cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mc...@apache.org
Subject git commit: updated refs/heads/rbac to ed22dfe
Date Sat, 28 Sep 2013 00:06:16 GMT
Updated Branches:
  refs/heads/rbac 97fd99b09 -> ed22dfef1


Add transaction handling in AclServiceImpl, and parent role support in
createAclRole.

Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/ed22dfef
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/ed22dfef
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/ed22dfef

Branch: refs/heads/rbac
Commit: ed22dfef1b7c5a0f55fbded4e71fba885977b78c
Parents: 97fd99b
Author: Min Chen <min.chen@citrix.com>
Authored: Fri Sep 27 10:14:13 2013 -0700
Committer: Min Chen <min.chen@citrix.com>
Committed: Fri Sep 27 10:14:13 2013 -0700

----------------------------------------------------------------------
 .../org/apache/cloudstack/acl/AclService.java   |  2 +-
 .../api/command/admin/acl/CreateAclRoleCmd.java | 10 +++++++++-
 .../apache/cloudstack/acl/AclServiceImpl.java   | 21 +++++++++++++++++++-
 3 files changed, 30 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ed22dfef/api/src/org/apache/cloudstack/acl/AclService.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/AclService.java b/api/src/org/apache/cloudstack/acl/AclService.java
index a8ed501..0b83a21 100644
--- a/api/src/org/apache/cloudstack/acl/AclService.java
+++ b/api/src/org/apache/cloudstack/acl/AclService.java
@@ -31,7 +31,7 @@ public interface AclService {
      * @return AclRole
      */
 
-    AclRole createAclRole(Long domainId, String aclRoleName, String description);
+    AclRole createAclRole(Long domainId, String aclRoleName, String description, Long parentRoleId);
 
     /**
      * Delete an acl role.

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ed22dfef/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java
index 0e6867a..05afbca 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java
@@ -19,6 +19,7 @@ package org.apache.cloudstack.api.command.admin.acl;
 import org.apache.log4j.Logger;
 
 import org.apache.cloudstack.acl.AclRole;
+import org.apache.cloudstack.api.ACL;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiCommandJobType;
 import org.apache.cloudstack.api.ApiConstants;
@@ -52,6 +53,10 @@ public class CreateAclRoleCmd extends BaseAsyncCreateCmd {
     @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description
= "name of the acl group")
     private String name;
 
+    @ACL
+    @Parameter(name = ApiConstants.ACL_PARENT_ROLE_ID, type = CommandType.UUID, description
= "The ID of parent acl role.", entityType = AclRoleResponse.class)
+    private Long parentRoleId;
+
 
     // ///////////////////////////////////////////////////
     // ///////////////// Accessors ///////////////////////
@@ -70,6 +75,9 @@ public class CreateAclRoleCmd extends BaseAsyncCreateCmd {
         return name;
     }
 
+    public Long getParentRoleId() {
+        return parentRoleId;
+    }
 
     // ///////////////////////////////////////////////////
     // ///////////// API Implementation///////////////////
@@ -99,7 +107,7 @@ public class CreateAclRoleCmd extends BaseAsyncCreateCmd {
 
     @Override
     public void create() throws ResourceAllocationException {
-        AclRole result = _aclService.createAclRole(domainId, name, description);
+        AclRole result = _aclService.createAclRole(domainId, name, description, parentRoleId);
         if (result != null) {
             setEntityId(result.getId());
             setEntityUuid(result.getUuid());

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/ed22dfef/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
index d1741f7..2ace72c 100644
--- a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
+++ b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
@@ -41,6 +41,7 @@ import com.cloud.utils.Pair;
 import com.cloud.utils.component.Manager;
 import com.cloud.utils.component.ManagerBase;
 import com.cloud.utils.db.DB;
+import com.cloud.utils.db.Transaction;
 
