You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by mc...@apache.org on 2014/01/03 01:19:57 UTC
git commit: updated refs/heads/rbac to dd8dcd9
Updated Branches:
refs/heads/rbac d9be7bb96 -> dd8dcd949
Implementing listAclGroup and listAclPolicy API based on iam plugin
model without using db views. AclGroupJoinVO and AclPolicyJoinVO can be
removed later.
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/dd8dcd94
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/dd8dcd94
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/dd8dcd94
Branch: refs/heads/rbac
Commit: dd8dcd9492eda04865974f0d598aa0a381cfa1a5
Parents: d9be7bb
Author: Min Chen <mi...@citrix.com>
Authored: Thu Jan 2 16:18:29 2014 -0800
Committer: Min Chen <mi...@citrix.com>
Committed: Thu Jan 2 16:18:29 2014 -0800
----------------------------------------------------------------------
.../cloudstack/acl/api/AclApiServiceImpl.java | 150 +++++++++++++++++--
.../acl/api/response/AclPermissionResponse.java | 2 +-
.../org/apache/cloudstack/iam/api/AclGroup.java | 4 +
.../apache/cloudstack/iam/api/AclPolicy.java | 4 +
.../apache/cloudstack/iam/api/IAMService.java | 12 ++
.../cloudstack/iam/server/AclGroupVO.java | 13 ++
.../cloudstack/iam/server/AclPolicyVO.java | 14 +-
.../cloudstack/iam/server/IAMServiceImpl.java | 112 +++++++++++++-
8 files changed, 292 insertions(+), 19 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/dd8dcd94/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
index 5e7d10e..8e09501 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
@@ -16,6 +16,7 @@
// under the License.
package org.apache.cloudstack.acl.api;
+import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
@@ -24,13 +25,16 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
+import org.apache.cloudstack.acl.AclEntityType;
import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.acl.api.response.AclGroupResponse;
+import org.apache.cloudstack.acl.api.response.AclPermissionResponse;
import org.apache.cloudstack.acl.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.BaseListCmd;
import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.iam.api.AclGroup;
import org.apache.cloudstack.iam.api.AclPolicy;
import org.apache.cloudstack.iam.api.AclPolicyPermission;
@@ -39,6 +43,7 @@ import org.apache.cloudstack.iam.api.IAMService;
import com.cloud.api.ApiServerService;
import com.cloud.domain.Domain;
+import com.cloud.domain.DomainVO;
import com.cloud.domain.dao.DomainDao;
import com.cloud.event.ActionEvent;
import com.cloud.event.EventTypes;
@@ -47,7 +52,11 @@ import com.cloud.storage.Snapshot;
import com.cloud.storage.Volume;
import com.cloud.template.VirtualMachineTemplate;
import com.cloud.user.Account;
+import com.cloud.user.AccountManager;
+import com.cloud.user.AccountVO;
+import com.cloud.user.dao.AccountDao;
import com.cloud.uservm.UserVm;
+import com.cloud.utils.Pair;
import com.cloud.utils.component.Manager;
import com.cloud.utils.component.ManagerBase;
import com.cloud.utils.db.DB;
@@ -67,6 +76,12 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
@Inject
DomainDao _domainDao;
+ @Inject
+ AccountDao _accountDao;
+
+ @Inject
+ AccountManager _accountMgr;
+
public static HashMap<String, Class> entityClassMap = new HashMap<String, Class>();
@@ -278,27 +293,142 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
@Override
public AclPolicyResponse createAclPolicyResponse(AclPolicy policy) {
- // TODO Auto-generated method stub
- return null;
+ AclPolicyResponse response = new AclPolicyResponse();
+ response.setId(policy.getUuid());
+ response.setName(policy.getName());
+ response.setDescription(policy.getDescription());
+ String domainPath = policy.getPath();
+ if (domainPath != null) {
+ DomainVO domain = _domainDao.findDomainByPath(domainPath);
+ if (domain != null) {
+ response.setDomainId(domain.getUuid());
+ response.setDomainName(domain.getName());
+ }
+ }
+ long accountId = policy.getAccountId();
