You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by mc...@apache.org on 2014/01/11 00:58:23 UTC
[1/2] Remove VO and DAO from cloud-engine-schema.
Updated Branches:
refs/heads/rbac 723f6c48e -> 43f0f901d
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/server/src/com/cloud/api/query/vo/AclRoleJoinVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/vo/AclRoleJoinVO.java b/server/src/com/cloud/api/query/vo/AclRoleJoinVO.java
deleted file mode 100644
index a18f034..0000000
--- a/server/src/com/cloud/api/query/vo/AclRoleJoinVO.java
+++ /dev/null
@@ -1,117 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.api.query.vo;
-
-import java.util.Date;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
-
-import com.cloud.utils.db.GenericDao;
-
-@Entity
-@Table(name = ("acl_role_view"))
-public class AclRoleJoinVO extends BaseViewVO {
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- private long id;
-
- @Column(name = "name")
- private String name;
-
- @Column(name = "description")
- private String description;
-
- @Column(name = "uuid")
- private String uuid;
-
- @Column(name = "domain_id")
- private long domainId;
-
- @Column(name = "domain_uuid")
- private String domainUuid;
-
- @Column(name = "domain_name")
- private String domainName;
-
- @Column(name = "domain_path")
- private String domainPath;
-
- @Column(name = "api_name")
- private String apiName;
-
- @Column(name = GenericDao.REMOVED_COLUMN)
- private Date removed;
-
- @Column(name = GenericDao.CREATED_COLUMN)
- private Date created;
-
- public AclRoleJoinVO() {
- }
-
- @Override
- public long getId() {
- return id;
- }
-
-
- public String getName() {
- return name;
- }
-
- public String getDescription() {
- return description;
- }
-
- public String getUuid() {
- return uuid;
- }
-
- public long getDomainId() {
- return domainId;
- }
-
- public String getDomainUuid() {
- return domainUuid;
- }
-
- public String getDomainName() {
- return domainName;
- }
-
- public String getDomainPath() {
- return domainPath;
- }
-
- public String getApiName() {
- return apiName;
- }
-
- public Date getRemoved() {
- return removed;
- }
-
- public Date getCreated() {
- return created;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/server/src/com/cloud/user/AccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
index 15d0c55..22dd4ed 100755
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -40,18 +40,12 @@ import javax.naming.ConfigurationException;
import org.apache.commons.codec.binary.Base64;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclEntityType;
-import org.apache.cloudstack.acl.AclGroupAccountMapVO;
-import org.apache.cloudstack.acl.AclPolicyPermission;
-import org.apache.cloudstack.acl.AclService;
+import org.apache.cloudstack.acl.AclProxyService;
import org.apache.cloudstack.acl.ControlledEntity;
-import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.acl.QuerySelector;
import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.acl.SecurityChecker;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.acl.dao.AclGroupAccountMapDao;
-import org.apache.cloudstack.acl.dao.AclPolicyPermissionDao;
import org.apache.cloudstack.affinity.AffinityGroup;
import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
import org.apache.cloudstack.api.command.admin.account.UpdateAccountCmd;
@@ -258,16 +252,11 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
private GlobalLoadBalancerRuleDao _gslbRuleDao;
@Inject
- private AclGroupAccountMapDao _aclGroupAccountDao;
-
- @Inject
- private AclService _aclService;
+ private AclProxyService _aclProxy;
@Inject
QuerySelector _aclQuerySelector; // we assume that there should be one type of QuerySelector adapter
- @Inject
- private AclPolicyPermissionDao _aclPolicyPermissionDao;
@Inject
public com.cloud.region.ha.GlobalLoadBalancingRulesService _gslbService;
@@ -370,9 +359,8 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
@Override
public boolean isRootAdmin(long accountId) {
- // refer to account_group_map and check if account is in Root 'Admin' group
- AclGroupAccountMapVO rootAdminGroupMember = _aclGroupAccountDao.findAccountInAdminGroup(accountId);
- if (rootAdminGroupMember != null) {
+ AccountVO acct = _accountDao.findById(accountId);
+ if (acct != null && acct.getType() == Account.ACCOUNT_TYPE_ADMIN) {
return true;
}
return false;
@@ -380,9 +368,8 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
@Override
public boolean isDomainAdmin(long accountId) {
- // refer to account_group_map and check if account is in Domain 'Admin' group
- AclGroupAccountMapVO domainAdminGroupMember = _aclGroupAccountDao.findAccountInDomainAdminGroup(accountId);
- if (domainAdminGroupMember != null) {
+ AccountVO acct = _accountDao.findById(accountId);
+ if (acct != null && acct.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) {
return true;
}
return false;
@@ -390,9 +377,8 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
@Override
public boolean isNormalUser(long accountId) {
- // refer to account_group_map and check if account is in 'User' group
- AclGroupAccountMapVO user = _aclGroupAccountDao.findAccountInUserGroup(accountId);
- if (user != null) {
+ AccountVO acct = _accountDao.findById(accountId);
+ if (acct != null && acct.getType() == Account.ACCOUNT_TYPE_NORMAL) {
return true;
}
return false;
@@ -638,7 +624,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
_projectAccountDao.removeAccountFromProjects(accountId);
//delete the account from group
- _aclGroupAccountDao.removeAccountFromGroups(accountId);
+ _aclProxy.removeAccountFromAclGroups(accountId);
// delete all vm groups belonging to accont
List<InstanceGroupVO> groups = _vmGroupDao.listByAccountId(accountId);
@@ -991,8 +977,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
// create correct account and group association based on accountType
if (accountType != Account.ACCOUNT_TYPE_PROJECT) {
- AclGroupAccountMapVO grpAcct = new AclGroupAccountMapVO(accountType + 1, accountId);
- _aclGroupAccountDao.persist(grpAcct);
+ _aclProxy.addAccountToAclGroup(accountId, accountType + 1);
}
return new Pair<Long, Account>(user.getId(), account);
@@ -2343,11 +2328,6 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
checkAccess(caller, domain);
}
- if (id != null) {
- // look for an individual entity, no other permission criteria are needed
- return;
- }
-
if (accountName != null) {
if (projectId != null) {
throw new InvalidParameterValueException("Account and projectId can't be specified together");
@@ -2365,7 +2345,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
if (userAccount != null) {
checkAccess(caller, null, false, userAccount);
- //check permissions
+ // check permissions
permittedAccounts.add(userAccount.getId());
} else {
throw new InvalidParameterValueException("could not find account " + accountName + " in domain " + domain.getUuid());
@@ -2376,7 +2356,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
if (projectId != null) {
if (!forProjectInvitation) {
if (projectId.longValue() == -1) {
- if (isNormalUser(caller.getId())) {
+ if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) {
permittedAccounts.addAll(_projectMgr.listPermittedProjectAccounts(caller.getId()));
} else {
domainIdRecursiveListProject.third(Project.ListProjectResourcesCriteria.ListProjectResourcesOnly);
@@ -2393,27 +2373,33 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
}
}
} else {
- domainIdRecursiveListProject.third(Project.ListProjectResourcesCriteria.SkipProjectResources);
- // get caller role permission on VM List
- //TODO: this method needs to pass the entity type instead of current hard-code to VM for now. Also, api action name
- // should be passed in caller context.
- AclPolicyPermission policyPerm = _aclService.getAclPolicyPermission(caller.getId(),
- AclEntityType.VirtualMachine.toString(), "listVirtualMachine");
- if (policyPerm == null) {
- // no list entry permission
- throw new PermissionDeniedException("Caller has no policy permission assigned to list VM");
- }
- if (permittedAccounts.isEmpty()) {
- // no account name is specified
- if (policyPerm.getScope() == PermissionScope.ACCOUNT || !listAll) {
- // only resource owner can see it, only match account
+ if (id == null) {
+ domainIdRecursiveListProject.third(Project.ListProjectResourcesCriteria.SkipProjectResources);
+ }
+ if (permittedAccounts.isEmpty() && domainId == null) {
+ if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) {
+ permittedAccounts.add(caller.getId());
+ } else if (!listAll) {
+ if (id == null) {
+ permittedAccounts.add(caller.getId());
+ } else if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
+ domainIdRecursiveListProject.first(caller.getDomainId());
+ domainIdRecursiveListProject.second(true);
+ }
+ } else if (domainId == null) {
+ if (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) {
+ domainIdRecursiveListProject.first(caller.getDomainId());
+ domainIdRecursiveListProject.second(true);
+ }
+ }
+ } else if (domainId != null) {
+ if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) {
permittedAccounts.add(caller.getId());
- } else if (policyPerm.getScope() == PermissionScope.DOMAIN) {
- // match domain tree based on cmd.isRecursive flag or not
- domainIdRecursiveListProject.first(caller.getDomainId());
}
}
+
}
+
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
deleted file mode 100644
index 8ed6351..0000000
--- a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
+++ /dev/null
@@ -1,750 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-
-import javax.ejb.Local;
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.AclPolicyPermission.Permission;
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.acl.dao.AclGroupAccountMapDao;
-import org.apache.cloudstack.acl.dao.AclGroupDao;
-import org.apache.cloudstack.acl.dao.AclGroupPolicyMapDao;
-import org.apache.cloudstack.acl.dao.AclPolicyDao;
-import org.apache.cloudstack.acl.dao.AclPolicyPermissionDao;
-import org.apache.cloudstack.api.BaseListCmd;
-import org.apache.cloudstack.context.CallContext;
-
-import com.cloud.api.ApiServerService;
-import com.cloud.domain.Domain;
-import com.cloud.event.ActionEvent;
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InvalidParameterValueException;
-import com.cloud.exception.PermissionDeniedException;
-import com.cloud.storage.Snapshot;
-import com.cloud.storage.Volume;
-import com.cloud.template.VirtualMachineTemplate;
-import com.cloud.user.Account;
-import com.cloud.user.AccountManager;
-import com.cloud.user.dao.AccountDao;
-import com.cloud.uservm.UserVm;
-import com.cloud.utils.component.Manager;
-import com.cloud.utils.component.ManagerBase;
-import com.cloud.utils.db.DB;
-import com.cloud.utils.db.EntityManager;
-import com.cloud.utils.db.GenericSearchBuilder;
-import com.cloud.utils.db.JoinBuilder.JoinType;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
-import com.cloud.utils.db.SearchCriteria.Op;
-import com.cloud.utils.db.Transaction;
-import com.cloud.utils.db.TransactionCallback;
-import com.cloud.utils.db.TransactionCallbackNoReturn;
-import com.cloud.utils.db.TransactionStatus;
-
-@Local(value = {AclService.class})
-public class AclServiceImpl extends ManagerBase implements AclService, Manager {
-
- public static final Logger s_logger = Logger.getLogger(AclServiceImpl.class);
- private String _name;
-
- @Inject
- AccountManager _accountMgr;
-
- @Inject
- AccountDao _accountDao;
-
- @Inject
- AclPolicyDao _aclPolicyDao;
-
- @Inject
- AclGroupDao _aclGroupDao;
-
- @Inject
- EntityManager _entityMgr;
-
- @Inject
- AclGroupPolicyMapDao _aclGroupPolicyMapDao;
-
- @Inject
- AclGroupAccountMapDao _aclGroupAccountMapDao;
-
- // @Inject
- // AclApiPermissionDao _apiPermissionDao;
-
- @Inject
- AclPolicyPermissionDao _policyPermissionDao;
-
- @Inject
- ApiServerService _apiServer;
-
-
- public static HashMap<String, Class> entityClassMap = new HashMap<String, Class>();
-
- static {
- entityClassMap.put("VirtualMachine", UserVm.class);
- entityClassMap.put("Volume", Volume.class);
- entityClassMap.put("Template", VirtualMachineTemplate.class);
- entityClassMap.put("Snapshot", Snapshot.class);
- // To be filled in later depending on the entity permission grant scope
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_CREATE, eventDescription = "Creating Acl Group", create = true)
