From b40f496f8003c84b878a61443c1713ac36d48acc Mon Sep 17 00:00:00 2001 From: Kris McQueen Date: Wed, 8 Sep 2010 15:13:04 -0700 Subject: [PATCH] Refactoring listTemplatePermissions and listIsoPermissions to new API framework. --- .../api/commands/ListIsoPermissionsCmd.java | 2 +- .../ListTemplateOrIsoPermissionsCmd.java | 129 +++++------------- .../commands/ListTemplatePermissionsCmd.java | 2 +- .../response/TemplatePermissionsResponse.java | 52 +++++++ .../com/cloud/server/ManagementServer.java | 19 +-- .../cloud/server/ManagementServerImpl.java | 55 +++++++- 6 files changed, 142 insertions(+), 117 deletions(-) create mode 100644 server/src/com/cloud/api/response/TemplatePermissionsResponse.java diff --git a/server/src/com/cloud/api/commands/ListIsoPermissionsCmd.java b/server/src/com/cloud/api/commands/ListIsoPermissionsCmd.java index d655008c439..0db2ea788c8 100644 --- a/server/src/com/cloud/api/commands/ListIsoPermissionsCmd.java +++ b/server/src/com/cloud/api/commands/ListIsoPermissionsCmd.java @@ -10,7 +10,7 @@ public class ListIsoPermissionsCmd extends ListTemplateOrIsoPermissionsCmd { return "listisopermissionsresponse"; } - protected String getMediaType() { + public String getMediaType() { return "iso"; } diff --git a/server/src/com/cloud/api/commands/ListTemplateOrIsoPermissionsCmd.java b/server/src/com/cloud/api/commands/ListTemplateOrIsoPermissionsCmd.java index 73185fd8d52..2e43e5db35d 100644 --- a/server/src/com/cloud/api/commands/ListTemplateOrIsoPermissionsCmd.java +++ b/server/src/com/cloud/api/commands/ListTemplateOrIsoPermissionsCmd.java @@ -1,31 +1,23 @@ package com.cloud.api.commands; -import java.util.ArrayList; import java.util.List; -import java.util.Map; import org.apache.log4j.Logger; -import com.cloud.api.BaseCmd; +import com.cloud.api.BaseListCmd; +import com.cloud.api.Implementation; import com.cloud.api.Parameter; -import com.cloud.api.ServerApiException; -import com.cloud.domain.DomainVO; +import com.cloud.api.response.TemplatePermissionsResponse; +import com.cloud.serializer.SerializerHelper; import com.cloud.storage.VMTemplateVO; import com.cloud.user.Account; -import com.cloud.utils.Pair; +import com.cloud.user.UserContext; -public class ListTemplateOrIsoPermissionsCmd extends BaseCmd { +@Implementation(method="listTemplatePermissions") +public class ListTemplateOrIsoPermissionsCmd extends BaseListCmd { public Logger s_logger = getLogger(); - protected static final List> s_properties = new ArrayList>(); protected String s_name = getResponseName(); - static { - s_properties.add(new Pair(BaseCmd.Properties.ACCOUNT_OBJ, Boolean.FALSE)); - s_properties.add(new Pair(BaseCmd.Properties.ACCOUNT, Boolean.FALSE)); - s_properties.add(new Pair(BaseCmd.Properties.DOMAIN_ID, Boolean.FALSE)); - s_properties.add(new Pair(BaseCmd.Properties.ID, Boolean.TRUE)); - } - ///////////////////////////////////////////////////// //////////////// API parameters ///////////////////// ///////////////////////////////////////////////////// @@ -63,9 +55,32 @@ public class ListTemplateOrIsoPermissionsCmd extends BaseCmd { public String getName() { return s_name; } - @Override - public List> getProperties() { - return s_properties; + + @Override @SuppressWarnings("unchecked") + public String getResponse() { + List accountNames = (List)getResponseObject(); + Account account = (Account)UserContext.current().getAccountObject(); + boolean isAdmin = ((account == null) || isAdmin(account.getType())); + Long templateOwnerDomain = null; + VMTemplateVO template = getManagementServer().findTemplateById(id); + if (isAdmin) { + // FIXME: we have just template id and need to get template owner from that + Account templateOwner = getManagementServer().findAccountById(template.getAccountId()); + if (templateOwner != null) { + templateOwnerDomain = templateOwner.getDomainId(); + } + } + + TemplatePermissionsResponse