You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by mc...@apache.org on 2013/12/28 02:18:04 UTC
git commit: updated refs/heads/rbac to d9be7bb
Updated Branches:
refs/heads/rbac 08122c9ad -> d9be7bb96
Move ACL response class into iam plugin, also fix AclAPiService to
invoke IAMService method to hide internal IAM schema.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/d9be7bb9
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/d9be7bb9
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/d9be7bb9
Branch: refs/heads/rbac
Commit: d9be7bb968d889710208c6532ebaf4c46930b9bf
Parents: 08122c9
Author: Min Chen <mi...@citrix.com>
Authored: Fri Dec 27 17:17:35 2013 -0800
Committer: Min Chen <mi...@citrix.com>
Committed: Fri Dec 27 17:17:54 2013 -0800
----------------------------------------------------------------------
.../acl/RoleBasedAPIAccessChecker.java | 8 +-
.../acl/RoleBasedEntityAccessChecker.java | 11 +-
.../cloudstack/acl/api/AclApiService.java | 20 +-
.../cloudstack/acl/api/AclApiServiceImpl.java | 515 +++----------------
.../api/command/AddAccountToAclGroupCmd.java | 14 +-
.../command/AddAclPermissionToAclPolicyCmd.java | 16 +-
.../command/AttachAclPolicyToAclGroupCmd.java | 16 +-
.../acl/api/command/CreateAclGroupCmd.java | 14 +-
.../acl/api/command/CreateAclPolicyCmd.java | 14 +-
.../acl/api/command/DeleteAclGroupCmd.java | 10 +-
.../acl/api/command/DeleteAclPolicyCmd.java | 10 +-
.../acl/api/command/ListAclGroupsCmd.java | 10 +-
.../acl/api/command/ListAclPoliciesCmd.java | 10 +-
.../command/RemoveAccountFromAclGroupCmd.java | 14 +-
.../RemoveAclPermissionFromAclPolicyCmd.java | 14 +-
.../command/RemoveAclPolicyFromAclGroupCmd.java | 16 +-
.../acl/api/response/AclGroupResponse.java | 169 ++++++
.../acl/api/response/AclPermissionResponse.java | 125 +++++
.../acl/api/response/AclPolicyResponse.java | 157 ++++++
.../apache/cloudstack/iam/api/IAMService.java | 4 +
.../cloudstack/iam/server/IAMServiceImpl.java | 13 +
21 files changed, 670 insertions(+), 510 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9be7bb9/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java
index 3e90174..f133f37 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java
@@ -21,13 +21,11 @@ import java.util.List;
import javax.ejb.Local;
import javax.inject.Inject;
-import org.apache.cloudstack.acl.APIChecker;
-import org.apache.cloudstack.acl.AclPolicy;
-import org.apache.cloudstack.acl.AclRole;
-import org.apache.cloudstack.acl.api.AclApiService;
-
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.api.AclApiService;
+import org.apache.cloudstack.iam.api.AclPolicy;
+
import com.cloud.exception.PermissionDeniedException;
import com.cloud.user.Account;
import com.cloud.user.AccountService;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9be7bb9/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java
index 6b9433b..fa74604 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java
@@ -22,23 +22,18 @@ import java.util.List;
import javax.inject.Inject;
-import org.apache.cloudstack.acl.AclPolicy;
-import org.apache.cloudstack.acl.AclPolicyPermissionVO;
-import org.apache.cloudstack.acl.ControlledEntity;
-import org.apache.cloudstack.acl.AclEntityType;
-import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.acl.SecurityChecker;
+import org.apache.log4j.Logger;
+
import org.apache.cloudstack.acl.api.AclApiService;
import org.apache.cloudstack.acl.dao.AclGroupAccountMapDao;
import org.apache.cloudstack.acl.dao.AclPolicyPermissionDao;
-import org.apache.log4j.Logger;
+import org.apache.cloudstack.iam.api.AclPolicy;
import com.cloud.acl.DomainChecker;
import com.cloud.domain.dao.DomainDao;
import com.cloud.exception.PermissionDeniedException;
import com.cloud.user.Account;
import com.cloud.user.AccountService;
-import com.cloud.vm.VirtualMachine;
public class RoleBasedEntityAccessChecker extends DomainChecker implements SecurityChecker {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9be7bb9/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java
index d02dd53..344e59c 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java
@@ -18,12 +18,15 @@ package org.apache.cloudstack.acl.api;
import java.util.List;
-import org.apache.cloudstack.acl.AclGroup;
-import org.apache.cloudstack.acl.AclPolicy;
-import org.apache.cloudstack.acl.AclPolicyPermission;
import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.acl.AclPolicyPermission.Permission;
+import org.apache.cloudstack.acl.api.response.AclGroupResponse;
+import org.apache.cloudstack.acl.api.response.AclPolicyResponse;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.iam.api.AclGroup;
+import org.apache.cloudstack.iam.api.AclPolicy;
+import org.apache.cloudstack.iam.api.AclPolicyPermission;
+import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
import com.cloud.user.Account;
@@ -61,5 +64,14 @@ public interface AclApiService {
List<AclPolicy> getEffectivePolicies(Account caller, ControlledEntity entity);
+ /* Response Generation */
+ AclPolicyResponse createAclPolicyResponse(AclPolicy policy);
+ AclGroupResponse createAclGroupResponse(AclGroup group);
+
+ ListResponse<AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName,
+ Long domainId, Long startIndex, Long pageSize);
+
+ ListResponse<AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName,
+ Long domainId, Long startIndex, Long pageSize);
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9be7bb9/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
index 468e087..5e7d10e 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
@@ -16,7 +16,6 @@
// under the License.