- public AclGroup createAclGroup(Account caller, String aclGroupName, String description) {
- Long domainId = caller.getDomainId();
-
- if (!_accountMgr.isRootAdmin(caller.getAccountId())) {
- // domain admin can only create role for his domain
- if (caller.getDomainId() != domainId.longValue()) {
- throw new PermissionDeniedException("Can't create acl group in domain " + domainId + ", permission denied");
- }
- }
- // check if the role is already existing
- AclGroup grp = _aclGroupDao.findByName(domainId, aclGroupName);
- if (grp != null) {
- throw new InvalidParameterValueException(
- "Unable to create acl group with name " + aclGroupName
- + " already exisits for domain " + domainId);
- }
- AclGroupVO rvo = new AclGroupVO(aclGroupName, description);
- rvo.setAccountId(caller.getAccountId());
- rvo.setDomainId(domainId);
-
- return _aclGroupDao.persist(rvo);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_DELETE, eventDescription = "Deleting Acl Group")
- public boolean deleteAclGroup(final Long aclGroupId) {
- Account caller = CallContext.current().getCallingAccount();
- // get the Acl Role entity
- final AclGroup grp = _aclGroupDao.findById(aclGroupId);
- if (grp == null) {
- throw new InvalidParameterValueException("Unable to find acl group: " + aclGroupId
- + "; failed to delete acl group.");
- }
- // check permissions
- _accountMgr.checkAccess(caller, null, true, grp);
-
- Transaction.execute(new TransactionCallbackNoReturn() {
- @Override
- public void doInTransactionWithoutResult(TransactionStatus status) {
- // remove this group related entry in acl_group_role_map
- List<AclGroupPolicyMapVO> groupPolicyMap = _aclGroupPolicyMapDao.listByGroupId(grp.getId());
- if (groupPolicyMap != null) {
- for (AclGroupPolicyMapVO gr : groupPolicyMap) {
- _aclGroupPolicyMapDao.remove(gr.getId());
- }
- }
-
- // remove this group related entry in acl_group_account table
- List<AclGroupAccountMapVO> groupAcctMap = _aclGroupAccountMapDao.listByGroupId(grp.getId());
- if (groupAcctMap != null) {
- for (AclGroupAccountMapVO grpAcct : groupAcctMap) {
- _aclGroupAccountMapDao.remove(grpAcct.getId());
- }
- }
-
- // remove this group from acl_group table
- _aclGroupDao.remove(aclGroupId);
- }
- });
-
- return true;
- }
-
- @Override
- public List<AclGroup> listAclGroups(long accountId) {
-
- GenericSearchBuilder<AclGroupAccountMapVO, Long> groupSB = _aclGroupAccountMapDao.createSearchBuilder(Long.class);
- groupSB.selectFields(groupSB.entity().getAclGroupId());
- groupSB.and("account", groupSB.entity().getAccountId(), Op.EQ);
- SearchCriteria<Long> groupSc = groupSB.create();
-
- List<Long> groupIds = _aclGroupAccountMapDao.customSearch(groupSc, null);
-
- SearchBuilder<AclGroupVO> sb = _aclGroupDao.createSearchBuilder();
- sb.and("ids", sb.entity().getId(), Op.IN);
- SearchCriteria<AclGroupVO> sc = sb.create();
- sc.setParameters("ids", groupIds.toArray(new Object[groupIds.size()]));
- List<AclGroupVO> groups = _aclGroupDao.search(sc, null);
-
- return new ArrayList<AclGroup>(groups);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Adding accounts to acl group")
- public AclGroup addAccountsToGroup(final List<Long> acctIds, final Long groupId) {
- final Account caller = CallContext.current().getCallingAccount();
- // get the Acl Group entity
- AclGroup group = _aclGroupDao.findById(groupId);
- if (group == null) {
- throw new InvalidParameterValueException("Unable to find acl group: " + groupId
- + "; failed to add accounts to acl group.");
- }
- // check group permissions
- _accountMgr.checkAccess(caller, null, true, group);
-
- Transaction.execute(new TransactionCallbackNoReturn() {
- @Override
- public void doInTransactionWithoutResult(TransactionStatus status) {
- // add entries in acl_group_account_map table
- for (Long acctId : acctIds) {
- // check account permissions
- Account account = _accountDao.findById(acctId);
- if (account == null) {
- throw new InvalidParameterValueException("Unable to find account: " + acctId
- + "; failed to add account to acl group.");
- }
- _accountMgr.checkAccess(caller, null, true, account);
-
- AclGroupAccountMapVO grMap = _aclGroupAccountMapDao.findByGroupAndAccount(groupId, acctId);
- if (grMap == null) {
- // not there already
- grMap = new AclGroupAccountMapVO(groupId, acctId);
- _aclGroupAccountMapDao.persist(grMap);
- }
- }
- }
- });
- return group;
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Removing accounts from acl group")
- public AclGroup removeAccountsFromGroup(final List<Long> acctIds, final Long groupId) {
- final Account caller = CallContext.current().getCallingAccount();
- // get the Acl Group entity
- AclGroup group = _aclGroupDao.findById(groupId);
- if (group == null) {
- throw new InvalidParameterValueException("Unable to find acl group: " + groupId
- + "; failed to remove accounts from acl group.");
- }
- // check group permissions
- _accountMgr.checkAccess(caller, null, true, group);
-
- Transaction.execute(new TransactionCallbackNoReturn() {
- @Override
- public void doInTransactionWithoutResult(TransactionStatus status) {
- // remove entries from acl_group_account_map table
- for (Long acctId : acctIds) {
- // check account permissions
- Account account = _accountDao.findById(acctId);
- if (account == null) {
- throw new InvalidParameterValueException("Unable to find account: " + acctId
- + "; failed to add account to acl group.");
- }
- _accountMgr.checkAccess(caller, null, true, account);
-
- AclGroupAccountMapVO grMap = _aclGroupAccountMapDao.findByGroupAndAccount(groupId, acctId);
- if (grMap != null) {
- // not removed yet
- _aclGroupAccountMapDao.remove(grMap.getId());
- }
- }
- }
- });
- return group;
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_CREATE, eventDescription = "Creating Acl Policy", create = true)
- public AclPolicy createAclPolicy(Account caller, final String aclPolicyName, final String description, final Long parentPolicyId) {
- Long domainId = caller.getDomainId();
-
- if (!_accountMgr.isRootAdmin(caller.getAccountId())) {
- // domain admin can only create role for his domain
- if (caller.getDomainId() != domainId.longValue()) {
- throw new PermissionDeniedException("Can't create acl role in domain " + domainId + ", permission denied");
- }
- }
- // check if the role is already existing
- AclPolicy ro = _aclPolicyDao.findByName(domainId, aclPolicyName);
- if (ro != null) {
- throw new InvalidParameterValueException(
- "Unable to create acl policy with name " + aclPolicyName
- + " already exisits for domain " + domainId);
- }
-
- final long account_id = caller.getAccountId();
- final long domain_id = domainId;
- AclPolicy role = Transaction.execute(new TransactionCallback<AclPolicy>() {
- @Override
- public AclPolicy doInTransaction(TransactionStatus status) {
- AclPolicyVO rvo = new AclPolicyVO(aclPolicyName, description);
- rvo.setAccountId(account_id);
- rvo.setDomainId(domain_id);
- AclPolicy role = _aclPolicyDao.persist(rvo);
- if (parentPolicyId != null) {
- // copy parent role permissions
- List<AclPolicyPermissionVO> perms = _policyPermissionDao.listByPolicy(parentPolicyId);
- if (perms != null) {
- for (AclPolicyPermissionVO perm : perms) {
- perm.setAclPolicyId(role.getId());
- _policyPermissionDao.persist(perm);
- }
- }
- }
- return role;
- }
- });
-
-
- return role;
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_DELETE, eventDescription = "Deleting Acl Policy")
- public boolean deleteAclPolicy(final long aclPolicyId) {
- Account caller = CallContext.current().getCallingAccount();
- // get the Acl Policy entity
- final AclPolicy policy = _aclPolicyDao.findById(aclPolicyId);
- if (policy == null) {
- throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
- + "; failed to delete acl policy.");
- }
- // check permissions
- _accountMgr.checkAccess(caller, null, true, policy);
-
- Transaction.execute(new TransactionCallbackNoReturn() {
- @Override
- public void doInTransactionWithoutResult(TransactionStatus status) {
- // remove this role related entry in acl_group_role_map
- List<AclGroupPolicyMapVO> groupPolicyMap = _aclGroupPolicyMapDao.listByPolicyId(policy.getId());
- if (groupPolicyMap != null) {
- for (AclGroupPolicyMapVO gr : groupPolicyMap) {
- _aclGroupPolicyMapDao.remove(gr.getId());
- }
- }
-
- // remove this policy related entry in acl_policy_permission table
- List<AclPolicyPermissionVO> policyPermMap = _policyPermissionDao.listByPolicy(policy.getId());
- if (policyPermMap != null) {
- for (AclPolicyPermissionVO policyPerm : policyPermMap) {
- _policyPermissionDao.remove(policyPerm.getId());
- }
- }
-
- // remove this role from acl_role table
- _aclPolicyDao.remove(aclPolicyId);
- }
- });
-
- return true;
- }
-
-
- @Override
- public List<AclPolicy> listAclPolicies(long accountId) {
-
- // static policies of the account
- SearchBuilder<AclGroupAccountMapVO> groupSB = _aclGroupAccountMapDao.createSearchBuilder();
- groupSB.and("account", groupSB.entity().getAccountId(), Op.EQ);
-
- GenericSearchBuilder<AclGroupPolicyMapVO, Long> policySB = _aclGroupPolicyMapDao.createSearchBuilder(Long.class);
- policySB.selectFields(policySB.entity().getAclPolicyId());
- policySB.join("accountgroupjoin", groupSB, groupSB.entity().getAclGroupId(), policySB.entity().getAclGroupId(),
- JoinType.INNER);
- policySB.done();
- SearchCriteria<Long> policySc = policySB.create();
- policySc.setJoinParameters("accountgroupjoin", "account", accountId);
-
- List<Long> policyIds = _aclGroupPolicyMapDao.customSearch(policySc, null);
-
- SearchBuilder<AclPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
- sb.and("ids", sb.entity().getId(), Op.IN);
- SearchCriteria<AclPolicyVO> sc = sb.create();
- sc.setParameters("ids", policyIds.toArray(new Object[policyIds.size()]));
- List<AclPolicyVO> policies = _aclPolicyDao.customSearch(sc, null);
-
- return new ArrayList<AclPolicy>(policies);
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Attaching policy to acl group")
- public AclGroup attachAclPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
- final Account caller = CallContext.current().getCallingAccount();
- // get the Acl Group entity
- AclGroup group = _aclGroupDao.findById(groupId);
- if (group == null) {
- throw new InvalidParameterValueException("Unable to find acl group: " + groupId
- + "; failed to add roles to acl group.");
- }
- // check group permissions
- _accountMgr.checkAccess(caller, null, true, group);
-
- Transaction.execute(new TransactionCallbackNoReturn() {
- @Override
- public void doInTransactionWithoutResult(TransactionStatus status) {
- // add entries in acl_group_policy_map table
- for (Long policyId : policyIds) {
- // check policy permissions
- AclPolicy policy = _aclPolicyDao.findById(policyId);
- if (policy == null) {
- throw new InvalidParameterValueException("Unable to find acl policy: " + policyId
- + "; failed to add policies to acl group.");
- }
- _accountMgr.checkAccess(caller, null, true, policy);
-
- AclGroupPolicyMapVO grMap = _aclGroupPolicyMapDao.findByGroupAndPolicy(groupId, policyId);
- if (grMap == null) {
- // not there already
- grMap = new AclGroupPolicyMapVO(groupId, policyId);
- _aclGroupPolicyMapDao.persist(grMap);
- }
- }
- }
- });
-
- return group;
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Removing policies from acl group")
- public AclGroup removeAclPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
- final Account caller = CallContext.current().getCallingAccount();
- // get the Acl Group entity
- AclGroup group = _aclGroupDao.findById(groupId);
- if (group == null) {
- throw new InvalidParameterValueException("Unable to find acl group: " + groupId
- + "; failed to remove roles from acl group.");
- }
- // check group permissions
- _accountMgr.checkAccess(caller, null, true, group);
-
- Transaction.execute(new TransactionCallbackNoReturn() {
- @Override
- public void doInTransactionWithoutResult(TransactionStatus status) {
- // add entries in acl_group_role_map table
- for (Long policyId : policyIds) {
- // check policy permissions
- AclPolicy policy = _aclPolicyDao.findById(policyId);
- if (policy == null) {
- throw new InvalidParameterValueException("Unable to find acl policy: " + policyId
- + "; failed to add policies to acl group.");
- }
