cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mc...@apache.org
Subject [1/2] git commit: updated refs/heads/rbac to 6c1849f
Date Wed, 15 Jan 2014 00:20:49 GMT
Updated Branches:
  refs/heads/rbac fac9f2da0 -> 6c1849f4b


Add listAclGroupsByAccount to QuerySelector adapters and remove
AclProxyService interface.

Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/6583cb38
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/6583cb38
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/6583cb38

Branch: refs/heads/rbac
Commit: 6583cb3800a905b1f56c5d2b8948e3e7935d38f5
Parents: fac9f2d
Author: Min Chen <min.chen@citrix.com>
Authored: Tue Jan 14 16:19:25 2014 -0800
Committer: Min Chen <min.chen@citrix.com>
Committed: Tue Jan 14 16:19:25 2014 -0800

----------------------------------------------------------------------
 .../apache/cloudstack/acl/AclProxyService.java  | 13 ----
 .../apache/cloudstack/acl/QuerySelector.java    |  7 ++
 .../cloud/api/query/dao/AccountJoinDaoImpl.java |  7 +-
 server/src/com/cloud/user/AccountManager.java   |  2 +
 .../src/com/cloud/user/AccountManagerImpl.java  | 34 ++++++++--
 .../acl/RoleBasedEntityQuerySelector.java       | 11 ++++
 .../cloudstack/acl/api/AclApiService.java       |  3 +-
 .../cloudstack/acl/api/AclApiServiceImpl.java   | 15 +----
 services/pom.xml                                |  3 -
 setup/db/db/schema-421to430.sql                 | 69 --------------------
 10 files changed, 52 insertions(+), 112 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6583cb38/api/src/org/apache/cloudstack/acl/AclProxyService.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/AclProxyService.java b/api/src/org/apache/cloudstack/acl/AclProxyService.java
deleted file mode 100644
index 7f6bf23..0000000
--- a/api/src/org/apache/cloudstack/acl/AclProxyService.java
+++ /dev/null
@@ -1,13 +0,0 @@
-package org.apache.cloudstack.acl;
-
-import java.util.List;
-
-public interface AclProxyService {
-
-    List<String> listAclGroupsByAccount(long accountId);
-
-    void removeAccountFromAclGroups(long accountId);
-
-    void addAccountToAclGroup(long accountId, long groupId);
-
-}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6583cb38/api/src/org/apache/cloudstack/acl/QuerySelector.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/acl/QuerySelector.java b/api/src/org/apache/cloudstack/acl/QuerySelector.java
index 75fedb3..b89aa4e 100644
--- a/api/src/org/apache/cloudstack/acl/QuerySelector.java
+++ b/api/src/org/apache/cloudstack/acl/QuerySelector.java
@@ -62,4 +62,11 @@ public interface QuerySelector extends Adapter {
      */
     boolean isGrantedAll(Account caller, String action);
 
+    /**
+     * List of ACL group the given account belongs to
+     * @param accountId account id.
+     * @return ACL group names
+     */
+    List<String> listAclGroupsByAccount(long accountId);
+
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6583cb38/server/src/com/cloud/api/query/dao/AccountJoinDaoImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/query/dao/AccountJoinDaoImpl.java b/server/src/com/cloud/api/query/dao/AccountJoinDaoImpl.java
index 8c2b195..6ea1181 100644
--- a/server/src/com/cloud/api/query/dao/AccountJoinDaoImpl.java
+++ b/server/src/com/cloud/api/query/dao/AccountJoinDaoImpl.java
@@ -24,7 +24,6 @@ import javax.inject.Inject;
 import org.apache.log4j.Logger;
 import org.springframework.stereotype.Component;
 
