Add listAclGroupsByAccount to QuerySelector adapters and remove

AclProxyService interface.
2014-01-14 16:19:25 -08:00 · 2014-01-14 16:19:25 -08:00 · 6583cb3800
parent fac9f2da0f
commit 6583cb3800
10 changed files with 52 additions and 112 deletions
--- a/api/src/org/apache/cloudstack/acl/AclProxyService.java
+++ b/api/src/org/apache/cloudstack/acl/AclProxyService.java
@ -1,13 +0,0 @@
-package org.apache.cloudstack.acl;
-
-import java.util.List;
-
-public interface AclProxyService {
-
-    List<String> listAclGroupsByAccount(long accountId);
-
-    void removeAccountFromAclGroups(long accountId);
-
-    void addAccountToAclGroup(long accountId, long groupId);
-
-}
--- a/api/src/org/apache/cloudstack/acl/QuerySelector.java
+++ b/api/src/org/apache/cloudstack/acl/QuerySelector.java
@ -62,4 +62,11 @@ public interface QuerySelector extends Adapter {
     */
    boolean isGrantedAll(Account caller, String action);

+    /**
+     * List of ACL group the given account belongs to
+     * @param accountId account id.
+     * @return ACL group names
+     */
+    List<String> listAclGroupsByAccount(long accountId);
+
 }
--- a/server/src/com/cloud/api/query/dao/AccountJoinDaoImpl.java
+++ b/server/src/com/cloud/api/query/dao/AccountJoinDaoImpl.java
@ -24,7 +24,6 @@ import javax.inject.Inject;
 import org.apache.log4j.Logger;
 import org.springframework.stereotype.Component;

-import org.apache.cloudstack.acl.AclProxyService;
 import org.apache.cloudstack.api.ResponseObject.ResponseView;
 import org.apache.cloudstack.api.response.AccountResponse;
 import org.apache.cloudstack.api.response.ResourceLimitAndCountResponse;
@ -48,9 +47,7 @@ public class AccountJoinDaoImpl extends GenericDaoBase<AccountJoinVO, Long> impl

    private final SearchBuilder<AccountJoinVO> acctIdSearch;
    @Inject
-    public AccountManager _accountMgr;
-    @Inject
-    AclProxyService _aclProxy;
+    AccountManager _acctMgr;

    protected AccountJoinDaoImpl() {

@ -106,7 +103,7 @@ public class AccountJoinDaoImpl extends GenericDaoBase<AccountJoinVO, Long> impl
        accountResponse.setObjectName("account");
        
        // add all the acl groups for an account
-        accountResponse.setGroups(_aclProxy.listAclGroupsByAccount(account.getId()));
+        accountResponse.setGroups(_acctMgr.listAclGroupsByAccount(account.getId()));

        return accountResponse;
    }
--- a/server/src/com/cloud/user/AccountManager.java
+++ b/server/src/com/cloud/user/AccountManager.java
@ -191,6 +191,8 @@ public interface AccountManager extends AccountService {
     */
    Account lockAccount(String accountName, Long domainId, Long accountId);

+    List<String> listAclGroupsByAccount(Long accountId);
+
    public static final String MESSAGE_ADD_ACCOUNT_EVENT = "Message.AddAccount.Event";

    public static final String MESSAGE_REMOVE_ACCOUNT_EVENT = "Message.RemoveAccount.Event";
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@ -40,7 +40,6 @@ import javax.naming.ConfigurationException;
 import org.apache.commons.codec.binary.Base64;
 import org.apache.log4j.Logger;

-import org.apache.cloudstack.acl.AclProxyService;
 import org.apache.cloudstack.acl.ControlledEntity;
 import org.apache.cloudstack.acl.QuerySelector;
 import org.apache.cloudstack.acl.RoleType;
@ -253,8 +252,7 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
    @Inject
    private GlobalLoadBalancerRuleDao _gslbRuleDao;

-    @Inject
-    QuerySelector _aclQuerySelector;  // we assume that there should be one type of QuerySelector adapter
+    List<QuerySelector> _querySelectors;

    @Inject
    MessageBus _messageBus;
@ -302,6 +300,14 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
 		_securityCheckers = securityCheckers;
 	}
    
