You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by mc...@apache.org on 2013/12/07 00:10:07 UTC
[2/3] Fix API build error based on new DB schema,
now only RoleBasedEntityAccessChecker needs to be fixed.
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/api/src/org/apache/cloudstack/api/command/admin/acl/RevokePermissionFromAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/RevokePermissionFromAclGroupCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/RevokePermissionFromAclGroupCmd.java
deleted file mode 100644
index b9a75d7..0000000
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/RevokePermissionFromAclGroupCmd.java
+++ /dev/null
@@ -1,131 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.admin.acl;
-
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.AclGroup;
-import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AclGroupResponse;
-import org.apache.cloudstack.context.CallContext;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "revokePermissionFromAclGroup", description = "revoke entity permission from an acl group", responseObject = AclGroupResponse.class)
-public class RevokePermissionFromAclGroupCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(RevokePermissionFromAclGroupCmd.class.getName());
- private static final String s_name = "revokepermissiontoaclgroupresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
- required = true, description = "The ID of the acl group")
- private Long id;
-
- @Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = true, description = "entity class simple name.")
- private String entityType;
-
- @Parameter(name = ApiConstants.ENTITY_ID, type = CommandType.UUID, required = true, description = "The ID of the entity")
- private Long entityId;
-
- @Parameter(name = ApiConstants.ACCESS_TYPE, type = CommandType.STRING, required = true, description = "access type for the entity")
- private String accessType;
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
- public String getEntityType() {
- return entityType;
- }
-
- public Long getEntityId() {
- return entityId;
- }
-
- public AccessType getAccessType() {
- return AccessType.valueOf(accessType);
- }
-
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclService.revokeEntityPermissionFromAclGroup(id, entityType, entityId, getAccessType());
- if (result != null){
- AclGroupResponse response = _responseGenerator.createAclGroupResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to grant permission to acl group");
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_GROUP_GRANT;
- }
-
- @Override
- public String getEventDescription() {
- return "granting permission to acl group";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclGroup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/api/src/org/apache/cloudstack/api/command/admin/acl/RevokePermissionFromAclRoleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/RevokePermissionFromAclRoleCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/RevokePermissionFromAclRoleCmd.java
deleted file mode 100644
index 4576b76..0000000
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/RevokePermissionFromAclRoleCmd.java
+++ /dev/null
@@ -1,120 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.command.admin.acl;
-
-import java.util.List;
-
-import org.apache.log4j.Logger;
-
-import org.apache.cloudstack.acl.AclRole;
-import org.apache.cloudstack.api.ACL;
-import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiCommandJobType;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseAsyncCmd;
-import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AclRoleResponse;
-import org.apache.cloudstack.context.CallContext;
-
-import com.cloud.event.EventTypes;
-import com.cloud.exception.InsufficientCapacityException;
-import com.cloud.exception.ResourceUnavailableException;
-import com.cloud.user.Account;
-
-
-@APICommand(name = "revokePermissionFromAclRole", description = "Revoke api permission from an acl role", responseObject = AclRoleResponse.class)
-public class RevokePermissionFromAclRoleCmd extends BaseAsyncCmd {
- public static final Logger s_logger = Logger.getLogger(RevokePermissionFromAclRoleCmd.class.getName());
- private static final String s_name = "revokepermissionfromroleresponse";
-
- /////////////////////////////////////////////////////
- //////////////// API parameters /////////////////////
- /////////////////////////////////////////////////////
-
-
- @ACL
- @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclRoleResponse.class,
- required = true, description = "The ID of the acl role")
- private Long id;
-
- @ACL
- @Parameter(name = ApiConstants.ACL_APIS, type = CommandType.LIST, collectionType = CommandType.STRING, description = "comma separated list of apis granted to the acl role. ")
- private List<String> apiList;
-
-
- /////////////////////////////////////////////////////
- /////////////////// Accessors ///////////////////////
- /////////////////////////////////////////////////////
-
-
- public Long getId() {
- return id;
- }
-
-
- public List<String> getApiList() {
- return apiList;
- }
-
- /////////////////////////////////////////////////////
- /////////////// API Implementation///////////////////
- /////////////////////////////////////////////////////
-
-
- @Override
- public String getCommandName() {
- return s_name;
- }
-
-
- @Override
- public long getEntityOwnerId() {
- return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
- }
-
- @Override
- public void execute() throws ResourceUnavailableException,
- InsufficientCapacityException, ServerApiException {
- CallContext.current().setEventDetails("Acl role Id: " + getId());
- AclRole result = _aclService.revokeApiPermissionFromAclRole(id, apiList);
- if (result != null) {
- AclRoleResponse response = _responseGenerator.createAclRoleResponse(result);
- response.setResponseName(getCommandName());
- setResponseObject(response);
- } else {
- throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to revoke permission from acl role " + getId());
- }
- }
-
- @Override
- public String getEventType() {
- return EventTypes.EVENT_ACL_ROLE_REVOKE;
- }
-
- @Override
- public String getEventDescription() {
- return "revoking permission from acl role";
- }
-
- @Override
- public ApiCommandJobType getInstanceType() {
- return ApiCommandJobType.AclRole;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/api/src/org/apache/cloudstack/api/response/AclEntityPermissionResponse.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/response/AclEntityPermissionResponse.java b/api/src/org/apache/cloudstack/api/response/AclEntityPermissionResponse.java
deleted file mode 100644
index da3b4b2..0000000
--- a/api/src/org/apache/cloudstack/api/response/AclEntityPermissionResponse.java
+++ /dev/null
@@ -1,112 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.response;
-
-import com.google.gson.annotations.SerializedName;
-
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseResponse;
-
-import com.cloud.serializer.Param;
-
-public class AclEntityPermissionResponse extends BaseResponse {
-
- @SerializedName(ApiConstants.GROUP_ID)
- @Param(description = "the ID of the acl group")
- private String groupId;
-
- @SerializedName(ApiConstants.ENTITY_TYPE)
- @Param(description = "the entity type of this permission")
- private String entityType;
-
- @SerializedName(ApiConstants.ENTITY_ID)
- @Param(description = "the uuid of the entity involved in this permission")
- private String entityId;
-
- @SerializedName(ApiConstants.ACCESS_TYPE)
- @Param(description = "access type involved in this permission")
- private String accessType;
-
-
-
- public String getGroupId() {
- return groupId;
- }
-
- public void setGroupId(String groupId) {
- this.groupId = groupId;
- }
-
- public String getEntityType() {
- return entityType;
- }
-
- public void setEntityType(String entityType) {
- this.entityType = entityType;
- }
-
- public String getEntityId() {
- return entityId;
- }
-
- public void setEntityId(String entityId) {
- this.entityId = entityId;
- }
-
- public String getAccessType() {
- return accessType;
- }
-
- public void setAccessType(String accessType) {
- this.accessType = accessType;
- }
-
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((entityType == null) ? 0 : entityType.hashCode());
- result = prime * result + ((entityId == null) ? 0 : entityId.hashCode());