-import org.apache.cloudstack.acl.AclProxyService;
 import org.apache.cloudstack.api.ResponseObject.ResponseView;
 import org.apache.cloudstack.api.response.AccountResponse;
 import org.apache.cloudstack.api.response.ResourceLimitAndCountResponse;
@@ -48,9 +47,7 @@ public class AccountJoinDaoImpl extends GenericDaoBase<AccountJoinVO,
Long> impl
 
     private final SearchBuilder<AccountJoinVO> acctIdSearch;
     @Inject
-    public AccountManager _accountMgr;
-    @Inject
-    AclProxyService _aclProxy;
+    AccountManager _acctMgr;
 
     protected AccountJoinDaoImpl() {
 
@@ -106,7 +103,7 @@ public class AccountJoinDaoImpl extends GenericDaoBase<AccountJoinVO,
Long> impl
         accountResponse.setObjectName("account");
         
         // add all the acl groups for an account
-        accountResponse.setGroups(_aclProxy.listAclGroupsByAccount(account.getId()));
+        accountResponse.setGroups(_acctMgr.listAclGroupsByAccount(account.getId()));
 
         return accountResponse;
     }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6583cb38/server/src/com/cloud/user/AccountManager.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/user/AccountManager.java b/server/src/com/cloud/user/AccountManager.java
index 84eadea..46829e7 100755
--- a/server/src/com/cloud/user/AccountManager.java
+++ b/server/src/com/cloud/user/AccountManager.java
@@ -191,6 +191,8 @@ public interface AccountManager extends AccountService {
      */
     Account lockAccount(String accountName, Long domainId, Long accountId);
 
+    List<String> listAclGroupsByAccount(Long accountId);
+
     public static final String MESSAGE_ADD_ACCOUNT_EVENT = "Message.AddAccount.Event";
 
     public static final String MESSAGE_REMOVE_ACCOUNT_EVENT = "Message.RemoveAccount.Event";

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6583cb38/server/src/com/cloud/user/AccountManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java
index bd41520..62b496d 100755
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@@ -40,7 +40,6 @@ import javax.naming.ConfigurationException;
 import org.apache.commons.codec.binary.Base64;
 import org.apache.log4j.Logger;
 
-import org.apache.cloudstack.acl.AclProxyService;
 import org.apache.cloudstack.acl.ControlledEntity;
 import org.apache.cloudstack.acl.QuerySelector;
 import org.apache.cloudstack.acl.RoleType;
@@ -253,8 +252,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager,
M
     @Inject
     private GlobalLoadBalancerRuleDao _gslbRuleDao;
 
-    @Inject
-    QuerySelector _aclQuerySelector;  // we assume that there should be one type of QuerySelector
adapter
+    List<QuerySelector> _querySelectors;
 
     @Inject
     MessageBus _messageBus;
@@ -302,6 +300,14 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager,
M
 		_securityCheckers = securityCheckers;
 	}
     
+    public List<QuerySelector> getQuerySelectors() {
+        return _querySelectors;
+    }
+
+    public void setQuerySelectors(List<QuerySelector> querySelectors) {
+        _querySelectors = querySelectors;
+    }
+
     @Override
     public boolean configure(final String name, final Map<String, Object> params) throws
ConfigurationException {
         _systemAccount = _accountDao.findById(AccountVO.ACCOUNT_ID_SYSTEM);
@@ -2249,16 +2255,21 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager,
M
             // search for policy permissions associated with caller to get all his authorized
domains, accounts, and resources
             // Assumption: if a domain is in grantedDomains, then all the accounts under
this domain will not be returned in "grantedAccounts". Similarly, if an account
             // is in grantedAccounts, then all the resources owned by this account will not
be returned in "grantedResources".
-            boolean grantedAll = _aclQuerySelector.isGrantedAll(caller, action);
+            // assume that there is only one query selector adapter
+            if (_querySelectors == null || _querySelectors.size() == 0)
+                return; // no futher filtering
+
+            QuerySelector qs = _querySelectors.get(0);
+            boolean grantedAll = qs.isGrantedAll(caller, action);
             if ( grantedAll ){
                 if ( domainId != null ){
                     permittedDomains.add(domainId);
                 }
             }
             else {
-                List<Long> grantedDomains = _aclQuerySelector.getAuthorizedDomains(caller,
action);
-                List<Long> grantedAccounts = _aclQuerySelector.getAuthorizedAccounts(caller,
action);
-                List<Long> grantedResources = _aclQuerySelector.getAuthorizedResources(caller,
action);
+                List<Long> grantedDomains = qs.getAuthorizedDomains(caller, action);
+                List<Long> grantedAccounts = qs.getAuthorizedAccounts(caller, action);
+                List<Long> grantedResources = qs.getAuthorizedResources(caller, action);
 
                 if (domainId != null) {
                     // specific domain is specified
@@ -2437,4 +2448,13 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager,
M
         sc.addAnd("accountId", SearchCriteria.Op.SC, aclSc);
     }
 