- _accountMgr.checkAccess(caller, null, true, policy);
-
- AclGroupPolicyMapVO grMap = _aclGroupPolicyMapDao.findByGroupAndPolicy(groupId, policyId);
- if (grMap != null) {
- // not removed yet
- _aclGroupPolicyMapDao.remove(grMap.getId());
- }
- }
- }
- });
- return group;
- }
-
- /*
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_GRANT, eventDescription = "Granting permission to Acl Role")
- public AclP addAclPermissionToAclPolicy(final long aclRoleId, final List<String> apiNames) {
- Account caller = CallContext.current().getCallingAccount();
- // get the Acl Role entity
- AclRole role = _aclPolicyDao.findById(aclRoleId);
- if (role == null) {
- throw new InvalidParameterValueException("Unable to find acl role: " + aclRoleId
- + "; failed to grant permission to role.");
- }
- // check permissions
- _accountMgr.checkAccess(caller, null, true, role);
-
- Transaction.execute(new TransactionCallbackNoReturn() {
- @Override
- public void doInTransactionWithoutResult(TransactionStatus status) {
- // add entries in acl_api_permission table
- for (String api : apiNames) {
- AclApiPermissionVO perm = _apiPermissionDao.findByRoleAndApi(aclRoleId, api);
- if (perm == null) {
- // not there already
- perm = new AclApiPermissionVO(aclRoleId, api);
- _apiPermissionDao.persist(perm);
- }
- }
- }
- });
-
- return role;
-
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_REVOKE, eventDescription = "Revoking permission from Acl Role")
- public AclRole revokeApiPermissionFromAclRole(final long aclRoleId, final List<String> apiNames) {
- Account caller = CallContext.current().getCallingAccount();
- // get the Acl Role entity
- AclRole role = _aclPolicyDao.findById(aclRoleId);
- if (role == null) {
- throw new InvalidParameterValueException("Unable to find acl role: " + aclRoleId
- + "; failed to revoke permission from role.");
- }
- // check permissions
- _accountMgr.checkAccess(caller, null, true, role);
-
- Transaction.execute(new TransactionCallbackNoReturn() {
- @Override
- public void doInTransactionWithoutResult(TransactionStatus status) {
- // remove entries from acl_api_permission table
- for (String api : apiNames) {
- AclApiPermissionVO perm = _apiPermissionDao.findByRoleAndApi(aclRoleId, api);
- if (perm != null) {
- // not removed yet
- _apiPermissionDao.remove(perm.getId());
- }
- }
- }
- });
- return role;
- }
- */
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_GRANT, eventDescription = "Granting acl permission to Acl Policy")
- public AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId, String action, Permission perm) {
- Account caller = CallContext.current().getCallingAccount();
- // get the Acl Policy entity
- AclPolicy policy = _aclPolicyDao.findById(aclPolicyId);
- if (policy == null) {
- throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
- + "; failed to add permission to policy.");
- }
- // check permissions
- _accountMgr.checkAccess(caller, null, true, policy);
-
- // get the entity and check permission
- Class entityClass = entityClassMap.get(entityType);
- if (entityClass == null) {
- throw new InvalidParameterValueException("Entity type " + entityType + " permission granting is not supported yet");
- }
- if (scope == PermissionScope.RESOURCE && scopeId != null) {
- ControlledEntity entity = (ControlledEntity)_entityMgr.findById(entityClass, scopeId);
- if (entity == null) {
- throw new InvalidParameterValueException("Unable to find entity " + entityType + " by id: " + scopeId);
- }
- _accountMgr.checkAccess(caller, null, true, entity);
- }
-
- // add entry in acl_policy_permission table
- AclPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, perm);
- if (permit == null) {
- // not there already
- Class<?> cmdClass = _apiServer.getCmdClass(action);
- AccessType accessType = null;
- if (BaseListCmd.class.isAssignableFrom(cmdClass)) {
- accessType = AccessType.ListEntry;
- }
- permit = new AclPolicyPermissionVO(aclPolicyId, action, entityType, accessType,
- scope, scopeId, perm);
- _policyPermissionDao.persist(permit);
- }
- return policy;
-
- }
-
- @DB
- @Override
- @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_REVOKE, eventDescription = "Revoking acl permission from Acl Policy")
- public AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId, String action) {
- Account caller = CallContext.current().getCallingAccount();
- // get the Acl Policy entity
- AclPolicy policy = _aclPolicyDao.findById(aclPolicyId);
- if (policy == null) {
- throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
- + "; failed to revoke permission from policy.");
- }
- // check permissions
- _accountMgr.checkAccess(caller, null, true, policy);
-
- // get the entity and check permission
- Class entityClass = entityClassMap.get(entityType);
- if (entityClass == null) {
- throw new InvalidParameterValueException("Entity type " + entityType + " permission revoke is not supported yet");
- }
- if (scope == PermissionScope.RESOURCE && scopeId != null) {
- ControlledEntity entity = (ControlledEntity)_entityMgr.findById(entityClass, scopeId);
- if (entity == null) {
- throw new InvalidParameterValueException("Unable to find entity " + entityType + " by id: " + scopeId);
- }
- _accountMgr.checkAccess(caller, null, true, entity);
- }
-
- // remove entry from acl_entity_permission table
- AclPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, null);
- if (permit != null) {
- // not removed yet
- _policyPermissionDao.remove(permit.getId());
- }
- return policy;
- }
-
-
-
- @Override
- public AclPolicyPermission getAclPolicyPermission(long accountId, String entityType, String action) {
- List<AclPolicy> roles = listAclPolicies(accountId);
- AclPolicyPermission curPerm = null;
- for (AclPolicy role : roles) {
- AclPolicyPermissionVO perm = _policyPermissionDao.findByPolicyAndEntity(role.getId(), entityType, null, null, action, Permission.Allow);
- if (perm == null)
- continue;
- if (curPerm == null) {
- curPerm = perm;
- } else if (perm.getScope().greaterThan(curPerm.getScope())) {
- // pick the more relaxed allowed permission
- curPerm = perm;
- }
- }
-
- return curPerm;
- }
-
-
-
- @Override
- public boolean isAPIAccessibleForPolicies(String apiName, List<AclPolicy> policies) {
-
- boolean accessible = false;
-
- List<Long> policyIds = new ArrayList<Long>();
- for (AclPolicy policy : policies) {
- policyIds.add(policy.getId());
- }
-
- SearchBuilder<AclPolicyPermissionVO> sb = _policyPermissionDao.createSearchBuilder();
- sb.and("action", sb.entity().getAction(), Op.EQ);
- sb.and("policyId", sb.entity().getAclPolicyId(), Op.IN);
-
- SearchCriteria<AclPolicyPermissionVO> sc = sb.create();
- sc.setParameters("policyId", policyIds.toArray(new Object[policyIds.size()]));
-
- List<AclPolicyPermissionVO> permissions = _policyPermissionDao.customSearch(sc, null);
-
- if (permissions != null && !permissions.isEmpty()) {
- accessible = true;
- }
-
- return accessible;
- }
-
- @Override
- public List<AclPolicy> getEffectivePolicies(Account caller, ControlledEntity entity) {
-
- // Get the static Policies of the Caller
- List<AclPolicy> policies = listAclPolicies(caller.getId());
-
- // add any dynamic policies w.r.t the entity
- if (caller.getId() == entity.getAccountId()) {
- // The caller owns the entity
- AclPolicy owner = _aclPolicyDao.findByName(Domain.ROOT_DOMAIN, "RESOURCE_OWNER");
- policies.add(owner);
- }
-
- return policies;
- }
-
- @Override
- public List<Long> getGrantedDomains(long accountId, String action) {
- // Get the static Policies of the Caller
- List<AclPolicy> policies = listAclPolicies(accountId);
- // for each policy, find granted permission with Domain scope
- List<Long> domainIds = new ArrayList<Long>();
- for (AclPolicy policy : policies) {
- List<AclPolicyPermissionVO> pp = _policyPermissionDao.listGrantedByActionAndScope(policy.getId(), action, PermissionScope.DOMAIN);
- if (pp != null) {
- for (AclPolicyPermissionVO p : pp) {
- if (p.getScopeId() != null) {
- domainIds.add(p.getScopeId());
- }
- }
- }
- }
- return domainIds;
- }
-
- @Override
- public List<Long> getGrantedAccounts(long accountId, String action) {
- // Get the static Policies of the Caller
- List<AclPolicy> policies = listAclPolicies(accountId);
- // for each policy, find granted permission with Account scope
- List<Long> accountIds = new ArrayList<Long>();
- for (AclPolicy policy : policies) {
- List<AclPolicyPermissionVO> pp = _policyPermissionDao.listGrantedByActionAndScope(policy.getId(), action, PermissionScope.ACCOUNT);
- if (pp != null) {
- for (AclPolicyPermissionVO p : pp) {
- if (p.getScopeId() != null) {
- accountIds.add(p.getScopeId());
- }
- }
- }
- }
- return accountIds;
- }
-
- @Override
- public List<Long> getGrantedResources(long accountId, String action) {
- // Get the static Policies of the Caller
- List<AclPolicy> policies = listAclPolicies(accountId);
- // for each policy, find granted permission with Resource scope
- List<Long> entityIds = new ArrayList<Long>();
- for (AclPolicy policy : policies) {
- List<AclPolicyPermissionVO> pp = _policyPermissionDao.listGrantedByActionAndScope(policy.getId(), action, PermissionScope.RESOURCE);
- if (pp != null) {
- for (AclPolicyPermissionVO p : pp) {
- if (p.getScopeId() != null) {
- entityIds.add(p.getScopeId());
- }
- }
- }
- }
- return entityIds;
- }
-
- @Override
- public boolean isGrantedAll(long accountId, String action) {
- // Get the static Policies of the Caller
- List<AclPolicy> policies = listAclPolicies(accountId);
- // for each policy, find granted permission with Domain scope
- List<Long> domainIds = new ArrayList<Long>();
- for (AclPolicy policy : policies) {
- List<AclPolicyPermissionVO> pp = _policyPermissionDao.listGrantedByActionAndScope(policy.getId(), action, PermissionScope.ALL);
- if (pp != null && pp.size() > 0) {
- return true;
- }
- }
- return false;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
index 8a1d70f..a6c69cc 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
@@ -129,6 +129,25 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
return _iamSrv.addAccountsToGroup(acctIds, groupId);
}
+ @Override
+ public void removeAccountFromAclGroups(long accountId) {
+ List<AclGroup> groups = listAclGroups(accountId);
+ List<Long> accts = new ArrayList<Long>();
+ accts.add(accountId);
+ if (groups != null) {
+ for (AclGroup grp : groups) {
+ removeAccountsFromGroup(accts, grp.getId());
+ }
+ }
+ }
+
+ @Override
+ public void addAccountToAclGroup(long accountId, long groupId) {
+ List<Long> accts = new ArrayList<Long>();
+ accts.add(accountId);
+ addAccountsToGroup(accts, groupId);
+ }
+
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Removing accounts from acl group")
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclGroupResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclGroupResponse.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclGroupResponse.java
index 14f7fd2..5df715c 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclGroupResponse.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclGroupResponse.java
@@ -21,11 +21,11 @@ import java.util.Set;
import com.google.gson.annotations.SerializedName;
-import org.apache.cloudstack.acl.AclGroup;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseResponse;
import org.apache.cloudstack.api.EntityReference;
import org.apache.cloudstack.api.response.ControlledViewEntityResponse;
+import org.apache.cloudstack.iam.api.AclGroup;
import com.cloud.serializer.Param;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclPolicyResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclPolicyResponse.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclPolicyResponse.java
index 83014ac..a934f3b 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclPolicyResponse.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclPolicyResponse.java
@@ -21,11 +21,11 @@ import java.util.Set;
import com.google.gson.annotations.SerializedName;
-import org.apache.cloudstack.acl.AclPolicy;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseResponse;
import org.apache.cloudstack.api.EntityReference;
import org.apache.cloudstack.api.response.ControlledViewEntityResponse;
+import org.apache.cloudstack.iam.api.AclPolicy;
import com.cloud.serializer.Param;
[2/2] git commit: updated refs/heads/rbac to 43f0f90
Posted by mc...@apache.org.