- result = prime * result + ((accessType == null) ? 0 : accessType.hashCode());
- return result;
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj)
- return true;
- if (obj == null)
- return false;
- if (getClass() != obj.getClass())
- return false;
- AclEntityPermissionResponse other = (AclEntityPermissionResponse) obj;
- if (entityType == null) {
- if (other.entityType != null)
- return false;
- } else if (!entityType.equals(other.entityType)) {
- return false;
- } else if ((entityId == null && other.entityId != null) || !entityId.equals(other.entityId)) {
- return false;
- } else if ((accessType == null && other.accessType != null) || !accessType.equals(other.accessType)) {
- return false;
- }
- return true;
- }
-
-
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/api/src/org/apache/cloudstack/api/response/AclRoleResponse.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/response/AclRoleResponse.java b/api/src/org/apache/cloudstack/api/response/AclRoleResponse.java
deleted file mode 100644
index 2056d35..0000000
--- a/api/src/org/apache/cloudstack/api/response/AclRoleResponse.java
+++ /dev/null
@@ -1,134 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package org.apache.cloudstack.api.response;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import com.google.gson.annotations.SerializedName;
-
-import org.apache.cloudstack.acl.AclRole;
-import org.apache.cloudstack.api.ApiConstants;
-import org.apache.cloudstack.api.BaseResponse;
-import org.apache.cloudstack.api.EntityReference;
-
-import com.cloud.serializer.Param;
-
-@SuppressWarnings("unused")
-@EntityReference(value = AclRole.class)
-public class AclRoleResponse extends BaseResponse {
-
- @SerializedName(ApiConstants.ID)
- @Param(description = "the ID of the acl role")
- private String id;
-
- @SerializedName(ApiConstants.NAME)
- @Param(description = "the name of the acl role")
- private String name;
-
- @SerializedName(ApiConstants.DESCRIPTION)
- @Param(description = "the description of the acl role")
- private String description;
-
- @SerializedName(ApiConstants.DOMAIN_ID)
- @Param(description = "the domain ID of the acl role")
- private String domainId;
-
- @SerializedName(ApiConstants.DOMAIN)
- @Param(description = "the domain name of the acl role")
- private String domainName;
-
- @SerializedName(ApiConstants.ACL_APIS)
- @Param(description = "allowed apis for the acl role ")
- private List<String> apiList;
-
- public AclRoleResponse() {
- apiList = new ArrayList<String>();
- }
-
- @Override
- public String getObjectId() {
- return getId();
- }
-
-
- public String getId() {
- return id;
- }
-
- public void setId(String id) {
- this.id = id;
- }
-
-
- public void setName(String name) {
- this.name = name;
- }
-
- public void setDescription(String description) {
- this.description = description;
- }
-
-
- public void setDomainId(String domainId) {
- this.domainId = domainId;
- }
-
- public void setDomainName(String domainName) {
- this.domainName = domainName;
- }
-
- public List<String> getApiList() {
- return apiList;
- }
-
- public void setApiList(List<String> apiList) {
- this.apiList = apiList;
- }
-
- public void addApi(String api) {
- apiList.add(api);
- }
-
- @Override
- public int hashCode() {
- final int prime = 31;
- int result = 1;
- result = prime * result + ((id == null) ? 0 : id.hashCode());
- return result;
- }
-
- @Override
- public boolean equals(Object obj) {
- if (this == obj)
- return true;
- if (obj == null)
- return false;
- if (getClass() != obj.getClass())
- return false;
- AclRoleResponse other = (AclRoleResponse) obj;
- if (id == null) {
- if (other.id != null)
- return false;
- } else if (!id.equals(other.id))
- return false;
- return true;
- }
-
-
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/api/src/org/apache/cloudstack/query/QueryService.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/query/QueryService.java b/api/src/org/apache/cloudstack/query/QueryService.java
index bbbb3fe..00df62e 100644
--- a/api/src/org/apache/cloudstack/query/QueryService.java
+++ b/api/src/org/apache/cloudstack/query/QueryService.java
@@ -45,7 +45,7 @@ import org.apache.cloudstack.api.command.user.volume.ListVolumesCmd;
import org.apache.cloudstack.api.command.user.zone.ListZonesByCmd;
import org.apache.cloudstack.api.response.AccountResponse;
import org.apache.cloudstack.api.response.AclGroupResponse;
-import org.apache.cloudstack.api.response.AclRoleResponse;
+import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.response.AsyncJobResponse;
import org.apache.cloudstack.api.response.DiskOfferingResponse;
import org.apache.cloudstack.api.response.DomainRouterResponse;
@@ -127,7 +127,7 @@ public interface QueryService {
ListResponse<DomainRouterResponse> searchForInternalLbVms(ListInternalLBVMsCmd cmd);
- public ListResponse<AclRoleResponse> listAclRoles(Long aclRoleId, String aclRoleName,
+ public ListResponse<AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName,
Long domainId, Long startIndex, Long pageSize);
public ListResponse<AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName,
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/engine/schema/src/org/apache/cloudstack/acl/AclGroupVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/AclGroupVO.java b/engine/schema/src/org/apache/cloudstack/acl/AclGroupVO.java
index 6570557..e86e710 100644
--- a/engine/schema/src/org/apache/cloudstack/acl/AclGroupVO.java
+++ b/engine/schema/src/org/apache/cloudstack/acl/AclGroupVO.java
@@ -96,6 +96,10 @@ public class AclGroupVO implements AclGroup {
return accountId;
}
+ public void setAccountId(long accountId) {
+ this.accountId = accountId;
+ }
+
@Override
public String getUuid() {
return uuid;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/engine/schema/src/org/apache/cloudstack/acl/AclPolicyPermissionVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/AclPolicyPermissionVO.java b/engine/schema/src/org/apache/cloudstack/acl/AclPolicyPermissionVO.java
index 0b23b0b..0d93b4f 100644
--- a/engine/schema/src/org/apache/cloudstack/acl/AclPolicyPermissionVO.java
+++ b/engine/schema/src/org/apache/cloudstack/acl/AclPolicyPermissionVO.java
@@ -97,6 +97,10 @@ public class AclPolicyPermissionVO implements AclPolicyPermission {
}
+ public void setAclPolicyId(long aclPolicyId) {
+ this.aclPolicyId = aclPolicyId;
+ }
+
@Override
public String getEntityType() {
return entityType;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/engine/schema/src/org/apache/cloudstack/acl/AclPolicyVO.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/AclPolicyVO.java b/engine/schema/src/org/apache/cloudstack/acl/AclPolicyVO.java
index 24b9888..5210016 100644
--- a/engine/schema/src/org/apache/cloudstack/acl/AclPolicyVO.java
+++ b/engine/schema/src/org/apache/cloudstack/acl/AclPolicyVO.java
@@ -121,6 +121,10 @@ public class AclPolicyVO implements AclPolicy {
return accountId;
}
+ public void setAccountId(long accountId) {
+ this.accountId = accountId;
+ }
+
public AclPolicy.PolicyType getPolicyType() {
return policyType;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDao.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDao.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDao.java
index f8d3cb5..f3c6446 100644
--- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDao.java
+++ b/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDao.java
@@ -17,10 +17,19 @@
package org.apache.cloudstack.acl.dao;
+import java.util.List;
+
+import org.apache.cloudstack.acl.AclPolicyPermission.Permission;
import org.apache.cloudstack.acl.AclPolicyPermissionVO;
+import org.apache.cloudstack.acl.PermissionScope;
import com.cloud.utils.db.GenericDao;
public interface AclPolicyPermissionDao extends GenericDao<AclPolicyPermissionVO, Long> {
+ List<AclPolicyPermissionVO> listByPolicy(long policyId);
+
+ AclPolicyPermissionVO findByPolicyAndEntity(long policyId, String entityType, PermissionScope scope, Long scopeId, String action, Permission perm);
+
+
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDaoImpl.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDaoImpl.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDaoImpl.java
index 1160d30..11b009b 100644
--- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDaoImpl.java
+++ b/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDaoImpl.java
@@ -16,21 +16,20 @@
// under the License.
