited from ")
- private String parentRoleName;
-
@SerializedName(ApiConstants.DOMAIN_ID)
@Param(description = "the domain ID of the acl role")
private String domainId;
@@ -91,13 +83,6 @@ public class AclRoleResponse extends BaseResponse {
this.description = description;
}
- public void setParentRoleId(String parentId) {
- parentRoleId = parentId;
- }
-
- public void setParentRoleName(String parentRoleName) {
- this.parentRoleName = parentRoleName;
- }
public void setDomainId(String domainId) {
this.domainId = domainId;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b87b9e5c/client/tomcatconf/applicationContext.xml.in
----------------------------------------------------------------------
diff --git a/client/tomcatconf/applicationContext.xml.in b/client/tomcatconf/applicationContext.xml.in
index e88bc72..1095e0a 100644
--- a/client/tomcatconf/applicationContext.xml.in
+++ b/client/tomcatconf/applicationContext.xml.in
@@ -377,6 +377,7 @@
<bean id="AclGroupRoleMapDaoImpl" class="org.apache.cloudstack.acl.dao.AclGroupRoleMapDaoImpl"/>
<bean id="AclApiPermissionDaoImpl" class="org.apache.cloudstack.acl.dao.AclApiPermissionDaoImpl"/>
<bean id="AclEntityPermissionDaoImpl" class="org.apache.cloudstack.acl.dao.AclEntityPermissionDaoImpl"/>
+ <bean id="AclRolePermissionDaoImpl" class="org.apache.cloudstack.acl.dao.AclRolePermissionDaoImpl"/>
<bean id="AclServiceImpl" class="org.apache.cloudstack.acl.AclServiceImpl"/>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b87b9e5c/engine/schema/src/org/apache/cloudstack/acl/AclRoleVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/AclRoleVO.java b/engine/schema/src/org/apache/cloudstack/acl/AclRoleVO.java
index 34ff57c..767fdfe 100644
--- a/engine/schema/src/org/apache/cloudstack/acl/AclRoleVO.java
+++ b/engine/schema/src/org/apache/cloudstack/acl/AclRoleVO.java
@@ -45,8 +45,6 @@ public class AclRoleVO implements AclRole {
@Column(name = "uuid")
private String uuid;
- @Column(name = "parent_role_id")
- private Long parentRoleId;
@Column(name = "domain_id")
private long domainId;
@@ -101,15 +99,6 @@ public class AclRoleVO implements AclRole {
}
@Override
- public Long getParentRoleId() {
- return parentRoleId;
- }
-
- public void setParentRoleId(long parentRoleId) {
- this.parentRoleId = parentRoleId;
- }
-
- @Override
public long getDomainId() {
return domainId;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b87b9e5c/engine/schema/src/org/apache/cloudstack/acl/dao/AclRolePermissionDao.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclRolePermissionDao.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclRolePermissionDao.java
index 74d491d..64da36c 100644
--- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclRolePermissionDao.java
+++ b/engine/schema/src/org/apache/cloudstack/acl/dao/AclRolePermissionDao.java
@@ -16,6 +16,8 @@
// under the License.
package org.apache.cloudstack.acl.dao;
+import java.util.List;
+
import org.apache.cloudstack.acl.AclRolePermissionVO;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
@@ -25,4 +27,6 @@ public interface AclRolePermissionDao extends GenericDao<AclRolePermissionVO, Lo
AclRolePermissionVO findByRoleAndEntity(long roleId, String entityType, AccessType accessType);
+ List<AclRolePermissionVO> findByRole(long roleId);
+
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b87b9e5c/engine/schema/src/org/apache/cloudstack/acl/dao/AclRolePermissionDaoImpl.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclRolePermissionDaoImpl.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclRolePermissionDaoImpl.java
index c7141f8..73a0aac 100644
--- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclRolePermissionDaoImpl.java
+++ b/engine/schema/src/org/apache/cloudstack/acl/dao/AclRolePermissionDaoImpl.java
@@ -16,6 +16,7 @@
// under the License.