+ AccountVO owner = _accountDao.findById(accountId);
+ if (owner != null) {
+ response.setAccountName(owner.getAccountName());
+ }
+ // find permissions associated with this policy
+ List<AclPolicyPermission> permissions = _iamSrv.listPolicyPermissions(policy.getId());
+ if (permissions != null && permissions.size() > 0) {
+ for (AclPolicyPermission permission : permissions) {
+ AclPermissionResponse perm = new AclPermissionResponse();
+ perm.setAction(permission.getAction());
+ perm.setEntityType(AclEntityType.valueOf(permission.getEntityType()));
+ perm.setScope(PermissionScope.valueOf(permission.getScope()));
+ perm.setScopeId(permission.getScopeId());
+ perm.setPermission(permission.getPermission());
+ response.addPermission(perm);
+ }
+ }
+ response.setObjectName("aclpolicy");
+ return response;
}
@Override
public AclGroupResponse createAclGroupResponse(AclGroup group) {
- // TODO Auto-generated method stub
- return null;
+ AclGroupResponse response = new AclGroupResponse();
+ response.setId(group.getUuid());
+ response.setName(group.getName());
+ response.setDescription(group.getDescription());
+ String domainPath = group.getPath();
+ if (domainPath != null) {
+ DomainVO domain = _domainDao.findDomainByPath(domainPath);
+ if (domain != null) {
+ response.setDomainId(domain.getUuid());
+ response.setDomainName(domain.getName());
+ }
+ }
+ long accountId = group.getAccountId();
+ AccountVO owner = _accountDao.findById(accountId);
+ if (owner != null) {
+ response.setAccountName(owner.getAccountName());
+ }
+ // find all the members in this group
+ List<Long> members = _iamSrv.listAccountsByGroup(group.getId());
+ if (members != null && members.size() > 0) {
+ for (Long member : members) {
+ AccountVO mem = _accountDao.findById(accountId);
+ if (mem != null) {
+ response.addMemberAccount(mem.getAccountName());
+ }
+ }
+ }
+
+ // find all the policies attached to this group
+ List<AclPolicy> policies = _iamSrv.listAclPoliciesByGroup(group.getId());
+ if (policies != null && policies.size() > 0) {
+ for (AclPolicy policy : policies) {
+ response.addPolicy(policy.getName());
+ }
+ }
+
+ response.setObjectName("aclgroup");
+ return response;
+
}
@Override
- public ListResponse<org.apache.cloudstack.acl.api.response.AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName, Long domainId, Long startIndex, Long pageSize) {
- // TODO Auto-generated method stub
- return null;
+ public ListResponse<AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName, Long domainId, Long startIndex, Long pageSize) {
+ // acl check
+ Account caller = CallContext.current().getCallingAccount();
+
+ Domain domain = null;
+ if (domainId != null) {
+ domain = _domainDao.findById(domainId);
+ if (domain == null) {
+ throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
+ }
+
+ _accountMgr.checkAccess(caller, domain);
+ } else {
+ domain = _domainDao.findById(caller.getDomainId());
+ }
+ String domainPath = domain.getPath();
+ // search for groups
+ Pair<List<AclGroup>, Integer> result = _iamSrv.listAclGroups(aclGroupId, aclGroupName, domainPath, startIndex, pageSize);
+ // generate group response
+ ListResponse<AclGroupResponse> response = new ListResponse<AclGroupResponse>();
+ List<AclGroupResponse> groupResponses = new ArrayList<AclGroupResponse>();
+ for (AclGroup group : result.first()) {
+ AclGroupResponse resp = createAclGroupResponse(group);
+ groupResponses.add(resp);
+ }
+ response.setResponses(groupResponses, result.second());
+ return response;
}
@Override
- public ListResponse<org.apache.cloudstack.acl.api.response.AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName, Long domainId, Long startIndex,
+ public ListResponse<AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName, Long domainId, Long startIndex,
Long pageSize) {
- // TODO Auto-generated method stub
- return null;
+ // acl check
+ Account caller = CallContext.current().getCallingAccount();
+
+ Domain domain = null;
+ if (domainId != null) {