package org.apache.cloudstack.acl.dao;
+import java.util.List;
import java.util.Map;
import javax.naming.ConfigurationException;
+import org.apache.cloudstack.acl.AclPolicyPermission.Permission;
import org.apache.cloudstack.acl.AclPolicyPermissionVO;
+import org.apache.cloudstack.acl.PermissionScope;
import com.cloud.utils.db.GenericDaoBase;
public class AclPolicyPermissionDaoImpl extends GenericDaoBase<AclPolicyPermissionVO, Long> implements
AclPolicyPermissionDao {
- public AclPolicyPermissionDaoImpl()
- {
-
- }
@Override
public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
@@ -39,5 +38,16 @@ public class AclPolicyPermissionDaoImpl extends GenericDaoBase<AclPolicyPermissi
return true;
}
+ @Override
+ public List<AclPolicyPermissionVO> listByPolicy(long policyId) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public AclPolicyPermissionVO findByPolicyAndEntity(long policyId, String entityType, PermissionScope scope, Long scopeId, String action, Permission perm) {
+ // TODO Auto-generated method stub
+ return null;
+ }
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/api/RoleBasedAPIAccessChecker.java
----------------------------------------------------------------------
diff --git a/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/api/RoleBasedAPIAccessChecker.java b/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/api/RoleBasedAPIAccessChecker.java
index 027ff58..f43194a 100644
--- a/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/api/RoleBasedAPIAccessChecker.java
+++ b/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/api/RoleBasedAPIAccessChecker.java
@@ -54,10 +54,10 @@ public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker
throw new PermissionDeniedException("The account id=" + user.getAccountId() + "for user id=" + user.getId() + "is null");
}
- List<AclRole> roles = _aclService.getAclRoles(account.getAccountId());
+ List<AclRole> roles = _aclService.listAclPolicies(account.getAccountId());
- boolean isAllowed = _aclService.isAPIAccessibleForRoles(commandName, roles);
+ boolean isAllowed = _aclService.isAPIAccessibleForPolicies(commandName, roles);
if (!isAllowed) {
throw new PermissionDeniedException("The API does not exist or is blacklisted. api: " + commandName);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityAccessChecker.java
----------------------------------------------------------------------
diff --git a/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityAccessChecker.java b/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityAccessChecker.java
index 5a0abf5..6d1fe01 100644
--- a/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityAccessChecker.java
+++ b/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityAccessChecker.java
@@ -106,7 +106,7 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
}
// get all Roles of this caller w.r.t the entity
- List<AclRole> roles = _aclService.getEffectiveRoles(caller, entity);
+ List<AclRole> roles = _aclService.getEffectivePolicies(caller, entity);
HashMap<AclRole, Boolean> rolePermissionMap = new HashMap<AclRole, Boolean>();
for (AclRole role : roles) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/server/src/com/cloud/api/ApiDBUtils.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiDBUtils.java b/server/src/com/cloud/api/ApiDBUtils.java
index 3ae7142..f6e7cd8 100755
--- a/server/src/com/cloud/api/ApiDBUtils.java
+++ b/server/src/com/cloud/api/ApiDBUtils.java
@@ -26,7 +26,7 @@ import javax.annotation.PostConstruct;
import javax.inject.Inject;
import org.apache.cloudstack.acl.AclGroup;
-import org.apache.cloudstack.acl.AclRole;
+import org.apache.cloudstack.acl.AclPolicy;
import org.apache.cloudstack.affinity.AffinityGroup;
import org.apache.cloudstack.affinity.AffinityGroupResponse;
import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
@@ -36,7 +36,7 @@ import org.apache.cloudstack.api.ApiConstants.VMDetails;
import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.response.AccountResponse;
import org.apache.cloudstack.api.response.AclGroupResponse;
-import org.apache.cloudstack.api.response.AclRoleResponse;
+import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.response.AsyncJobResponse;
import org.apache.cloudstack.api.response.DiskOfferingResponse;
import org.apache.cloudstack.api.response.DomainRouterResponse;
@@ -70,7 +70,7 @@ import org.apache.cloudstack.storage.datastore.db.StoragePoolVO;
import com.cloud.api.query.dao.AccountJoinDao;
import com.cloud.api.query.dao.AclGroupJoinDao;
-import com.cloud.api.query.dao.AclRoleJoinDao;
+import com.cloud.api.query.dao.AclPolicyJoinDao;
import com.cloud.api.query.dao.AffinityGroupJoinDao;
import com.cloud.api.query.dao.AsyncJobJoinDao;
import com.cloud.api.query.dao.DataCenterJoinDao;
@@ -92,7 +92,7 @@ import com.cloud.api.query.dao.UserVmJoinDao;
import com.cloud.api.query.dao.VolumeJoinDao;
import com.cloud.api.query.vo.AccountJoinVO;
import com.cloud.api.query.vo.AclGroupJoinVO;
-import com.cloud.api.query.vo.AclRoleJoinVO;
+import com.cloud.api.query.vo.AclPolicyJoinVO;
import com.cloud.api.query.vo.AffinityGroupJoinVO;
import com.cloud.api.query.vo.AsyncJobJoinVO;
import com.cloud.api.query.vo.DataCenterJoinVO;
@@ -411,7 +411,7 @@ public class ApiDBUtils {
static GlobalLoadBalancingRulesService _gslbService;
static NetworkACLDao _networkACLDao;
static AccountService _accountService;
- static AclRoleJoinDao _aclRoleJoinDao;
+ static AclPolicyJoinDao _aclPolicyJoinDao;
static AclGroupJoinDao _aclGroupJoinDao;
static ResourceMetaDataService _resourceDetailsService;
@@ -527,7 +527,7 @@ public class ApiDBUtils {
@Inject private ServiceOfferingDetailsDao serviceOfferingDetailsDao;
@Inject private AccountService accountService;
@Inject
- private AclRoleJoinDao aclRoleJoinDao;
+ private AclPolicyJoinDao aclPolicyJoinDao;
@Inject
private AclGroupJoinDao aclGroupJoinDao;
@Inject private ConfigurationManager configMgr;
@@ -643,7 +643,7 @@ public class ApiDBUtils {
_statsCollector = StatsCollector.getInstance();
_networkACLDao = networkACLDao;
_accountService = accountService;
- _aclRoleJoinDao = aclRoleJoinDao;
+ _aclPolicyJoinDao = aclPolicyJoinDao;
_aclGroupJoinDao = aclGroupJoinDao;
_resourceDetailsService = resourceDetailsService;
}
@@ -1698,16 +1698,16 @@ public class ApiDBUtils {
return _affinityGroupJoinDao.setAffinityGroupResponse(resp, group);
}