package org.apache.cloudstack.acl.api;
-import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
@@ -25,53 +24,33 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclGroup;
-import org.apache.cloudstack.acl.AclGroupAccountMapVO;
-import org.apache.cloudstack.acl.AclGroupPolicyMapVO;
-import org.apache.cloudstack.acl.AclGroupVO;
-import org.apache.cloudstack.acl.AclPolicy;
-import org.apache.cloudstack.acl.AclPolicyPermission;
-import org.apache.cloudstack.acl.AclPolicyPermissionVO;
-import org.apache.cloudstack.acl.AclPolicyVO;
import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.acl.PermissionScope;
-import org.apache.cloudstack.acl.SecurityChecker;
-import org.apache.cloudstack.acl.AclPolicyPermission.Permission;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
-import org.apache.cloudstack.acl.dao.AclGroupAccountMapDao;
-import org.apache.cloudstack.acl.dao.AclGroupDao;
-import org.apache.cloudstack.acl.dao.AclGroupPolicyMapDao;
-import org.apache.cloudstack.acl.dao.AclPolicyDao;
-import org.apache.cloudstack.acl.dao.AclPolicyPermissionDao;
+import org.apache.cloudstack.acl.api.response.AclGroupResponse;
+import org.apache.cloudstack.acl.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.BaseListCmd;
-import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.iam.api.AclGroup;
+import org.apache.cloudstack.iam.api.AclPolicy;
+import org.apache.cloudstack.iam.api.AclPolicyPermission;
+import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
+import org.apache.cloudstack.iam.api.IAMService;
import com.cloud.api.ApiServerService;
import com.cloud.domain.Domain;
+import com.cloud.domain.dao.DomainDao;
import com.cloud.event.ActionEvent;
import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
-import com.cloud.exception.PermissionDeniedException;
import com.cloud.storage.Snapshot;
import com.cloud.storage.Volume;
import com.cloud.template.VirtualMachineTemplate;
import com.cloud.user.Account;
-import com.cloud.user.AccountManager;
-import com.cloud.user.dao.AccountDao;
import com.cloud.uservm.UserVm;
import com.cloud.utils.component.Manager;
import com.cloud.utils.component.ManagerBase;
import com.cloud.utils.db.DB;
-import com.cloud.utils.db.EntityManager;
-import com.cloud.utils.db.GenericSearchBuilder;
-import com.cloud.utils.db.JoinBuilder.JoinType;
-import com.cloud.utils.db.SearchBuilder;
-import com.cloud.utils.db.SearchCriteria;
-import com.cloud.utils.db.SearchCriteria.Op;
-import com.cloud.utils.db.Transaction;
-import com.cloud.utils.db.TransactionCallback;
-import com.cloud.utils.db.TransactionCallbackNoReturn;
-import com.cloud.utils.db.TransactionStatus;
@Local(value = {AclApiService.class})
public class AclApiServiceImpl extends ManagerBase implements AclApiService, Manager {
@@ -80,34 +59,13 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
private String _name;
@Inject
- AccountManager _accountMgr;
-
- @Inject
- AccountDao _accountDao;
-
- @Inject
- AclPolicyDao _aclPolicyDao;
-
- @Inject
- AclGroupDao _aclGroupDao;
-
- @Inject
- EntityManager _entityMgr;
-
- @Inject
- AclGroupPolicyMapDao _aclGroupPolicyMapDao;
-
- @Inject
- AclGroupAccountMapDao _aclGroupAccountMapDao;
-
- // @Inject
- // AclApiPermissionDao _apiPermissionDao;
+ ApiServerService _apiServer;
@Inject
- AclPolicyPermissionDao _policyPermissionDao;
+ IAMService _iamSrv;
@Inject
- ApiServerService _apiServer;
+ DomainDao _domainDao;
public static HashMap<String, Class> entityClassMap = new HashMap<String, Class>();
@@ -125,355 +83,71 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
@ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_CREATE, eventDescription = "Creating Acl Group", create = true)
public AclGroup createAclGroup(Account caller, String aclGroupName, String description) {
Long domainId = caller.getDomainId();
-
- if (!_accountMgr.isRootAdmin(caller.getAccountId())) {
- // domain admin can only create role for his domain
- if (caller.getDomainId() != domainId.longValue()) {
- throw new PermissionDeniedException("Can't create acl group in domain " + domainId + ", permission denied");
- }
- }
- // check if the role is already existing
- AclGroup grp = _aclGroupDao.findByName(domainId, aclGroupName);
- if (grp != null) {
- throw new InvalidParameterValueException(
- "Unable to create acl group with name " + aclGroupName
- + " already exisits for domain " + domainId);
+ Domain callerDomain = _domainDao.findById(domainId);
+ if (callerDomain == null) {
+ throw new InvalidParameterValueException("Caller does not have a domain");
}
- AclGroupVO rvo = new AclGroupVO(aclGroupName, description);
- rvo.setAccountId(caller.getAccountId());
- rvo.setDomainId(domainId);
-
- return _aclGroupDao.persist(rvo);
+ return _iamSrv.createAclGroup(aclGroupName, description, callerDomain.getPath());
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_DELETE, eventDescription = "Deleting Acl Group")
public boolean deleteAclGroup(final Long aclGroupId) {
- Account caller = CallContext.current().getCallingAccount();
- // get the Acl Role entity
- final AclGroup grp = _aclGroupDao.findById(aclGroupId);
- if (grp == null) {
- throw new InvalidParameterValueException("Unable to find acl group: " + aclGroupId
- + "; failed to delete acl group.");
- }
- // check permissions
- _accountMgr.checkAccess(caller, null, true, grp);
-
- Transaction.execute(new TransactionCallbackNoReturn() {
- @Override
- public void doInTransactionWithoutResult(TransactionStatus status) {
- // remove this group related entry in acl_group_role_map
- List<AclGroupPolicyMapVO> groupPolicyMap = _aclGroupPolicyMapDao.listByGroupId(grp.getId());
- if (groupPolicyMap != null) {
- for (AclGroupPolicyMapVO gr : groupPolicyMap) {
- _aclGroupPolicyMapDao.remove(gr.getId());
- }
- }
-
- // remove this group related entry in acl_group_account table
- List<AclGroupAccountMapVO> groupAcctMap = _aclGroupAccountMapDao.listByGroupId(grp.getId());
- if (groupAcctMap != null) {
- for (AclGroupAccountMapVO grpAcct : groupAcctMap) {
- _aclGroupAccountMapDao.remove(grpAcct.getId());
- }
- }
-
- // remove this group from acl_group table
- _aclGroupDao.remove(aclGroupId);
- }
- });
-
- return true;
+ return _iamSrv.deleteAclGroup(aclGroupId);
}
@Override
public List<AclGroup> listAclGroups(long accountId) {
-
- GenericSearchBuilder<AclGroupAccountMapVO, Long> groupSB = _aclGroupAccountMapDao.createSearchBuilder(Long.class);
- groupSB.selectFields(groupSB.entity().getAclGroupId());
- groupSB.and("account", groupSB.entity().getAccountId(), Op.EQ);
- SearchCriteria<Long> groupSc = groupSB.create();
-
- List<Long> groupIds = _aclGroupAccountMapDao.customSearch(groupSc, null);
-
- SearchBuilder<AclGroupVO> sb = _aclGroupDao.createSearchBuilder();
- sb.and("ids", sb.entity().getId(), Op.IN);
- SearchCriteria<AclGroupVO> sc = sb.create();
- sc.setParameters("ids", groupIds.toArray(new Object[groupIds.size()]));
- List<AclGroupVO> groups = _aclGroupDao.search(sc, null);
-
- return new ArrayList<AclGroup>(groups);
+ return _iamSrv.listAclGroups(accountId);
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Adding accounts to acl group")
public AclGroup addAccountsToGroup(final List<Long> acctIds, final Long groupId) {
- final Account caller = CallContext.current().getCallingAccount();
- // get the Acl Group entity
- AclGroup group = _aclGroupDao.findById(groupId);
- if (group == null) {
- throw new InvalidParameterValueException("Unable to find acl group: " + groupId
- + "; failed to add accounts to acl group.");
- }
- // check group permissions
- _accountMgr.checkAccess(caller, null, true, group);
-
- Transaction.execute(new TransactionCallbackNoReturn() {
- @Override
- public void doInTransactionWithoutResult(TransactionStatus status) {
- // add entries in acl_group_account_map table
- for (Long acctId : acctIds) {
- // check account permissions
- Account account = _accountDao.findById(acctId);
- if (account == null) {
- throw new InvalidParameterValueException("Unable to find account: " + acctId
- + "; failed to add account to acl group.");
- }
- _accountMgr.checkAccess(caller, null, true, account);
-
- AclGroupAccountMapVO grMap = _aclGroupAccountMapDao.findByGroupAndAccount(groupId, acctId);
- if (grMap == null) {
- // not there already
- grMap = new AclGroupAccountMapVO(groupId, acctId);
- _aclGroupAccountMapDao.persist(grMap);
- }
- }
- }
- });
- return group;
+ return _iamSrv.addAccountsToGroup(acctIds, groupId);
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Removing accounts from acl group")
public AclGroup removeAccountsFromGroup(final List<Long> acctIds, final Long groupId) {
- final Account caller = CallContext.current().getCallingAccount();
- // get the Acl Group entity
- AclGroup group = _aclGroupDao.findById(groupId);
