etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated db schema based on latest FS. Still need to fix old code in 

AclServiceImpl, RoleBasedEntityAccessChecker and QueryManagerImpl to
make all build.
This commit is contained in:
Min Chen 2013-12-04 18:44:30 -08:00
parent cf69731a52
commit c3f480e9b9
19 changed files with 109 additions and 1001 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

133
engine/schema/src/org/apache/cloudstack/acl/AclEntityPermissionVO.java
View File

@ -1,133 +0,0 @@
package org.apache.cloudstack.acl;
import java.util.Date;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.EnumType;
import javax.persistence.Enumerated;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import com.cloud.utils.db.GenericDao;
@Entity
@Table(name = ("acl_entity_permission"))
public class AclEntityPermissionVO implements AclEntityPermission {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
private long id;
@Column(name = "group_id")
private long aclGroupId;
@Column(name = "entity_type")
private String entityType;
@Column(name = "entity_id")
private long entityId;
@Column(name = "entity_uuid")
private String entityUuid;
@Column(name = "access_type")
@Enumerated(value = EnumType.STRING)
AccessType accessType;
@Column(name = "permission")
private boolean allowed;
@Column(name = GenericDao.REMOVED_COLUMN)
private Date removed;
@Column(name = GenericDao.CREATED_COLUMN)
private Date created;
public AclEntityPermissionVO() {
}
public AclEntityPermissionVO(long groupId, String entityType, long entityId, String entityUuid, AccessType atype,
boolean permission) {
aclGroupId = groupId;
this.entityType = entityType;
this.entityId = entityId;
this.entityUuid = entityUuid;
accessType = atype;
allowed = permission;
}
@Override
public long getId() {
return id;
}
@Override
public Long getAclGroupId() {
return aclGroupId;
}
@Override
public String getEntityType() {
return entityType;
}
@Override
public Long getEntityId() {
return entityId;
}
public String getEntityUuid() {
return entityUuid;
}
@Override
public AccessType getAccessType() {
return accessType;
}
public void setAclGroupId(long aclGroupId) {
this.aclGroupId = aclGroupId;
}
public void setEntityType(String entityType) {
this.entityType = entityType;
}
public void setEntityId(long entityId) {
this.entityId = entityId;
}
public void setEntityUuid(String entityUuid) {
this.entityUuid = entityUuid;
}
public void setAccessType(AccessType accessType) {
this.accessType = accessType;
}
public Date getRemoved() {
return removed;
}
public Date getCreated() {
return created;
}
@Override
public boolean isAllowed() {
return allowed;
}
public void setAllowed(boolean allowed) {
this.allowed = allowed;
}
}

81
engine/schema/src/org/apache/cloudstack/acl/AclGroupRoleMapVO.java
View File

@ -1,81 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.acl;
import java.util.Date;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
import org.apache.cloudstack.api.InternalIdentity;
import com.cloud.utils.db.GenericDao;
@Entity
@Table(name = ("acl_group_role_map"))
public class AclGroupRoleMapVO implements InternalIdentity {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
private Long id;
@Column(name = "group_id")
private long aclGroupId;
@Column(name = "role_id")
private long aclRoleId;
@Column(name = GenericDao.REMOVED_COLUMN)
private Date removed;
@Column(name = GenericDao.CREATED_COLUMN)
private Date created;
public AclGroupRoleMapVO() {
}
public AclGroupRoleMapVO(long aclGroupId, long aclRoleId) {
this.aclGroupId = aclGroupId;
this.aclRoleId = aclRoleId;
}
@Override
public long getId() {
return id;
}
public long getAclGroupId() {
return aclGroupId;
}
public long getAclRoleId() {
return aclRoleId;
}
public Date getRemoved() {
return removed;
}
public Date getCreated() {
return created;
}
}

81
engine/schema/src/org/apache/cloudstack/acl/AclPolicyPermissionMapVO.java
View File

