cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mc...@apache.org
Subject git commit: updated refs/heads/rbac to 6730fa2
Date Mon, 09 Dec 2013 22:09:11 GMT
Updated Branches:
  refs/heads/rbac 288a81180 -> 6730fa2b4


Fill in implementation of AclService.getGrantedDomains,
getGrantedAccounts and getGrantedResources.

Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/6730fa2b
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/6730fa2b
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/6730fa2b

Branch: refs/heads/rbac
Commit: 6730fa2b47d165dc121c5dc9fc3e1dd42c2745f7
Parents: 288a811
Author: Min Chen <min.chen@citrix.com>
Authored: Mon Dec 9 14:08:54 2013 -0800
Committer: Min Chen <min.chen@citrix.com>
Committed: Mon Dec 9 14:08:54 2013 -0800

----------------------------------------------------------------------
 .../org/apache/cloudstack/acl/AclService.java   |  6 +--
 .../acl/dao/AclPolicyPermissionDao.java         |  2 +
 .../acl/dao/AclPolicyPermissionDaoImpl.java     | 50 +++++++++++++++--
 .../src/com/cloud/user/AccountManagerImpl.java  |  6 +--
 .../apache/cloudstack/acl/AclServiceImpl.java   | 57 ++++++++++++++++----
 5 files changed, 102 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6730fa2b/api/src/org/apache/cloudstack/acl/AclService.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/AclService.java b/api/src/org/apache/cloudstack/acl/AclService.java
index 0c0ec69..c8d8b48 100644
--- a/api/src/org/apache/cloudstack/acl/AclService.java
+++ b/api/src/org/apache/cloudstack/acl/AclService.java
@@ -57,10 +57,10 @@ public interface AclService {
     List<AclPolicy> getEffectivePolicies(Account caller, ControlledEntity entity);
 
     /* Visibility related interfaces */
-    List<Long> getGrantedDomains(long accountId, AclEntityType entityType, String action);
+    List<Long> getGrantedDomains(long accountId, String action);
 
-    List<Long> getGrantedAccounts(long accountId, AclEntityType entityType, String
action);
+    List<Long> getGrantedAccounts(long accountId, String action);
 
-    List<Long> getGrantedResources(long accountId, AclEntityType entityType, String
action);
+    List<Long> getGrantedResources(long accountId, String action);
 
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6730fa2b/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDao.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDao.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDao.java
index f3c6446..2defc1c 100644
--- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDao.java
+++ b/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDao.java
@@ -31,5 +31,7 @@ public interface AclPolicyPermissionDao extends GenericDao<AclPolicyPermissionVO
 
     AclPolicyPermissionVO findByPolicyAndEntity(long policyId, String entityType, PermissionScope
scope, Long scopeId, String action, Permission perm);
 
+    List<AclPolicyPermissionVO> listGrantedByActionAndScope(long policyId, String action,
PermissionScope scope);
+
 
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6730fa2b/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDaoImpl.java
----------------------------------------------------------------------
diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDaoImpl.java
b/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDaoImpl.java
index 11b009b..fefafde 100644
--- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDaoImpl.java
+++ b/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDaoImpl.java
@@ -26,28 +26,70 @@ import org.apache.cloudstack.acl.AclPolicyPermissionVO;
 import org.apache.cloudstack.acl.PermissionScope;
 
 import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
 
 public class AclPolicyPermissionDaoImpl extends GenericDaoBase<AclPolicyPermissionVO,
Long> implements
         AclPolicyPermissionDao {
 
+    private SearchBuilder<AclPolicyPermissionVO> policyIdSearch;
+    private SearchBuilder<AclPolicyPermissionVO> fullSearch;
+    private SearchBuilder<AclPolicyPermissionVO> actionScopeSearch;
 
     @Override
     public boolean configure(String name, Map<String, Object> params) throws ConfigurationException
{
         super.configure(name, params);
 
+        policyIdSearch = createSearchBuilder();
+        policyIdSearch.and("policyId", policyIdSearch.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
+        policyIdSearch.done();
+
+        fullSearch = createSearchBuilder();
+        fullSearch.and("policyId", fullSearch.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
+        fullSearch.and("entityType", fullSearch.entity().getEntityType(), SearchCriteria.Op.EQ);
+        fullSearch.and("scope", fullSearch.entity().getScope(), SearchCriteria.Op.EQ);
+        fullSearch.and("scopeId", fullSearch.entity().getScopeId(), SearchCriteria.Op.EQ);
+        fullSearch.and("action", fullSearch.entity().getAction(), SearchCriteria.Op.EQ);
+        fullSearch.and("permission", fullSearch.entity().getPermission(), SearchCriteria.Op.EQ);
+        fullSearch.done();
+
+        actionScopeSearch = createSearchBuilder();
+        actionScopeSearch.and("policyId", actionScopeSearch.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
+        actionScopeSearch.and("scope", actionScopeSearch.entity().getScope(), SearchCriteria.Op.EQ);
+        actionScopeSearch.and("action", actionScopeSearch.entity().getAction(), SearchCriteria.Op.EQ);
+        actionScopeSearch.and("permission", actionScopeSearch.entity().getPermission(), SearchCriteria.Op.EQ);
+        actionScopeSearch.done();
+
         return true;
     }
 
     @Override
     public List<AclPolicyPermissionVO> listByPolicy(long policyId) {
-        // TODO Auto-generated method stub
-        return null;
+        SearchCriteria<AclPolicyPermissionVO> sc = policyIdSearch.create();
+        sc.setParameters("policyId", policyId);
+        return listBy(sc);
     }
 