package org.apache.cloudstack.acl.dao;
+import java.util.List;
import java.util.Map;
import javax.naming.ConfigurationException;
@@ -59,4 +60,12 @@ public class AclRolePermissionDaoImpl extends GenericDaoBase<AclRolePermissionVO
sc.setParameters("accessType", accessType);
return findOneBy(sc);
}
+
+ @Override
+ public List<AclRolePermissionVO> findByRole(long roleId) {
+ SearchCriteria<AclRolePermissionVO> sc = findByRoleEntity.create();
+ sc.setParameters("roleId", roleId);
+ return listBy(sc);
+ }
+
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b87b9e5c/server/src/com/cloud/api/query/dao/AclRoleJoinDaoImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/dao/AclRoleJoinDaoImpl.java b/server/src/com/cloud/api/query/dao/AclRoleJoinDaoImpl.java
index a5a3cb8..416cb0f 100644
--- a/server/src/com/cloud/api/query/dao/AclRoleJoinDaoImpl.java
+++ b/server/src/com/cloud/api/query/dao/AclRoleJoinDaoImpl.java
@@ -70,8 +70,6 @@ public class AclRoleJoinDaoImpl extends GenericDaoBase<AclRoleJoinVO, Long> impl
response.setId(role.getUuid());
response.setName(role.getName());
response.setDescription(role.getDescription());
- response.setParentRoleId(role.getParentRoleUuid());
- response.setParentRoleName(role.getParentRoleName());
response.setDomainId(role.getDomainUuid());
response.setDomainName(role.getName());
if (role.getApiName() != null) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b87b9e5c/server/src/com/cloud/api/query/vo/AclRoleJoinVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/vo/AclRoleJoinVO.java b/server/src/com/cloud/api/query/vo/AclRoleJoinVO.java
index 5289584..97809ef 100644
--- a/server/src/com/cloud/api/query/vo/AclRoleJoinVO.java
+++ b/server/src/com/cloud/api/query/vo/AclRoleJoinVO.java
@@ -44,15 +44,6 @@ public class AclRoleJoinVO extends BaseViewVO {
@Column(name = "uuid")
private String uuid;
- @Column(name = "parent_role_id")
- private Long parentRoleId;
-
- @Column(name = "parent_role_uuid")
- private String parentRoleUuid;
-
- @Column(name = "parent_role_name")
- private String parentRoleName;
-
@Column(name = "domain_id")
private long domainId;
@@ -99,10 +90,6 @@ public class AclRoleJoinVO extends BaseViewVO {
return uuid;
}
- public Long getParentRoleId() {
- return parentRoleId;
- }
-
public long getDomainId() {
return domainId;
}
@@ -131,12 +118,4 @@ public class AclRoleJoinVO extends BaseViewVO {
return created;
}
- public String getParentRoleUuid() {
- return parentRoleUuid;
- }
-
- public String getParentRoleName() {
- return parentRoleName;
- }
-
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b87b9e5c/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
index ecff794..1ae8825 100644
--- a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
+++ b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
@@ -32,6 +32,7 @@ import org.apache.cloudstack.acl.dao.AclGroupAccountMapDao;
import org.apache.cloudstack.acl.dao.AclGroupDao;
import org.apache.cloudstack.acl.dao.AclGroupRoleMapDao;
import org.apache.cloudstack.acl.dao.AclRoleDao;
+import org.apache.cloudstack.acl.dao.AclRolePermissionDao;
import org.apache.cloudstack.api.Identity;
import org.apache.cloudstack.context.CallContext;
@@ -88,6 +89,9 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
AclApiPermissionDao _apiPermissionDao;
@Inject
+ AclRolePermissionDao _rolePermissionDao;
+
+ @Inject
AclEntityPermissionDao _entityPermissionDao;