@ -1,81 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.acl;
import java.util.Date;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
import org.apache.cloudstack.api.InternalIdentity;
import com.cloud.utils.db.GenericDao;
@Entity
@Table(name = ("acl_policy_permission_map"))
public class AclPolicyPermissionMapVO implements InternalIdentity {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
private Long id;
@Column(name = "policy_id")
private long aclPolicyId;
@Column(name = "permission_id")
private long aclPermissionId;
@Column(name = GenericDao.REMOVED_COLUMN)
private Date removed;
@Column(name = GenericDao.CREATED_COLUMN)
private Date created;
public AclPolicyPermissionMapVO() {
}
public AclPolicyPermissionMapVO(long aclPolicyId, long aclPermissionId) {
this.aclPolicyId = aclPolicyId;
this.aclPermissionId = aclPermissionId;
}
@Override
public long getId() {
return id;
}
public long getAclPolicyId() {
return aclPolicyId;
}
public long getAclPermissionId() {
return aclPermissionId;
}
public Date getRemoved() {
return removed;
}
public Date getCreated() {
return created;
}
}

118
engine/schema/src/org/apache/cloudstack/acl/AclRolePermissionVO.java
View File

@ -1,118 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.acl;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.EnumType;
import javax.persistence.Enumerated;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
@Entity
@Table(name = ("acl_role_permission"))
public class AclRolePermissionVO implements AclRolePermission {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
private long id;
@Column(name = "role_id")
private long aclRoleId;
@Column(name = "entity_type")
private String entityType;
@Column(name = "access_type")
@Enumerated(value = EnumType.STRING)
AccessType accessType;
@Column(name = "scope")
@Enumerated(value = EnumType.STRING)
PermissionScope scope;
@Column(name = "permission")
private boolean allowed;
public AclRolePermissionVO() {
}
public AclRolePermissionVO(long roleId, String entityType, AccessType atype) {
aclRoleId = roleId;
this.entityType = entityType;
accessType = atype;
}
@Override
public long getId() {
return id;
}
@Override
public Long getAclRoleId() {
return aclRoleId;
}
@Override
public String getEntityType() {
return entityType;
}
@Override
public AccessType getAccessType() {
return accessType;
}
public void setAclRoleId(long aclRoleId) {
this.aclRoleId = aclRoleId;
}
public void setEntityType(String entityType) {
this.entityType = entityType;
}
public void setAccessType(AccessType accessType) {
this.accessType = accessType;
}
@Override
public PermissionScope getScope() {
return scope;
}
public void setScope(PermissionScope scope) {
this.scope = scope;
}
@Override
public boolean isAllowed() {
return allowed;
}
public void setAllowed(boolean allowed) {
this.allowed = allowed;
}
}

124
engine/schema/src/org/apache/cloudstack/acl/AclRoleVO.java
View File

@ -1,124 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.acl;
import java.util.Date;
import java.util.UUID;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.EnumType;
import javax.persistence.Enumerated;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
import com.cloud.utils.db.GenericDao;
@Entity
@Table(name = ("acl_role"))
public class AclRoleVO implements AclRole {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id")
private long id;
@Column(name = "name")
private String name;
@Column(name = "description")
private String description;
@Column(name = "uuid")
private String uuid;
@Column(name = "domain_id")
private long domainId;
@Column(name = GenericDao.REMOVED_COLUMN)
private Date removed;
@Column(name = GenericDao.CREATED_COLUMN)
private Date created;
@Column(name = "role_type")
@Enumerated(value = EnumType.STRING)
private AclRole.RoleType roleType;
public AclRoleVO() {
uuid = UUID.randomUUID().toString();
}
public AclRoleVO(String name, String description) {
this.name = name;
this.description = description;
uuid = UUID.randomUUID().toString();
this.roleType = AclRole.RoleType.Static;
}
@Override
public long getId() {
return id;
}
@Override
public String getName() {
return name;
}
@Override
public String getDescription() {
return description;
}
@Override
public String getUuid() {
return uuid;
}
public void setUuid(String uuid) {
this.uuid = uuid;
}
public Date getRemoved() {
return removed;
}
public Date getCreated() {
return created;
}
@Override
public long getDomainId() {
return domainId;
}
public void setDomainId(long domainId) {
this.domainId = domainId;
}
public RoleType getRoleType() {
return roleType;
}
public void setRoleType(RoleType roleType) {
this.roleType = roleType;
}
}