+    public List<QuerySelector> getQuerySelectors() {
+        return _querySelectors;
+    }
+
+    public void setQuerySelectors(List<QuerySelector> querySelectors) {
+        _querySelectors = querySelectors;
+    }
+
    @Override
    public boolean configure(final String name, final Map<String, Object> params) throws ConfigurationException {
        _systemAccount = _accountDao.findById(AccountVO.ACCOUNT_ID_SYSTEM);
@ -2249,16 +2255,21 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
            // search for policy permissions associated with caller to get all his authorized domains, accounts, and resources
            // Assumption: if a domain is in grantedDomains, then all the accounts under this domain will not be returned in "grantedAccounts". Similarly, if an account
            // is in grantedAccounts, then all the resources owned by this account will not be returned in "grantedResources".
-            boolean grantedAll = _aclQuerySelector.isGrantedAll(caller, action);
+            // assume that there is only one query selector adapter
+            if (_querySelectors == null || _querySelectors.size() == 0)
+                return; // no futher filtering
+
+            QuerySelector qs = _querySelectors.get(0);
+            boolean grantedAll = qs.isGrantedAll(caller, action);
            if ( grantedAll ){
                if ( domainId != null ){
                    permittedDomains.add(domainId);
                }
            }
            else {
-                List<Long> grantedDomains = _aclQuerySelector.getAuthorizedDomains(caller, action);
-                List<Long> grantedAccounts = _aclQuerySelector.getAuthorizedAccounts(caller, action);
-                List<Long> grantedResources = _aclQuerySelector.getAuthorizedResources(caller, action);
+                List<Long> grantedDomains = qs.getAuthorizedDomains(caller, action);
+                List<Long> grantedAccounts = qs.getAuthorizedAccounts(caller, action);
+                List<Long> grantedResources = qs.getAuthorizedResources(caller, action);

                if (domainId != null) {
                    // specific domain is specified
@ -2437,4 +2448,13 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
        sc.addAnd("accountId", SearchCriteria.Op.SC, aclSc);
    }

+    @Override
+    public List<String> listAclGroupsByAccount(Long accountId) {
+        if (_querySelectors == null || _querySelectors.size() == 0)
+            return new ArrayList<String>();
+
+        QuerySelector qs = _querySelectors.get(0);
+        return qs.listAclGroupsByAccount(accountId);
+    }
+
 }
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityQuerySelector.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityQuerySelector.java
@ -23,6 +23,7 @@ import javax.inject.Inject;

 import org.apache.log4j.Logger;

+import org.apache.cloudstack.iam.api.AclGroup;
 import org.apache.cloudstack.iam.api.AclPolicy;
 import org.apache.cloudstack.iam.api.AclPolicyPermission;
 import org.apache.cloudstack.iam.api.IAMService;
@ -112,4 +113,14 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
        return false;
    }

+    @Override
+    public List<String> listAclGroupsByAccount(long accountId) {
+        List<AclGroup> groups = _iamService.listAclGroups(accountId);
+        List<String> groupNames = new ArrayList<String>();
+        for (AclGroup grp : groups) {
+            groupNames.add(grp.getName());
+        }
+        return groupNames;
+    }
+
 }
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java
@ -18,7 +18,6 @@ package org.apache.cloudstack.acl.api;

 import java.util.List;

-import org.apache.cloudstack.acl.AclProxyService;
 import org.apache.cloudstack.acl.PermissionScope;
 import org.apache.cloudstack.acl.api.response.AclGroupResponse;
 import org.apache.cloudstack.acl.api.response.AclPolicyResponse;
@ -31,7 +30,7 @@ import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
 import com.cloud.user.Account;
 import com.cloud.utils.component.PluggableService;

-public interface AclApiService extends AclProxyService, PluggableService {
+public interface AclApiService extends PluggableService {

    /* ACL group related interfaces */
    AclGroup createAclGroup(Account caller, String aclGroupName, String description);
--- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
+++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
@ -150,15 +150,6 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
        return _iamSrv.listAclGroups(accountId);
    }

-    @Override
-    public List<String> listAclGroupsByAccount(long accountId) {
-        List<AclGroup> groups = listAclGroups(accountId);
-        List<String> groupNames = new ArrayList<String>();
-        for (AclGroup grp : groups) {
-            groupNames.add(grp.getName());
-        }
-        return groupNames;
-    }

    @DB
    @Override
@ -167,8 +158,7 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
        return _iamSrv.addAccountsToGroup(acctIds, groupId);
    }