- public static List<AclRoleJoinVO> newAclRoleView(AclRole role) {
- return _aclRoleJoinDao.newAclRoleView(role);
+ public static List<AclPolicyJoinVO> newAclPolicyView(AclPolicy policy) {
+ return _aclPolicyJoinDao.newAclPolicyView(policy);
}
- public static AclRoleResponse newAclRoleResponse(AclRoleJoinVO role) {
- return _aclRoleJoinDao.newAclRoleResponse(role);
+ public static AclPolicyResponse newAclPolicyResponse(AclPolicyJoinVO policy) {
+ return _aclPolicyJoinDao.newAclPolicyResponse(policy);
}
- public static AclRoleResponse fillAclRoleDetails(AclRoleResponse resp, AclRoleJoinVO role) {
- return _aclRoleJoinDao.setAclRoleResponse(resp, role);
+ public static AclPolicyResponse fillAclPolicyDetails(AclPolicyResponse resp, AclPolicyJoinVO policy) {
+ return _aclPolicyJoinDao.setAclPolicyResponse(resp, policy);
}
public static List<AclGroupJoinVO> newAclGroupView(AclGroup group) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/server/src/com/cloud/api/ApiResponseHelper.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java
index 16f3c65..271c7d9 100755
--- a/server/src/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/com/cloud/api/ApiResponseHelper.java
@@ -34,7 +34,7 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.AclGroup;
-import org.apache.cloudstack.acl.AclRole;
+import org.apache.cloudstack.acl.AclPolicy;
import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.acl.ControlledEntity.ACLType;
import org.apache.cloudstack.affinity.AffinityGroup;
@@ -46,7 +46,7 @@ import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.command.user.job.QueryAsyncJobResultCmd;
import org.apache.cloudstack.api.response.AccountResponse;
import org.apache.cloudstack.api.response.AclGroupResponse;
-import org.apache.cloudstack.api.response.AclRoleResponse;
+import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.response.ApplicationLoadBalancerInstanceResponse;
import org.apache.cloudstack.api.response.ApplicationLoadBalancerResponse;
import org.apache.cloudstack.api.response.ApplicationLoadBalancerRuleResponse;
@@ -155,7 +155,7 @@ import org.apache.cloudstack.usage.UsageTypes;
import com.cloud.api.query.ViewResponseHelper;
import com.cloud.api.query.vo.AccountJoinVO;
import com.cloud.api.query.vo.AclGroupJoinVO;
-import com.cloud.api.query.vo.AclRoleJoinVO;
+import com.cloud.api.query.vo.AclPolicyJoinVO;
import com.cloud.api.query.vo.AsyncJobJoinVO;
import com.cloud.api.query.vo.ControlledViewEntity;
import com.cloud.api.query.vo.DataCenterJoinVO;
@@ -3709,11 +3709,11 @@ public class ApiResponseHelper implements ResponseGenerator {
}
@Override
- public AclRoleResponse createAclRoleResponse(AclRole role) {
- List<AclRoleJoinVO> viewRoles = ApiDBUtils.newAclRoleView(role);
- List<AclRoleResponse> listRoles = ViewResponseHelper.createAclRoleResponses(viewRoles);
- assert listRoles != null && listRoles.size() == 1 : "There should be one acl role returned";
- return listRoles.get(0);
+ public AclPolicyResponse createAclPolicyResponse(AclPolicy policy) {
+ List<AclPolicyJoinVO> viewPolicies = ApiDBUtils.newAclPolicyView(policy);
+ List<AclPolicyResponse> listPolicies = ViewResponseHelper.createAclPolicyResponses(viewPolicies);
+ assert listPolicies != null && listPolicies.size() == 1 : "There should be one acl policy returned";
+ return listPolicies.get(0);
}
@Override
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/server/src/com/cloud/api/ApiServer.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java
index 5b0d7cc..672ad12 100755
--- a/server/src/com/cloud/api/ApiServer.java
+++ b/server/src/com/cloud/api/ApiServer.java
@@ -51,14 +51,44 @@ import javax.naming.ConfigurationException;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.http.ConnectionClosedException;
+import org.apache.http.HttpException;
+import org.apache.http.HttpRequest;
+import org.apache.http.HttpResponse;
+import org.apache.http.HttpServerConnection;
+import org.apache.http.HttpStatus;
+import org.apache.http.NameValuePair;
+import org.apache.http.client.utils.URLEncodedUtils;
+import org.apache.http.entity.BasicHttpEntity;
+import org.apache.http.impl.DefaultHttpResponseFactory;
+import org.apache.http.impl.DefaultHttpServerConnection;
+import org.apache.http.impl.NoConnectionReuseStrategy;
+import org.apache.http.impl.SocketHttpServerConnection;
+import org.apache.http.params.BasicHttpParams;
+import org.apache.http.params.CoreConnectionPNames;
+import org.apache.http.params.CoreProtocolPNames;
+import org.apache.http.params.HttpParams;
+import org.apache.http.protocol.BasicHttpContext;
+import org.apache.http.protocol.BasicHttpProcessor;
+import org.apache.http.protocol.HttpContext;
+import org.apache.http.protocol.HttpRequestHandler;
+import org.apache.http.protocol.HttpRequestHandlerRegistry;
+import org.apache.http.protocol.HttpService;
+import org.apache.http.protocol.ResponseConnControl;
+import org.apache.http.protocol.ResponseContent;
+import org.apache.http.protocol.ResponseDate;
+import org.apache.http.protocol.ResponseServer;
+import org.apache.log4j.Logger;
+import org.springframework.stereotype.Component;
+
import org.apache.cloudstack.acl.APIChecker;
+import org.apache.cloudstack.acl.AclPolicyPermission.Permission;
import org.apache.cloudstack.acl.AclPolicyPermissionVO;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.acl.RoleType;
-import org.apache.cloudstack.acl.AclPolicyPermission.Permission;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.acl.dao.AclPolicyPermissionDao;
-import org.apache.cloudstack.affinity.AffinityGroupVMMapVO;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCmd;
@@ -96,36 +126,6 @@ import org.apache.cloudstack.framework.jobs.AsyncJob;
import org.apache.cloudstack.framework.jobs.AsyncJobManager;
import org.apache.cloudstack.framework.jobs.impl.AsyncJobVO;
import org.apache.cloudstack.managed.context.ManagedContextRunnable;
-import org.apache.commons.codec.binary.Base64;
-import org.apache.http.ConnectionClosedException;
-import org.apache.http.HttpException;
-import org.apache.http.HttpRequest;
-import org.apache.http.HttpResponse;
-import org.apache.http.HttpServerConnection;
-import org.apache.http.HttpStatus;
-import org.apache.http.NameValuePair;
-import org.apache.http.client.utils.URLEncodedUtils;
-import org.apache.http.entity.BasicHttpEntity;
-import org.apache.http.impl.DefaultHttpResponseFactory;
-import org.apache.http.impl.DefaultHttpServerConnection;