response = new TemplatePermissionsResponse(); + response.setId(template.getId()); + response.setPublicTemplate(template.isPublicTemplate()); + if (isAdmin && (templateOwnerDomain != null)) { + response.setDomainId(templateOwnerDomain); + } + + response.setAccountNames(accountNames); + + return SerializerHelper.toSerializedString(response); } protected boolean templateIsCorrectType(VMTemplateVO template) { @@ -76,87 +91,11 @@ public class ListTemplateOrIsoPermissionsCmd extends BaseCmd { return "updatetemplateorisopermissionsresponse"; } - protected String getMediaType() { + public String getMediaType() { return "templateOrIso"; } protected Logger getLogger() { return Logger.getLogger(UpdateTemplateOrIsoPermissionsCmd.class.getName()); } - - @Override - public List> execute(Map params) { - Long id = (Long)params.get(BaseCmd.Properties.ID.getName()); - Account account = (Account)params.get(BaseCmd.Properties.ACCOUNT_OBJ.getName()); - String acctName = (String)params.get(BaseCmd.Properties.ACCOUNT.getName()); - Long domainId = (Long)params.get(BaseCmd.Properties.DOMAIN_ID.getName()); - Long accountId = null; - - if ((account == null) || account.getType() == Account.ACCOUNT_TYPE_ADMIN) { - // validate domainId before proceeding - if (domainId != null) { - if ((account != null) && !getManagementServer().isChildDomain(account.getDomainId(), domainId)) { - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Invalid domain id (" + domainId + ") given, unable to list " + getMediaType() + " permissions."); - } - if (acctName != null) { - Account userAccount = getManagementServer().findAccountByName(acctName, domainId); - if (userAccount != null) { - accountId = userAccount.getId(); - } else { - throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to find account " + acctName + " in domain " + domainId); - } - } - } - } else { - accountId = account.getId(); - } - - VMTemplateVO template = getManagementServer().findTemplateById(id.longValue()); - if (template == null || !templateIsCorrectType(template)) { - throw new ServerApiException(BaseCmd.PARAM_ERROR, "unable to find " + getMediaType() + " with id " + id); - } - - if (accountId != null && !template.isPublicTemplate()) { - if (account.getType() == Account.ACCOUNT_TYPE_NORMAL && template.getAccountId() != accountId) { - throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "unable to list permissions for " + getMediaType() + " with id " + id); - } else if (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) { - DomainVO accountDomain = getManagementServer().findDomainIdById(account.getDomainId()); - Account templateAccount = getManagementServer().findAccountById(template.getAccountId()); - DomainVO templateDomain = getManagementServer().findDomainIdById(templateAccount.getDomainId()); - if (!templateDomain.getPath().contains(accountDomain.getPath())) { - throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "unable to list permissions for " + getMediaType() + " with id " + id); - } - } - } - - if (id == Long.valueOf(1)) { - throw new ServerApiException(BaseCmd.PARAM_ERROR, "unable to list permissions for " + getMediaType() + " with id " + id); - } - - List accountNames = getManagementServer().listTemplatePermissions(id); - - boolean isAdmin = ((account == null) || isAdmin(account.getType())); - Long templateOwnerDomain = null; - if (isAdmin) { - Account templateOwner = getManagementServer().findAccountById(template.getAccountId()); - if (templateOwner != null) { - templateOwnerDomain = templateOwner.getDomainId(); - } - } - - List> embeddedObject = new ArrayList>(); - List> returnValues = new ArrayList>(); - returnValues.add(new Pair(BaseCmd.Properties.ID.getName(), template.getId().toString())); - returnValues.add(new Pair(BaseCmd.Properties.IS_PUBLIC.getName(), Boolean.valueOf(template.isPublicTemplate()).toString())); - if (isAdmin && (templateOwnerDomain != null)) { - returnValues.add(new Pair(BaseCmd.Properties.DOMAIN_ID.getName(), templateOwnerDomain.toString())); - } - if ((accountNames != null) && !accountNames.isEmpty()) { - for (String accountName : accountNames) { - returnValues.add(new Pair(BaseCmd.Properties.ACCOUNT.getName(), accountName)); - } - } - embeddedObject.add(new Pair(getMediaType() + "permission", new Object[] { returnValues } )); - return embeddedObject; - } } diff --git a/server/src/com/cloud/api/commands/ListTemplatePermissionsCmd.java b/server/src/com/cloud/api/commands/ListTemplatePermissionsCmd.java index 8525fc31d88..f9cf0181989 100644 --- a/server/src/com/cloud/api/commands/ListTemplatePermissionsCmd.java +++ b/server/src/com/cloud/api/commands/ListTemplatePermissionsCmd.java @@ -28,7 +28,7 @@ public class ListTemplatePermissionsCmd extends ListTemplateOrIsoPermissionsCmd return "listtemplatepermissionsresponse"; } - protected String getMediaType() { + public String getMediaType() { return "template"; } diff --git a/server/src/com/cloud/api/response/TemplatePermissionsResponse.java b/server/src/com/cloud/api/response/TemplatePermissionsResponse.java new file mode 100644 index 00000000000..cd955d075af --- /dev/null +++ b/server/src/com/cloud/api/response/TemplatePermissionsResponse.java @@ -0,0 +1,52 @@ +package com.cloud.api.response; + +import java.util.List; + +import com.cloud.api.ResponseObject; +import com.cloud.serializer.Param; + +public class TemplatePermissionsResponse implements ResponseObject { + @Param(name="id") + private Long id; + + @Param(name="ispublic") + private Boolean publicTemplate; + + @Param(name="domainid") + private Long domainId; + + @Param(name="account") + private List accountNames; + + public Long getId() { + return id; + } + + public void setId(Long id) { + this.id = id; + } + + public Boolean getPublicTemplate() { + return publicTemplate; + } + + public void setPublicTemplate(Boolean publicTemplate) { + this.publicTemplate = publicTemplate; + } + + public Long getDomainId() { + return domainId; + } + + public void setDomainId(Long domainId) { + this.domainId = domainId; + } + + public List getAccountNames() { + return accountNames; + } + + public void setAccountNames(List accountNames) { + this.accountNames = accountNames; + } +} diff --git a/server/src/com/cloud/server/ManagementServer.java b/server/src/com/cloud/server/ManagementServer.java index bbb38df1792..abbc681c33b 100644 --- a/server/src/com/cloud/server/ManagementServer.java +++ b/server/src/com/cloud/server/ManagementServer.java @@ -57,6 +57,7 @@ import com.cloud.api.commands.ListServiceOfferingsCmd; import com.cloud.api.commands.ListSnapshotsCmd; import com.cloud.api.commands.ListStoragePoolsCmd; import com.cloud.api.commands.ListSystemVMsCmd; +import com.cloud.api.commands.ListTemplateOrIsoPermissionsCmd; import com.cloud.api.commands.ListTemplatesCmd; import com.cloud.api.commands.LockAccountCmd; import com.cloud.api.commands.LockUserCmd; @@ -1594,26 +1595,12 @@ public interface ManagementServer { */ List findPrivateDiskOffering(); - /** - * Update the permissions on a template. A private template can be made public, or individual accounts can be granted permission to launch instances from the template. - * @param templateId - * @param operation - * @param isPublic - * @param isFeatured - * @param accountNames - * @return - * @throws InvalidParameterValueException - * @throws PermissionDeniedException - * @throws InternalErrorException - */ -// boolean updateTemplatePermissions(long templateId, String operation, Boolean isPublic, Boolean isFeatured, List accountNames) throws InvalidParameterValueException, PermissionDeniedException, InternalErrorException; - /** * List the permissions on a template. This will return a list of account names that have been granted permission to launch instances from the