+    @Override
+    public List<String> listAclGroupsByAccount(Long accountId) {
+        if (_querySelectors == null || _querySelectors.size() == 0)
+            return new ArrayList<String>();
+
+        QuerySelector qs = _querySelectors.get(0);
+        return qs.listAclGroupsByAccount(accountId);
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6583cb38/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityQuerySelector.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityQuerySelector.java
b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityQuerySelector.java
index 3e76a7e..8299819 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityQuerySelector.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityQuerySelector.java
@@ -23,6 +23,7 @@ import javax.inject.Inject;
 
 import org.apache.log4j.Logger;
 
+import org.apache.cloudstack.iam.api.AclGroup;
 import org.apache.cloudstack.iam.api.AclPolicy;
 import org.apache.cloudstack.iam.api.AclPolicyPermission;
 import org.apache.cloudstack.iam.api.IAMService;
@@ -112,4 +113,14 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements
QuerySe
         return false;
     }
 
+    @Override
+    public List<String> listAclGroupsByAccount(long accountId) {
+        List<AclGroup> groups = _iamService.listAclGroups(accountId);
+        List<String> groupNames = new ArrayList<String>();
+        for (AclGroup grp : groups) {
+            groupNames.add(grp.getName());
+        }
+        return groupNames;
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6583cb38/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java
index 273c383..98abd13 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java
@@ -18,7 +18,6 @@ package org.apache.cloudstack.acl.api;
 
 import java.util.List;
 
-import org.apache.cloudstack.acl.AclProxyService;
 import org.apache.cloudstack.acl.PermissionScope;
 import org.apache.cloudstack.acl.api.response.AclGroupResponse;
 import org.apache.cloudstack.acl.api.response.AclPolicyResponse;
@@ -31,7 +30,7 @@ import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
 import com.cloud.user.Account;
 import com.cloud.utils.component.PluggableService;
 
-public interface AclApiService extends AclProxyService, PluggableService {
+public interface AclApiService extends PluggableService {
 
     /* ACL group related interfaces */
     AclGroup createAclGroup(Account caller, String aclGroupName, String description);

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6583cb38/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
index cb6ef0c..d3be747 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
@@ -150,15 +150,6 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService,
Man
         return _iamSrv.listAclGroups(accountId);
     }
 
-    @Override
-    public List<String> listAclGroupsByAccount(long accountId) {
-        List<AclGroup> groups = listAclGroups(accountId);
-        List<String> groupNames = new ArrayList<String>();
-        for (AclGroup grp : groups) {
-            groupNames.add(grp.getName());
-        }
-        return groupNames;
-    }
 
     @DB
     @Override
@@ -167,8 +158,7 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService,
Man
         return _iamSrv.addAccountsToGroup(acctIds, groupId);
     }
 
-    @Override
-    public void removeAccountFromAclGroups(long accountId) {
+    private void removeAccountFromAclGroups(long accountId) {
         List<AclGroup> groups = listAclGroups(accountId);
         List<Long> accts = new ArrayList<Long>();
         accts.add(accountId);
@@ -179,8 +169,7 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService,
Man
         }
     }
 
-    @Override
-    public void addAccountToAclGroup(long accountId, long groupId) {
+    private void addAccountToAclGroup(long accountId, long groupId) {
         List<Long> accts = new ArrayList<Long>();
         accts.add(accountId);
         addAccountsToGroup(accts, groupId);