32
engine/schema/src/org/apache/cloudstack/acl/dao/AclEntityPermissionDao.java
View File

@ -1,32 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.acl.dao;
import java.util.List;
import org.apache.cloudstack.acl.AclEntityPermissionVO;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import com.cloud.utils.db.GenericDao;
public interface AclEntityPermissionDao extends GenericDao<AclEntityPermissionVO, Long> {
AclEntityPermissionVO findByGroupAndEntity(long groupId, String entityType, long entityId, AccessType accessType);
List<Long> findEntityIdByGroupAndPermission(long groupId, String entityType, AccessType accessType, boolean isAllowed);
}

85
engine/schema/src/org/apache/cloudstack/acl/dao/AclEntityPermissionDaoImpl.java
View File

@ -1,85 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.acl.dao;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.naming.ConfigurationException;
import org.springframework.stereotype.Component;
import org.apache.cloudstack.acl.AclEntityPermissionVO;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
@Component
public class AclEntityPermissionDaoImpl extends GenericDaoBase<AclEntityPermissionVO, Long> implements AclEntityPermissionDao {
private SearchBuilder<AclEntityPermissionVO> findByGroupEntity;
public AclEntityPermissionDaoImpl()
{
}
@Override
public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
super.configure(name, params);
findByGroupEntity = createSearchBuilder();
findByGroupEntity.and("groupId", findByGroupEntity.entity().getAclGroupId(), SearchCriteria.Op.EQ);
findByGroupEntity.and("entityType", findByGroupEntity.entity().getEntityType(), SearchCriteria.Op.EQ);
findByGroupEntity.and("entityId", findByGroupEntity.entity().getEntityId(), SearchCriteria.Op.EQ);
findByGroupEntity.and("accessType", findByGroupEntity.entity().getAccessType(), SearchCriteria.Op.EQ);
findByGroupEntity.and("allowed", findByGroupEntity.entity().isAllowed(), SearchCriteria.Op.EQ);
findByGroupEntity.done();
return true;
}
@Override
public AclEntityPermissionVO findByGroupAndEntity(long groupId, String entityType, long entityId, AccessType accessType) {
SearchCriteria<AclEntityPermissionVO> sc = findByGroupEntity.create();
sc.setParameters("groupId", groupId);
sc.setParameters("entityType", entityType);
sc.setParameters("entityId", entityId);
sc.setParameters("accessType", accessType);
return findOneBy(sc);
}
@Override
public List<Long> findEntityIdByGroupAndPermission(long groupId, String entityType, AccessType accessType, boolean isAllowed) {
List<Long> idList = new ArrayList<Long>();
SearchCriteria<AclEntityPermissionVO> sc = findByGroupEntity.create();
sc.setParameters("groupId", groupId);
sc.setParameters("entityType", entityType);
sc.setParameters("allowed", isAllowed);
sc.setParameters("accessType", accessType);
List<AclEntityPermissionVO> permList = listBy(sc);
if (permList != null) {
for (AclEntityPermissionVO perm : permList) {
idList.add(perm.getEntityId());
}
}
return idList;
}
}

17
engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupPolicyMapDao.java Normal file
View File

@ -0,0 +1,17 @@
package org.apache.cloudstack.acl.dao;
import java.util.List;
import org.apache.cloudstack.acl.AclGroupPolicyMapVO;
import com.cloud.utils.db.GenericDao;
public interface AclGroupPolicyMapDao extends GenericDao<AclGroupPolicyMapVO, Long> {
List<AclGroupPolicyMapVO> listByGroupId(long groupId);
List<AclGroupPolicyMapVO> listByPolicyId(long policyId);
AclGroupPolicyMapVO findByGroupAndPolicy(long groupId, long policyId);
}

61
engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupPolicyMapDaoImpl.java Normal file
View File