- if (group == null) {
- throw new InvalidParameterValueException("Unable to find acl group: " + groupId
- + "; failed to remove accounts from acl group.");
- }
- // check group permissions
- _accountMgr.checkAccess(caller, null, true, group);
-
- Transaction.execute(new TransactionCallbackNoReturn() {
- @Override
- public void doInTransactionWithoutResult(TransactionStatus status) {
- // remove entries from acl_group_account_map table
- for (Long acctId : acctIds) {
- // check account permissions
- Account account = _accountDao.findById(acctId);
- if (account == null) {
- throw new InvalidParameterValueException("Unable to find account: " + acctId
- + "; failed to add account to acl group.");
- }
- _accountMgr.checkAccess(caller, null, true, account);
-
- AclGroupAccountMapVO grMap = _aclGroupAccountMapDao.findByGroupAndAccount(groupId, acctId);
- if (grMap != null) {
- // not removed yet
- _aclGroupAccountMapDao.remove(grMap.getId());
- }
- }
- }
- });
- return group;
+ return _iamSrv.removeAccountsFromGroup(acctIds, groupId);
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_CREATE, eventDescription = "Creating Acl Policy", create = true)
public AclPolicy createAclPolicy(Account caller, final String aclPolicyName, final String description, final Long parentPolicyId) {
- Long domainId = caller.getDomainId();
-
- if (!_accountMgr.isRootAdmin(caller.getAccountId())) {
- // domain admin can only create role for his domain
- if (caller.getDomainId() != domainId.longValue()) {
- throw new PermissionDeniedException("Can't create acl role in domain " + domainId + ", permission denied");
- }
- }
- // check if the role is already existing
- AclPolicy ro = _aclPolicyDao.findByName(domainId, aclPolicyName);
- if (ro != null) {
- throw new InvalidParameterValueException(
- "Unable to create acl policy with name " + aclPolicyName
- + " already exisits for domain " + domainId);
- }
-
- final long account_id = caller.getAccountId();
- final long domain_id = domainId;
- AclPolicy role = Transaction.execute(new TransactionCallback<AclPolicy>() {
- @Override
- public AclPolicy doInTransaction(TransactionStatus status) {
- AclPolicyVO rvo = new AclPolicyVO(aclPolicyName, description);
- rvo.setAccountId(account_id);
- rvo.setDomainId(domain_id);
- AclPolicy role = _aclPolicyDao.persist(rvo);
- if (parentPolicyId != null) {
- // copy parent role permissions
- List<AclPolicyPermissionVO> perms = _policyPermissionDao.listByPolicy(parentPolicyId);
- if (perms != null) {
- for (AclPolicyPermissionVO perm : perms) {
- perm.setAclPolicyId(role.getId());
- _policyPermissionDao.persist(perm);
- }
- }
- }
- return role;
- }
- });
-
-
- return role;
+ return _iamSrv.createAclPolicy(aclPolicyName, description, parentPolicyId);
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_DELETE, eventDescription = "Deleting Acl Policy")
public boolean deleteAclPolicy(final long aclPolicyId) {
- Account caller = CallContext.current().getCallingAccount();
- // get the Acl Policy entity
- final AclPolicy policy = _aclPolicyDao.findById(aclPolicyId);
- if (policy == null) {
- throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
- + "; failed to delete acl policy.");
- }
- // check permissions
- _accountMgr.checkAccess(caller, null, true, policy);
-
- Transaction.execute(new TransactionCallbackNoReturn() {
- @Override
- public void doInTransactionWithoutResult(TransactionStatus status) {
- // remove this role related entry in acl_group_role_map
- List<AclGroupPolicyMapVO> groupPolicyMap = _aclGroupPolicyMapDao.listByPolicyId(policy.getId());
- if (groupPolicyMap != null) {
- for (AclGroupPolicyMapVO gr : groupPolicyMap) {
- _aclGroupPolicyMapDao.remove(gr.getId());
- }
- }
-
- // remove this policy related entry in acl_policy_permission table
- List<AclPolicyPermissionVO> policyPermMap = _policyPermissionDao.listByPolicy(policy.getId());
- if (policyPermMap != null) {
- for (AclPolicyPermissionVO policyPerm : policyPermMap) {
- _policyPermissionDao.remove(policyPerm.getId());
- }
- }
-
- // remove this role from acl_role table
- _aclPolicyDao.remove(aclPolicyId);
- }
- });
-
- return true;
+ return _iamSrv.deleteAclPolicy(aclPolicyId);
}
@Override
public List<AclPolicy> listAclPolicies(long accountId) {
-
- // static policies of the account
- SearchBuilder<AclGroupAccountMapVO> groupSB = _aclGroupAccountMapDao.createSearchBuilder();
- groupSB.and("account", groupSB.entity().getAccountId(), Op.EQ);
-
- GenericSearchBuilder<AclGroupPolicyMapVO, Long> policySB = _aclGroupPolicyMapDao.createSearchBuilder(Long.class);
- policySB.selectFields(policySB.entity().getAclPolicyId());
- policySB.join("accountgroupjoin", groupSB, groupSB.entity().getAclGroupId(), policySB.entity().getAclGroupId(),
- JoinType.INNER);
- policySB.done();
- SearchCriteria<Long> policySc = policySB.create();
- policySc.setJoinParameters("accountgroupjoin", "account", accountId);
-
- List<Long> policyIds = _aclGroupPolicyMapDao.customSearch(policySc, null);
-
- SearchBuilder<AclPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
- sb.and("ids", sb.entity().getId(), Op.IN);
- SearchCriteria<AclPolicyVO> sc = sb.create();
- sc.setParameters("ids", policyIds.toArray(new Object[policyIds.size()]));
- List<AclPolicyVO> policies = _aclPolicyDao.customSearch(sc, null);
-
- return new ArrayList<AclPolicy>(policies);
+ return _iamSrv.listAclPolicies(accountId);
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Attaching policy to acl group")
public AclGroup attachAclPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
- final Account caller = CallContext.current().getCallingAccount();
- // get the Acl Group entity
- AclGroup group = _aclGroupDao.findById(groupId);
- if (group == null) {
- throw new InvalidParameterValueException("Unable to find acl group: " + groupId
- + "; failed to add roles to acl group.");
- }
- // check group permissions
- _accountMgr.checkAccess(caller, null, true, group);
-
- Transaction.execute(new TransactionCallbackNoReturn() {
- @Override
- public void doInTransactionWithoutResult(TransactionStatus status) {
- // add entries in acl_group_policy_map table
- for (Long policyId : policyIds) {
- // check policy permissions
- AclPolicy policy = _aclPolicyDao.findById(policyId);
- if (policy == null) {
- throw new InvalidParameterValueException("Unable to find acl policy: " + policyId
- + "; failed to add policies to acl group.");
- }
- _accountMgr.checkAccess(caller, null, true, policy);
-
- AclGroupPolicyMapVO grMap = _aclGroupPolicyMapDao.findByGroupAndPolicy(groupId, policyId);
- if (grMap == null) {
- // not there already
- grMap = new AclGroupPolicyMapVO(groupId, policyId);
- _aclGroupPolicyMapDao.persist(grMap);
- }
- }
- }
- });
-
- return group;
+ return _iamSrv.attachAclPoliciesToGroup(policyIds, groupId);
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Removing policies from acl group")
public AclGroup removeAclPoliciesFromGroup(final List<Long> policyIds, final Long groupId) {
- final Account caller = CallContext.current().getCallingAccount();
- // get the Acl Group entity
- AclGroup group = _aclGroupDao.findById(groupId);
- if (group == null) {
- throw new InvalidParameterValueException("Unable to find acl group: " + groupId
- + "; failed to remove roles from acl group.");
- }
- // check group permissions
- _accountMgr.checkAccess(caller, null, true, group);
-
- Transaction.execute(new TransactionCallbackNoReturn() {
- @Override
- public void doInTransactionWithoutResult(TransactionStatus status) {
- // add entries in acl_group_role_map table
- for (Long policyId : policyIds) {
- // check policy permissions
- AclPolicy policy = _aclPolicyDao.findById(policyId);
- if (policy == null) {
- throw new InvalidParameterValueException("Unable to find acl policy: " + policyId
- + "; failed to add policies to acl group.");
- }
- _accountMgr.checkAccess(caller, null, true, policy);
-
- AclGroupPolicyMapVO grMap = _aclGroupPolicyMapDao.findByGroupAndPolicy(groupId, policyId);
- if (grMap != null) {
- // not removed yet
- _aclGroupPolicyMapDao.remove(grMap.getId());
- }
- }
- }
- });
- return group;
+ return _iamSrv.removeAclPoliciesFromGroup(policyIds, groupId);
}
/*
@@ -545,95 +219,33 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_GRANT, eventDescription = "Granting acl permission to Acl Policy")
public AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId, String action, Permission perm) {
- Account caller = CallContext.current().getCallingAccount();
- // get the Acl Policy entity
- AclPolicy policy = _aclPolicyDao.findById(aclPolicyId);
- if (policy == null) {
- throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
- + "; failed to add permission to policy.");