 @Local(value = {AclService.class})
 public class AclServiceImpl extends ManagerBase implements AclService, Manager {
@@ -73,7 +74,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager
{
     @DB
     @Override
     @ActionEvent(eventType = EventTypes.EVENT_ACL_ROLE_CREATE, eventDescription = "Creating
Acl Role", create = true)
-    public AclRole createAclRole(Long domainId, String aclRoleName, String description) {
+    public AclRole createAclRole(Long domainId, String aclRoleName, String description, Long
parentRoleId) {
         Account caller = CallContext.current().getCallingAccount();
         if (!_accountMgr.isRootAdmin(caller.getAccountId())) {
             // domain admin can only create role for his domain
@@ -92,6 +93,9 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager
{
         if (domainId != null) {
             rvo.setDomainId(domainId);
         }
+        if (parentRoleId != null) {
+            rvo.setParentRoleId(parentRoleId);
+        }
         return _aclRoleDao.persist(rvo);
     }
 
@@ -109,6 +113,8 @@ public class AclServiceImpl extends ManagerBase implements AclService,
Manager {
         // check permissions
         _accountMgr.checkAccess(caller, null, true, role);
 
+        Transaction txn = Transaction.currentTxn();
+        txn.start();
         // remove this role related entry in acl_group_role_map
         List<AclGroupRoleMapVO> groupRoleMap = _aclGroupRoleMapDao.listByRoleId(role.getId());
         if (groupRoleMap != null) {
@@ -127,6 +133,7 @@ public class AclServiceImpl extends ManagerBase implements AclService,
Manager {
 
         // remove this role from acl_role table
         _aclRoleDao.remove(aclRoleId);
+        txn.commit();
 
         return true;
     }
@@ -146,6 +153,8 @@ public class AclServiceImpl extends ManagerBase implements AclService,
Manager {
         // check permissions
         _accountMgr.checkAccess(caller, null, true, role);
 
+        Transaction txn = Transaction.currentTxn();
+        txn.start();
         // add entries in acl_api_permission table
         for (String api : apiNames) {
             AclApiPermissionVO perm = _apiPermissionDao.findByRoleAndApi(aclRoleId, api);
@@ -155,6 +164,7 @@ public class AclServiceImpl extends ManagerBase implements AclService,
Manager {
                 _apiPermissionDao.persist(perm);
             }
         }
+        txn.commit();
         return role;
 
     }
@@ -173,6 +183,8 @@ public class AclServiceImpl extends ManagerBase implements AclService,
Manager {
         // check permissions
         _accountMgr.checkAccess(caller, null, true, role);
 
+        Transaction txn = Transaction.currentTxn();
+        txn.start();
         // add entries in acl_api_permission table
         for (String api : apiNames) {
             AclApiPermissionVO perm = _apiPermissionDao.findByRoleAndApi(aclRoleId, api);
@@ -181,6 +193,7 @@ public class AclServiceImpl extends ManagerBase implements AclService,
Manager {
                 _apiPermissionDao.remove(perm.getId());
             }
         }
+        txn.commit();
         return role;
     }
 
@@ -198,6 +211,8 @@ public class AclServiceImpl extends ManagerBase implements AclService,
Manager {
         // check group permissions
         _accountMgr.checkAccess(caller, null, true, group);
  
+        Transaction txn = Transaction.currentTxn();
+        txn.start();
         // add entries in acl_group_role_map table
         for (Long roleId : roleIds) {
             // check role permissions
@@ -215,6 +230,7 @@ public class AclServiceImpl extends ManagerBase implements AclService,
Manager {
                 _aclGroupRoleMapDao.persist(grMap);
             }
         }
+        txn.commit();
         return group;
     }
 
@@ -232,6 +248,8 @@ public class AclServiceImpl extends ManagerBase implements AclService,
Manager {
         // check group permissions
         _accountMgr.checkAccess(caller, null, true, group);
 
+        Transaction txn = Transaction.currentTxn();
+        txn.start();
         // add entries in acl_group_role_map table
         for (Long roleId : roleIds) {
             // check role permissions
@@ -248,6 +266,7 @@ public class AclServiceImpl extends ManagerBase implements AclService,
Manager {
                 _aclGroupRoleMapDao.remove(grMap.getId());
             }
         }
+        txn.commit();
         return group;
     }
 


Mime
View raw message