@ -0,0 +1,61 @@
package org.apache.cloudstack.acl.dao;
import java.util.List;
import java.util.Map;
import javax.naming.ConfigurationException;
import org.apache.cloudstack.acl.AclGroupPolicyMapVO;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
public class AclGroupPolicyMapDaoImpl extends GenericDaoBase<AclGroupPolicyMapVO, Long> implements AclGroupPolicyMapDao {
private SearchBuilder<AclGroupPolicyMapVO> ListByGroupId;
private SearchBuilder<AclGroupPolicyMapVO> ListByPolicyId;
private SearchBuilder<AclGroupPolicyMapVO> findByPolicyGroupId;
@Override
public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
super.configure(name, params);
ListByGroupId = createSearchBuilder();
ListByGroupId.and("groupId", ListByGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ);
ListByGroupId.done();
ListByPolicyId = createSearchBuilder();
ListByPolicyId.and("policyId", ListByPolicyId.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
ListByPolicyId.done();
findByPolicyGroupId = createSearchBuilder();
findByPolicyGroupId.and("policyId", findByPolicyGroupId.entity().getAclPolicyId(), SearchCriteria.Op.EQ);
findByPolicyGroupId.and("groupId", findByPolicyGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ);
findByPolicyGroupId.done();
return true;
}
@Override
public List<AclGroupPolicyMapVO> listByGroupId(long groupId) {
SearchCriteria<AclGroupPolicyMapVO> sc = ListByGroupId.create();
sc.setParameters("groupId", groupId);
return listBy(sc);
}
@Override
public List<AclGroupPolicyMapVO> listByPolicyId(long policyId) {
SearchCriteria<AclGroupPolicyMapVO> sc = ListByPolicyId.create();
sc.setParameters("policyId", policyId);
return listBy(sc);
}
@Override
public AclGroupPolicyMapVO findByGroupAndPolicy(long groupId, long policyId) {
SearchCriteria<AclGroupPolicyMapVO> sc = findByPolicyGroupId.create();
sc.setParameters("policyId", policyId);
sc.setParameters("groupId", groupId);
return findOneBy(sc);
}
}

33
engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupRoleMapDao.java
View File

@ -1,33 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.acl.dao;
import java.util.List;
import org.apache.cloudstack.acl.AclGroupRoleMapVO;
import com.cloud.utils.db.GenericDao;
public interface AclGroupRoleMapDao extends GenericDao<AclGroupRoleMapVO, Long> {
List<AclGroupRoleMapVO> listByGroupId(long groupId);
List<AclGroupRoleMapVO> listByRoleId(long roleId);
AclGroupRoleMapVO findByGroupAndRole(long groupId, long roleId);
}

80
engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupRoleMapDaoImpl.java
View File

@ -1,80 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.acl.dao;
import java.util.List;
import java.util.Map;
import javax.naming.ConfigurationException;
import org.springframework.stereotype.Component;
import org.apache.cloudstack.acl.AclGroupRoleMapVO;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
@Component
public class AclGroupRoleMapDaoImpl extends GenericDaoBase<AclGroupRoleMapVO, Long> implements AclGroupRoleMapDao {
private SearchBuilder<AclGroupRoleMapVO> ListByGroupId;
private SearchBuilder<AclGroupRoleMapVO> ListByRoleId;
private SearchBuilder<AclGroupRoleMapVO> findByRoleGroupId;
@Override
public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
super.configure(name, params);
ListByGroupId = createSearchBuilder();
ListByGroupId.and("groupId", ListByGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ);
ListByGroupId.done();
ListByRoleId = createSearchBuilder();
ListByRoleId.and("roleId", ListByRoleId.entity().getAclRoleId(), SearchCriteria.Op.EQ);
ListByRoleId.done();
findByRoleGroupId = createSearchBuilder();
findByRoleGroupId.and("roleId", findByRoleGroupId.entity().getAclRoleId(), SearchCriteria.Op.EQ);
findByRoleGroupId.and("groupId", findByRoleGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ);
findByRoleGroupId.done();
return true;
}
@Override
public List<AclGroupRoleMapVO> listByGroupId(long groupId) {
SearchCriteria<AclGroupRoleMapVO> sc = ListByGroupId.create();
sc.setParameters("groupId", groupId);
return listBy(sc);
}
@Override
public List<AclGroupRoleMapVO> listByRoleId(long roleId) {
SearchCriteria<AclGroupRoleMapVO> sc = ListByRoleId.create();
sc.setParameters("roleId", roleId);
return listBy(sc);
}
@Override
public AclGroupRoleMapVO findByGroupAndRole(long groupId, long roleId) {
SearchCriteria<AclGroupRoleMapVO> sc = findByRoleGroupId.create();
sc.setParameters("roleId", roleId);
sc.setParameters("groupId", groupId);
return findOneBy(sc);
}
}

