cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-8562) User Definable Roles
Date Thu, 14 Apr 2016 21:47:25 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-8562?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15241973#comment-15241973
] 

ASF GitHub Bot commented on CLOUDSTACK-8562:
--------------------------------------------

Github user jburwell commented on a diff in the pull request:

    https://github.com/apache/cloudstack/pull/1489#discussion_r59797686
  
    --- Diff: api/src/org/apache/cloudstack/api/command/admin/acl/ListRolePermissionsCmd.java
---
    @@ -0,0 +1,104 @@
    +// Licensed to the Apache Software Foundation (ASF) under one
    +// or more contributor license agreements.  See the NOTICE file
    +// distributed with this work for additional information
    +// regarding copyright ownership.  The ASF licenses this file
    +// to you under the Apache License, Version 2.0 (the
    +// "License"); you may not use this file except in compliance
    +// with the License.  You may obtain a copy of the License at
    +//
    +//   http://www.apache.org/licenses/LICENSE-2.0
    +//
    +// Unless required by applicable law or agreed to in writing,
    +// software distributed under the License is distributed on an
    +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    +// KIND, either express or implied.  See the License for the
    +// specific language governing permissions and limitations
    +// under the License.
    +
    +package org.apache.cloudstack.api.command.admin.acl;
    +
    +import com.cloud.exception.InsufficientCapacityException;
    +import com.cloud.exception.ResourceUnavailableException;
    +import com.cloud.user.Account;
    +import org.apache.cloudstack.acl.Role;
    +import org.apache.cloudstack.acl.RolePermission;
    +import org.apache.cloudstack.acl.RoleType;
    +import org.apache.cloudstack.api.APICommand;
    +import org.apache.cloudstack.api.ApiConstants;
    +import org.apache.cloudstack.api.ApiErrorCode;
    +import org.apache.cloudstack.api.BaseCmd;
    +import org.apache.cloudstack.api.Parameter;
    +import org.apache.cloudstack.api.ServerApiException;
    +import org.apache.cloudstack.api.response.ListResponse;
    +import org.apache.cloudstack.api.response.RolePermissionResponse;
    +import org.apache.cloudstack.api.response.RoleResponse;
    +
    +import java.util.ArrayList;
    +import java.util.List;
    +
    +
    +@APICommand(name = ListRolePermissionsCmd.APINAME, description = "Lists role permissions",
responseObject = RolePermissionResponse.class,
    +        requestHasSensitiveInfo = false, responseHasSensitiveInfo = false,
    +        since = "4.9.0",
    +        authorized = {RoleType.Admin})
    +public class ListRolePermissionsCmd extends BaseCmd {
    +    public static final String APINAME = "listRolePermissions";
    +
    +    /////////////////////////////////////////////////////
    +    //////////////// API parameters /////////////////////
    +    /////////////////////////////////////////////////////
    +
    +    @Parameter(name = ApiConstants.ROLE_ID, type = CommandType.UUID, entityType = RoleResponse.class,
description = "ID of the role")
    +    private Long roleId;
    +
    +    /////////////////////////////////////////////////////
    +    /////////////////// Accessors ///////////////////////
    +    /////////////////////////////////////////////////////
    +
    +    public Long getRoleId() {
    +        return roleId;
    +    }
    +
    +    /////////////////////////////////////////////////////
    +    /////////////// API Implementation///////////////////
    +    /////////////////////////////////////////////////////
    +
    +    @Override
    +    public String getCommandName() {
    +        return APINAME.toLowerCase() + BaseCmd.RESPONSE_SUFFIX;
    +    }
    +
    +    @Override
    +    public long getEntityOwnerId() {
    +        return Account.ACCOUNT_ID_SYSTEM;
    +    }
    +
    +    @Override
    +    public void execute() throws ResourceUnavailableException, InsufficientCapacityException,
ServerApiException {
    +        if (getRoleId() != null && getRoleId() < 1L) {
    +            throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Invalid role id provided");
    +        }
    +        List<RolePermission> rolePermissions = roleService.findAllPermissionsBy(getRoleId());
    +
    +        ListResponse<RolePermissionResponse> response = new ListResponse<>();
    +        List<RolePermissionResponse> rolePermissionResponses = new ArrayList<>();
    +        for (RolePermission rolePermission : rolePermissions) {
    +            Role role = roleService.findRole(rolePermission.getRoleId());
    --- End diff --
    
    Am I correct in understanding that all the permissions in ``rolePerimssions`` will be
for ``roleId``?  If so, why do we retrieve the same role for every permission evaluated? 
Why not retrieve the role once between the for loop?  A step further, why not model ``RolePermission``
to have an association with ``Role`` and retrieve and associate it in ``roleService.findAllPermissionsBy``?


> User Definable Roles
> --------------------
>
>                 Key: CLOUDSTACK-8562
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8562
>             Project: CloudStack
>          Issue Type: New Feature
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server
>            Reporter: Paul Angus
>            Assignee: Rohit Yadav
>
> Static command.properties moved to database and made user definable



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message