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6583cb38/services/pom.xml
----------------------------------------------------------------------
diff --git a/services/pom.xml b/services/pom.xml
index 81531df..fb6d71d 100644
--- a/services/pom.xml
+++ b/services/pom.xml
@@ -27,9 +27,6 @@
     <version>4.3.0-SNAPSHOT</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
-  <build>
-    <defaultGoal>install</defaultGoal>
-  </build>
   <modules>
     <module>console-proxy</module>
     <module>secondary-storage</module>

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6583cb38/setup/db/db/schema-421to430.sql
----------------------------------------------------------------------
diff --git a/setup/db/db/schema-421to430.sql b/setup/db/db/schema-421to430.sql
index 453e47f..2256a51 100644
--- a/setup/db/db/schema-421to430.sql
+++ b/setup/db/db/schema-421to430.sql
@@ -397,75 +397,6 @@ INSERT IGNORE INTO `cloud`.`acl_policy_permission` (id, policy_id, action,
permi
 INSERT IGNORE INTO `cloud`.`acl_policy_permission` (id, policy_id, action, permission, created)
VALUES (2, 3, 'DomainCapability', 'Allow', Now());
 INSERT IGNORE INTO `cloud`.`acl_policy_permission` (id, policy_id, action, permission, created)
VALUES (3, 4, 'DomainResourceCapability', 'Allow', Now());
 
-CREATE OR REPLACE VIEW `cloud`.`acl_policy_view` AS
-    select 
-        acl_policy.id id,
-        acl_policy.uuid uuid,        
-        acl_policy.name name,
-        acl_policy.description description,
-        acl_policy.removed removed,
-        acl_policy.created created,
-        domain.id domain_id,
-        domain.uuid domain_uuid,
-        domain.name domain_name,
-        domain.path domain_path,
-        account.id account_id,
-        account.uuid account_uuid,
-        account.account_name account_name,     
-        account.type account_type,  
-        acl_policy_permission.action permission_action,
-        acl_policy_permission.resource_type permission_entity_type,
-        acl_policy_permission.scope permission_scope,
-        acl_policy_permission.scope_id permission_scope_id,        
-        acl_policy_permission.access_type permission_access_type,
-        acl_policy_permission.permission permission_allow_deny
-    from
-        `cloud`.`acl_policy`
-            inner join
-        `cloud`.`domain` ON acl_policy.domain_id = domain.id
-            inner join
-        `cloud`.`account` ON acl_policy.account_id = account.id        
-            left join
-        `cloud`.`acl_policy_permission` ON acl_policy.id = acl_policy_permission.policy_id;
-        
-         
-CREATE OR REPLACE VIEW `cloud`.`acl_group_view` AS
-    select 
-        acl_group.id id,
-        acl_group.uuid uuid,        
-        acl_group.name name,
-        acl_group.description description,
-        acl_group.removed removed,
-        acl_group.created created,
-        domain.id domain_id,
-        domain.uuid domain_uuid,
-        domain.name domain_name,
-        domain.path domain_path,
-        account.id account_id,
-        account.uuid account_uuid,
-        account.account_name account_name,  
-        account.type account_type,
-        member_account.id member_account_id,
-        member_account.uuid member_account_uuid,
-        member_account.account_name member_account_name,      
-        acl_policy.id policy_id,
-        acl_policy.uuid policy_uuid,
-        acl_policy.name policy_name
-    from
-        `cloud`.`acl_group`
-            inner join
-        `cloud`.`domain` ON acl_group.domain_id = domain.id
-            inner join
-        `cloud`.`account` ON acl_group.account_id = account.id              
-            left join
-        `cloud`.`acl_group_policy_map` ON acl_group.id = acl_group_policy_map.group_id  
-            left join         
-        `cloud`.`acl_policy` ON acl_group_policy_map.policy_id = acl_policy.id  
-            left join
-        `cloud`.`acl_group_account_map` ON acl_group.id = acl_group_account_map.group_id
-            left join
-        `cloud`.`account` member_account ON acl_group_account_map.account_id = member_account.id;
       
-
                        
  
 DROP VIEW IF EXISTS `cloud`.`volume_view`;


Mime
View raw message