8
engine/schema/src/org/apache/cloudstack/acl/dao/AclRoleDao.java → engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyDao.java
View File

@ -16,13 +16,13 @@
// under the License.
package org.apache.cloudstack.acl.dao;
import org.apache.cloudstack.acl.AclRole;
import org.apache.cloudstack.acl.AclRoleVO;
import org.apache.cloudstack.acl.AclPolicy;
import org.apache.cloudstack.acl.AclPolicyVO;
import com.cloud.utils.db.GenericDao;
public interface AclRoleDao extends GenericDao<AclRoleVO, Long> {
public interface AclPolicyDao extends GenericDao<AclPolicyVO, Long> {
AclRole findByName(Long domainId, String roleName);
AclPolicy findByName(Long domainId, String policyName);
}

12
engine/schema/src/org/apache/cloudstack/acl/dao/AclRoleDaoImpl.java → engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyDaoImpl.java
View File

@ -22,16 +22,16 @@ import javax.naming.ConfigurationException;
import org.springframework.stereotype.Component;
import org.apache.cloudstack.acl.AclRole;
import org.apache.cloudstack.acl.AclRoleVO;
import org.apache.cloudstack.acl.AclPolicy;
import org.apache.cloudstack.acl.AclPolicyVO;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
@Component
public class AclRoleDaoImpl extends GenericDaoBase<AclRoleVO, Long> implements AclRoleDao {
private SearchBuilder<AclRoleVO> nameSearch;
public class AclPolicyDaoImpl extends GenericDaoBase<AclPolicyVO, Long> implements AclPolicyDao {
private SearchBuilder<AclPolicyVO> nameSearch;
@Override
public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
@ -47,8 +47,8 @@ public class AclRoleDaoImpl extends GenericDaoBase<AclRoleVO, Long> implements A
}
@Override
public AclRole findByName(Long domainId, String name) {
SearchCriteria<AclRoleVO> sc = nameSearch.create();
public AclPolicy findByName(Long domainId, String name) {
SearchCriteria<AclPolicyVO> sc = nameSearch.create();
sc.setParameters("name", name);
if (domainId != null) {
sc.setParameters("domainId", domainId);

25
engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionMapDao.java
View File

@ -1,25 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.acl.dao;
import org.apache.cloudstack.acl.AclPolicyPermissionMapVO;
import com.cloud.utils.db.GenericDao;
public interface AclPolicyPermissionMapDao extends GenericDao<AclPolicyPermissionMapVO, Long> {
}

43
engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionMapDaoImpl.java
View File

@ -1,43 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.acl.dao;
import java.util.Map;
import javax.naming.ConfigurationException;
import org.apache.cloudstack.acl.AclPolicyPermissionMapVO;
import com.cloud.utils.db.GenericDaoBase;
public class AclPolicyPermissionMapDaoImpl extends GenericDaoBase<AclPolicyPermissionMapVO, Long> implements
AclPolicyPermissionMapDao {
public AclPolicyPermissionMapDaoImpl()
{
}
@Override
public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
super.configure(name, params);
return true;
}
}

36
engine/schema/src/org/apache/cloudstack/acl/dao/AclRolePermissionDao.java
View File

@ -1,36 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.acl.dao;
import java.util.List;
import org.apache.cloudstack.acl.AclRolePermissionVO;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import com.cloud.utils.db.GenericDao;
public interface AclRolePermissionDao extends GenericDao<AclRolePermissionVO, Long> {
AclRolePermissionVO findByRoleEntityAndPermission(long roleId, String entityType, AccessType accessType, boolean isAllowed);
AclRolePermissionVO findByRoleAndEntity(long roleId, String entityType, AccessType accessType);
List<AclRolePermissionVO> listByRoleAndEntity(long roleId, String entityType, AccessType accessType);
List<AclRolePermissionVO> listByRole(long roleId);
}