+ Class<?> cmdClass = _apiServer.getCmdClass(action);
+ AccessType accessType = null;
+ if (BaseListCmd.class.isAssignableFrom(cmdClass)) {
+ accessType = AccessType.ListEntry;
}
- // check permissions
- _accountMgr.checkAccess(caller, null, true, policy);
-
- // get the entity and check permission
- Class entityClass = entityClassMap.get(entityType);
- if (entityClass == null) {
- throw new InvalidParameterValueException("Entity type " + entityType + " permission granting is not supported yet");
- }
- if (scope == PermissionScope.RESOURCE && scopeId != null) {
- ControlledEntity entity = (ControlledEntity)_entityMgr.findById(entityClass, scopeId);
- if (entity == null) {
- throw new InvalidParameterValueException("Unable to find entity " + entityType + " by id: " + scopeId);
- }
- _accountMgr.checkAccess(caller, null, true, entity);
- }
-
- // add entry in acl_policy_permission table
- AclPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, perm);
- if (permit == null) {
- // not there already
- Class<?> cmdClass = _apiServer.getCmdClass(action);
- AccessType accessType = null;
- if (BaseListCmd.class.isAssignableFrom(cmdClass)) {
- accessType = AccessType.ListEntry;
- }
- permit = new AclPolicyPermissionVO(aclPolicyId, action, entityType, accessType,
- scope, scopeId, perm);
- _policyPermissionDao.persist(permit);
- }
- return policy;
-
+ return _iamSrv.addAclPermissionToAclPolicy(aclPolicyId, entityType, scope.toString(), scopeId, action, accessType.toString(), perm);
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_REVOKE, eventDescription = "Revoking acl permission from Acl Policy")
public AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId, String action) {
- Account caller = CallContext.current().getCallingAccount();
- // get the Acl Policy entity
- AclPolicy policy = _aclPolicyDao.findById(aclPolicyId);
- if (policy == null) {
- throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId
- + "; failed to revoke permission from policy.");
- }
- // check permissions
- _accountMgr.checkAccess(caller, null, true, policy);
-
- // get the entity and check permission
- Class entityClass = entityClassMap.get(entityType);
- if (entityClass == null) {
- throw new InvalidParameterValueException("Entity type " + entityType + " permission revoke is not supported yet");
- }
- if (scope == PermissionScope.RESOURCE && scopeId != null) {
- ControlledEntity entity = (ControlledEntity)_entityMgr.findById(entityClass, scopeId);
- if (entity == null) {
- throw new InvalidParameterValueException("Unable to find entity " + entityType + " by id: " + scopeId);
- }
- _accountMgr.checkAccess(caller, null, true, entity);
- }
-
- // remove entry from acl_entity_permission table
- AclPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, null);
- if (permit != null) {
- // not removed yet
- _policyPermissionDao.remove(permit.getId());
- }
- return policy;
+ return _iamSrv.removeAclPermissionFromAclPolicy(aclPolicyId, entityType, scope.toString(), scopeId, action);
}
-
-
@Override
public AclPolicyPermission getAclPolicyPermission(long accountId, String entityType, String action) {
- List<AclPolicy> roles = listAclPolicies(accountId);
+ List<AclPolicy> policies = _iamSrv.listAclPolicies(accountId);
AclPolicyPermission curPerm = null;
- for (AclPolicy role : roles) {
- AclPolicyPermissionVO perm = _policyPermissionDao.findByPolicyAndEntity(role.getId(), entityType, null, null, action, Permission.Allow);
- if (perm == null)
+ for (AclPolicy policy : policies) {
+ List<AclPolicyPermission> perms = _iamSrv.listPollcyPermissionByEntityType(policy.getId(), action, entityType);
+ if (perms == null || perms.size() == 0)
continue;
+ AclPolicyPermission perm = perms.get(0); // just pick one
if (curPerm == null) {
curPerm = perm;
- } else if (perm.getScope().greaterThan(curPerm.getScope())) {
+ } else if (PermissionScope.valueOf(perm.getScope()).greaterThan(PermissionScope.valueOf(curPerm.getScope()))) {
// pick the more relaxed allowed permission
curPerm = perm;
}
@@ -646,44 +258,47 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
@Override
public boolean isAPIAccessibleForPolicies(String apiName, List<AclPolicy> policies) {
-
- boolean accessible = false;
-
- List<Long> policyIds = new ArrayList<Long>();
- for (AclPolicy policy : policies) {
- policyIds.add(policy.getId());
- }
-
- SearchBuilder<AclPolicyPermissionVO> sb = _policyPermissionDao.createSearchBuilder();
- sb.and("action", sb.entity().getAction(), Op.EQ);
- sb.and("policyId", sb.entity().getAclPolicyId(), Op.IN);
-
- SearchCriteria<AclPolicyPermissionVO> sc = sb.create();
- sc.setParameters("policyId", policyIds.toArray(new Object[policyIds.size()]));
-
- List<AclPolicyPermissionVO> permissions = _policyPermissionDao.customSearch(sc, null);
-
- if (permissions != null && !permissions.isEmpty()) {
- accessible = true;
- }
-
- return accessible;
+ return _iamSrv.isAPIAccessibleForPolicies(apiName, policies);
}
@Override
public List<AclPolicy> getEffectivePolicies(Account caller, ControlledEntity entity) {
// Get the static Policies of the Caller
- List<AclPolicy> policies = listAclPolicies(caller.getId());
+ List<AclPolicy> policies = _iamSrv.listAclPolicies(caller.getId());
// add any dynamic policies w.r.t the entity
if (caller.getId() == entity.getAccountId()) {
// The caller owns the entity
- AclPolicy owner = _aclPolicyDao.findByName(Domain.ROOT_DOMAIN, "RESOURCE_OWNER");
- policies.add(owner);
+ policies.add(_iamSrv.getResourceOwnerPolicy());
}
return policies;
}
+ @Override
+ public AclPolicyResponse createAclPolicyResponse(AclPolicy policy) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public AclGroupResponse createAclGroupResponse(AclGroup group) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public ListResponse<org.apache.cloudstack.acl.api.response.AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName, Long domainId, Long startIndex, Long pageSize) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public ListResponse<org.apache.cloudstack.acl.api.response.AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName, Long domainId, Long startIndex,
+ Long pageSize) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9be7bb9/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/AddAccountToAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/AddAccountToAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/AddAccountToAclGroupCmd.java
index 47d9b3f..a24a498 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/AddAccountToAclGroupCmd.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/AddAccountToAclGroupCmd.java
@@ -18,9 +18,12 @@ package org.apache.cloudstack.acl.api.command;
import java.util.List;
+import javax.inject.Inject;
+
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclGroup;
+import org.apache.cloudstack.acl.api.AclApiService;
+import org.apache.cloudstack.acl.api.response.AclGroupResponse;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@@ -30,8 +33,8 @@ import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.AccountResponse;
-import org.apache.cloudstack.api.response.AclGroupResponse;
import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.AclGroup;
import com.cloud.event.EventTypes;
import com.cloud.exception.InsufficientCapacityException;
@@ -44,6 +47,9 @@ public class AddAccountToAclGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AddAccountToAclGroupCmd.class.getName());
private static final String s_name = "addaccounttoaclgroupresponse";
+ @Inject
+ public AclApiService _aclApiSrv;
+
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@@ -93,9 +99,9 @@ public class AddAccountToAclGroupCmd extends BaseAsyncCmd {
public void execute() throws ResourceUnavailableException,
InsufficientCapacityException, ServerApiException {
CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclService.addAccountsToGroup(accountIdList, id);
+ AclGroup result = _aclApiSrv.addAccountsToGroup(accountIdList, id);
if (result != null){
- AclGroupResponse response = _responseGenerator.createAclGroupResponse(result);
+ AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
response.setResponseName(getCommandName());
setResponseObject(response);
} else {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9be7bb9/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/AddAclPermissionToAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/AddAclPermissionToAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/AddAclPermissionToAclPolicyCmd.java
index 73deaf2..33cae75 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/AddAclPermissionToAclPolicyCmd.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/AddAclPermissionToAclPolicyCmd.java
@@ -16,11 +16,13 @@
// under the License.