Remove VO and DAO from cloud-engine-schema.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/43f0f901
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/43f0f901
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/43f0f901
Branch: refs/heads/rbac
Commit: 43f0f901dd2cc91a977437999e151378c7875354
Parents: 723f6c4
Author: Min Chen <mi...@citrix.com>
Authored: Fri Jan 10 15:56:22 2014 -0800
Committer: Min Chen <mi...@citrix.com>
Committed: Fri Jan 10 15:57:39 2014 -0800
----------------------------------------------------------------------
.../apache/cloudstack/acl/AclApiPermission.java | 11 -
.../cloudstack/acl/AclEntityPermission.java | 17 -
api/src/org/apache/cloudstack/acl/AclGroup.java | 27 -
.../org/apache/cloudstack/acl/AclPolicy.java | 31 -
.../cloudstack/acl/AclPolicyPermission.java | 52 --
.../apache/cloudstack/acl/AclProxyService.java | 4 +
api/src/org/apache/cloudstack/acl/AclRole.java | 35 -
.../cloudstack/acl/AclRolePermission.java | 34 -
.../org/apache/cloudstack/acl/AclService.java | 68 --
api/src/org/apache/cloudstack/acl/Role.java | 33 -
api/src/org/apache/cloudstack/api/BaseCmd.java | 3 -
.../cloudstack/acl/AclApiPermissionVO.java | 75 --
.../cloudstack/acl/AclGroupAccountMapVO.java | 81 --
.../cloudstack/acl/AclGroupPolicyMapVO.java | 81 --
.../org/apache/cloudstack/acl/AclGroupVO.java | 124 ---
.../cloudstack/acl/AclPolicyPermissionVO.java | 178 -----
.../org/apache/cloudstack/acl/AclPolicyVO.java | 141 ----
.../cloudstack/acl/dao/AclApiPermissionDao.java | 31 -
.../acl/dao/AclApiPermissionDaoImpl.java | 68 --
.../acl/dao/AclGroupAccountMapDao.java | 40 -
.../acl/dao/AclGroupAccountMapDaoImpl.java | 119 ---
.../apache/cloudstack/acl/dao/AclGroupDao.java | 28 -
.../cloudstack/acl/dao/AclGroupDaoImpl.java | 59 --
.../acl/dao/AclGroupPolicyMapDao.java | 17 -
.../acl/dao/AclGroupPolicyMapDaoImpl.java | 61 --
.../apache/cloudstack/acl/dao/AclPolicyDao.java | 28 -
.../cloudstack/acl/dao/AclPolicyDaoImpl.java | 59 --
.../acl/dao/AclPolicyPermissionDao.java | 41 -
.../acl/dao/AclPolicyPermissionDaoImpl.java | 116 ---
server/src/com/cloud/api/ApiServer.java | 11 -
.../com/cloud/api/query/vo/AclGroupJoinVO.java | 214 ------
.../com/cloud/api/query/vo/AclPolicyJoinVO.java | 218 ------
.../com/cloud/api/query/vo/AclRoleJoinVO.java | 117 ---
.../src/com/cloud/user/AccountManagerImpl.java | 84 +--
.../apache/cloudstack/acl/AclServiceImpl.java | 750 -------------------
.../cloudstack/acl/api/AclApiServiceImpl.java | 19 +
.../acl/api/response/AclGroupResponse.java | 2 +-
.../acl/api/response/AclPolicyResponse.java | 2 +-
38 files changed, 60 insertions(+), 3019 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/api/src/org/apache/cloudstack/acl/AclApiPermission.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/AclApiPermission.java b/api/src/org/apache/cloudstack/acl/AclApiPermission.java
deleted file mode 100644
index 5939e17..0000000
--- a/api/src/org/apache/cloudstack/acl/AclApiPermission.java
+++ /dev/null
@@ -1,11 +0,0 @@
-package org.apache.cloudstack.acl;
-
-import org.apache.cloudstack.api.InternalIdentity;
-
-public interface AclApiPermission extends InternalIdentity {
-
- Long getAclRoleId();
-
- String getApiName();
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/api/src/org/apache/cloudstack/acl/AclEntityPermission.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/AclEntityPermission.java b/api/src/org/apache/cloudstack/acl/AclEntityPermission.java
deleted file mode 100644
index bfe7ac9..0000000
--- a/api/src/org/apache/cloudstack/acl/AclEntityPermission.java
+++ /dev/null
@@ -1,17 +0,0 @@
-package org.apache.cloudstack.acl;
-
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.api.InternalIdentity;
-
-public interface AclEntityPermission extends InternalIdentity {
-
- Long getAclGroupId();
-
- String getEntityType();
-
- Long getEntityId();
-
- AccessType getAccessType();
-
- boolean isAllowed();
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/api/src/org/apache/cloudstack/acl/AclGroup.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/AclGroup.java b/api/src/org/apache/cloudstack/acl/AclGroup.java
deleted file mode 100644
index 9fac792..0000000
--- a/api/src/org/apache/cloudstack/acl/AclGroup.java
+++ /dev/null
@@ -1,27 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl;
-
-import org.apache.cloudstack.api.Identity;
-import org.apache.cloudstack.api.InternalIdentity;
-
-public interface AclGroup extends ControlledEntity, InternalIdentity, Identity {
-
- String getName();
-
- String getDescription();
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/api/src/org/apache/cloudstack/acl/AclPolicy.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/AclPolicy.java b/api/src/org/apache/cloudstack/acl/AclPolicy.java
deleted file mode 100644
index 6800f5b..0000000
--- a/api/src/org/apache/cloudstack/acl/AclPolicy.java
+++ /dev/null
@@ -1,31 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl;
-
-import org.apache.cloudstack.api.Identity;
-import org.apache.cloudstack.api.InternalIdentity;
-
-public interface AclPolicy extends ControlledEntity, InternalIdentity, Identity {
-
- String getName();
-
- String getDescription();
-
- public enum PolicyType {
- Static, Dynamic
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/api/src/org/apache/cloudstack/acl/AclPolicyPermission.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/AclPolicyPermission.java b/api/src/org/apache/cloudstack/acl/AclPolicyPermission.java
deleted file mode 100644
index c5f5cbe..0000000
--- a/api/src/org/apache/cloudstack/acl/AclPolicyPermission.java
+++ /dev/null
@@ -1,52 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl;
-
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.api.InternalIdentity;
-
-public interface AclPolicyPermission extends InternalIdentity {
-
- String getAction();
-
- long getAclPolicyId();
-
- String getEntityType();
-
- AccessType getAccessType();
-
- PermissionScope getScope();
-
- Long getScopeId();
-
- Permission getPermission();
-
- public enum Permission {
- Allow(true), Deny(false);
-
- boolean result;
-
- Permission(boolean result) {
- this.result = result;
- }
-
- public boolean isGranted() {
- return result;
- }
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/api/src/org/apache/cloudstack/acl/AclProxyService.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/AclProxyService.java b/api/src/org/apache/cloudstack/acl/AclProxyService.java
index c49693d..7f6bf23 100644
--- a/api/src/org/apache/cloudstack/acl/AclProxyService.java
+++ b/api/src/org/apache/cloudstack/acl/AclProxyService.java
@@ -6,4 +6,8 @@ public interface AclProxyService {
List<String> listAclGroupsByAccount(long accountId);
+ void removeAccountFromAclGroups(long accountId);
+
+ void addAccountToAclGroup(long accountId, long groupId);
+
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/api/src/org/apache/cloudstack/acl/AclRole.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/AclRole.java b/api/src/org/apache/cloudstack/acl/AclRole.java
deleted file mode 100644
index 207aece..0000000
--- a/api/src/org/apache/cloudstack/acl/AclRole.java
+++ /dev/null
@@ -1,35 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl;
-
-import org.apache.cloudstack.api.Identity;
-import org.apache.cloudstack.api.InternalIdentity;
-
-import com.cloud.domain.PartOf;
-
-public interface AclRole extends PartOf, InternalIdentity, Identity {
-
- String getName();
-
- String getDescription();
-
- // Long getParentRoleId();
-
- public enum RoleType {
- Static, Dynamic
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/api/src/org/apache/cloudstack/acl/AclRolePermission.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/AclRolePermission.java b/api/src/org/apache/cloudstack/acl/AclRolePermission.java
deleted file mode 100644
index 4920dcc..0000000
--- a/api/src/org/apache/cloudstack/acl/AclRolePermission.java
+++ /dev/null
@@ -1,34 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl;
-
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.api.InternalIdentity;
-
-public interface AclRolePermission extends InternalIdentity {
-
- Long getAclRoleId();
-
- String getEntityType();
-
- AccessType getAccessType();
-
- PermissionScope getScope();
-
- boolean isAllowed();
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/api/src/org/apache/cloudstack/acl/AclService.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/AclService.java b/api/src/org/apache/cloudstack/acl/AclService.java
deleted file mode 100644
index b6faf1a..0000000
--- a/api/src/org/apache/cloudstack/acl/AclService.java
+++ /dev/null
@@ -1,68 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl;
-
-import java.util.List;
-
-import org.apache.cloudstack.acl.AclPolicyPermission.Permission;
-
-import com.cloud.user.Account;
-
-public interface AclService {
-
- /* ACL group related interfaces */
- AclGroup createAclGroup(Account caller, String aclGroupName, String description);
-
- boolean deleteAclGroup(Long aclGroupId);
-
- List<AclGroup> listAclGroups(long accountId);
-
- AclGroup addAccountsToGroup(List<Long> acctIds, Long groupId);
-
- AclGroup removeAccountsFromGroup(List<Long> acctIds, Long groupId);
-
- /* ACL Policy related interfaces */
- AclPolicy createAclPolicy(Account caller, String aclPolicyName, String description, Long parentPolicyId);
-
- boolean deleteAclPolicy(long aclPolicyId);
-
- List<AclPolicy> listAclPolicies(long accountId);
-
- AclGroup attachAclPoliciesToGroup(List<Long> roleIds, Long groupId);
-
- AclGroup removeAclPoliciesFromGroup(List<Long> roleIds, Long groupId);
-
- AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId, String action, Permission perm);
-
- AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId, String action);
-
- AclPolicyPermission getAclPolicyPermission(long accountId, String entityType, String action);
-
- boolean isAPIAccessibleForPolicies(String apiName, List<AclPolicy> policies);
-
- List<AclPolicy> getEffectivePolicies(Account caller, ControlledEntity entity);
-
- /* Visibility related interfaces */
- boolean isGrantedAll(long accountId, String action);
-
- List<Long> getGrantedDomains(long accountId, String action);
-
- List<Long> getGrantedAccounts(long accountId, String action);
-
- List<Long> getGrantedResources(long accountId, String action);
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/api/src/org/apache/cloudstack/acl/Role.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/Role.java b/api/src/org/apache/cloudstack/acl/Role.java
deleted file mode 100644
index d039a6f..0000000
--- a/api/src/org/apache/cloudstack/acl/Role.java
+++ /dev/null
@@ -1,33 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl;
-
-//metadata - consists of default dynamic roles in CS + any custom roles added by user
-public interface Role {
-
- public static final short ROOT_ADMIN = 0;
- public static final short DOMAIN_ADMIN = 1;
- public static final short DOMAIN_USER = 2;
- public static final short OWNER = 3;
- public static final short PARENT_DOMAIN_ADMIN = 4;
- public static final short PARENT_DOMAIN_USER = 5;
- public static final short CHILD_DOMAIN_ADMIN = 6;
- public static final short CHILD_DOMAIN_USER = 7;
-
- public long getId();
- public short getRoleType();