96
engine/schema/src/org/apache/cloudstack/acl/dao/AclRolePermissionDaoImpl.java
View File

@ -1,96 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.acl.dao;
import java.util.List;
import java.util.Map;
import javax.naming.ConfigurationException;
import org.springframework.stereotype.Component;
import org.apache.cloudstack.acl.AclRolePermissionVO;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
@Component
public class AclRolePermissionDaoImpl extends GenericDaoBase<AclRolePermissionVO, Long> implements AclRolePermissionDao {
private SearchBuilder<AclRolePermissionVO> findByRoleEntity;
public AclRolePermissionDaoImpl()
{
}
@Override
public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
super.configure(name, params);
findByRoleEntity = createSearchBuilder();
findByRoleEntity.and("roleId", findByRoleEntity.entity().getAclRoleId(), SearchCriteria.Op.EQ);
findByRoleEntity.and().op("entityType", findByRoleEntity.entity().getEntityType(), SearchCriteria.Op.EQ);
findByRoleEntity.or("entityTypeStar", findByRoleEntity.entity().getEntityType(), SearchCriteria.Op.EQ);
findByRoleEntity.cp();
findByRoleEntity.and("accessType", findByRoleEntity.entity().getAccessType(), SearchCriteria.Op.EQ);
findByRoleEntity.and("allowed", findByRoleEntity.entity().isAllowed(), SearchCriteria.Op.EQ);
findByRoleEntity.done();
return true;
}
@Override
public AclRolePermissionVO findByRoleEntityAndPermission(long roleId, String entityType, AccessType accessType, boolean isAllowed) {
SearchCriteria<AclRolePermissionVO> sc = findByRoleEntity.create();
sc.setParameters("roleId", roleId);
sc.setParameters("entityType", entityType);
sc.setParameters("accessType", accessType);
sc.setParameters("entityTypeStar", "*");
sc.setParameters("allowed", isAllowed);
return findOneBy(sc);
}
@Override
public AclRolePermissionVO findByRoleAndEntity(long roleId, String entityType, AccessType accessType) {
SearchCriteria<AclRolePermissionVO> sc = findByRoleEntity.create();
sc.setParameters("roleId", roleId);
sc.setParameters("entityType", entityType);
sc.setParameters("accessType", accessType);
sc.setParameters("entityTypeStar", "*");
return findOneBy(sc);
}
@Override
public List<AclRolePermissionVO> listByRoleAndEntity(long roleId, String entityType, AccessType accessType) {
SearchCriteria<AclRolePermissionVO> sc = findByRoleEntity.create();
sc.setParameters("roleId", roleId);
sc.setParameters("entityType", entityType);
sc.setParameters("accessType", accessType);
sc.setParameters("entityTypeStar", "*");
return listBy(sc);
}
@Override
public List<AclRolePermissionVO> listByRole(long roleId) {
SearchCriteria<AclRolePermissionVO> sc = findByRoleEntity.create();
sc.setParameters("roleId", roleId);
return listBy(sc);
}
}

4
server/src/com/cloud/api/query/QueryManagerImpl.java
View File

@ -34,7 +34,7 @@ import org.apache.cloudstack.acl.AclRole;
import org.apache.cloudstack.acl.AclService;
import org.apache.cloudstack.acl.ControlledEntity.ACLType;
import org.apache.cloudstack.acl.dao.AclGroupDao;
import org.apache.cloudstack.acl.dao.AclRoleDao;
import org.apache.cloudstack.acl.dao.AclPolicyDao;
import org.apache.cloudstack.affinity.AffinityGroupDomainMapVO;
import org.apache.cloudstack.affinity.AffinityGroupResponse;
import org.apache.cloudstack.affinity.AffinityGroupVMMapVO;
@ -353,7 +353,7 @@ public class QueryManagerImpl extends ManagerBase implements QueryService {
AclRoleJoinDao _aclRoleJoinDao;
@Inject
AclRoleDao _aclRoleDao;
AclPolicyDao _aclRoleDao;
@Inject
AclGroupJoinDao _aclGroupJoinDao;