public static HashMap<String, Class> entityClassMap = new HashMap<String, Class>();
@@ -118,14 +122,27 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
"Unable to create acl role with name " + aclRoleName
+ " already exisits for domain " + domainId);
}
+
+ Transaction txn = Transaction.currentTxn();
+ txn.start();
AclRoleVO rvo = new AclRoleVO(aclRoleName, description);
if (domainId != null) {
rvo.setDomainId(domainId);
}
+ AclRole role = _aclRoleDao.persist(rvo);
if (parentRoleId != null) {
- rvo.setParentRoleId(parentRoleId);
+ // copy parent role permissions
+ List<AclRolePermissionVO> perms = _rolePermissionDao.findByRole(parentRoleId);
+ if (perms != null) {
+ for (AclRolePermissionVO perm : perms) {
+ perm.setAclRoleId(role.getId());
+ _rolePermissionDao.persist(perm);
+ }
+ }
}
- return _aclRoleDao.persist(rvo);
+ txn.commit();
+
+ return role;
}
@DB
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/b87b9e5c/setup/db/db/schema-420to430.sql
----------------------------------------------------------------------
diff --git a/setup/db/db/schema-420to430.sql b/setup/db/db/schema-420to430.sql
index ecc2049..25e0054 100644
--- a/setup/db/db/schema-420to430.sql
+++ b/setup/db/db/schema-420to430.sql
@@ -312,14 +312,12 @@ CREATE TABLE `cloud`.`acl_role` (
`name` varchar(255) NOT NULL,
`description` varchar(255) default NULL,
`uuid` varchar(40),
- `parent_role_id` bigint unsigned DEFAULT 0,
`domain_id` bigint unsigned NOT NULL,
`removed` datetime COMMENT 'date the role was removed',
`created` datetime COMMENT 'date the role was created',
PRIMARY KEY (`id`),
INDEX `i_acl_role__removed`(`removed`),
- CONSTRAINT `uc_acl_role__uuid` UNIQUE (`uuid`),
- CONSTRAINT `fk_acl_role__parent_role_id` FOREIGN KEY(`parent_role_id`) REFERENCES `acl_role` (`id`) ON DELETE CASCADE
+ CONSTRAINT `uc_acl_role__uuid` UNIQUE (`uuid`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
CREATE TABLE `cloud`.`acl_group_role_map` (
@@ -334,11 +332,12 @@ CREATE TABLE `cloud`.`acl_group_role_map` (
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-INSERT IGNORE INTO `cloud`.`acl_role` (id, name, description, uuid, domain_id, created) VALUES (1,'NORMAL', 'Domain user role', UUID(), 1, Now());
+INSERT IGNORE INTO `cloud`.`acl_role` (id, name, description, uuid, domain_id, created) VALUES (1, 'NORMAL', 'Domain user role', UUID(), 1, Now());
INSERT IGNORE INTO `cloud`.`acl_role` (id, name, description, uuid, domain_id, created) VALUES (2, 'ADMIN', 'Root admin role', UUID(), 1, Now());
INSERT IGNORE INTO `cloud`.`acl_role` (id, name, description, uuid, domain_id, created) VALUES (3, 'DOMAIN_ADMIN', 'Domain admin role', UUID(), 1, Now());
INSERT IGNORE INTO `cloud`.`acl_role` (id, name, description, uuid, domain_id, created) VALUES (4, 'RESOURCE_DOMAIN_ADMIN', 'Resource domain admin role', UUID(), 1, Now());
INSERT IGNORE INTO `cloud`.`acl_role` (id, name, description, uuid, domain_id, created) VALUES (5, 'READ_ONLY_ADMIN', 'Read only admin role', UUID(), 1, Now());
+INSERT IGNORE INTO `cloud`.`acl_role` (id, name, description, uuid, domain_id, created) VALUES (6, 'RESOURCE_OWNER', 'Resource owner role', UUID(), -1, Now());
INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, domain_id, created) VALUES (1, 'NORMAL', 'Domain user group', UUID(), 1, Now());
INSERT IGNORE INTO `cloud`.`acl_group` (id, name, description, uuid, domain_id, created) VALUES (2, 'ADMIN', 'Root admin group', UUID(), 1, Now());