+ domain = _domainDao.findById(domainId);
+ if (domain == null) {
+ throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
+ }
+
+ _accountMgr.checkAccess(caller, domain);
+ } else {
+ domain = _domainDao.findById(caller.getDomainId());
+ }
+ String domainPath = domain.getPath();
+ // search for policies
+ Pair<List<AclPolicy>, Integer> result = _iamSrv.listAclPolicies(aclPolicyId, aclPolicyName, domainPath, startIndex, pageSize);
+ // generate policy response
+ ListResponse<AclPolicyResponse> response = new ListResponse<AclPolicyResponse>();
+ List<AclPolicyResponse> policyResponses = new ArrayList<AclPolicyResponse>();
+ for (AclPolicy policy : result.first()) {
+ AclPolicyResponse resp = createAclPolicyResponse(policy);
+ policyResponses.add(resp);
+ }
+ response.setResponses(policyResponses, result.second());
+ return response;
}
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/dd8dcd94/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclPermissionResponse.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclPermissionResponse.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclPermissionResponse.java
index 8ad662a..dd510d4 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclPermissionResponse.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclPermissionResponse.java
@@ -19,10 +19,10 @@ package org.apache.cloudstack.acl.api.response;
import com.google.gson.annotations.SerializedName;
import org.apache.cloudstack.acl.AclEntityType;
-import org.apache.cloudstack.acl.AclPolicyPermission;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseResponse;
+import org.apache.cloudstack.iam.api.AclPolicyPermission;
import com.cloud.serializer.Param;
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/dd8dcd94/services/iam/server/src/org/apache/cloudstack/iam/api/AclGroup.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/api/AclGroup.java b/services/iam/server/src/org/apache/cloudstack/iam/api/AclGroup.java
index a64ca7f..56ba0ed 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/api/AclGroup.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/api/AclGroup.java
@@ -25,4 +25,8 @@ public interface AclGroup {
long getId();
String getUuid();
+
+ String getPath();
+
+ long getAccountId();
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/dd8dcd94/services/iam/server/src/org/apache/cloudstack/iam/api/AclPolicy.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/api/AclPolicy.java b/services/iam/server/src/org/apache/cloudstack/iam/api/AclPolicy.java
index 0794888..db309c8 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/api/AclPolicy.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/api/AclPolicy.java
@@ -29,4 +29,8 @@ public interface AclPolicy {
long getId();
String getUuid();
+
+ String getPath();
+
+ long getAccountId();
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/dd8dcd94/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
index ed82f65..355e8cf 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java
@@ -20,6 +20,8 @@ import java.util.List;
import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
+import com.cloud.utils.Pair;
+
public interface IAMService {
/* ACL group related interfaces */
@@ -33,6 +35,10 @@ public interface IAMService {
AclGroup removeAccountsFromGroup(List<Long> acctIds, Long groupId);
+ List<Long> listAccountsByGroup(long groupId);
+
+ Pair<List<AclGroup>, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize);
+
/* ACL Policy related interfaces */
AclPolicy createAclPolicy(String aclPolicyName, String description, Long parentPolicyId);
@@ -40,6 +46,10 @@ public interface IAMService {
List<AclPolicy> listAclPolicies(long accountId);
+ List<AclPolicy> listAclPoliciesByGroup(long groupId);
+
+ Pair<List<AclPolicy>, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize);
+
AclGroup attachAclPoliciesToGroup(List<Long> policyIds, Long groupId);
AclGroup removeAclPoliciesFromGroup(List<Long> policyIds, Long groupId);