-import org.apache.http.impl.NoConnectionReuseStrategy;
-import org.apache.http.impl.SocketHttpServerConnection;
-import org.apache.http.params.BasicHttpParams;
-import org.apache.http.params.CoreConnectionPNames;
-import org.apache.http.params.CoreProtocolPNames;
-import org.apache.http.params.HttpParams;
-import org.apache.http.protocol.BasicHttpContext;
-import org.apache.http.protocol.BasicHttpProcessor;
-import org.apache.http.protocol.HttpContext;
-import org.apache.http.protocol.HttpRequestHandler;
-import org.apache.http.protocol.HttpRequestHandlerRegistry;
-import org.apache.http.protocol.HttpService;
-import org.apache.http.protocol.ResponseConnControl;
-import org.apache.http.protocol.ResponseContent;
-import org.apache.http.protocol.ResponseDate;
-import org.apache.http.protocol.ResponseServer;
-import org.apache.log4j.Logger;
-import org.springframework.stereotype.Component;
import com.cloud.api.response.ApiResponseSerializer;
import com.cloud.configuration.Config;
@@ -1017,7 +1017,8 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
}
}
- private Class<?> getCmdClass(String cmdName) {
+ @Override
+ public Class<?> getCmdClass(String cmdName) {
List<Class<?>> cmdList = _apiNameCmdClassMap.get(cmdName);
if (cmdList == null || cmdList.size() == 0)
return null;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/server/src/com/cloud/api/ApiServerService.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/ApiServerService.java b/server/src/com/cloud/api/ApiServerService.java
index dac81c6..4a4ae1e 100644
--- a/server/src/com/cloud/api/ApiServerService.java
+++ b/server/src/com/cloud/api/ApiServerService.java
@@ -35,4 +35,6 @@ public interface ApiServerService {
public String getSerializedApiError(ServerApiException ex, Map<String, Object[]> apiCommandParams, String responseType);
public String handleRequest(Map params, String responseType, StringBuffer auditTrailSb) throws ServerApiException;
+
+ public Class<?> getCmdClass(String cmdName);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/server/src/com/cloud/api/query/QueryManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/QueryManagerImpl.java b/server/src/com/cloud/api/query/QueryManagerImpl.java
index 8eff952..4a3e882 100644
--- a/server/src/com/cloud/api/query/QueryManagerImpl.java
+++ b/server/src/com/cloud/api/query/QueryManagerImpl.java
@@ -30,7 +30,7 @@ import org.apache.log4j.Logger;
import org.springframework.stereotype.Component;
import org.apache.cloudstack.acl.AclGroup;
-import org.apache.cloudstack.acl.AclRole;
+import org.apache.cloudstack.acl.AclPolicy;
import org.apache.cloudstack.acl.AclService;
import org.apache.cloudstack.acl.ControlledEntity.ACLType;
import org.apache.cloudstack.acl.dao.AclGroupDao;
@@ -71,7 +71,7 @@ import org.apache.cloudstack.api.command.user.volume.ListVolumesCmd;
import org.apache.cloudstack.api.command.user.zone.ListZonesByCmd;
import org.apache.cloudstack.api.response.AccountResponse;
import org.apache.cloudstack.api.response.AclGroupResponse;
-import org.apache.cloudstack.api.response.AclRoleResponse;
+import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.response.AsyncJobResponse;
import org.apache.cloudstack.api.response.DiskOfferingResponse;
import org.apache.cloudstack.api.response.DomainRouterResponse;
@@ -100,7 +100,7 @@ import org.apache.cloudstack.query.QueryService;
import com.cloud.api.query.dao.AccountJoinDao;
import com.cloud.api.query.dao.AclGroupJoinDao;
-import com.cloud.api.query.dao.AclRoleJoinDao;
+import com.cloud.api.query.dao.AclPolicyJoinDao;
import com.cloud.api.query.dao.AffinityGroupJoinDao;
import com.cloud.api.query.dao.AsyncJobJoinDao;
import com.cloud.api.query.dao.DataCenterJoinDao;
@@ -122,6 +122,7 @@ import com.cloud.api.query.dao.UserVmJoinDao;
import com.cloud.api.query.dao.VolumeJoinDao;
import com.cloud.api.query.vo.AccountJoinVO;
import com.cloud.api.query.vo.AclGroupJoinVO;
+import com.cloud.api.query.vo.AclPolicyJoinVO;
import com.cloud.api.query.vo.AclRoleJoinVO;
import com.cloud.api.query.vo.AffinityGroupJoinVO;
import com.cloud.api.query.vo.AsyncJobJoinVO;
@@ -350,10 +351,10 @@ public class QueryManagerImpl extends ManagerBase implements QueryService {
AffinityGroupDomainMapDao _affinityGroupDomainMapDao;
@Inject
- AclRoleJoinDao _aclRoleJoinDao;
+ AclPolicyJoinDao _aclPolicyJoinDao;
@Inject
- AclPolicyDao _aclRoleDao;
+ AclPolicyDao _aclPolicyDao;
@Inject
AclGroupJoinDao _aclGroupJoinDao;
@@ -3308,28 +3309,29 @@ public class QueryManagerImpl extends ManagerBase implements QueryService {
}
@Override
- public ListResponse<AclRoleResponse> listAclRoles(Long aclRoleId, String aclRoleName, Long domainId, Long startIndex, Long pageSize) {
- Pair<List<AclRoleJoinVO>, Integer> result = listAclRolesInternal(aclRoleId, aclRoleName, domainId, true, true, startIndex, pageSize);
- ListResponse<AclRoleResponse> response = new ListResponse<AclRoleResponse>();
+ public ListResponse<AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName, Long domainId, Long startIndex, Long pageSize) {
+ Pair<List<AclPolicyJoinVO>, Integer> result = listAclPoliciesInternal(aclPolicyId, aclPolicyName, domainId, true, true, startIndex, pageSize);
+ ListResponse<AclPolicyResponse> response = new ListResponse<AclPolicyResponse>();
- List<AclRoleResponse> roleResponses = ViewResponseHelper.createAclRoleResponses(result.first());
+ List<AclPolicyResponse> roleResponses = ViewResponseHelper.createAclPolicyResponses(result.first());
response.setResponses(roleResponses, result.second());
return response;
}
- private Pair<List<AclRoleJoinVO>, Integer> listAclRolesInternal(Long aclRoleId, String aclRoleName, Long domainId, boolean isRecursive, boolean listAll, Long startIndex,
+ private Pair<List<AclPolicyJoinVO>, Integer> listAclPoliciesInternal(Long aclPolicyId, String aclPolicyName, Long domainId, boolean isRecursive, boolean listAll,
+ Long startIndex,
Long pageSize) {
Account caller = CallContext.current().getCallingAccount();
Boolean listForDomain = false;
- if (aclRoleId != null) {
- AclRole role = _aclRoleDao.findById(aclRoleId);
- if (role == null) {
- throw new InvalidParameterValueException("Unable to find acl role by id " + aclRoleId);
+ if (aclPolicyId != null) {
+ AclPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+ if (policy == null) {
+ throw new InvalidParameterValueException("Unable to find acl policy by id " + aclPolicyId);