package org.apache.cloudstack.acl.api.command;
+import javax.inject.Inject;
+
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclPolicy;
-import org.apache.cloudstack.acl.AclPolicyPermission.Permission;
import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.acl.api.AclApiService;
+import org.apache.cloudstack.acl.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@@ -29,8 +31,9 @@ import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.AclPolicy;
+import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
import com.cloud.event.EventTypes;
import com.cloud.exception.InsufficientCapacityException;
@@ -43,6 +46,9 @@ public class AddAclPermissionToAclPolicyCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AddAclPermissionToAclPolicyCmd.class.getName());
private static final String s_name = "addaclpermissiontoaclpolicyresponse";
+ @Inject
+ public AclApiService _aclApiSrv;
+
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@@ -116,9 +122,9 @@ public class AddAclPermissionToAclPolicyCmd extends BaseAsyncCmd {
InsufficientCapacityException, ServerApiException {
CallContext.current().setEventDetails("Acl policy Id: " + getId());
// Only explicit ALLOW is supported for this release, no explicit deny
- AclPolicy result = _aclService.addAclPermissionToAclPolicy(id, entityType, PermissionScope.valueOf(scope), scopeId, action, Permission.Allow);
+ AclPolicy result = _aclApiSrv.addAclPermissionToAclPolicy(id, entityType, PermissionScope.valueOf(scope), scopeId, action, Permission.Allow);
if (result != null) {
- AclPolicyResponse response = _responseGenerator.createAclPolicyResponse(result);
+ AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(result);
response.setResponseName(getCommandName());
setResponseObject(response);
} else {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9be7bb9/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/AttachAclPolicyToAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/AttachAclPolicyToAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/AttachAclPolicyToAclGroupCmd.java
index db543ee..c691934 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/AttachAclPolicyToAclGroupCmd.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/AttachAclPolicyToAclGroupCmd.java
@@ -18,9 +18,13 @@ package org.apache.cloudstack.acl.api.command;
import java.util.List;
+import javax.inject.Inject;
+
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclGroup;
+import org.apache.cloudstack.acl.api.AclApiService;
+import org.apache.cloudstack.acl.api.response.AclGroupResponse;
+import org.apache.cloudstack.acl.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@@ -29,9 +33,8 @@ import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AclGroupResponse;
-import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.AclGroup;
import com.cloud.event.EventTypes;
import com.cloud.exception.InsufficientCapacityException;
@@ -44,6 +47,9 @@ public class AttachAclPolicyToAclGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AttachAclPolicyToAclGroupCmd.class.getName());
private static final String s_name = "attachaclpolicytoaclgroupresponse";
+ @Inject
+ public AclApiService _aclApiSrv;
+
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@@ -93,9 +99,9 @@ public class AttachAclPolicyToAclGroupCmd extends BaseAsyncCmd {
public void execute() throws ResourceUnavailableException,
InsufficientCapacityException, ServerApiException {
CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclService.attachAclPoliciesToGroup(policyIdList, id);
+ AclGroup result = _aclApiSrv.attachAclPoliciesToGroup(policyIdList, id);
if (result != null){
- AclGroupResponse response = _responseGenerator.createAclGroupResponse(result);
+ AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
response.setResponseName(getCommandName());
setResponseObject(response);
} else {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9be7bb9/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/CreateAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/CreateAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/CreateAclGroupCmd.java
index 60294cd..5ae34b8 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/CreateAclGroupCmd.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/CreateAclGroupCmd.java
@@ -16,9 +16,12 @@
// under the License.
package org.apache.cloudstack.acl.api.command;
+import javax.inject.Inject;
+
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclGroup;
+import org.apache.cloudstack.acl.api.AclApiService;
+import org.apache.cloudstack.acl.api.response.AclGroupResponse;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
@@ -26,9 +29,9 @@ import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCreateCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AclGroupResponse;
import org.apache.cloudstack.api.response.DomainResponse;
import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.AclGroup;
import com.cloud.event.EventTypes;
import com.cloud.exception.ResourceAllocationException;
@@ -40,6 +43,9 @@ public class CreateAclGroupCmd extends BaseAsyncCreateCmd {
private static final String s_name = "createaclgroupresponse";
+ @Inject
+ public AclApiService _aclApiSrv;
+
// ///////////////////////////////////////////////////
// ////////////// API parameters /////////////////////
// ///////////////////////////////////////////////////
@@ -113,7 +119,7 @@ public class CreateAclGroupCmd extends BaseAsyncCreateCmd {
public void execute() {
AclGroup grp = _entityMgr.findById(AclGroup.class, getEntityId());
if (grp != null) {
- AclGroupResponse response = _responseGenerator.createAclGroupResponse(grp);
+ AclGroupResponse response = _aclApiSrv.createAclGroupResponse(grp);
response.setResponseName(getCommandName());
setResponseObject(response);
} else {
@@ -124,7 +130,7 @@ public class CreateAclGroupCmd extends BaseAsyncCreateCmd {
@Override
public void create() throws ResourceAllocationException {
Account account = CallContext.current().getCallingAccount();
- AclGroup result = _aclService.createAclGroup(account, name, description);
+ AclGroup result = _aclApiSrv.createAclGroup(account, name, description);
if (result != null) {
setEntityId(result.getId());
setEntityUuid(result.getUuid());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9be7bb9/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/CreateAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/CreateAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/CreateAclPolicyCmd.java
index 2aaa38a..8f0657c 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/CreateAclPolicyCmd.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/CreateAclPolicyCmd.java
@@ -16,9 +16,12 @@
// under the License.