@@ -52,6 +62,8 @@ public interface IAMService {
AclPolicy getResourceOwnerPolicy();
+ List<AclPolicyPermission> listPolicyPermissions(long policyId);
+
List<AclPolicyPermission> listPolicyPermissionsByScope(long policyId, String action, String scope);
List<AclPolicyPermission> listPollcyPermissionByEntityType(long policyId, String action, String entityType);
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/dd8dcd94/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupVO.java
index 892803d..69d20d2 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupVO.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/AclGroupVO.java
@@ -50,6 +50,9 @@ public class AclGroupVO implements AclGroup {
@Column(name = "path")
private String path;
+ @Column(name = "account_id")
+ private long accountId;
+
@Column(name = GenericDao.REMOVED_COLUMN)
private Date removed;
@@ -82,6 +85,7 @@ public class AclGroupVO implements AclGroup {
return description;
}
+ @Override
public String getPath() {
return path;
}
@@ -91,6 +95,15 @@ public class AclGroupVO implements AclGroup {
}
@Override
+ public long getAccountId() {
+ return accountId;
+ }
+
+ public void setAccountId(long acctId) {
+ accountId = acctId;
+ }
+
+ @Override
public String getUuid() {
return uuid;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/dd8dcd94/services/iam/server/src/org/apache/cloudstack/iam/server/AclPolicyVO.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/AclPolicyVO.java b/services/iam/server/src/org/apache/cloudstack/iam/server/AclPolicyVO.java
index e6e30ca..f3ceb04 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/AclPolicyVO.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/AclPolicyVO.java
@@ -49,8 +49,8 @@ public class AclPolicyVO implements AclPolicy {
@Column(name = "uuid")
private String uuid;
- @Column(name = "domain_id")
- private long domainId;
+ @Column(name = "path")
+ private String path;
@Column(name = "account_id")
private long accountId;
@@ -109,14 +109,16 @@ public class AclPolicyVO implements AclPolicy {
return created;
}
- public long getDomainId() {
- return domainId;
+ @Override
+ public String getPath() {
+ return path;
}
- public void setDomainId(long domainId) {
- this.domainId = domainId;
+ public void setPath(String path) {
+ this.path = path;
}
+ @Override
public long getAccountId() {
return accountId;
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/dd8dcd94/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
index 8c87afc..5695996 100644
--- a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
+++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java
@@ -36,14 +36,14 @@ import org.apache.cloudstack.iam.server.dao.AclGroupPolicyMapDao;
import org.apache.cloudstack.iam.server.dao.AclPolicyDao;
import org.apache.cloudstack.iam.server.dao.AclPolicyPermissionDao;
-import com.cloud.event.ActionEvent;
-import com.cloud.event.EventTypes;
import com.cloud.exception.InvalidParameterValueException;
import com.cloud.user.Account;
+import com.cloud.utils.Pair;
import com.cloud.utils.component.Manager;
import com.cloud.utils.component.ManagerBase;
import com.cloud.utils.db.DB;
import com.cloud.utils.db.EntityManager;
+import com.cloud.utils.db.Filter;
import com.cloud.utils.db.GenericSearchBuilder;
import com.cloud.utils.db.JoinBuilder.JoinType;
import com.cloud.utils.db.SearchBuilder;
@@ -204,6 +204,52 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
return group;
}
+ @Override
+ public List<Long> listAccountsByGroup(long groupId) {
+ List<AclGroupAccountMapVO> grpAcctMap = _aclGroupAccountMapDao.listByGroupId(groupId);
+ if (grpAcctMap == null || grpAcctMap.size() == 0) {
+ return new ArrayList<Long>();
+ }
+
+ List<Long> accts = new ArrayList<Long>();
+ for (AclGroupAccountMapVO grpAcct : grpAcctMap) {
+ accts.add(grpAcct.getAccountId());
+ }
+ return accts;
+ }
+
+ @Override
+ public Pair<List<AclGroup>, Integer> listAclGroups(Long aclGroupId, String aclGroupName, String path, Long startIndex, Long pageSize) {
