Fill in implementation of AclService.getGrantedDomains,

getGrantedAccounts and getGrantedResources.
2013-12-09 14:08:54 -08:00 · 2013-12-09 14:08:54 -08:00 · 6730fa2b47
parent 288a81180c
commit 6730fa2b47
5 changed files with 102 additions and 19 deletions
--- a/api/src/org/apache/cloudstack/acl/AclService.java
+++ b/api/src/org/apache/cloudstack/acl/AclService.java
@ -57,10 +57,10 @@ public interface AclService {
    List<AclPolicy> getEffectivePolicies(Account caller, ControlledEntity entity);

    /* Visibility related interfaces */
-    List<Long> getGrantedDomains(long accountId, AclEntityType entityType, String action);
+    List<Long> getGrantedDomains(long accountId, String action);

-    List<Long> getGrantedAccounts(long accountId, AclEntityType entityType, String action);
+    List<Long> getGrantedAccounts(long accountId, String action);

-    List<Long> getGrantedResources(long accountId, AclEntityType entityType, String action);
+    List<Long> getGrantedResources(long accountId, String action);

 }
--- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDao.java
+++ b/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDao.java
@ -31,5 +31,7 @@ public interface AclPolicyPermissionDao extends GenericDao<AclPolicyPermissionVO

    AclPolicyPermissionVO findByPolicyAndEntity(long policyId, String entityType, PermissionScope scope, Long scopeId, String action, Permission perm);

+    List<AclPolicyPermissionVO> listGrantedByActionAndScope(long policyId, String action, PermissionScope scope);
+

 }
--- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDaoImpl.java
+++ b/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDaoImpl.java
@ -26,28 +26,70 @@ import org.apache.cloudstack.acl.AclPolicyPermissionVO;
 import org.apache.cloudstack.acl.PermissionScope;

 import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;

 public class AclPolicyPermissionDaoImpl extends GenericDaoBase<AclPolicyPermissionVO, Long> implements
        AclPolicyPermissionDao {

+    private SearchBuilder<AclPolicyPermissionVO> policyIdSearch;
+    private SearchBuilder<AclPolicyPermissionVO> fullSearch;
+    private SearchBuilder<AclPolicyPermissionVO> actionScopeSearch;

    @Override
    public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
        super.configure(name, params);

+        policyIdSearch = createSearchBuilder();
+        policyIdSearch.and("policyId", policyIdSearch.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
+        policyIdSearch.done();
+
+        fullSearch = createSearchBuilder();
+        fullSearch.and("policyId", fullSearch.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
+        fullSearch.and("entityType", fullSearch.entity().getEntityType(), SearchCriteria.Op.EQ);
+        fullSearch.and("scope", fullSearch.entity().getScope(), SearchCriteria.Op.EQ);
+        fullSearch.and("scopeId", fullSearch.entity().getScopeId(), SearchCriteria.Op.EQ);
+        fullSearch.and("action", fullSearch.entity().getAction(), SearchCriteria.Op.EQ);
+        fullSearch.and("permission", fullSearch.entity().getPermission(), SearchCriteria.Op.EQ);
+        fullSearch.done();
+
+        actionScopeSearch = createSearchBuilder();
+        actionScopeSearch.and("policyId", actionScopeSearch.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
+        actionScopeSearch.and("scope", actionScopeSearch.entity().getScope(), SearchCriteria.Op.EQ);
+        actionScopeSearch.and("action", actionScopeSearch.entity().getAction(), SearchCriteria.Op.EQ);
+        actionScopeSearch.and("permission", actionScopeSearch.entity().getPermission(), SearchCriteria.Op.EQ);
+        actionScopeSearch.done();
+
        return true;
    }

    @Override
    public List<AclPolicyPermissionVO> listByPolicy(long policyId) {
-        // TODO Auto-generated method stub
-        return null;
+        SearchCriteria<AclPolicyPermissionVO> sc = policyIdSearch.create();
+        sc.setParameters("policyId", policyId);
+        return listBy(sc);
    }

    @Override
    public AclPolicyPermissionVO findByPolicyAndEntity(long policyId, String entityType, PermissionScope scope, Long scopeId, String action, Permission perm) {
-        // TODO Auto-generated method stub
-        return null;
+        SearchCriteria<AclPolicyPermissionVO> sc = fullSearch.create();
+        sc.setParameters("policyId", policyId);
+        sc.setParameters("entityType", entityType);
+        sc.setParameters("scope", scope);
+        sc.setParameters("scopeId", scopeId);
+        sc.setParameters("action", action);
+        sc.setParameters("permission", perm);
+        return findOneBy(sc);
+    }
+
+    @Override
+    public List<AclPolicyPermissionVO> listGrantedByActionAndScope(long policyId, String action, PermissionScope scope) {
+        SearchCriteria<AclPolicyPermissionVO> sc = actionScopeSearch.create();
+        sc.setParameters("policyId", policyId);
+        sc.setParameters("action", action);
+        sc.setParameters("scope", scope);
+        sc.setParameters("permission", Permission.Allow);
+        return listBy(sc);
    }