     @Override
     public AclPolicyPermissionVO findByPolicyAndEntity(long policyId, String entityType,
PermissionScope scope, Long scopeId, String action, Permission perm) {
-        // TODO Auto-generated method stub
-        return null;
+        SearchCriteria<AclPolicyPermissionVO> sc = fullSearch.create();
+        sc.setParameters("policyId", policyId);
+        sc.setParameters("entityType", entityType);
+        sc.setParameters("scope", scope);
+        sc.setParameters("scopeId", scopeId);
+        sc.setParameters("action", action);
+        sc.setParameters("permission", perm);
+        return findOneBy(sc);
+    }
+
+    @Override
+    public List<AclPolicyPermissionVO> listGrantedByActionAndScope(long policyId, String
action, PermissionScope scope) {
+        SearchCriteria<AclPolicyPermissionVO> sc = actionScopeSearch.create();
+        sc.setParameters("policyId", policyId);
+        sc.setParameters("action", action);
+        sc.setParameters("scope", scope);
+        sc.setParameters("permission", Permission.Allow);
+        return listBy(sc);
     }
 
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6730fa2b/server/src/com/cloud/user/AccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
index 0ddc37a..3decaf0 100755
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -2610,9 +2610,9 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager,
M
             // search for policy permissions associated with caller to get all his authorized
domains, accounts, and resources
             // Assumption: if a domain is in grantedDomains, then all the accounts under
this domain will not be returned in "grantedAccounts". Similarly, if an account
             // is in grantedAccounts, then all the resources owned by this account will not
be returned in "grantedResources".
-            List<Long> grantedDomains = _aclService.getGrantedDomains(caller.getId(),
AclEntityType.VM, action);
-            List<Long> grantedAccounts = _aclService.getGrantedAccounts(caller.getId(),
AclEntityType.VM, action);
-            List<Long> grantedResources = _aclService.getGrantedResources(caller.getId(),
AclEntityType.VM, action);
+            List<Long> grantedDomains = _aclService.getGrantedDomains(caller.getId(),
action);
+            List<Long> grantedAccounts = _aclService.getGrantedAccounts(caller.getId(),
action);
+            List<Long> grantedResources = _aclService.getGrantedResources(caller.getId(),
action);
 
             if (domainId != null) {
                 // specific domain is specified

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6730fa2b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
----------------------------------------------------------------------
diff --git a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
index 9b39733..1ab4efe 100644
--- a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
+++ b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
@@ -678,21 +678,60 @@ public class AclServiceImpl extends ManagerBase implements AclService,
Manager {
     }
 
     @Override
-    public List<Long> getGrantedDomains(long accountId, AclEntityType entityType, String
action) {
-        // TODO Auto-generated method stub
-        return null;
+    public List<Long> getGrantedDomains(long accountId, String action) {
+        // Get the static Policies of the Caller
+        List<AclPolicy> policies = listAclPolicies(accountId);
+        // for each policy, find granted permission with Domain scope
+        List<Long> domainIds = new ArrayList<Long>();
+        for (AclPolicy policy : policies) {
+            List<AclPolicyPermissionVO> pp = _policyPermissionDao.listGrantedByActionAndScope(policy.getId(),
action, PermissionScope.DOMAIN);
+            if (pp != null) {
+                for (AclPolicyPermissionVO p : pp) {
+                    if (p.getScopeId() != null) {
+                        domainIds.add(p.getScopeId());
+                    }
+                }
+            }
+        }
+        return domainIds;
     }
 
     @Override
-    public List<Long> getGrantedAccounts(long accountId, AclEntityType entityType,
String action) {
-        // TODO Auto-generated method stub
-        return null;
+    public List<Long> getGrantedAccounts(long accountId, String action) {
+        // Get the static Policies of the Caller
+        List<AclPolicy> policies = listAclPolicies(accountId);
+        // for each policy, find granted permission with Account scope
+        List<Long> accountIds = new ArrayList<Long>();
+        for (AclPolicy policy : policies) {
+            List<AclPolicyPermissionVO> pp = _policyPermissionDao.listGrantedByActionAndScope(policy.getId(),
action, PermissionScope.ACCOUNT);
+            if (pp != null) {
+                for (AclPolicyPermissionVO p : pp) {
+                    if (p.getScopeId() != null) {
+                        accountIds.add(p.getScopeId());
+                    }
+                }
+            }
+        }
+        return accountIds;
     }
 
     @Override
-    public List<Long> getGrantedResources(long accountId, AclEntityType entityType,
String action) {
-        // TODO Auto-generated method stub
-        return null;
+    public List<Long> getGrantedResources(long accountId, String action) {
+        // Get the static Policies of the Caller
+        List<AclPolicy> policies = listAclPolicies(accountId);
+        // for each policy, find granted permission with Resource scope
+        List<Long> entityIds = new ArrayList<Long>();
+        for (AclPolicy policy : policies) {
+            List<AclPolicyPermissionVO> pp = _policyPermissionDao.listGrantedByActionAndScope(policy.getId(),
action, PermissionScope.RESOURCE);
+            if (pp != null) {
+                for (AclPolicyPermissionVO p : pp) {
+                    if (p.getScopeId() != null) {
+                        entityIds.add(p.getScopeId());
+                    }
+                }
+            }
+        }
+        return entityIds;
     }
 
 }


Mime
View raw message