- }
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/api/src/org/apache/cloudstack/api/BaseCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/BaseCmd.java b/api/src/org/apache/cloudstack/api/BaseCmd.java
index b1ee087..4f67629 100644
--- a/api/src/org/apache/cloudstack/api/BaseCmd.java
+++ b/api/src/org/apache/cloudstack/api/BaseCmd.java
@@ -28,7 +28,6 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclService;
import org.apache.cloudstack.affinity.AffinityGroupService;
import org.apache.cloudstack.network.element.InternalLoadBalancerElementService;
import org.apache.cloudstack.network.lb.ApplicationLoadBalancerService;
@@ -147,8 +146,6 @@ public abstract class BaseCmd {
@Inject public ApplicationLoadBalancerService _newLbSvc;
@Inject public ApplicationLoadBalancerService _appLbService;
@Inject public AffinityGroupService _affinityGroupService;
- @Inject
- public AclService _aclService;
@Inject public InternalLoadBalancerElementService _internalLbElementSvc;
@Inject public InternalLoadBalancerVMService _internalLbSvc;
@Inject public NetworkModel _ntwkModel;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/engine/schema/src/org/apache/cloudstack/acl/AclApiPermissionVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/AclApiPermissionVO.java b/engine/schema/src/org/apache/cloudstack/acl/AclApiPermissionVO.java
deleted file mode 100644
index 05f948d..0000000
--- a/engine/schema/src/org/apache/cloudstack/acl/AclApiPermissionVO.java
+++ /dev/null
@@ -1,75 +0,0 @@
-package org.apache.cloudstack.acl;
-
-import java.util.Date;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
-
-import com.cloud.utils.db.GenericDao;
-
-@Entity
-@Table(name = ("acl_api_permission"))
-public class AclApiPermissionVO implements AclApiPermission {
-
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- private long id;
-
- @Column(name = "role_id")
- private long aclRoleId;
-
- @Column(name = "api")
- private String apiName;
-
- @Column(name = GenericDao.REMOVED_COLUMN)
- private Date removed;
-
- @Column(name = GenericDao.CREATED_COLUMN)
- private Date created;
-
- public AclApiPermissionVO() {
-
- }
-
- public AclApiPermissionVO(long roleid, String api) {
- aclRoleId = roleid;
- apiName = api;
- }
-
- @Override
- public long getId() {
- return id;
- }
-
- @Override
- public Long getAclRoleId() {
- return aclRoleId;
- }
-
- @Override
- public String getApiName() {
- return apiName;
- }
-
- public Date getRemoved() {
- return removed;
- }
-
- public Date getCreated() {
- return created;
- }
-
- public void setAclRoleId(long aclRoleId) {
- this.aclRoleId = aclRoleId;
- }
-
- public void setApiName(String apiName) {
- this.apiName = apiName;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/engine/schema/src/org/apache/cloudstack/acl/AclGroupAccountMapVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/AclGroupAccountMapVO.java b/engine/schema/src/org/apache/cloudstack/acl/AclGroupAccountMapVO.java
deleted file mode 100644
index c239474..0000000
--- a/engine/schema/src/org/apache/cloudstack/acl/AclGroupAccountMapVO.java
+++ /dev/null
@@ -1,81 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl;
-
-import java.util.Date;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
-
-import org.apache.cloudstack.api.InternalIdentity;
-
-import com.cloud.utils.db.GenericDao;
-
-@Entity
-@Table(name = ("acl_group_account_map"))
-public class AclGroupAccountMapVO implements InternalIdentity {
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- private Long id;
-
- @Column(name = "group_id")
- private long aclGroupId;
-
- @Column(name = "account_id")
- private long accountId;
-
- @Column(name = GenericDao.REMOVED_COLUMN)
- private Date removed;
-
- @Column(name = GenericDao.CREATED_COLUMN)
- private Date created;
-
- public AclGroupAccountMapVO() {
- }
-
- public AclGroupAccountMapVO(long aclGroupId, long accountId) {
- this.aclGroupId = aclGroupId;
- this.accountId = accountId;
- }
-
- @Override
- public long getId() {
- return id;
- }
-
- public long getAclGroupId() {
- return aclGroupId;
- }
-
-
- public long getAccountId() {
- return accountId;
- }
-
- public Date getRemoved() {
- return removed;
- }
-
- public Date getCreated() {
- return created;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/engine/schema/src/org/apache/cloudstack/acl/AclGroupPolicyMapVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/AclGroupPolicyMapVO.java b/engine/schema/src/org/apache/cloudstack/acl/AclGroupPolicyMapVO.java
deleted file mode 100644
index 984d482..0000000
--- a/engine/schema/src/org/apache/cloudstack/acl/AclGroupPolicyMapVO.java
+++ /dev/null
@@ -1,81 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl;
-
-import java.util.Date;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
-
-import org.apache.cloudstack.api.InternalIdentity;
-
-import com.cloud.utils.db.GenericDao;
-
-@Entity
-@Table(name = ("acl_group_policy_map"))
-public class AclGroupPolicyMapVO implements InternalIdentity {
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- private Long id;
-
- @Column(name = "group_id")
- private long aclGroupId;
-
- @Column(name = "policy_id")
- private long aclPolicyId;
-
- @Column(name = GenericDao.REMOVED_COLUMN)
- private Date removed;
-
- @Column(name = GenericDao.CREATED_COLUMN)
- private Date created;
-
- public AclGroupPolicyMapVO() {
- }
-
- public AclGroupPolicyMapVO(long aclGroupId, long aclPolicyId) {
- this.aclGroupId = aclGroupId;
- this.aclPolicyId = aclPolicyId;
- }
-
- @Override
- public long getId() {
- return id;
- }
-
- public long getAclGroupId() {
- return aclGroupId;
- }
-
-
- public long getAclPolicyId() {
- return aclPolicyId;
- }
-
- public Date getRemoved() {
- return removed;
- }
-
- public Date getCreated() {
- return created;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/engine/schema/src/org/apache/cloudstack/acl/AclGroupVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/AclGroupVO.java b/engine/schema/src/org/apache/cloudstack/acl/AclGroupVO.java
deleted file mode 100644
index e39b8a5..0000000
--- a/engine/schema/src/org/apache/cloudstack/acl/AclGroupVO.java
+++ /dev/null
@@ -1,124 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl;
-
-import java.util.Date;
-import java.util.UUID;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
-
-import com.cloud.utils.db.GenericDao;
-
-@Entity
-@Table(name = ("acl_group"))
-public class AclGroupVO implements AclGroup {
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- private long id;
-
- @Column(name = "name")
- private String name;
-
- @Column(name = "description")
- private String description;
-
- @Column(name = "uuid")
- private String uuid;
-
- @Column(name = "domain_id")
- private long domainId;
-
- @Column(name = "account_id")
- private long accountId;
-
- @Column(name = GenericDao.REMOVED_COLUMN)
- private Date removed;
-
- @Column(name = GenericDao.CREATED_COLUMN)
- private Date created;
-
- public AclGroupVO() {
- uuid = UUID.randomUUID().toString();
- }
-
- public AclGroupVO(String name, String description) {
- this.name = name;
- this.description = description;
- uuid = UUID.randomUUID().toString();
- }
-
- @Override
- public long getId() {
- return id;
- }
-
- @Override
- public String getName() {
- return name;
- }
-
- @Override
- public String getDescription() {
- return description;
- }
-
- @Override
- public long getDomainId() {
- return domainId;
- }
-
- public void setDomainId(long domainId) {
- this.domainId = domainId;
- }
-
- @Override
- public long getAccountId() {
- return accountId;
- }
-
- public void setAccountId(long accountId) {
- this.accountId = accountId;
- }
-
- @Override
- public String getUuid() {
- return uuid;
- }
-
- public void setUuid(String uuid) {
- this.uuid = uuid;
- }
-
- public Date getRemoved() {
- return removed;
- }
-
- public Date getCreated() {
- return created;
- }
-
- @Override
- public AclEntityType getEntityType() {
- return AclEntityType.AclGroup;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/engine/schema/src/org/apache/cloudstack/acl/AclPolicyPermissionVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/AclPolicyPermissionVO.java b/engine/schema/src/org/apache/cloudstack/acl/AclPolicyPermissionVO.java
deleted file mode 100644
index 0eb48ad..0000000
--- a/engine/schema/src/org/apache/cloudstack/acl/AclPolicyPermissionVO.java
+++ /dev/null
@@ -1,178 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl;
-
-import java.util.Date;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.EnumType;
-import javax.persistence.Enumerated;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
-
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.context.CallContext;
-
-import com.cloud.user.Account;
-import com.cloud.utils.db.GenericDao;
-
-@Entity
-@Table(name = ("acl_policy_permission"))
-public class AclPolicyPermissionVO implements AclPolicyPermission {
-
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- private long id;
-
- @Column(name = "policy_id")
- private long aclPolicyId;
-
- @Column(name = "action")
- private String action;
-
- @Column(name = "resource_type")
- private String entityType;
-
- @Column(name = "access_type")
- @Enumerated(value = EnumType.STRING)
- private AccessType accessType;
-
- @Column(name = "scope")
- @Enumerated(value = EnumType.STRING)
- private PermissionScope scope;
-
- @Column(name = "scope_id")
- private Long scopeId;
-
- @Column(name = "permission")
- @Enumerated(value = EnumType.STRING)
- private Permission permission;
-
- @Column(name = GenericDao.REMOVED_COLUMN)
- private Date removed;
-
- @Column(name = GenericDao.CREATED_COLUMN)
- private Date created;
-
- public AclPolicyPermissionVO() {
-
- }
-
- public AclPolicyPermissionVO(long aclPolicyId, String action, String entityType, AccessType accessType,
- PermissionScope scope,
- Long scopeId, Permission permission) {
- this.aclPolicyId = aclPolicyId;
- this.action = action;
- this.entityType = entityType;
- this.accessType = accessType;
- this.scope = scope;
- this.scopeId = scopeId;
- this.permission = permission;
- }
-
- @Override
- public long getId() {
- return id;
- }
-
- @Override
- public long getAclPolicyId() {
- return aclPolicyId;
- }
-
-
- public void setAclPolicyId(long aclPolicyId) {
- this.aclPolicyId = aclPolicyId;
- }
-
- @Override
- public String getEntityType() {
- return entityType;
- }
-
- @Override
- public AccessType getAccessType() {
- return accessType;
- }
-
-
- public void setEntityType(String entityType) {
- this.entityType = entityType;
- }
-
- public void setAccessType(AccessType accessType) {
- this.accessType = accessType;
- }
-
- @Override
- public PermissionScope getScope() {
- return scope;
- }
-
- public void setScope(PermissionScope scope) {
- this.scope = scope;
- }
-
-
- @Override
- public String getAction() {
- return action;
- }
-
- @Override
- public Long getScopeId() {
- // handle special -1 scopeId, current caller domain, account
- if ( scopeId < 0 ){
- Account caller = CallContext.current().getCallingAccount();
- if ( scope == PermissionScope.DOMAIN){
- return caller.getDomainId();
- } else if (scope == PermissionScope.ACCOUNT) {
- return caller.getAccountId();
- }
- }
- return scopeId;
- }
-
- @Override
