From 022b9b8f8058ae982af5ec12812c932287f50cc6 Mon Sep 17 00:00:00 2001
From: Prachi Damle <prachi@cloud.com>
Date: Mon, 3 Feb 2014 18:14:56 -0800
Subject: [PATCH] Add access for domain wide createAffinityGroup

---
 .../orchestration/NetworkOrchestrator.java    | 10 +++++--
 .../affinity/AffinityGroupServiceImpl.java    | 29 ++++++++++++++----
 .../cloudstack/acl/api/AclApiServiceImpl.java | 30 ++++++++-----------
 3 files changed, 42 insertions(+), 27 deletions(-)

diff --git a/engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java b/engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
index 1ea8d2ea282..8684876ae8c 100755
--- a/engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
+++ b/engine/orchestration/src/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
@@ -38,6 +38,7 @@ import javax.naming.ConfigurationException;
 
 import org.apache.cloudstack.acl.AclEntityType;
 import org.apache.cloudstack.acl.ControlledEntity.ACLType;
+import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
 import org.apache.cloudstack.framework.config.ConfigDepot;
@@ -670,10 +671,13 @@ public class NetworkOrchestrator extends ManagerBase implements NetworkOrchestra
                         if (domainId != null && aclType == ACLType.Domain) {
                             _networksDao.addDomainToNetwork(id, domainId, subdomainAccess == null ? true : subdomainAccess);
                             //send event for storing the domain wide resource access
-                            // remove its related ACL permission
-                            Pair<AclEntityType, Long> network = new Pair<AclEntityType, Long>(AclEntityType.Network, id);
+                            Map<String, Object> params = new HashMap<String, Object>();
+                            params.put(ApiConstants.ENTITY_TYPE, AclEntityType.Network);
+                            params.put(ApiConstants.ENTITY_ID, id);
+                            params.put(ApiConstants.DOMAIN_ID, domainId);
+                            params.put(ApiConstants.SUBDOMAIN_ACCESS, subdomainAccess == null ? true : subdomainAccess);
                             _messageBus.publish(_name, EntityManager.MESSAGE_ADD_DOMAIN_WIDE_ENTITY_EVENT,
-                                    PublishScope.LOCAL, network);
+                                    PublishScope.LOCAL, params);
                         }
                     }
                 });
diff --git a/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java b/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java
index 2a6951ef98a..ce56311173f 100644
--- a/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java
+++ b/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java
@@ -28,13 +28,17 @@ import javax.naming.ConfigurationException;
 
 import org.apache.log4j.Logger;
 
+import org.apache.cloudstack.acl.AclEntityType;
 import org.apache.cloudstack.acl.ControlledEntity;
 import org.apache.cloudstack.acl.ControlledEntity.ACLType;
 import org.apache.cloudstack.acl.SecurityChecker.AccessType;
 import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
 import org.apache.cloudstack.affinity.dao.AffinityGroupDomainMapDao;
 import org.apache.cloudstack.affinity.dao.AffinityGroupVMMapDao;
+import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.framework.messagebus.MessageBus;
+import org.apache.cloudstack.framework.messagebus.PublishScope;
 
 import com.cloud.domain.DomainVO;
 import com.cloud.domain.dao.DomainDao;
@@ -50,6 +54,7 @@ import com.cloud.utils.Pair;
 import com.cloud.utils.component.Manager;
 import com.cloud.utils.component.ManagerBase;
 import com.cloud.utils.db.DB;
+import com.cloud.utils.db.EntityManager;
 import com.cloud.utils.db.Filter;
 import com.cloud.utils.db.JoinBuilder;
 import com.cloud.utils.db.SearchBuilder;
@@ -92,6 +97,9 @@ public class AffinityGroupServiceImpl extends ManagerBase implements AffinityGro
     @Inject
     DomainManager _domainMgr;
 
+    @Inject
+    MessageBus _messageBus;
+
     protected List<AffinityGroupProcessor> _affinityProcessors;
 
     public List<AffinityGroupProcessor> getAffinityGroupProcessors() {
@@ -200,14 +208,23 @@ public class AffinityGroupServiceImpl extends ManagerBase implements AffinityGro
             public AffinityGroupVO doInTransaction(TransactionStatus status) {
                 AffinityGroupVO group =
                     new AffinityGroupVO(affinityGroupName, affinityGroupType, description, ownerFinal.getDomainId(), ownerFinal.getId(), aclTypeFinal);
-        _affinityGroupDao.persist(group);
+                _affinityGroupDao.persist(group);
 