package org.apache.cloudstack.acl.api.command;
+import javax.inject.Inject;
+
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclPolicy;
+import org.apache.cloudstack.acl.api.AclApiService;
+import org.apache.cloudstack.acl.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@@ -27,9 +30,9 @@ import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCreateCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.response.DomainResponse;
import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.AclPolicy;
import com.cloud.event.EventTypes;
import com.cloud.exception.ResourceAllocationException;
@@ -41,6 +44,9 @@ public class CreateAclPolicyCmd extends BaseAsyncCreateCmd {
private static final String s_name = "createaclpolicyresponse";
+ @Inject
+ public AclApiService _aclApiSrv;
+
// ///////////////////////////////////////////////////
// ////////////// API parameters /////////////////////
// ///////////////////////////////////////////////////
@@ -120,7 +126,7 @@ public class CreateAclPolicyCmd extends BaseAsyncCreateCmd {
public void execute() {
AclPolicy policy = _entityMgr.findById(AclPolicy.class, getEntityId());
if (policy != null) {
- AclPolicyResponse response = _responseGenerator.createAclPolicyResponse(policy);
+ AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(policy);
response.setResponseName(getCommandName());
setResponseObject(response);
} else {
@@ -131,7 +137,7 @@ public class CreateAclPolicyCmd extends BaseAsyncCreateCmd {
@Override
public void create() throws ResourceAllocationException {
Account account = CallContext.current().getCallingAccount();
- AclPolicy result = _aclService.createAclPolicy(account, name, description, parentPolicyId);
+ AclPolicy result = _aclApiSrv.createAclPolicy(account, name, description, parentPolicyId);
if (result != null) {
setEntityId(result.getId());
setEntityUuid(result.getUuid());
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9be7bb9/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/DeleteAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/DeleteAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/DeleteAclGroupCmd.java
index 939a501..9b2df95 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/DeleteAclGroupCmd.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/DeleteAclGroupCmd.java
@@ -16,8 +16,12 @@
// under the License.
package org.apache.cloudstack.acl.api.command;
+import javax.inject.Inject;
+
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.api.AclApiService;
+import org.apache.cloudstack.acl.api.response.AclGroupResponse;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@@ -26,7 +30,6 @@ import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AclGroupResponse;
import org.apache.cloudstack.api.response.SuccessResponse;
import com.cloud.event.EventTypes;
@@ -37,6 +40,9 @@ public class DeleteAclGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteAclGroupCmd.class.getName());
private static final String s_name = "deleteaclgroupresponse";
+ @Inject
+ public AclApiService _aclApiSrv;
+
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@@ -70,7 +76,7 @@ public class DeleteAclGroupCmd extends BaseAsyncCmd {
@Override
public void execute(){
- boolean result = _aclService.deleteAclGroup(id);
+ boolean result = _aclApiSrv.deleteAclGroup(id);
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
setResponseObject(response);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9be7bb9/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/DeleteAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/DeleteAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/DeleteAclPolicyCmd.java
index ea0a39f..0e72f65 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/DeleteAclPolicyCmd.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/DeleteAclPolicyCmd.java
@@ -16,8 +16,12 @@
// under the License.
package org.apache.cloudstack.acl.api.command;
+import javax.inject.Inject;
+
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.api.AclApiService;
+import org.apache.cloudstack.acl.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@@ -26,7 +30,6 @@ import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.response.SuccessResponse;
import com.cloud.event.EventTypes;
@@ -37,6 +40,9 @@ public class DeleteAclPolicyCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteAclPolicyCmd.class.getName());
private static final String s_name = "deleteaclpolicyresponse";
+ @Inject
+ public AclApiService _aclApiSrv;
+
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@@ -70,7 +76,7 @@ public class DeleteAclPolicyCmd extends BaseAsyncCmd {
@Override
public void execute(){
- boolean result = _aclService.deleteAclPolicy(id);
+ boolean result = _aclApiSrv.deleteAclPolicy(id);
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
setResponseObject(response);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9be7bb9/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/ListAclGroupsCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/ListAclGroupsCmd.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/ListAclGroupsCmd.java
index 9bb9f02..df40354 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/ListAclGroupsCmd.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/ListAclGroupsCmd.java
@@ -16,14 +16,17 @@
// under the License.
package org.apache.cloudstack.acl.api.command;
+import javax.inject.Inject;
+
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.api.AclApiService;
+import org.apache.cloudstack.acl.api.response.AclGroupResponse;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.response.AclGroupResponse;
import org.apache.cloudstack.api.response.ListResponse;
@@ -33,6 +36,9 @@ public class ListAclGroupsCmd extends BaseListDomainResourcesCmd {
private static final String s_name = "listaclgroupsresponse";
+ @Inject
+ public AclApiService _aclApiSrv;
+
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@@ -68,7 +74,7 @@ public class ListAclGroupsCmd extends BaseListDomainResourcesCmd {
@Override
public void execute(){
- ListResponse<AclGroupResponse> response = _queryService.listAclGroups(id, aclGroupName, getDomainId(),
+ ListResponse<AclGroupResponse> response = _aclApiSrv.listAclGroups(id, aclGroupName, getDomainId(),
getStartIndex(), getPageSizeVal());
response.setResponseName(getCommandName());
setResponseObject(response);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9be7bb9/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/ListAclPoliciesCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/ListAclPoliciesCmd.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/ListAclPoliciesCmd.java
index 9937187..28eeab3 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/ListAclPoliciesCmd.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/ListAclPoliciesCmd.java
@@ -16,14 +16,17 @@
// under the License.
package org.apache.cloudstack.acl.api.command;
+import javax.inject.Inject;
+
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.api.AclApiService;
+import org.apache.cloudstack.acl.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
import org.apache.cloudstack.api.Parameter;
-import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.response.ListResponse;
@@ -33,6 +36,9 @@ public class ListAclPoliciesCmd extends BaseListDomainResourcesCmd {
private static final String s_name = "listaclpoliciesresponse";
+ @Inject
+ public AclApiService _aclApiSrv;
+
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@@ -68,7 +74,7 @@ public class ListAclPoliciesCmd extends BaseListDomainResourcesCmd {
@Override
public void execute(){
- ListResponse<AclPolicyResponse> response = _queryService.listAclPolicies(id, aclPolicyName, getDomainId(),
+ ListResponse<AclPolicyResponse> response = _aclApiSrv.listAclPolicies(id, aclPolicyName, getDomainId(),
getStartIndex(), getPageSizeVal());
response.setResponseName(getCommandName());
setResponseObject(response);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9be7bb9/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/RemoveAccountFromAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/RemoveAccountFromAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/RemoveAccountFromAclGroupCmd.java
index 96cbbd6..239d9e3 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/RemoveAccountFromAclGroupCmd.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/RemoveAccountFromAclGroupCmd.java
@@ -18,9 +18,12 @@ package org.apache.cloudstack.acl.api.command;
import java.util.List;
+import javax.inject.Inject;
+
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclGroup;
+import org.apache.cloudstack.acl.api.AclApiService;
+import org.apache.cloudstack.acl.api.response.AclGroupResponse;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@@ -30,8 +33,8 @@ import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.AccountResponse;
-import org.apache.cloudstack.api.response.AclGroupResponse;
import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.AclGroup;
import com.cloud.event.EventTypes;
import com.cloud.exception.InsufficientCapacityException;
@@ -44,6 +47,9 @@ public class RemoveAccountFromAclGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RemoveAccountFromAclGroupCmd.class.getName());
private static final String s_name = "removeaccountfromaclgroupresponse";
+ @Inject
+ public AclApiService _aclApiSrv;
+
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@@ -93,9 +99,9 @@ public class RemoveAccountFromAclGroupCmd extends BaseAsyncCmd {
public void execute() throws ResourceUnavailableException,
InsufficientCapacityException, ServerApiException {
CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclService.removeAccountsFromGroup(accountIdList, id);
+ AclGroup result = _aclApiSrv.removeAccountsFromGroup(accountIdList, id);
if (result != null){
- AclGroupResponse response = _responseGenerator.createAclGroupResponse(result);
+ AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
response.setResponseName(getCommandName());
setResponseObject(response);
} else {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9be7bb9/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/RemoveAclPermissionFromAclPolicyCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/RemoveAclPermissionFromAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/RemoveAclPermissionFromAclPolicyCmd.java
index f741e78..ab1a06c 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/RemoveAclPermissionFromAclPolicyCmd.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/RemoveAclPermissionFromAclPolicyCmd.java
@@ -16,10 +16,13 @@
// under the License.