- public Permission getPermission() {
- return permission;
- }
-
- public void setAction(String action) {
- this.action = action;
- }
-
- public void setScopeId(Long scopeId) {
- this.scopeId = scopeId;
- }
-
- public void setPermission(Permission permission) {
- this.permission = permission;
- }
-
- public Date getRemoved() {
- return removed;
- }
-
- public Date getCreated() {
- return created;
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/engine/schema/src/org/apache/cloudstack/acl/AclPolicyVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/AclPolicyVO.java b/engine/schema/src/org/apache/cloudstack/acl/AclPolicyVO.java
deleted file mode 100644
index 7245a7b..0000000
--- a/engine/schema/src/org/apache/cloudstack/acl/AclPolicyVO.java
+++ /dev/null
@@ -1,141 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl;
-
-import java.util.Date;
-import java.util.UUID;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.EnumType;
-import javax.persistence.Enumerated;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
-
-import com.cloud.utils.db.GenericDao;
-
-@Entity
-@Table(name = ("acl_policy"))
-public class AclPolicyVO implements AclPolicy {
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- private long id;
-
- @Column(name = "name")
- private String name;
-
- @Column(name = "description")
- private String description;
-
- @Column(name = "uuid")
- private String uuid;
-
- @Column(name = "domain_id")
- private long domainId;
-
- @Column(name = "account_id")
- private long accountId;
-
- @Column(name = GenericDao.REMOVED_COLUMN)
- private Date removed;
-
- @Column(name = GenericDao.CREATED_COLUMN)
- private Date created;
-
- @Column(name = "policy_type")
- @Enumerated(value = EnumType.STRING)
- private AclPolicy.PolicyType policyType;
-
- public AclPolicyVO() {
- uuid = UUID.randomUUID().toString();
- }
-
- public AclPolicyVO(String name, String description) {
- this.name = name;
- this.description = description;
- uuid = UUID.randomUUID().toString();
- policyType = AclPolicy.PolicyType.Static;
- }
-
- @Override
- public long getId() {
- return id;
- }
-
- @Override
- public String getName() {
- return name;
- }
-
- @Override
- public String getDescription() {
- return description;
- }
-
-
- @Override
- public String getUuid() {
- return uuid;
- }
-
- public void setUuid(String uuid) {
- this.uuid = uuid;
- }
-
- public Date getRemoved() {
- return removed;
- }
-
- public Date getCreated() {
- return created;
- }
-
- @Override
- public long getDomainId() {
- return domainId;
- }
-
- public void setDomainId(long domainId) {
- this.domainId = domainId;
- }
-
- @Override
- public long getAccountId() {
- return accountId;
- }
-
- public void setAccountId(long accountId) {
- this.accountId = accountId;
- }
-
- public AclPolicy.PolicyType getPolicyType() {
- return policyType;
- }
-
- public void setPolicyType(AclPolicy.PolicyType policyType) {
- this.policyType = policyType;
- }
-
- @Override
- public AclEntityType getEntityType() {
- return AclEntityType.AclPolicy;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/engine/schema/src/org/apache/cloudstack/acl/dao/AclApiPermissionDao.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclApiPermissionDao.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclApiPermissionDao.java
deleted file mode 100644
index b29b17e..0000000
--- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclApiPermissionDao.java
+++ /dev/null
@@ -1,31 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl.dao;
-
-import java.util.List;
-
-import org.apache.cloudstack.acl.AclApiPermissionVO;
-
-import com.cloud.utils.db.GenericDao;
-
-public interface AclApiPermissionDao extends GenericDao<AclApiPermissionVO, Long> {
-
- List<AclApiPermissionVO> listByRoleId(long roleId);
-
- AclApiPermissionVO findByRoleAndApi(long roleId, String api);
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/engine/schema/src/org/apache/cloudstack/acl/dao/AclApiPermissionDaoImpl.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclApiPermissionDaoImpl.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclApiPermissionDaoImpl.java
deleted file mode 100644
index dd6ddec..0000000
--- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclApiPermissionDaoImpl.java
+++ /dev/null
@@ -1,68 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl.dao;
-
-import java.util.List;
-import java.util.Map;
-
-import javax.naming.ConfigurationException;
-
-import org.springframework.stereotype.Component;
-
-import org.apache.cloudstack.acl.AclApiPermissionVO;
-
-import com.cloud.utils.db.GenericDaoBase;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
-
-@Component
-public class AclApiPermissionDaoImpl extends GenericDaoBase<AclApiPermissionVO, Long> implements AclApiPermissionDao {
- private SearchBuilder<AclApiPermissionVO> findByRoleApi;
- private SearchBuilder<AclApiPermissionVO> ListByRoleId;
-
- @Override
- public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
- super.configure(name, params);
-
- findByRoleApi = createSearchBuilder();
- findByRoleApi.and("roleId", findByRoleApi.entity().getAclRoleId(), SearchCriteria.Op.EQ);
- findByRoleApi.and("api", findByRoleApi.entity().getApiName(), SearchCriteria.Op.EQ);
- findByRoleApi.done();
-
- ListByRoleId = createSearchBuilder();
- ListByRoleId.and("roleId", ListByRoleId.entity().getAclRoleId(), SearchCriteria.Op.EQ);
- ListByRoleId.done();
-
- return true;
- }
-
- @Override
- public AclApiPermissionVO findByRoleAndApi(long roleId, String api) {
- SearchCriteria<AclApiPermissionVO> sc = findByRoleApi.create();
- sc.setParameters("roleId", roleId);
- sc.setParameters("api", api);
- return findOneBy(sc);
- }
-
- @Override
- public List<AclApiPermissionVO> listByRoleId(long roleId) {
- SearchCriteria<AclApiPermissionVO> sc = ListByRoleId.create();
- sc.setParameters("roleId", roleId);
- return listBy(sc);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDao.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDao.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDao.java
deleted file mode 100644
index eb3e0c6..0000000
--- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDao.java
+++ /dev/null
@@ -1,40 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl.dao;
-
-import java.util.List;
-
-import org.apache.cloudstack.acl.AclGroupAccountMapVO;
-
-import com.cloud.utils.db.GenericDao;
-
-public interface AclGroupAccountMapDao extends GenericDao<AclGroupAccountMapVO, Long> {
-
- List<AclGroupAccountMapVO> listByGroupId(long groupId);
-
- List<AclGroupAccountMapVO> listByAccountId(long accountId);
-
- AclGroupAccountMapVO findAccountInAdminGroup(long accountId);
-
- AclGroupAccountMapVO findByGroupAndAccount(long groupId, long acctId);
-
- void removeAccountFromGroups(long accountId);
-
- AclGroupAccountMapVO findAccountInDomainAdminGroup(long accountId);
-
- AclGroupAccountMapVO findAccountInUserGroup(long accountId);
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDaoImpl.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDaoImpl.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDaoImpl.java
deleted file mode 100644
index bae8578..0000000
--- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupAccountMapDaoImpl.java
+++ /dev/null
@@ -1,119 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl.dao;
-
-import java.util.List;
-import java.util.Map;
-
-import javax.naming.ConfigurationException;
-
-import org.apache.log4j.Logger;
-import org.springframework.stereotype.Component;
-
-import org.apache.cloudstack.acl.AclGroupAccountMapVO;
-
-import com.cloud.utils.db.GenericDaoBase;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
-
-@Component
-public class AclGroupAccountMapDaoImpl extends GenericDaoBase<AclGroupAccountMapVO, Long> implements AclGroupAccountMapDao {
- private SearchBuilder<AclGroupAccountMapVO> ListByGroupId;
- private SearchBuilder<AclGroupAccountMapVO> ListByAccountId;
- private SearchBuilder<AclGroupAccountMapVO> _findByAccountAndGroupId;
-
- public static final Logger s_logger = Logger.getLogger(AclGroupAccountMapDaoImpl.class.getName());
-
- @Override
- public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
- super.configure(name, params);
-
- ListByGroupId = createSearchBuilder();
- ListByGroupId.and("groupId", ListByGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ);
- ListByGroupId.done();
-
- ListByAccountId = createSearchBuilder();
- ListByAccountId.and("accountId", ListByAccountId.entity().getAccountId(), SearchCriteria.Op.EQ);
- ListByAccountId.done();
-
- _findByAccountAndGroupId = createSearchBuilder();
- _findByAccountAndGroupId
- .and("groupId", _findByAccountAndGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ);
- _findByAccountAndGroupId.and("accountId", _findByAccountAndGroupId.entity().getAccountId(),
- SearchCriteria.Op.EQ);
- _findByAccountAndGroupId.done();
-
- return true;
- }
-
- @Override
- public List<AclGroupAccountMapVO> listByGroupId(long groupId) {
- SearchCriteria<AclGroupAccountMapVO> sc = ListByGroupId.create();
- sc.setParameters("groupId", groupId);
- return listBy(sc);
- }
-
- @Override
- public List<AclGroupAccountMapVO> listByAccountId(long accountId) {
- SearchCriteria<AclGroupAccountMapVO> sc = ListByAccountId.create();
- sc.setParameters("accountId", accountId);
- return listBy(sc);
- }
-
- @Override
- public AclGroupAccountMapVO findAccountInAdminGroup(long accountId) {
- SearchCriteria<AclGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
- sc.setParameters("accountId", accountId);
- sc.setParameters("groupId", 2);
- return findOneBy(sc);
- }
-
- @Override
- public AclGroupAccountMapVO findAccountInDomainAdminGroup(long accountId) {
- SearchCriteria<AclGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
- sc.setParameters("accountId", accountId);
- sc.setParameters("groupId", 3);
- return findOneBy(sc);
- }
-
- @Override
- public AclGroupAccountMapVO findAccountInUserGroup(long accountId) {
- SearchCriteria<AclGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
- sc.setParameters("accountId", accountId);
- sc.setParameters("groupId", 1);
- return findOneBy(sc);
- }
-
- @Override
- public AclGroupAccountMapVO findByGroupAndAccount(long groupId, long acctId) {
- SearchCriteria<AclGroupAccountMapVO> sc = _findByAccountAndGroupId.create();
- sc.setParameters("accountId", acctId);
- sc.setParameters("groupId", groupId);
- return findOneBy(sc);
- }
-
- @Override
- public void removeAccountFromGroups(long accountId) {
- SearchCriteria<AclGroupAccountMapVO> sc = ListByAccountId.create();
- sc.setParameters("accountId", accountId);
-
- int rowsRemoved = remove(sc);
- if (rowsRemoved > 0) {
- s_logger.debug("Removed account id=" + accountId + " from " + rowsRemoved + " groups");
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupDao.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupDao.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupDao.java
deleted file mode 100644
index ae50776..0000000
--- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupDao.java
+++ /dev/null
@@ -1,28 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl.dao;
-
-import org.apache.cloudstack.acl.AclGroup;
-import org.apache.cloudstack.acl.AclGroupVO;
-
-import com.cloud.utils.db.GenericDao;