}
- _accountMgr.checkAccess(caller, null, true, role);
+ _accountMgr.checkAccess(caller, null, true, policy);
}
if (domainId != null) {
@@ -3340,17 +3342,17 @@ public class QueryManagerImpl extends ManagerBase implements QueryService {
_accountMgr.checkAccess(caller, domain);
- if (aclRoleName != null) {
- AclRole role = _aclRoleDao.findByName(domainId, aclRoleName);
- if (role == null) {
- throw new InvalidParameterValueException("Unable to find acl role by name " + aclRoleName
+ if (aclPolicyName != null) {
+ AclPolicy policy = _aclPolicyDao.findByName(domainId, aclPolicyName);
+ if (policy == null) {
+ throw new InvalidParameterValueException("Unable to find acl policy by name " + aclPolicyName
+ " in domain " + domainId);
}
- _accountMgr.checkAccess(caller, null, true, role);
+ _accountMgr.checkAccess(caller, null, true, policy);
}
}
- if (aclRoleId == null) {
+ if (aclPolicyId == null) {
if (_accountMgr.isAdmin(caller.getType()) && listAll && domainId == null) {
listForDomain = true;
isRecursive = true;
@@ -3365,7 +3367,7 @@ public class QueryManagerImpl extends ManagerBase implements QueryService {
Filter searchFilter = new Filter(AclRoleJoinVO.class, "id", true, startIndex, pageSize);
- SearchBuilder<AclRoleJoinVO> sb = _aclRoleJoinDao.createSearchBuilder();
+ SearchBuilder<AclPolicyJoinVO> sb = _aclPolicyJoinDao.createSearchBuilder();
sb.select(null, Func.DISTINCT, sb.entity().getId()); // select distinct ids
sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ);
@@ -3376,14 +3378,14 @@ public class QueryManagerImpl extends ManagerBase implements QueryService {
sb.and("path", sb.entity().getDomainPath(), SearchCriteria.Op.LIKE);
}
- SearchCriteria<AclRoleJoinVO> sc = sb.create();
+ SearchCriteria<AclPolicyJoinVO> sc = sb.create();
- if (aclRoleName != null) {
- sc.setParameters("name", aclRoleName);
+ if (aclPolicyName != null) {
+ sc.setParameters("name", aclPolicyName);
}
- if (aclRoleId != null) {
- sc.setParameters("id", aclRoleId);
+ if (aclPolicyId != null) {
+ sc.setParameters("id", aclPolicyId);
}
if (listForDomain) {
@@ -3396,21 +3398,21 @@ public class QueryManagerImpl extends ManagerBase implements QueryService {
}
- // search role details by ids
- Pair<List<AclRoleJoinVO>, Integer> uniqueRolePair = _aclRoleJoinDao.searchAndCount(sc, searchFilter);
+ // search policy details by ids
+ Pair<List<AclPolicyJoinVO>, Integer> uniqueRolePair = _aclPolicyJoinDao.searchAndCount(sc, searchFilter);
Integer count = uniqueRolePair.second();
if (count.intValue() == 0) {
// empty result
return uniqueRolePair;
}
- List<AclRoleJoinVO> uniqueRoles = uniqueRolePair.first();
+ List<AclPolicyJoinVO> uniqueRoles = uniqueRolePair.first();
Long[] vrIds = new Long[uniqueRoles.size()];
int i = 0;
- for (AclRoleJoinVO v : uniqueRoles) {
+ for (AclPolicyJoinVO v : uniqueRoles) {
vrIds[i++] = v.getId();
}
- List<AclRoleJoinVO> vrs = _aclRoleJoinDao.searchByIds(vrIds);
- return new Pair<List<AclRoleJoinVO>, Integer>(vrs, count);
+ List<AclPolicyJoinVO> vrs = _aclPolicyJoinDao.searchByIds(vrIds);
+ return new Pair<List<AclPolicyJoinVO>, Integer>(vrs, count);
}
@Override
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/server/src/com/cloud/api/query/ViewResponseHelper.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/ViewResponseHelper.java b/server/src/com/cloud/api/query/ViewResponseHelper.java
index 7f5168c..cfb097e 100644
--- a/server/src/com/cloud/api/query/ViewResponseHelper.java
+++ b/server/src/com/cloud/api/query/ViewResponseHelper.java
@@ -29,7 +29,7 @@ import org.apache.cloudstack.api.ApiConstants.VMDetails;
import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.response.AccountResponse;
import org.apache.cloudstack.api.response.AclGroupResponse;
-import org.apache.cloudstack.api.response.AclRoleResponse;
+import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.response.AsyncJobResponse;
import org.apache.cloudstack.api.response.DiskOfferingResponse;
import org.apache.cloudstack.api.response.DomainRouterResponse;
@@ -55,7 +55,7 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.api.ApiDBUtils;
import com.cloud.api.query.vo.AccountJoinVO;
import com.cloud.api.query.vo.AclGroupJoinVO;
-import com.cloud.api.query.vo.AclRoleJoinVO;
+import com.cloud.api.query.vo.AclPolicyJoinVO;
import com.cloud.api.query.vo.AffinityGroupJoinVO;
import com.cloud.api.query.vo.AsyncJobJoinVO;
import com.cloud.api.query.vo.DataCenterJoinVO;
@@ -445,20 +445,20 @@ public class ViewResponseHelper {
return new ArrayList<AffinityGroupResponse>(vrDataList.values());
}
- public static List<AclRoleResponse> createAclRoleResponses(List<AclRoleJoinVO> roles) {
- Hashtable<Long, AclRoleResponse> vrDataList = new Hashtable<Long, AclRoleResponse>();
- for (AclRoleJoinVO vr : roles) {
- AclRoleResponse vrData = vrDataList.get(vr.getId());
+ public static List<AclPolicyResponse> createAclPolicyResponses(List<AclPolicyJoinVO> policies) {
+ Hashtable<Long, AclPolicyResponse> vrDataList = new Hashtable<Long, AclPolicyResponse>();
+ for (AclPolicyJoinVO vr : policies) {
+ AclPolicyResponse vrData = vrDataList.get(vr.getId());
if (vrData == null) {
- // first time encountering this Acl role
- vrData = ApiDBUtils.newAclRoleResponse(vr);
+ // first time encountering this Acl policy
+ vrData = ApiDBUtils.newAclPolicyResponse(vr);
} else {
// update vms
- vrData = ApiDBUtils.fillAclRoleDetails(vrData, vr);
+ vrData = ApiDBUtils.fillAclPolicyDetails(vrData, vr);
}
vrDataList.put(vr.getId(), vrData);
}
- return new ArrayList<AclRoleResponse>(vrDataList.values());
+ return new ArrayList<AclPolicyResponse>(vrDataList.values());
}
public static List<AclGroupResponse> createAclGroupResponses(List<AclGroupJoinVO> groups) {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/server/src/com/cloud/api/query/dao/AclPolicyJoinDaoImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/dao/AclPolicyJoinDaoImpl.java b/server/src/com/cloud/api/query/dao/AclPolicyJoinDaoImpl.java
index 216a9e0..7929c3a 100644
--- a/server/src/com/cloud/api/query/dao/AclPolicyJoinDaoImpl.java
+++ b/server/src/com/cloud/api/query/dao/AclPolicyJoinDaoImpl.java
@@ -37,7 +37,7 @@ import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
@Component
-@Local(value = {AclRoleJoinDao.class})
+@Local(value = {AclPolicyJoinDao.class})
public class AclPolicyJoinDaoImpl extends GenericDaoBase<AclPolicyJoinVO, Long> implements AclPolicyJoinDao {