@@ -375,11 +374,29 @@ CREATE TABLE `cloud`.`acl_role_permission` (
`role_id` bigint unsigned NOT NULL,
`entity_type` varchar(100) NOT NULL,
`access_type` varchar(40) NOT NULL,
+ `scope` varchar(100) NOT NULL,
`permission` int(1) unsigned NOT NULL COMMENT '1 allowed, 0 for denied',
PRIMARY KEY (`id`),
CONSTRAINT `fk_acl_role_permission___role_id` FOREIGN KEY(`role_id`) REFERENCES `acl_role` (`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+INSERT IGNORE INTO `cloud`.`acl_role_permission` (role_id, entity_type, access_type, scope, permission) VALUES (6, '*', 'CreateEntry', 'ACCOUNT', 1);
+INSERT IGNORE INTO `cloud`.`acl_role_permission` (role_id, entity_type, access_type, scope, permission) VALUES (6, '*', 'ListEntry', 'ACCOUNT', 1);
+INSERT IGNORE INTO `cloud`.`acl_role_permission` (role_id, entity_type, access_type, scope, permission) VALUES (6, '*', 'ModifyEntry', 'ACCOUNT', 1);
+INSERT IGNORE INTO `cloud`.`acl_role_permission` (role_id, entity_type, access_type, scope, permission) VALUES (6, '*', 'DeleteEntry', 'ACCOUNT', 1);
+INSERT IGNORE INTO `cloud`.`acl_role_permission` (role_id, entity_type, access_type, scope, permission) VALUES (6, '*', 'OperateEntry', 'ACCOUNT', 1);
+INSERT IGNORE INTO `cloud`.`acl_role_permission` (role_id, entity_type, access_type, scope, permission) VALUES (3, '*', 'CreateEntry', 'DOMAIN', 1);
+INSERT IGNORE INTO `cloud`.`acl_role_permission` (role_id, entity_type, access_type, scope, permission) VALUES (3, '*', 'ListEntry', 'DOMAIN', 1);
+INSERT IGNORE INTO `cloud`.`acl_role_permission` (role_id, entity_type, access_type, scope, permission) VALUES (3, '*', 'ModifyEntry', 'DOMAIN', 1);
+INSERT IGNORE INTO `cloud`.`acl_role_permission` (role_id, entity_type, access_type, scope, permission) VALUES (3, '*', 'DeleteEntry', 'DOMAIN', 1);
+INSERT IGNORE INTO `cloud`.`acl_role_permission` (role_id, entity_type, access_type, scope, permission) VALUES (3, '*', 'OperateEntry', 'DOMAIN', 1);
+INSERT IGNORE INTO `cloud`.`acl_role_permission` (role_id, entity_type, access_type, scope, permission) VALUES (1, '*', 'CreateEntry', 'REGION', 1);
+INSERT IGNORE INTO `cloud`.`acl_role_permission` (role_id, entity_type, access_type, scope, permission) VALUES (1, '*', 'ListEntry', 'REGION', 1);
+INSERT IGNORE INTO `cloud`.`acl_role_permission` (role_id, entity_type, access_type, scope, permission) VALUES (1, '*', 'ModifyEntry', 'REGION', 1);
+INSERT IGNORE INTO `cloud`.`acl_role_permission` (role_id, entity_type, access_type, scope, permission) VALUES (1, '*', 'DeleteEntry', 'REGION', 1);
+INSERT IGNORE INTO `cloud`.`acl_role_permission` (role_id, entity_type, access_type, scope, permission) VALUES (1, '*', 'OperateEntry', 'REGION', 1);
+
DROP VIEW IF EXISTS `cloud`.`acl_role_view`;
CREATE VIEW `cloud`.`acl_role_view` AS
select
@@ -387,9 +404,6 @@ CREATE VIEW `cloud`.`acl_role_view` AS
acl_role.uuid uuid,
acl_role.name name,
acl_role.description description,
- parent_role.id parent_role_id,
- parent_role.uuid parent_role_uuid,
- parent_role.name parent_role_name,
acl_role.removed removed,
acl_role.created created,
domain.id domain_id,
@@ -402,8 +416,6 @@ CREATE VIEW `cloud`.`acl_role_view` AS
inner join
`cloud`.`domain` ON acl_role.domain_id = domain.id
left join
- `cloud`.`acl_role` parent_role on parent_role.id = acl_role.parent_role_id
- left join
`cloud`.`acl_api_permission` ON acl_role.id = acl_api_permission.role_id;