-
-public interface AclGroupDao extends GenericDao<AclGroupVO, Long> {
-
- AclGroup findByName(Long domainId, String groupName);
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupDaoImpl.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupDaoImpl.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupDaoImpl.java
deleted file mode 100644
index 5c0ae3a..0000000
--- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupDaoImpl.java
+++ /dev/null
@@ -1,59 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl.dao;
-
-import java.util.Map;
-
-import javax.naming.ConfigurationException;
-
-import org.springframework.stereotype.Component;
-
-import org.apache.cloudstack.acl.AclGroup;
-import org.apache.cloudstack.acl.AclGroupVO;
-
-import com.cloud.utils.db.GenericDaoBase;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
-
-@Component
-public class AclGroupDaoImpl extends GenericDaoBase<AclGroupVO, Long> implements AclGroupDao {
- private SearchBuilder<AclGroupVO> nameSearch;
-
- @Override
- public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
- super.configure(name, params);
-
- nameSearch = createSearchBuilder();
- nameSearch.and("name", nameSearch.entity().getName(), SearchCriteria.Op.EQ);
- nameSearch.and("domainId", nameSearch.entity().getDomainId(), SearchCriteria.Op.EQ);
- nameSearch.done();
-
-
- return true;
- }
-
- @Override
- public AclGroup findByName(Long domainId, String name) {
- SearchCriteria<AclGroupVO> sc = nameSearch.create();
- sc.setParameters("name", name);
- if (domainId != null) {
- sc.setParameters("domainId", domainId);
- }
- return findOneBy(sc);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupPolicyMapDao.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupPolicyMapDao.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupPolicyMapDao.java
deleted file mode 100644
index a92ce26..0000000
--- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupPolicyMapDao.java
+++ /dev/null
@@ -1,17 +0,0 @@
-package org.apache.cloudstack.acl.dao;
-
-import java.util.List;
-
-import org.apache.cloudstack.acl.AclGroupPolicyMapVO;
-
-import com.cloud.utils.db.GenericDao;
-
-public interface AclGroupPolicyMapDao extends GenericDao<AclGroupPolicyMapVO, Long> {
-
- List<AclGroupPolicyMapVO> listByGroupId(long groupId);
-
- List<AclGroupPolicyMapVO> listByPolicyId(long policyId);
-
- AclGroupPolicyMapVO findByGroupAndPolicy(long groupId, long policyId);
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupPolicyMapDaoImpl.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupPolicyMapDaoImpl.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupPolicyMapDaoImpl.java
deleted file mode 100644
index cb34a57..0000000
--- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupPolicyMapDaoImpl.java
+++ /dev/null
@@ -1,61 +0,0 @@
-package org.apache.cloudstack.acl.dao;
-
-import java.util.List;
-import java.util.Map;
-
-import javax.naming.ConfigurationException;
-
-import org.apache.cloudstack.acl.AclGroupPolicyMapVO;
-
-import com.cloud.utils.db.GenericDaoBase;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
-
-public class AclGroupPolicyMapDaoImpl extends GenericDaoBase<AclGroupPolicyMapVO, Long> implements AclGroupPolicyMapDao {
-
- private SearchBuilder<AclGroupPolicyMapVO> ListByGroupId;
- private SearchBuilder<AclGroupPolicyMapVO> ListByPolicyId;
- private SearchBuilder<AclGroupPolicyMapVO> findByPolicyGroupId;
-
- @Override
- public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
- super.configure(name, params);
-
- ListByGroupId = createSearchBuilder();
- ListByGroupId.and("groupId", ListByGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ);
- ListByGroupId.done();
-
- ListByPolicyId = createSearchBuilder();
- ListByPolicyId.and("policyId", ListByPolicyId.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
- ListByPolicyId.done();
-
- findByPolicyGroupId = createSearchBuilder();
- findByPolicyGroupId.and("policyId", findByPolicyGroupId.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
- findByPolicyGroupId.and("groupId", findByPolicyGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ);
- findByPolicyGroupId.done();
-
- return true;
- }
-
- @Override
- public List<AclGroupPolicyMapVO> listByGroupId(long groupId) {
- SearchCriteria<AclGroupPolicyMapVO> sc = ListByGroupId.create();
- sc.setParameters("groupId", groupId);
- return listBy(sc);
- }
-
- @Override
- public List<AclGroupPolicyMapVO> listByPolicyId(long policyId) {
- SearchCriteria<AclGroupPolicyMapVO> sc = ListByPolicyId.create();
- sc.setParameters("policyId", policyId);
- return listBy(sc);
- }
-
- @Override
- public AclGroupPolicyMapVO findByGroupAndPolicy(long groupId, long policyId) {
- SearchCriteria<AclGroupPolicyMapVO> sc = findByPolicyGroupId.create();
- sc.setParameters("policyId", policyId);
- sc.setParameters("groupId", groupId);
- return findOneBy(sc);
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyDao.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyDao.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyDao.java
deleted file mode 100644
index c74b53a..0000000
--- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyDao.java
+++ /dev/null
@@ -1,28 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl.dao;
-
-import org.apache.cloudstack.acl.AclPolicy;
-import org.apache.cloudstack.acl.AclPolicyVO;
-
-import com.cloud.utils.db.GenericDao;
-
-public interface AclPolicyDao extends GenericDao<AclPolicyVO, Long> {
-
- AclPolicy findByName(Long domainId, String policyName);
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyDaoImpl.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyDaoImpl.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyDaoImpl.java
deleted file mode 100644
index 3cb32fd..0000000
--- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyDaoImpl.java
+++ /dev/null
@@ -1,59 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl.dao;
-
-import java.util.Map;
-
-import javax.naming.ConfigurationException;
-
-import org.springframework.stereotype.Component;
-
-import org.apache.cloudstack.acl.AclPolicy;
-import org.apache.cloudstack.acl.AclPolicyVO;
-
-import com.cloud.utils.db.GenericDaoBase;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
-
-@Component
-public class AclPolicyDaoImpl extends GenericDaoBase<AclPolicyVO, Long> implements AclPolicyDao {
- private SearchBuilder<AclPolicyVO> nameSearch;
-
- @Override
- public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
- super.configure(name, params);
-
- nameSearch = createSearchBuilder();
- nameSearch.and("name", nameSearch.entity().getName(), SearchCriteria.Op.EQ);
- nameSearch.and("domainId", nameSearch.entity().getDomainId(), SearchCriteria.Op.EQ);
- nameSearch.done();
-
-
- return true;
- }
-
- @Override
- public AclPolicy findByName(Long domainId, String name) {
- SearchCriteria<AclPolicyVO> sc = nameSearch.create();
- sc.setParameters("name", name);
- if (domainId != null) {
- sc.setParameters("domainId", domainId);
- }
- return findOneBy(sc);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDao.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDao.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDao.java
deleted file mode 100644
index e78cc85..0000000
--- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDao.java
+++ /dev/null
@@ -1,41 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl.dao;
-
-
-import java.util.List;
-
-import org.apache.cloudstack.acl.AclPolicyPermission.Permission;
-import org.apache.cloudstack.acl.AclPolicyPermissionVO;
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-
-import com.cloud.utils.db.GenericDao;
-
-public interface AclPolicyPermissionDao extends GenericDao<AclPolicyPermissionVO, Long> {
-
- List<AclPolicyPermissionVO> listByPolicy(long policyId);
-
- AclPolicyPermissionVO findByPolicyAndEntity(long policyId, String entityType, PermissionScope scope, Long scopeId, String action, Permission perm);
-
- List<AclPolicyPermissionVO> listGrantedByActionAndScope(long policyId, String action, PermissionScope scope);
-
- List<AclPolicyPermissionVO> listByPolicyActionAndEntity(long policyId, String action, String entityType);
-
- List<AclPolicyPermissionVO> listByPolicyAccessAndEntity(long id, AccessType accessType, String entityType);
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDaoImpl.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDaoImpl.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDaoImpl.java
deleted file mode 100644
index fc19ed7..0000000
--- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDaoImpl.java
+++ /dev/null
@@ -1,116 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.acl.dao;
-
-import java.util.List;
-import java.util.Map;
-
-import javax.naming.ConfigurationException;
-
-import org.apache.cloudstack.acl.AclPolicyPermission.Permission;
-import org.apache.cloudstack.acl.AclPolicyPermissionVO;
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-
-import com.cloud.utils.db.GenericDaoBase;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
-
-public class AclPolicyPermissionDaoImpl extends GenericDaoBase<AclPolicyPermissionVO, Long> implements
- AclPolicyPermissionDao {
-
- private SearchBuilder<AclPolicyPermissionVO> policyIdSearch;
- private SearchBuilder<AclPolicyPermissionVO> fullSearch;
- private SearchBuilder<AclPolicyPermissionVO> actionScopeSearch;
-
- @Override
- public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
- super.configure(name, params);
-
- policyIdSearch = createSearchBuilder();
- policyIdSearch.and("policyId", policyIdSearch.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
- policyIdSearch.done();
-
- fullSearch = createSearchBuilder();
- fullSearch.and("policyId", fullSearch.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
- fullSearch.and("entityType", fullSearch.entity().getEntityType(), SearchCriteria.Op.EQ);
- fullSearch.and("scope", fullSearch.entity().getScope(), SearchCriteria.Op.EQ);
- fullSearch.and("scopeId", fullSearch.entity().getScopeId(), SearchCriteria.Op.EQ);
- fullSearch.and("action", fullSearch.entity().getAction(), SearchCriteria.Op.EQ);
- fullSearch.and("permission", fullSearch.entity().getPermission(), SearchCriteria.Op.EQ);
- fullSearch.and("accessType", fullSearch.entity().getAccessType(), SearchCriteria.Op.EQ);
- fullSearch.done();
-
- actionScopeSearch = createSearchBuilder();
- actionScopeSearch.and("policyId", actionScopeSearch.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
- actionScopeSearch.and("scope", actionScopeSearch.entity().getScope(), SearchCriteria.Op.EQ);
- actionScopeSearch.and("action", actionScopeSearch.entity().getAction(), SearchCriteria.Op.EQ);
- actionScopeSearch.and("permission", actionScopeSearch.entity().getPermission(), SearchCriteria.Op.EQ);
- actionScopeSearch.done();
-
- return true;
- }
-
- @Override
- public List<AclPolicyPermissionVO> listByPolicy(long policyId) {
- SearchCriteria<AclPolicyPermissionVO> sc = policyIdSearch.create();
- sc.setParameters("policyId", policyId);
- return listBy(sc);
- }
-
- @Override
- public AclPolicyPermissionVO findByPolicyAndEntity(long policyId, String entityType, PermissionScope scope, Long scopeId, String action, Permission perm) {