 }
--- a/server/src/com/cloud/user/AccountManagerImpl.java
+++ b/server/src/com/cloud/user/AccountManagerImpl.java
@ -2610,9 +2610,9 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
            // search for policy permissions associated with caller to get all his authorized domains, accounts, and resources
            // Assumption: if a domain is in grantedDomains, then all the accounts under this domain will not be returned in "grantedAccounts". Similarly, if an account
            // is in grantedAccounts, then all the resources owned by this account will not be returned in "grantedResources".
-            List<Long> grantedDomains = _aclService.getGrantedDomains(caller.getId(), AclEntityType.VM, action);
-            List<Long> grantedAccounts = _aclService.getGrantedAccounts(caller.getId(), AclEntityType.VM, action);
-            List<Long> grantedResources = _aclService.getGrantedResources(caller.getId(), AclEntityType.VM, action);
+            List<Long> grantedDomains = _aclService.getGrantedDomains(caller.getId(), action);
+            List<Long> grantedAccounts = _aclService.getGrantedAccounts(caller.getId(), action);
+            List<Long> grantedResources = _aclService.getGrantedResources(caller.getId(), action);

            if (domainId != null) {
                // specific domain is specified
--- a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
+++ b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
@ -678,21 +678,60 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
    }

    @Override
-    public List<Long> getGrantedDomains(long accountId, AclEntityType entityType, String action) {
-        // TODO Auto-generated method stub
-        return null;
+    public List<Long> getGrantedDomains(long accountId, String action) {
+        // Get the static Policies of the Caller
+        List<AclPolicy> policies = listAclPolicies(accountId);
+        // for each policy, find granted permission with Domain scope
+        List<Long> domainIds = new ArrayList<Long>();
+        for (AclPolicy policy : policies) {
+            List<AclPolicyPermissionVO> pp = _policyPermissionDao.listGrantedByActionAndScope(policy.getId(), action, PermissionScope.DOMAIN);
+            if (pp != null) {
+                for (AclPolicyPermissionVO p : pp) {
+                    if (p.getScopeId() != null) {
+                        domainIds.add(p.getScopeId());
+                    }
+                }
+            }
+        }
+        return domainIds;
    }

    @Override
-    public List<Long> getGrantedAccounts(long accountId, AclEntityType entityType, String action) {
-        // TODO Auto-generated method stub
-        return null;
+    public List<Long> getGrantedAccounts(long accountId, String action) {
+        // Get the static Policies of the Caller
+        List<AclPolicy> policies = listAclPolicies(accountId);
+        // for each policy, find granted permission with Account scope
+        List<Long> accountIds = new ArrayList<Long>();
+        for (AclPolicy policy : policies) {
+            List<AclPolicyPermissionVO> pp = _policyPermissionDao.listGrantedByActionAndScope(policy.getId(), action, PermissionScope.ACCOUNT);
+            if (pp != null) {
+                for (AclPolicyPermissionVO p : pp) {
+                    if (p.getScopeId() != null) {
+                        accountIds.add(p.getScopeId());
+                    }
+                }
+            }
+        }
+        return accountIds;
    }

    @Override
-    public List<Long> getGrantedResources(long accountId, AclEntityType entityType, String action) {
-        // TODO Auto-generated method stub
-        return null;
+    public List<Long> getGrantedResources(long accountId, String action) {
+        // Get the static Policies of the Caller
+        List<AclPolicy> policies = listAclPolicies(accountId);
+        // for each policy, find granted permission with Resource scope
+        List<Long> entityIds = new ArrayList<Long>();
+        for (AclPolicy policy : policies) {
+            List<AclPolicyPermissionVO> pp = _policyPermissionDao.listGrantedByActionAndScope(policy.getId(), action, PermissionScope.RESOURCE);
+            if (pp != null) {
+                for (AclPolicyPermissionVO p : pp) {
+                    if (p.getScopeId() != null) {
+                        entityIds.add(p.getScopeId());
+                    }
+                }
+            }
+        }
+        return entityIds;
    }

 }