+ if (aclGroupId != null) {
+ AclGroup group = _aclGroupDao.findById(aclGroupId);
+ if (group == null) {
+ throw new InvalidParameterValueException("Unable to find acl group by id " + aclGroupId);
+ }
+ }
+
+ Filter searchFilter = new Filter(AclGroupVO.class, "id", true, startIndex, pageSize);
+
+ SearchBuilder<AclGroupVO> sb = _aclGroupDao.createSearchBuilder();
+ sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ);
+ sb.and("path", sb.entity().getPath(), SearchCriteria.Op.LIKE);
+ sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
+
+ SearchCriteria<AclGroupVO> sc = sb.create();
+
+ if (aclGroupName != null) {
+ sc.setParameters("name", aclGroupName);
+ }
+
+ if (aclGroupId != null) {
+ sc.setParameters("id", aclGroupId);
+ }
+
+ sc.setParameters("path", path + "%");
+
+ Pair<List<AclGroupVO>, Integer> groups = _aclGroupDao.searchAndCount(sc, searchFilter);
+ return new Pair<List<AclGroup>, Integer>(new ArrayList<AclGroup>(groups.first()), groups.second());
+ }
+
@DB
@Override
public AclPolicy createAclPolicy(final String aclPolicyName, final String description, final Long parentPolicyId) {
@@ -304,6 +350,60 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
return new ArrayList<AclPolicy>(policies);
}
+ @Override
+ public List<AclPolicy> listAclPoliciesByGroup(long groupId) {
+ List<AclGroupPolicyMapVO> policyGrpMap = _aclGroupPolicyMapDao.listByGroupId(groupId);
+ if (policyGrpMap == null || policyGrpMap.size() == 0) {
+ return new ArrayList<AclPolicy>();
+ }
+
+ List<Long> policyIds = new ArrayList<Long>();
+ for (AclGroupPolicyMapVO pg : policyGrpMap) {
+ policyIds.add(pg.getAclPolicyId());
+ }
+
+ SearchBuilder<AclPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
+ sb.and("ids", sb.entity().getId(), Op.IN);
+ SearchCriteria<AclPolicyVO> sc = sb.create();
+ sc.setParameters("ids", policyIds.toArray(new Object[policyIds.size()]));
+ List<AclPolicyVO> policies = _aclPolicyDao.customSearch(sc, null);
+
+ return new ArrayList<AclPolicy>(policies);
+ }
+
+ @Override
+ public Pair<List<AclPolicy>, Integer> listAclPolicies(Long aclPolicyId, String aclPolicyName, String path, Long startIndex, Long pageSize) {
+
+ if (aclPolicyId != null) {
+ AclPolicy policy = _aclPolicyDao.findById(aclPolicyId);
+ if (policy == null) {
+ throw new InvalidParameterValueException("Unable to find acl policy by id " + aclPolicyId);
+ }
+ }
+
+ Filter searchFilter = new Filter(AclPolicyVO.class, "id", true, startIndex, pageSize);
+
+ SearchBuilder<AclPolicyVO> sb = _aclPolicyDao.createSearchBuilder();
+ sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ);
+ sb.and("path", sb.entity().getPath(), SearchCriteria.Op.LIKE);
+ sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
+
+ SearchCriteria<AclPolicyVO> sc = sb.create();
+
+ if (aclPolicyName != null) {
+ sc.setParameters("name", aclPolicyName);
+ }
+
+ if (aclPolicyId != null) {
+ sc.setParameters("id", aclPolicyId);
+ }
+
+ sc.setParameters("path", path + "%");
+
+ Pair<List<AclPolicyVO>, Integer> policies = _aclPolicyDao.searchAndCount(sc, searchFilter);
+ return new Pair<List<AclPolicy>, Integer>(new ArrayList<AclPolicy>(policies.first()), policies.second());
+ }
+
@DB
@Override
public AclGroup attachAclPoliciesToGroup(final List<Long> policyIds, final Long groupId) {
@@ -528,6 +628,14 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager {
}
@Override
+ public List<AclPolicyPermission> listPolicyPermissions(long policyId) {
+ List<AclPolicyPermissionVO> pp = _policyPermissionDao.listByPolicy(policyId);
+ List<AclPolicyPermission> pl = new ArrayList<AclPolicyPermission>();
+ pl.addAll(pp);
+ return pl;
+ }
+
+ @Override
public List<AclPolicyPermission> listPolicyPermissionsByScope(long policyId, String action, String scope) {
List<AclPolicyPermissionVO> pp = _policyPermissionDao.listGrantedByActionAndScope(policyId, action, scope);
List<AclPolicyPermission> pl = new ArrayList<AclPolicyPermission>();