package org.apache.cloudstack.acl.api.command;
+import javax.inject.Inject;
+
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclPolicy;
import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.acl.api.AclApiService;
+import org.apache.cloudstack.acl.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@@ -28,8 +31,8 @@ import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.AclPolicy;
import com.cloud.event.EventTypes;
import com.cloud.exception.InsufficientCapacityException;
@@ -42,6 +45,9 @@ public class RemoveAclPermissionFromAclPolicyCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RemoveAclPermissionFromAclPolicyCmd.class.getName());
private static final String s_name = "removeaclpermissionfromaclpolicyresponse";
+ @Inject
+ public AclApiService _aclApiSrv;
+
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@@ -113,9 +119,9 @@ public class RemoveAclPermissionFromAclPolicyCmd extends BaseAsyncCmd {
public void execute() throws ResourceUnavailableException,
InsufficientCapacityException, ServerApiException {
CallContext.current().setEventDetails("Acl policy Id: " + getId());
- AclPolicy result = _aclService.removeAclPermissionFromAclPolicy(id, entityType, PermissionScope.valueOf(scope), scopeId, action);
+ AclPolicy result = _aclApiSrv.removeAclPermissionFromAclPolicy(id, entityType, PermissionScope.valueOf(scope), scopeId, action);
if (result != null) {
- AclPolicyResponse response = _responseGenerator.createAclPolicyResponse(result);
+ AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(result);
response.setResponseName(getCommandName());
setResponseObject(response);
} else {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9be7bb9/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/RemoveAclPolicyFromAclGroupCmd.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/RemoveAclPolicyFromAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/RemoveAclPolicyFromAclGroupCmd.java
index b7d61b6..c3838ad 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/RemoveAclPolicyFromAclGroupCmd.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/RemoveAclPolicyFromAclGroupCmd.java
@@ -18,9 +18,13 @@ package org.apache.cloudstack.acl.api.command;
import java.util.List;
+import javax.inject.Inject;
+
import org.apache.log4j.Logger;
-import org.apache.cloudstack.acl.AclGroup;
+import org.apache.cloudstack.acl.api.AclApiService;
+import org.apache.cloudstack.acl.api.response.AclGroupResponse;
+import org.apache.cloudstack.acl.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
@@ -29,9 +33,8 @@ import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
-import org.apache.cloudstack.api.response.AclGroupResponse;
-import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.iam.api.AclGroup;
import com.cloud.event.EventTypes;
import com.cloud.exception.InsufficientCapacityException;
@@ -44,6 +47,9 @@ public class RemoveAclPolicyFromAclGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RemoveAclPolicyFromAclGroupCmd.class.getName());
private static final String s_name = "removeaclpolicyfromaclgroupresponse";
+ @Inject
+ public AclApiService _aclApiSrv;
+
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@@ -93,9 +99,9 @@ public class RemoveAclPolicyFromAclGroupCmd extends BaseAsyncCmd {
public void execute() throws ResourceUnavailableException,
InsufficientCapacityException, ServerApiException {
CallContext.current().setEventDetails("Acl group Id: " + getId());
- AclGroup result = _aclService.removeAclPoliciesFromGroup(policyIdList, id);
+ AclGroup result = _aclApiSrv.removeAclPoliciesFromGroup(policyIdList, id);
if (result != null){
- AclGroupResponse response = _responseGenerator.createAclGroupResponse(result);
+ AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result);
response.setResponseName(getCommandName());
setResponseObject(response);
} else {
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9be7bb9/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclGroupResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclGroupResponse.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclGroupResponse.java
new file mode 100644
index 0000000..209aa7a
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclGroupResponse.java
@@ -0,0 +1,169 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.acl.api.response;
+
+import java.util.LinkedHashSet;
+import java.util.Set;
+
+import com.google.gson.annotations.SerializedName;
+
+import org.apache.cloudstack.acl.AclGroup;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseResponse;
+import org.apache.cloudstack.api.EntityReference;
+import org.apache.cloudstack.api.response.ControlledViewEntityResponse;
+
+import com.cloud.serializer.Param;
+
+@SuppressWarnings("unused")
+@EntityReference(value = AclGroup.class)
+public class AclGroupResponse extends BaseResponse implements ControlledViewEntityResponse {
+
+ @SerializedName(ApiConstants.ID)
+ @Param(description = "the ID of the acl group")
+ private String id;
+
+ @SerializedName(ApiConstants.NAME)
+ @Param(description = "the name of the acl group")
+ private String name;
+
+ @SerializedName(ApiConstants.DESCRIPTION)
+ @Param(description = "the description of the acl group")
+ private String description;
+
+ @SerializedName(ApiConstants.DOMAIN_ID)
+ @Param(description = "the domain ID of the acl group")
+ private String domainId;
+
+ @SerializedName(ApiConstants.DOMAIN)
+ @Param(description = "the domain name of the acl role")
+ private String domainName;
+
+ @SerializedName(ApiConstants.ACCOUNT)
+ @Param(description = "the account owning the policy")
+ private String accountName;
+
+ @SerializedName(ApiConstants.ACL_MEMBER_ACCOUNTS)
+ @Param(description = "account names assigned to this acl group ")
+ private Set<String> accountNameList;
+
+ @SerializedName(ApiConstants.ACL_POLICIES)
+ @Param(description = "acl policies attached to this acl group ")
+ private Set<String> policyNameList;
+
+ public AclGroupResponse() {
+ accountNameList = new LinkedHashSet<String>();
+ policyNameList = new LinkedHashSet<String>();
+ }
+
+ @Override
+ public String getObjectId() {
+ return getId();
+ }
+
+
+ public String getId() {
+ return id;
+ }
+
+ public void setId(String id) {
+ this.id = id;
+ }
+
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ @Override
+ public void setDomainId(String domainId) {
+ this.domainId = domainId;
+ }
+
+ @Override
+ public void setDomainName(String domainName) {
+ this.domainName = domainName;
+ }
+
+ @Override
+ public void setAccountName(String accountName) {
+ this.accountName = accountName;
+
+ }
+
+ @Override
+ public void setProjectId(String projectId) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setProjectName(String projectName) {
+ // TODO Auto-generated method stub
+
+ }
+
+ public void setMemberAccounts(Set<String> accts) {
+ accountNameList = accts;
+ }
+
+ public void addMemberAccount(String acct) {
+ accountNameList.add(acct);
+ }
+
+ public void setPolicyList(Set<String> policies) {
+ policyNameList = policies;
+ }
+
+ public void addPolicy(String policy) {
+ policyNameList.add(policy);
+ }
+
+ public Set<String> getPolicyList() {
+ return policyNameList;
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((id == null) ? 0 : id.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ AclGroupResponse other = (AclGroupResponse)obj;
+ if (id == null) {
+ if (other.id != null)
+ return false;
+ } else if (!id.equals(other.id))
+ return false;
+ return true;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9be7bb9/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclPermissionResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclPermissionResponse.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclPermissionResponse.java