public static final Logger s_logger = Logger.getLogger(AclPolicyJoinDaoImpl.class);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/server/src/com/cloud/api/query/dao/AclRoleJoinDao.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/dao/AclRoleJoinDao.java b/server/src/com/cloud/api/query/dao/AclRoleJoinDao.java
deleted file mode 100644
index e35e66c..0000000
--- a/server/src/com/cloud/api/query/dao/AclRoleJoinDao.java
+++ /dev/null
@@ -1,36 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.api.query.dao;
-
-import java.util.List;
-
-import org.apache.cloudstack.acl.AclRole;
-import org.apache.cloudstack.api.response.AclRoleResponse;
-
-import com.cloud.api.query.vo.AclRoleJoinVO;
-import com.cloud.utils.db.GenericDao;
-
-public interface AclRoleJoinDao extends GenericDao<AclRoleJoinVO, Long> {
-
- AclRoleResponse newAclRoleResponse(AclRoleJoinVO role);
-
- AclRoleResponse setAclRoleResponse(AclRoleResponse response, AclRoleJoinVO os);
-
- List<AclRoleJoinVO> newAclRoleView(AclRole role);
-
- List<AclRoleJoinVO> searchByIds(Long... ids);
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/server/src/com/cloud/api/query/dao/AclRoleJoinDaoImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/dao/AclRoleJoinDaoImpl.java b/server/src/com/cloud/api/query/dao/AclRoleJoinDaoImpl.java
deleted file mode 100644
index 416cb0f..0000000
--- a/server/src/com/cloud/api/query/dao/AclRoleJoinDaoImpl.java
+++ /dev/null
@@ -1,145 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.api.query.dao;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.ejb.Local;
-import javax.inject.Inject;
-
-import org.apache.log4j.Logger;
-import org.springframework.stereotype.Component;
-
-import org.apache.cloudstack.acl.AclRole;
-import org.apache.cloudstack.api.response.AclRoleResponse;
-import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
-
-import com.cloud.api.query.vo.AclRoleJoinVO;
-import com.cloud.user.AccountManager;
-import com.cloud.utils.db.GenericDaoBase;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
-
-@Component
-@Local(value = {AclRoleJoinDao.class})
-public class AclRoleJoinDaoImpl extends GenericDaoBase<AclRoleJoinVO, Long> implements AclRoleJoinDao {
- public static final Logger s_logger = Logger.getLogger(AclRoleJoinDaoImpl.class);
-
-
- private final SearchBuilder<AclRoleJoinVO> roleIdSearch;
- private final SearchBuilder<AclRoleJoinVO> roleSearch;
- @Inject
- public AccountManager _accountMgr;
- @Inject
- public ConfigurationDao _configDao;
-
- protected AclRoleJoinDaoImpl() {
-
- roleSearch = createSearchBuilder();
- roleSearch.and("idIN", roleSearch.entity().getId(), SearchCriteria.Op.IN);
- roleSearch.done();
-
- roleIdSearch = createSearchBuilder();
- roleIdSearch.and("id", roleIdSearch.entity().getId(), SearchCriteria.Op.EQ);
- roleIdSearch.done();
-
- _count = "select count(distinct id) from acl_role_view WHERE ";
- }
-
-
-
- @Override
- public AclRoleResponse newAclRoleResponse(AclRoleJoinVO role) {
-
- AclRoleResponse response = new AclRoleResponse();
- response.setId(role.getUuid());
- response.setName(role.getName());
- response.setDescription(role.getDescription());
- response.setDomainId(role.getDomainUuid());
- response.setDomainName(role.getName());
- if (role.getApiName() != null) {
- response.addApi(role.getApiName());
- }
-
- response.setObjectName("aclrole");
-
-
- return response;
- }
-
- @Override
- public AclRoleResponse setAclRoleResponse(AclRoleResponse response, AclRoleJoinVO role) {
- if (role.getApiName() != null) {
- response.addApi(role.getApiName());
- }
- return response;
- }
-
- @Override
- public List<AclRoleJoinVO> newAclRoleView(AclRole role) {
- SearchCriteria<AclRoleJoinVO> sc = roleIdSearch.create();
- sc.setParameters("id", role.getId());
- return searchIncludingRemoved(sc, null, null, false);
-
- }
-
- @Override
- public List<AclRoleJoinVO> searchByIds(Long... roleIds) {
- // set detail batch query size
- int DETAILS_BATCH_SIZE = 2000;
- String batchCfg = _configDao.getValue("detail.batch.query.size");
- if (batchCfg != null) {
- DETAILS_BATCH_SIZE = Integer.parseInt(batchCfg);
- }
- // query details by batches
- List<AclRoleJoinVO> uvList = new ArrayList<AclRoleJoinVO>();
- // query details by batches
- int curr_index = 0;
- if (roleIds.length > DETAILS_BATCH_SIZE) {
- while ((curr_index + DETAILS_BATCH_SIZE) <= roleIds.length) {
- Long[] ids = new Long[DETAILS_BATCH_SIZE];
- for (int k = 0, j = curr_index; j < curr_index + DETAILS_BATCH_SIZE; j++, k++) {
- ids[k] = roleIds[j];
- }
- SearchCriteria<AclRoleJoinVO> sc = roleSearch.create();
- sc.setParameters("idIN", ids);
- List<AclRoleJoinVO> vms = searchIncludingRemoved(sc, null, null, false);
- if (vms != null) {
- uvList.addAll(vms);
- }
- curr_index += DETAILS_BATCH_SIZE;
- }
- }
- if (curr_index < roleIds.length) {
- int batch_size = (roleIds.length - curr_index);
- // set the ids value
- Long[] ids = new Long[batch_size];
- for (int k = 0, j = curr_index; j < curr_index + batch_size; j++, k++) {
- ids[k] = roleIds[j];
- }
- SearchCriteria<AclRoleJoinVO> sc = roleSearch.create();
- sc.setParameters("idIN", ids);
- List<AclRoleJoinVO> vms = searchIncludingRemoved(sc, null, null, false);
- if (vms != null) {
- uvList.addAll(vms);
- }
- }
- return uvList;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/server/src/com/cloud/server/ManagementServerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java
index 2c960ff..12de4bd 100755
--- a/server/src/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/com/cloud/server/ManagementServerImpl.java
@@ -58,19 +58,17 @@ import org.apache.cloudstack.api.command.admin.account.EnableAccountCmd;
import org.apache.cloudstack.api.command.admin.account.LockAccountCmd;
import org.apache.cloudstack.api.command.admin.account.UpdateAccountCmd;
import org.apache.cloudstack.api.command.admin.acl.AddAccountToAclGroupCmd;
-import org.apache.cloudstack.api.command.admin.acl.AddAclRoleToAclGroupCmd;
+import org.apache.cloudstack.api.command.admin.acl.AddAclPermissionToAclPolicyCmd;
+import org.apache.cloudstack.api.command.admin.acl.AttachAclPolicyToAclGroupCmd;
import org.apache.cloudstack.api.command.admin.acl.CreateAclGroupCmd;
-import org.apache.cloudstack.api.command.admin.acl.CreateAclRoleCmd;
+import org.apache.cloudstack.api.command.admin.acl.CreateAclPolicyCmd;
