cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-8562) User Definable Roles
Date Wed, 13 Apr 2016 09:08:25 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-8562?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15238909#comment-15238909
] 

ASF GitHub Bot commented on CLOUDSTACK-8562:
--------------------------------------------

Github user DaanHoogland commented on a diff in the pull request:

    https://github.com/apache/cloudstack/pull/1489#discussion_r59515911
  
    --- Diff: api/src/org/apache/cloudstack/api/command/admin/acl/CreateRolePermissionCmd.java
---
    @@ -0,0 +1,121 @@
    +// Licensed to the Apache Software Foundation (ASF) under one
    +// or more contributor license agreements.  See the NOTICE file
    +// distributed with this work for additional information
    +// regarding copyright ownership.  The ASF licenses this file
    +// to you under the Apache License, Version 2.0 (the
    +// "License"); you may not use this file except in compliance
    +// with the License.  You may obtain a copy of the License at
    +//
    +//   http://www.apache.org/licenses/LICENSE-2.0
    +//
    +// Unless required by applicable law or agreed to in writing,
    +// software distributed under the License is distributed on an
    +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    +// KIND, either express or implied.  See the License for the
    +// specific language governing permissions and limitations
    +// under the License.
    +
    +package org.apache.cloudstack.api.command.admin.acl;
    +
    +import com.cloud.user.Account;
    +import com.google.common.base.Strings;
    +import org.apache.cloudstack.acl.Role;
    +import org.apache.cloudstack.acl.RolePermission;
    +import org.apache.cloudstack.acl.RoleType;
    +import org.apache.cloudstack.acl.Rule;
    +import org.apache.cloudstack.api.APICommand;
    +import org.apache.cloudstack.api.ApiConstants;
    +import org.apache.cloudstack.api.ApiErrorCode;
    +import org.apache.cloudstack.api.BaseCmd;
    +import org.apache.cloudstack.api.Parameter;
    +import org.apache.cloudstack.api.ServerApiException;
    +import org.apache.cloudstack.api.response.RolePermissionResponse;
    +import org.apache.cloudstack.api.response.RoleResponse;
    +import org.apache.cloudstack.context.CallContext;
    +
    +@APICommand(name = CreateRolePermissionCmd.APINAME, description = "Adds a API permission
to a role", responseObject = RolePermissionResponse.class,
    +        requestHasSensitiveInfo = false, responseHasSensitiveInfo = false,
    +        since = "4.9.0",
    +        authorized = {RoleType.Admin})
    +public class CreateRolePermissionCmd extends BaseCmd {
    +    public static final String APINAME = "createRolePermission";
    +
    +    /////////////////////////////////////////////////////
    +    //////////////// API parameters /////////////////////
    +    /////////////////////////////////////////////////////
    +
    +    @Parameter(name = ApiConstants.ROLE_ID, type = CommandType.UUID, required = true,
entityType = RoleResponse.class, description = "ID of the role")
    +    private Long roleId;
    +
    +    @Parameter(name = ApiConstants.RULE, type = CommandType.STRING, required = true,
description = "The API name or wildcard rule such as list*")
    +    private String rule;
    +
    +    @Parameter(name = ApiConstants.PERMISSION, type = CommandType.STRING, required =
true, description = "The rule permission, allow or deny. Default: deny.")
    +    private String permission;
    +
    +    @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description
= "The description of the role permission")
    +    private String description;
    +
    +    /////////////////////////////////////////////////////
    +    /////////////////// Accessors ///////////////////////
    +    /////////////////////////////////////////////////////
    +
    +    public Long getRoleId() {
    +        return roleId;
    +    }
    +
    +    public Rule getRule() {
    +        return new Rule(rule);
    +    }
    +
    +    public RolePermission.Permission getPermission() {
    +        if (Strings.isNullOrEmpty(permission)) {
    +            return null;
    +        }
    +        return RolePermission.Permission.valueOf(permission.toUpperCase());
    +    }
    +
    +    public String getDescription() {
    +        return description;
    +    }
    +
    +    /////////////////////////////////////////////////////
    +    /////////////// API Implementation///////////////////
    +    /////////////////////////////////////////////////////
    +
    +    @Override
    +    public String getCommandName() {
    +        return APINAME.toLowerCase() + BaseCmd.RESPONSE_SUFFIX;
    +    }
    +
    +    @Override
    +    public long getEntityOwnerId() {
    +        return Account.ACCOUNT_ID_SYSTEM;
    +    }
    +
    +    @Override
    +    public void execute() {
    +        if (getRule() == null) {
    +            throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Invalid role permission
rule provided");
    +        }
    +        Role role = roleService.findRole(getRoleId());
    +        if (role == null) {
    +            throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Invalid role id provided");
    +        }
    +        CallContext.current().setEventDetails("Role id: " + role.getId() + ", rule:"
+ getRule() + ", permission: " + getPermission() + ", description: " + getDescription());
    +        RolePermission rolePermission = roleService.createRolePermission(role, getRule(),
getPermission(), getDescription());
    +        if (rolePermission == null) {
    +            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create
role permission");
    +        }
    +
    +        RolePermissionResponse response = new RolePermissionResponse();
    +        response.setId(rolePermission.getUuid());
    +        response.setRoleId(role.getUuid());
    +        response.setRule(rolePermission.getRule());
    +        response.setRulePermission(rolePermission.getPermission());
    +        response.setDescription(rolePermission.getDescription());
    +        response.setResponseName(getCommandName());
    +        response.setObjectName("rolepermission");
    +        setResponseObject(response);
    +     }
    --- End diff --
    
    same as CreateRoleCmd; maybe factor this block out for readability?


> User Definable Roles
> --------------------
>
>                 Key: CLOUDSTACK-8562
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8562
>             Project: CloudStack
>          Issue Type: New Feature
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server
>            Reporter: Paul Angus
>            Assignee: Rohit Yadav
>
> Static command.properties moved to database and made user definable



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message