-    @Override
-    public void removeAccountFromAclGroups(long accountId) {
+    private void removeAccountFromAclGroups(long accountId) {
        List<AclGroup> groups = listAclGroups(accountId);
        List<Long> accts = new ArrayList<Long>();
        accts.add(accountId);
@ -179,8 +169,7 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
        }
    }

-    @Override
-    public void addAccountToAclGroup(long accountId, long groupId) {
+    private void addAccountToAclGroup(long accountId, long groupId) {
        List<Long> accts = new ArrayList<Long>();
        accts.add(accountId);
        addAccountsToGroup(accts, groupId);
--- a/services/pom.xml
+++ b/services/pom.xml
@ -27,9 +27,6 @@
    <version>4.3.0-SNAPSHOT</version>
    <relativePath>../pom.xml</relativePath>
  </parent>
-  <build>
-    <defaultGoal>install</defaultGoal>
-  </build>
  <modules>
    <module>console-proxy</module>
    <module>secondary-storage</module>
--- a/setup/db/db/schema-421to430.sql
+++ b/setup/db/db/schema-421to430.sql
@ -397,75 +397,6 @@ INSERT IGNORE INTO `cloud`.`acl_policy_permission` (id, policy_id, action, permi
 INSERT IGNORE INTO `cloud`.`acl_policy_permission` (id, policy_id, action, permission, created) VALUES (2, 3, 'DomainCapability', 'Allow', Now());
 INSERT IGNORE INTO `cloud`.`acl_policy_permission` (id, policy_id, action, permission, created) VALUES (3, 4, 'DomainResourceCapability', 'Allow', Now());

-CREATE OR REPLACE VIEW `cloud`.`acl_policy_view` AS
-    select 
-        acl_policy.id id,
-        acl_policy.uuid uuid,        
-        acl_policy.name name,
-        acl_policy.description description,
-        acl_policy.removed removed,
-        acl_policy.created created,
-        domain.id domain_id,
-        domain.uuid domain_uuid,
-        domain.name domain_name,
-        domain.path domain_path,
-        account.id account_id,
-        account.uuid account_uuid,
-        account.account_name account_name,     
-        account.type account_type,  
-        acl_policy_permission.action permission_action,
-        acl_policy_permission.resource_type permission_entity_type,
-        acl_policy_permission.scope permission_scope,
-        acl_policy_permission.scope_id permission_scope_id,        
-        acl_policy_permission.access_type permission_access_type,
-        acl_policy_permission.permission permission_allow_deny
-    from
-        `cloud`.`acl_policy`
-            inner join
-        `cloud`.`domain` ON acl_policy.domain_id = domain.id
-            inner join
-        `cloud`.`account` ON acl_policy.account_id = account.id        
-            left join
-        `cloud`.`acl_policy_permission` ON acl_policy.id = acl_policy_permission.policy_id;
-        
-         
-CREATE OR REPLACE VIEW `cloud`.`acl_group_view` AS
-    select 
-        acl_group.id id,
-        acl_group.uuid uuid,        
-        acl_group.name name,
-        acl_group.description description,
-        acl_group.removed removed,
-        acl_group.created created,
-        domain.id domain_id,
-        domain.uuid domain_uuid,
-        domain.name domain_name,
-        domain.path domain_path,
-        account.id account_id,
-        account.uuid account_uuid,
-        account.account_name account_name,  
-        account.type account_type,
-        member_account.id member_account_id,
-        member_account.uuid member_account_uuid,
-        member_account.account_name member_account_name,      
-        acl_policy.id policy_id,
-        acl_policy.uuid policy_uuid,
-        acl_policy.name policy_name
-    from
-        `cloud`.`acl_group`
-            inner join
-        `cloud`.`domain` ON acl_group.domain_id = domain.id
-            inner join
-        `cloud`.`account` ON acl_group.account_id = account.id              
-            left join
-        `cloud`.`acl_group_policy_map` ON acl_group.id = acl_group_policy_map.group_id  
-            left join         
-        `cloud`.`acl_policy` ON acl_group_policy_map.policy_id = acl_policy.id  
-            left join
-        `cloud`.`acl_group_account_map` ON acl_group.id = acl_group_account_map.group_id
-            left join
-        `cloud`.`account` member_account ON acl_group_account_map.account_id = member_account.id;        
-
                       
 
 DROP VIEW IF EXISTS `cloud`.`volume_view`;