import org.apache.cloudstack.api.command.admin.acl.DeleteAclGroupCmd;
-import org.apache.cloudstack.api.command.admin.acl.DeleteAclRoleCmd;
-import org.apache.cloudstack.api.command.admin.acl.GrantPermissionToAclGroupCmd;
-import org.apache.cloudstack.api.command.admin.acl.GrantPermissionToAclRoleCmd;
+import org.apache.cloudstack.api.command.admin.acl.DeleteAclPolicyCmd;
import org.apache.cloudstack.api.command.admin.acl.ListAclGroupsCmd;
-import org.apache.cloudstack.api.command.admin.acl.ListAclRolesCmd;
+import org.apache.cloudstack.api.command.admin.acl.ListAclPoliciesCmd;
import org.apache.cloudstack.api.command.admin.acl.RemoveAccountFromAclGroupCmd;
-import org.apache.cloudstack.api.command.admin.acl.RemoveAclRoleFromAclGroupCmd;
-import org.apache.cloudstack.api.command.admin.acl.RevokePermissionFromAclGroupCmd;
-import org.apache.cloudstack.api.command.admin.acl.RevokePermissionFromAclRoleCmd;
+import org.apache.cloudstack.api.command.admin.acl.RemoveAclPermissionFromAclPolicyCmd;
+import org.apache.cloudstack.api.command.admin.acl.RemoveAclPolicyFromAclGroupCmd;
import org.apache.cloudstack.api.command.admin.autoscale.CreateCounterCmd;
import org.apache.cloudstack.api.command.admin.autoscale.DeleteCounterCmd;
import org.apache.cloudstack.api.command.admin.cluster.AddClusterCmd;
@@ -2882,20 +2880,18 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
cmdList.add(ReplaceNetworkACLListCmd.class);
cmdList.add(UpdateNetworkACLItemCmd.class);
cmdList.add(CleanVMReservationsCmd.class);
- cmdList.add(CreateAclRoleCmd.class);
- cmdList.add(DeleteAclRoleCmd.class);
- cmdList.add(ListAclRolesCmd.class);
- cmdList.add(GrantPermissionToAclRoleCmd.class);
- cmdList.add(RevokePermissionFromAclRoleCmd.class);
- cmdList.add(AddAclRoleToAclGroupCmd.class);
- cmdList.add(RemoveAclRoleFromAclGroupCmd.class);
+ cmdList.add(CreateAclPolicyCmd.class);
+ cmdList.add(DeleteAclPolicyCmd.class);
+ cmdList.add(ListAclPoliciesCmd.class);
+ cmdList.add(AddAclPermissionToAclPolicyCmd.class);
+ cmdList.add(RemoveAclPermissionFromAclPolicyCmd.class);
+ cmdList.add(AttachAclPolicyToAclGroupCmd.class);
+ cmdList.add(RemoveAclPolicyFromAclGroupCmd.class);
cmdList.add(CreateAclGroupCmd.class);
cmdList.add(DeleteAclGroupCmd.class);
cmdList.add(ListAclGroupsCmd.class);
cmdList.add(AddAccountToAclGroupCmd.class);
cmdList.add(RemoveAccountFromAclGroupCmd.class);
- cmdList.add(GrantPermissionToAclGroupCmd.class);
- cmdList.add(RevokePermissionFromAclGroupCmd.class);
return cmdList;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/a416f6c3/server/src/com/cloud/user/AccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
index 1e32aef..0ddc37a 100755
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -42,7 +42,7 @@ import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.AclEntityType;
import org.apache.cloudstack.acl.AclGroupAccountMapVO;
-import org.apache.cloudstack.acl.AclRolePermission;
+import org.apache.cloudstack.acl.AclPolicyPermission;
import org.apache.cloudstack.acl.AclService;
import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.acl.PermissionScope;
@@ -50,7 +50,7 @@ import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.acl.SecurityChecker;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.acl.dao.AclGroupAccountMapDao;
-import org.apache.cloudstack.acl.dao.AclRolePermissionDao;
+import org.apache.cloudstack.acl.dao.AclPolicyPermissionDao;
import org.apache.cloudstack.affinity.AffinityGroup;
import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
import org.apache.cloudstack.api.command.admin.account.UpdateAccountCmd;
@@ -264,7 +264,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
private AclService _aclService;
@Inject
- private AclRolePermissionDao _aclRolePermissionDao;
+ private AclPolicyPermissionDao _aclPolicyPermissionDao;
@Inject
public com.cloud.region.ha.GlobalLoadBalancingRulesService _gslbService;
@@ -2391,17 +2391,19 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
} else {
domainIdRecursiveListProject.third(Project.ListProjectResourcesCriteria.SkipProjectResources);
// get caller role permission on VM List
- AclRolePermission rolePerm = _aclService.getAclRolePermission(caller.getId(), AclEntityType.VM.toString(), AccessType.ListEntry);
- if (rolePerm == null) {
+ //TODO: this method needs to pass the entity type instead of current hard-code to VM for now. Also, api action name
+ // should be passed in caller context.
+ AclPolicyPermission policyPerm = _aclService.getAclPolicyPermission(caller.getId(), AclEntityType.VM.toString(), "listVirtualMachine");
+ if (policyPerm == null) {
// no list entry permission
- throw new PermissionDeniedException("Caller has no role permission assigned to list VM");
+ throw new PermissionDeniedException("Caller has no policy permission assigned to list VM");
}
if (permittedAccounts.isEmpty()) {
// no account name is specified
- if (rolePerm.getScope() == PermissionScope.ACCOUNT || !listAll) {
+ if (policyPerm.getScope() == PermissionScope.ACCOUNT || !listAll) {
// only resource owner can see it, only match account
permittedAccounts.add(caller.getId());
- } else if (rolePerm.getScope() == PermissionScope.DOMAIN) {
+ } else if (policyPerm.getScope() == PermissionScope.DOMAIN) {
// match domain tree based on cmd.isRecursive flag or not
domainIdRecursiveListProject.first(caller.getDomainId());
}
@@ -2649,20 +2651,20 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
if (isRecursive) {
for (int i = 0; i < permittedDomains.size(); i++) {
Domain domain = _domainDao.findById(permittedDomains.get(i));
- aclSc.addOr("domainPath" + i, SearchCriteria.Op.LIKE, domain.getPath() + "%");
+ aclSc.addOr("domainPath", SearchCriteria.Op.LIKE, domain.getPath() + "%");
}
} else {
- aclSc.addOr("domainIdIN", SearchCriteria.Op.IN, permittedDomains.toArray());
+ aclSc.addOr("domainId", SearchCriteria.Op.IN, permittedDomains.toArray());
}
}
if (!permittedAccounts.isEmpty()) {
- aclSc.addOr("accountIdIN", SearchCriteria.Op.IN, permittedAccounts.toArray());
+ aclSc.addOr("accountId", SearchCriteria.Op.IN, permittedAccounts.toArray());
}
if (!permittedResources.isEmpty()) {
- aclSc.addOr("idIn", SearchCriteria.Op.IN, permittedResources.toArray());
+ aclSc.addOr("id", SearchCriteria.Op.IN, permittedResources.toArray());
}
- sc.addAnd("accountIdIn", SearchCriteria.Op.SC, aclSc);
+ sc.addAnd("accountId", SearchCriteria.Op.SC, aclSc);
}
}