During Upgrade to 4.3, Populate the API Permissions per Out-Of-Box Role from commands.properties file

2013-09-19 12:32:54 -07:00 · 2013-09-19 12:32:54 -07:00 · 3333a04c40
parent ad6af49f03
commit 3333a04c40
2 changed files with 49 additions and 3 deletions
--- a/api/src/org/apache/cloudstack/acl/RoleType.java
+++ b/api/src/org/apache/cloudstack/acl/RoleType.java
@ -19,10 +19,10 @@ package org.apache.cloudstack.acl;
 // Enum for default roles in CloudStack
 public enum RoleType {

-    Admin(1),
-    ResourceAdmin(2),
-    DomainAdmin(4),
    User(8),
+    Admin(1),
+    DomainAdmin(4),
+    ResourceAdmin(2),
    Unknown(0);

    private int mask;
@ -35,3 +35,4 @@ public enum RoleType {
        return mask;
    }
 }
+
--- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade420to430.java
+++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade420to430.java
@ -22,9 +22,12 @@ import java.sql.Connection;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
+import java.util.Map;

+import org.apache.cloudstack.acl.RoleType;
 import org.apache.log4j.Logger;

+import com.cloud.utils.PropertiesUtil;
 import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.utils.script.Script;

@ -59,6 +62,7 @@ public class Upgrade420to430 implements DbUpgrade {
    @Override
    public void performDataMigration(Connection conn) {
        populateACLGroupAccountMap(conn);
+        populateACLRoleBasedAPIPermission(conn);
    }

    // populate acl_group_account_map table for existing accounts
@ -106,6 +110,47 @@ public class Upgrade420to430 implements DbUpgrade {
        s_logger.debug("Completed populate acl_group_account_map for existing accounts.");
    }

+    private void populateACLRoleBasedAPIPermission(Connection conn) {
+        // read the commands.properties.in and populate the table
+        PreparedStatement apiInsert = null;
+
+        s_logger.debug("Populating acl_api_permission table for existing commands...");
+        try {
+            apiInsert = conn.prepareStatement("INSERT INTO `cloud`.`acl_api_permission` (role_id, api) values(?, ?)");
+
+            Map<String, String> commandMap = PropertiesUtil.processConfigFile(new String[] { "commands.properties" });
+            for (Map.Entry<String, String> entry : commandMap.entrySet()) {
+                String apiName = entry.getKey();
+                String roleMask = entry.getValue();
+                try {
+                    short cmdPermissions = Short.parseShort(roleMask);
+                    for (RoleType roleType : RoleType.values()) {
+                        if ((cmdPermissions & roleType.getValue()) != 0) {
+                            // insert entry into api_permission for this role
+                            apiInsert.setLong(1, roleType.ordinal() + 1);
+                            apiInsert.setString(2, apiName);
+                            apiInsert.executeUpdate();
+                        }
+                    }
+                } catch (NumberFormatException nfe) {
+                    s_logger.info("Malformed key=value pair for entry: " + entry.toString());
+                }
+            }
+        } catch (SQLException e) {
+            String msg = "Unable to populate acl_api_permission for existing commands." + e.getMessage();
+            s_logger.error(msg);
+            throw new CloudRuntimeException(msg, e);
+        } finally {
+            try {
+                if (apiInsert != null) {
+                    apiInsert.close();
+                }
+            } catch (SQLException e) {
+            }
+        }
+        s_logger.debug("Completed populate acl_api_permission for existing commands.");
+    }
+
    @Override
    public File[] getCleanupScripts() {
        String script = Script.findScript("", "db/schema-420to430-cleanup.sql");