template. - * @param templateId + * @param cmd the command wrapping the search criteria (template id) * @return list of account names that have been granted permission to launch instances from the template */ - List listTemplatePermissions(long templateId); + List listTemplatePermissions(ListTemplateOrIsoPermissionsCmd cmd) throws InvalidParameterValueException, PermissionDeniedException; /** * List private templates for which the given account/domain has been granted permission to launch instances diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java index 0f0e6c75a28..72497fa31d8 100755 --- a/server/src/com/cloud/server/ManagementServerImpl.java +++ b/server/src/com/cloud/server/ManagementServerImpl.java @@ -93,6 +93,7 @@ import com.cloud.api.commands.ListServiceOfferingsCmd; import com.cloud.api.commands.ListSnapshotsCmd; import com.cloud.api.commands.ListStoragePoolsCmd; import com.cloud.api.commands.ListSystemVMsCmd; +import com.cloud.api.commands.ListTemplateOrIsoPermissionsCmd; import com.cloud.api.commands.ListTemplatesCmd; import com.cloud.api.commands.LockAccountCmd; import com.cloud.api.commands.LockUserCmd; @@ -6861,10 +6862,56 @@ public class ManagementServerImpl implements ManagementServer { } @Override - public List listTemplatePermissions(long templateId) { - List accountNames = new ArrayList(); - - List permissions = _launchPermissionDao.findByTemplate(templateId); + public List listTemplatePermissions(ListTemplateOrIsoPermissionsCmd cmd) throws InvalidParameterValueException, PermissionDeniedException { + Account account = (Account)UserContext.current().getAccountObject(); + Long domainId = cmd.getDomainId(); + String acctName = cmd.getAccountName(); + Long id = cmd.getId(); + Long accountId = null; + + if ((account == null) || account.getType() == Account.ACCOUNT_TYPE_ADMIN) { + // validate domainId before proceeding + if (domainId != null) { + if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), domainId)) { + throw new PermissionDeniedException("Invalid domain id (" + domainId + ") given, unable to list " + cmd.getMediaType() + " permissions."); + } + if (acctName != null) { + Account userAccount = _accountDao.findActiveAccount(acctName, domainId); + if (userAccount != null) { + accountId = userAccount.getId(); + } else { + throw new PermissionDeniedException("Unable to find account " + acctName + " in domain " + domainId); + } + } + } + } else { + accountId = account.getId(); + } + + VMTemplateVO template = _templateDao.findById(id.longValue()); + if (template == null || !templateIsCorrectType(template)) { + throw new InvalidParameterValueException("unable to find " + cmd.getMediaType() + " with id " + id); + } + + if (accountId != null && !template.isPublicTemplate()) { + if (account.getType() == Account.ACCOUNT_TYPE_NORMAL && template.getAccountId() != accountId) { + throw new PermissionDeniedException("unable to list permissions for " + cmd.getMediaType() + " with id " + id); + } else if (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) { + DomainVO accountDomain = _domainDao.findById(account.getDomainId()); + Account templateAccount = _accountDao.findById(template.getAccountId()); + DomainVO templateDomain = _domainDao.findById(templateAccount.getDomainId()); + if (!templateDomain.getPath().contains(accountDomain.getPath())) { + throw new PermissionDeniedException("unable to list permissions for " + cmd.getMediaType() + " with id " + id); + } + } + } + + if (id == Long.valueOf(1)) { + throw new PermissionDeniedException("unable to list permissions for " + cmd.getMediaType() + " with id " + id); + } + + List accountNames = new ArrayList(); + List permissions = _launchPermissionDao.findByTemplate(id); if ((permissions != null) && !permissions.isEmpty()) { for (LaunchPermissionVO permission : permissions) { Account acct = _accountDao.findById(permission.getAccountId());