new file mode 100644
index 0000000..8ad662a
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclPermissionResponse.java
@@ -0,0 +1,125 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.acl.api.response;
+
+import com.google.gson.annotations.SerializedName;
+
+import org.apache.cloudstack.acl.AclEntityType;
+import org.apache.cloudstack.acl.AclPolicyPermission;
+import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseResponse;
+
+import com.cloud.serializer.Param;
+
+public class AclPermissionResponse extends BaseResponse {
+
+ @SerializedName(ApiConstants.ACL_ACTION)
+ @Param(description = "action of this permission")
+ private String action;
+
+ @SerializedName(ApiConstants.ENTITY_TYPE)
+ @Param(description = "the entity type of this permission")
+ private AclEntityType entityType;
+
+ @SerializedName(ApiConstants.ACL_SCOPE)
+ @Param(description = "scope of this permission")
+ private PermissionScope scope;
+
+ @SerializedName(ApiConstants.ACL_SCOPE_ID)
+ @Param(description = "scope id of this permission")
+ private Long scopeId;
+
+ @SerializedName(ApiConstants.ACL_ALLOW_DENY)
+ @Param(description = "allow or deny of this permission")
+ private AclPolicyPermission.Permission permission;
+
+ public AclEntityType getEntityType() {
+ return entityType;
+ }
+
+ public void setEntityType(AclEntityType entityType) {
+ this.entityType = entityType;
+ }
+
+ public String getAction() {
+ return action;
+ }
+
+ public void setAction(String action) {
+ this.action = action;
+ }
+
+ public PermissionScope getScope() {
+ return scope;
+ }
+
+ public void setScope(PermissionScope scope) {
+ this.scope = scope;
+ }
+
+ public Long getScopeId() {
+ return scopeId;
+ }
+
+ public void setScopeId(Long scopeId) {
+ this.scopeId = scopeId;
+ }
+
+ public AclPolicyPermission.Permission getPermission() {
+ return permission;
+ }
+
+ public void setPermission(AclPolicyPermission.Permission permission) {
+ this.permission = permission;
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((action == null) ? 0 : action.hashCode());
+ result = prime * result + ((entityType == null) ? 0 : entityType.hashCode());
+ result = prime * result + ((scope == null) ? 0 : scope.hashCode());
+ result = prime * result + ((scopeId == null) ? 0 : scopeId.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ AclPermissionResponse other = (AclPermissionResponse) obj;
+ if ((entityType == null && other.entityType != null) || !entityType.equals(other.entityType)) {
+ return false;
+ } else if ((action == null && other.action != null) || !action.equals(other.action)) {
+ return false;
+ } else if ((scope == null && other.scope != null) || !scope.equals(other.scope)) {
+ return false;
+ } else if ((scopeId == null && other.scopeId != null) || !scopeId.equals(other.scopeId)) {
+ return false;
+ }
+ return true;
+ }
+
+
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9be7bb9/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclPolicyResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclPolicyResponse.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclPolicyResponse.java
new file mode 100644
index 0000000..5a6db0c
--- /dev/null
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclPolicyResponse.java
@@ -0,0 +1,157 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.acl.api.response;
+
+import java.util.LinkedHashSet;
+import java.util.Set;
+
+import com.google.gson.annotations.SerializedName;
+
+import org.apache.cloudstack.acl.AclPolicy;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseResponse;
+import org.apache.cloudstack.api.EntityReference;
+import org.apache.cloudstack.api.response.ControlledViewEntityResponse;
+
+import com.cloud.serializer.Param;
+
+@SuppressWarnings("unused")
+@EntityReference(value = AclPolicy.class)
+public class AclPolicyResponse extends BaseResponse implements ControlledViewEntityResponse {
+
+ @SerializedName(ApiConstants.ID)
+ @Param(description = "the ID of the acl policy")
+ private String id;
+
+ @SerializedName(ApiConstants.NAME)
+ @Param(description = "the name of the acl policy")
+ private String name;
+
+ @SerializedName(ApiConstants.DESCRIPTION)
+ @Param(description = "the description of the acl policy")
+ private String description;
+
+ @SerializedName(ApiConstants.DOMAIN_ID)
+ @Param(description = "the domain ID of the acl policy")
+ private String domainId;
+
+ @SerializedName(ApiConstants.DOMAIN)
+ @Param(description = "the domain name of the acl policy")
+ private String domainName;
+
+ @SerializedName(ApiConstants.ACCOUNT)
+ @Param(description = "the account owning the policy")
+ private String accountName;
+
+ @SerializedName(ApiConstants.ACL_PERMISSIONS)
+ @Param(description = "set of permissions for the acl policy")
+ private Set<AclPermissionResponse> permissionList;
+
+ public AclPolicyResponse() {
+ permissionList = new LinkedHashSet<AclPermissionResponse>();
+ }
+
+ @Override
+ public String getObjectId() {
+ return getId();
+ }
+
+
+ public String getId() {
+ return id;
+ }
+
+ public void setId(String id) {
+ this.id = id;
+ }
+
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ @Override
+ public void setDomainId(String domainId) {
+ this.domainId = domainId;
+ }
+
+ @Override
+ public void setDomainName(String domainName) {
+ this.domainName = domainName;
+ }
+
+ public Set<AclPermissionResponse> getPermissionList() {
+ return permissionList;
+ }
+
+ public void setPermissionList(Set<AclPermissionResponse> perms) {
+ permissionList = perms;
+ }
+
+ public void addPermission(AclPermissionResponse perm) {
+ permissionList.add(perm);
+ }
+
+ @Override
+ public void setAccountName(String accountName) {
+ this.accountName = accountName;
+ }
+
+ @Override
+ public void setProjectId(String projectId) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setProjectName(String projectName) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((id == null) ? 0 : id.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ AclPolicyResponse other = (AclPolicyResponse) obj;
+ if (id == null) {
+ if (other.id != null)
+ return false;
+ } else if (!id.equals(other.id))
+ return false;
+ return true;
+ }
+
+
+
+}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9be7bb9/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
index 9695efd..ed82f65 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
@@ -50,8 +50,12 @@ public interface IAMService {
AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId,
String action);
+ AclPolicy getResourceOwnerPolicy();
+
List<AclPolicyPermission> listPolicyPermissionsByScope(long policyId, String action, String scope);
+ List<AclPolicyPermission> listPollcyPermissionByEntityType(long policyId, String action, String entityType);
+
boolean isAPIAccessibleForPolicies(String apiName, List<AclPolicy> policies);
List<Long> getGrantedEntities(long accountId, String action, String scope);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/d9be7bb9/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
index b04e100..8c87afc 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
@@ -535,4 +535,17 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
return pl;
}
+ @Override
+ public List<AclPolicyPermission> listPollcyPermissionByEntityType(long policyId, String action, String entityType) {
+ List<AclPolicyPermissionVO> pp = _policyPermissionDao.listByPolicyActionAndEntity(policyId, action, entityType);
+ List<AclPolicyPermission> pl = new ArrayList<AclPolicyPermission>();
+ pl.addAll(pp);
+ return pl;
+ }
+
+ @Override
+ public AclPolicy getResourceOwnerPolicy() {
+ return _aclPolicyDao.findByName("RESOURCE_OWNER");
+ }
+
}