- SearchCriteria<AclPolicyPermissionVO> sc = fullSearch.create();
- sc.setParameters("policyId", policyId);
- sc.setParameters("entityType", entityType);
- sc.setParameters("scope", scope);
- sc.setParameters("scopeId", scopeId);
- sc.setParameters("action", action);
- sc.setParameters("permission", perm);
- return findOneBy(sc);
- }
-
- @Override
- public List<AclPolicyPermissionVO> listGrantedByActionAndScope(long policyId, String action, PermissionScope scope) {
- SearchCriteria<AclPolicyPermissionVO> sc = actionScopeSearch.create();
- sc.setParameters("policyId", policyId);
- sc.setParameters("action", action);
- sc.setParameters("scope", scope);
- sc.setParameters("permission", Permission.Allow);
- return listBy(sc);
- }
-
- @Override
- public List<AclPolicyPermissionVO> listByPolicyActionAndEntity(long policyId, String action, String entityType) {
- SearchCriteria<AclPolicyPermissionVO> sc = fullSearch.create();
- sc.setParameters("policyId", policyId);
- sc.setParameters("entityType", entityType);
- sc.setParameters("action", action);
- return listBy(sc);
- }
-
- @Override
- public List<AclPolicyPermissionVO> listByPolicyAccessAndEntity(long policyId, AccessType accessType,
- String entityType) {
- SearchCriteria<AclPolicyPermissionVO> sc = fullSearch.create();
- sc.setParameters("policyId", policyId);
- sc.setParameters("entityType", entityType);
- sc.setParameters("accessType", accessType);
- return listBy(sc);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/server/src/com/cloud/api/ApiServer.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java
index e4bbf32..b5cfa49 100755
--- a/server/src/com/cloud/api/ApiServer.java
+++ b/server/src/com/cloud/api/ApiServer.java
@@ -83,13 +83,6 @@ import org.apache.log4j.Logger;
import org.springframework.stereotype.Component;
import org.apache.cloudstack.acl.APIChecker;
-import org.apache.cloudstack.acl.AclEntityType;
-import org.apache.cloudstack.acl.AclPolicyPermission.Permission;
-import org.apache.cloudstack.acl.AclPolicyPermissionVO;
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.acl.RoleType;
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.acl.dao.AclPolicyPermissionDao;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCmd;
@@ -149,14 +142,12 @@ import com.cloud.user.UserAccount;
import com.cloud.user.UserVO;
import com.cloud.utils.NumbersUtil;
import com.cloud.utils.Pair;
-import com.cloud.utils.PropertiesUtil;
import com.cloud.utils.StringUtils;
import com.cloud.utils.component.ComponentContext;
import com.cloud.utils.component.ManagerBase;
import com.cloud.utils.component.PluggableService;
import com.cloud.utils.concurrency.NamedThreadFactory;
import com.cloud.utils.db.EntityManager;
-import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
import com.cloud.utils.db.TransactionLegacy;
import com.cloud.utils.exception.CloudRuntimeException;
@@ -181,8 +172,6 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
List<PluggableService> _pluggableServices;
List<APIChecker> _apiAccessCheckers;
- @Inject
- private AclPolicyPermissionDao _aclPermissionDao;
@Inject
protected ApiAsyncJobDispatcher _asyncDispatcher;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/server/src/com/cloud/api/query/vo/AclGroupJoinVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/vo/AclGroupJoinVO.java b/server/src/com/cloud/api/query/vo/AclGroupJoinVO.java
deleted file mode 100644
index dd61756..0000000
--- a/server/src/com/cloud/api/query/vo/AclGroupJoinVO.java
+++ /dev/null
@@ -1,214 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.api.query.vo;
-
-import java.util.Date;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.EnumType;
-import javax.persistence.Enumerated;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
-
-import org.apache.cloudstack.acl.AclEntityType;
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-
-import com.cloud.utils.db.GenericDao;
-
-@Entity
-@Table(name = ("acl_group_view"))
-public class AclGroupJoinVO extends BaseViewVO implements ControlledViewEntity {
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- private long id;
-
- @Column(name = "name")
- private String name;
-
- @Column(name = "description")
- private String description;
-
- @Column(name = "uuid")
- private String uuid;
-
- @Column(name = "domain_id")
- private long domainId;
-
- @Column(name = "domain_uuid")
- private String domainUuid;
-
- @Column(name = "domain_name")
- private String domainName;
-
- @Column(name = "domain_path")
- private String domainPath;
-
- @Column(name = GenericDao.REMOVED_COLUMN)
- private Date removed;
-
- @Column(name = GenericDao.CREATED_COLUMN)
- private Date created;
-
- @Column(name = "policy_id")
- private long policyId;
-
- @Column(name = "policy_uuid")
- private String policyUuid;
-
- @Column(name = "policy_name")
- private String policyName;
-
- @Column(name = "account_id")
- private long accountId;
-
- @Column(name = "account_uuid")
- private String accountUuid;
-
- @Column(name = "account_name")
- private String accountName;
-
- @Column(name = "account_type")
- private short accountType;
-
- @Column(name = "member_account_id")
- private long memberAccountId;
-
- @Column(name = "member_account_uuid")
- private String memberAccountUuid;
-
- @Column(name = "member_account_name")
- private String memberAccountName;
-
-
- public AclGroupJoinVO() {
- }
-
- @Override
- public long getId() {
- return id;
- }
-
-
- public String getName() {
- return name;
- }
-
- public String getDescription() {
- return description;
- }
-
- @Override
- public String getUuid() {
- return uuid;
- }
-
- @Override
- public long getDomainId() {
- return domainId;
- }
-
- @Override
- public String getDomainUuid() {
- return domainUuid;
- }
-
- @Override
- public String getDomainName() {
- return domainName;
- }
-
- @Override
- public String getDomainPath() {
- return domainPath;
- }
-
-
- public Date getRemoved() {
- return removed;
- }
-
- public Date getCreated() {
- return created;
- }
-
- public long getPolicyId() {
- return policyId;
- }
-
- public String getPolicyUuid() {
- return policyUuid;
- }
-
- public String getPolicyName() {
- return policyName;
- }
-
- @Override
- public long getAccountId() {
- return accountId;
- }
-
- @Override
- public String getAccountUuid() {
- return accountUuid;
- }
-
- @Override
- public String getAccountName() {
- return accountName;
- }
-
- @Override
- public short getAccountType() {
- return accountType;
- }
-
- @Override
- public String getProjectUuid() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public String getProjectName() {
- // TODO Auto-generated method stub
- return null;
- }
-
- public long getMemberAccountId() {
- return memberAccountId;
- }
-
- public String getMemberAccountUuid() {
- return memberAccountUuid;
- }
-
- public String getMemberAccountName() {
- return memberAccountName;
- }
-
-
- @Override
- public AclEntityType getEntityType() {
- return AclEntityType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/43f0f901/server/src/com/cloud/api/query/vo/AclPolicyJoinVO.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/vo/AclPolicyJoinVO.java b/server/src/com/cloud/api/query/vo/AclPolicyJoinVO.java
deleted file mode 100644
index aa8b916..0000000
--- a/server/src/com/cloud/api/query/vo/AclPolicyJoinVO.java
+++ /dev/null
@@ -1,218 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.api.query.vo;
-
-import java.util.Date;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.EnumType;
-import javax.persistence.Enumerated;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Table;
-
-import org.apache.cloudstack.acl.AclEntityType;
-import org.apache.cloudstack.acl.AclPolicyPermission;
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-
-import com.cloud.utils.db.GenericDao;
-
-@Entity
-@Table(name = ("acl_policy_view"))
-public class AclPolicyJoinVO extends BaseViewVO implements ControlledViewEntity {
- @Id
- @GeneratedValue(strategy = GenerationType.IDENTITY)
- @Column(name = "id")
- private long id;
-
- @Column(name = "name")
- private String name;
-
- @Column(name = "description")
- private String description;
-
- @Column(name = "uuid")
- private String uuid;
-
- @Column(name = "domain_id")
- private long domainId;
-
- @Column(name = "domain_uuid")
- private String domainUuid;
-
- @Column(name = "domain_name")
- private String domainName;
-
- @Column(name = "domain_path")
- private String domainPath;
-
- @Column(name = "account_id")
- private long accountId;
-
- @Column(name = "account_uuid")
- private String accountUuid;
-
- @Column(name = "account_name")
- private String accountName;
-
- @Column(name = "account_type")
- private short accountType;
-
- @Column(name = "permission_action")
- private String permissionAction;
-
- @Column(name = "permission_entity_type")
- @Enumerated(value = EnumType.STRING)
- private AclEntityType permissionEntityType;
-
- @Column(name = "permission_scope_id")
- private Long permissionScopeId;
-
- @Column(name = "permission_scope_type")
- @Enumerated(value = EnumType.STRING)
- private PermissionScope permissionScope;
-
- @Column(name = "permission_access_type")
- @Enumerated(value = EnumType.STRING)
- private AccessType permissionAccessType;
-
- @Column(name = "permission_allow_deny")
- @Enumerated(value = EnumType.STRING)
- private AclPolicyPermission.Permission permissionAllowDeny;
-
- @Column(name = GenericDao.REMOVED_COLUMN)
- private Date removed;
-
- @Column(name = GenericDao.CREATED_COLUMN)
- private Date created;
-
- public AclPolicyJoinVO() {
- }
-
- @Override
- public long getId() {
- return id;
- }
-
-
- public String getName() {
- return name;
- }
-
- public String getDescription() {
- return description;
- }
-
- @Override
- public String getUuid() {
- return uuid;
- }
-
- @Override
- public long getDomainId() {
- return domainId;
- }
-
- @Override
- public String getDomainUuid() {
- return domainUuid;
- }
-
- @Override
- public String getDomainName() {
- return domainName;
- }
-
- @Override
- public String getDomainPath() {
- return domainPath;
- }
-
- @Override
- public long getAccountId() {
- return accountId;
- }
-
- @Override
- public String getAccountUuid() {
- return accountUuid;
- }
-
- @Override
- public String getAccountName() {
- return accountName;
- }
-
- @Override
- public short getAccountType() {
- return accountType;
- }
-
- @Override
- public String getProjectUuid() {
- // TODO Auto-generated method stub
- return null;
- }
-
- @Override
- public String getProjectName() {
- // TODO Auto-generated method stub
- return null;
- }
-
- public Date getRemoved() {
- return removed;
- }
-
- public Date getCreated() {
- return created;
- }
-
-
- public String getPermissionAction() {
- return permissionAction;
- }
-
- public AclEntityType getPermissionEntityType() {
- return permissionEntityType;
- }
-
- public Long getPermissionScopeId() {
- return permissionScopeId;
- }
-
- public PermissionScope getPermissionScope() {
- return permissionScope;
- }
-
- public AccessType getPermissionAccessType() {
- return permissionAccessType;
- }
-
- public AclPolicyPermission.Permission getPermissionAllowDeny() {
- return permissionAllowDeny;
- }
-
- @Override
- public AclEntityType getEntityType() {
- return AclEntityType.AclPolicy;
- }
-
-}