                 if (domainId != null && aclTypeFinal == ACLType.Domain) {
-            boolean subDomainAccess = false;
-            subDomainAccess = processor.subDomainAccess();
-            AffinityGroupDomainMapVO domainMap = new AffinityGroupDomainMapVO(group.getId(), domainId, subDomainAccess);
-            _affinityGroupDomainMapDao.persist(domainMap);
-        }
+                    boolean subDomainAccess = false;
+                    subDomainAccess = processor.subDomainAccess();
+                    AffinityGroupDomainMapVO domainMap = new AffinityGroupDomainMapVO(group.getId(), domainId,
+                            subDomainAccess);
+                    _affinityGroupDomainMapDao.persist(domainMap);
+                    //send event for storing the domain wide resource access
+                    Map<String, Object> params = new HashMap<String, Object>();
+                    params.put(ApiConstants.ENTITY_TYPE, AclEntityType.AffinityGroup);
+                    params.put(ApiConstants.ENTITY_ID, group.getId());
+                    params.put(ApiConstants.DOMAIN_ID, domainId);
+                    params.put(ApiConstants.SUBDOMAIN_ACCESS, subDomainAccess);
+                    _messageBus.publish(_name, EntityManager.MESSAGE_ADD_DOMAIN_WIDE_ENTITY_EVENT, PublishScope.LOCAL,
+                            params);
+                }
 
                 return group;
             }
diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
index 9b8e57f7456..399c28a9998 100644
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
@@ -67,8 +67,6 @@ import com.cloud.domain.dao.DomainDao;
 import com.cloud.event.ActionEvent;
 import com.cloud.event.EventTypes;
 import com.cloud.exception.InvalidParameterValueException;
-import com.cloud.network.dao.NetworkDomainDao;
-import com.cloud.network.dao.NetworkDomainVO;
 import com.cloud.template.TemplateManager;
 import com.cloud.user.Account;
 import com.cloud.user.AccountManager;
@@ -105,9 +103,6 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
     @Inject
     MessageBus _messageBus;
 
-    @Inject
-    NetworkDomainDao _networkDomainDao;
-
     @Override
     public boolean configure(final String name, final Map<String, Object> params) throws ConfigurationException {
         _messageBus.subscribe(AccountManager.MESSAGE_ADD_ACCOUNT_EVENT, new MessageSubscriber() {
@@ -221,9 +216,9 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
         _messageBus.subscribe(EntityManager.MESSAGE_ADD_DOMAIN_WIDE_ENTITY_EVENT, new MessageSubscriber() {
             @Override
             public void onPublishMessage(String senderAddress, String subject, Object obj) {
-                Pair<AclEntityType, Long> entity = (Pair<AclEntityType, Long>) obj;
-                if (entity != null) {
-                    addDomainWideResourceAccess(entity);
+                Map<String, Object> params = (Map<String, Object>) obj;
+                if (params != null) {
+                    addDomainWideResourceAccess(params);
                 }
             }
         });
@@ -231,20 +226,19 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
         return super.configure(name, params);
     }
 
-    private void addDomainWideResourceAccess(Pair<AclEntityType, Long> entity) {
+    private void addDomainWideResourceAccess(Map<String, Object> params) {
 
-        String entityType = entity.first().toString();
-        Long entityId = entity.second();
+        String entityType = (String) params.get(ApiConstants.ENTITY_TYPE);
+        Long entityId = (Long) params.get(ApiConstants.ENTITY_ID);
+        Long domainId = (Long) params.get(ApiConstants.DOMAIN_ID);
+        Boolean isRecursive = (Boolean) params.get(ApiConstants.SUBDOMAIN_ACCESS);
 
         if (AclEntityType.Network.toString().equals(entityType)) {
-            NetworkDomainVO networkDomainMap = _networkDomainDao.getDomainNetworkMapByNetworkId(entityId);
-            if (networkDomainMap != null) {
-                createPolicyAndAddToDomainGroup("DomainWideNetwork-" + entityId, "domain wide network", entityType,
-                        entityId, "listNetworks", AccessType.UseEntry, networkDomainMap.getDomainId(),
-                        networkDomainMap.isSubdomainAccess());
-            }
+            createPolicyAndAddToDomainGroup("DomainWideNetwork-" + entityId, "domain wide network", entityType,
+                    entityId, "listNetworks", AccessType.UseEntry, domainId, isRecursive);
         } else if (AclEntityType.AffinityGroup.toString().equals(entityType)) {
-
+            createPolicyAndAddToDomainGroup("DomainWideNetwork-" + entityId, "domain wide affinityGroup", entityType,
+                    entityId, "listAffinityGroups", AccessType.UseEntry, domainId, isRecursive);
         }
 
     }