41
server/src/org/apache/cloudstack/acl/AclServiceImpl.java
View File

@ -29,12 +29,11 @@ import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.acl.dao.AclApiPermissionDao;
import org.apache.cloudstack.acl.dao.AclEntityPermissionDao;
import org.apache.cloudstack.acl.dao.AclGroupAccountMapDao;
import org.apache.cloudstack.acl.dao.AclGroupDao;
import org.apache.cloudstack.acl.dao.AclGroupRoleMapDao;
import org.apache.cloudstack.acl.dao.AclRoleDao;
import org.apache.cloudstack.acl.dao.AclRolePermissionDao;
import org.apache.cloudstack.acl.dao.AclGroupPolicyMapDao;
import org.apache.cloudstack.acl.dao.AclPolicyDao;
import org.apache.cloudstack.acl.dao.AclPolicyPermissionDao;
import org.apache.cloudstack.api.Identity;
import org.apache.cloudstack.context.CallContext;
@ -78,7 +77,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
AccountDao _accountDao;
@Inject
AclRoleDao _aclRoleDao;
AclPolicyDao _aclRoleDao;
@Inject
AclGroupDao _aclGroupDao;
@ -87,7 +86,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
EntityManager _entityMgr;
@Inject
AclGroupRoleMapDao _aclGroupRoleMapDao;
AclGroupPolicyMapDao _aclGroupPolicyMapDao;
@Inject
AclGroupAccountMapDao _aclGroupAccountMapDao;
@ -96,10 +95,8 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
AclApiPermissionDao _apiPermissionDao;
@Inject
AclRolePermissionDao _rolePermissionDao;
AclPolicyPermissionDao _policyPermissionDao;
@Inject
AclEntityPermissionDao _entityPermissionDao;
public static HashMap<String, Class> entityClassMap = new HashMap<String, Class>();
@ -142,11 +139,11 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
AclRole role = _aclRoleDao.persist(rvo);
if (parentRoleId != null) {
// copy parent role permissions
List<AclRolePermissionVO> perms = _rolePermissionDao.listByRole(parentRoleId);
List<AclRolePermissionVO> perms = _policyPermissionDao.listByRole(parentRoleId);
if (perms != null) {
for (AclRolePermissionVO perm : perms) {
perm.setAclRoleId(role.getId());
_rolePermissionDao.persist(perm);
_policyPermissionDao.persist(perm);
}
}
}
@ -176,10 +173,10 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
@Override
public void doInTransactionWithoutResult(TransactionStatus status) {
// remove this role related entry in acl_group_role_map
List<AclGroupRoleMapVO> groupRoleMap = _aclGroupRoleMapDao.listByRoleId(role.getId());
List<AclGroupRoleMapVO> groupRoleMap = _aclGroupPolicyMapDao.listByRoleId(role.getId());
if (groupRoleMap != null) {
for (AclGroupRoleMapVO gr : groupRoleMap) {
_aclGroupRoleMapDao.remove(gr.getId());
_aclGroupPolicyMapDao.remove(gr.getId());
}
}
@ -364,11 +361,11 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
}
_accountMgr.checkAccess(caller, null, true, role);
AclGroupRoleMapVO grMap = _aclGroupRoleMapDao.findByGroupAndRole(groupId, roleId);
AclGroupRoleMapVO grMap = _aclGroupPolicyMapDao.findByGroupAndRole(groupId, roleId);
if (grMap == null) {
// not there already
grMap = new AclGroupRoleMapVO(groupId, roleId);
_aclGroupRoleMapDao.persist(grMap);
_aclGroupPolicyMapDao.persist(grMap);
}
}
}
@ -404,10 +401,10 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
}
_accountMgr.checkAccess(caller, null, true, role);
AclGroupRoleMapVO grMap = _aclGroupRoleMapDao.findByGroupAndRole(groupId, roleId);
AclGroupRoleMapVO grMap = _aclGroupPolicyMapDao.findByGroupAndRole(groupId, roleId);
if (grMap != null) {
// not removed yet
_aclGroupRoleMapDao.remove(grMap.getId());
_aclGroupPolicyMapDao.remove(grMap.getId());
}
}
}
@ -537,10 +534,10 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
@Override
public void doInTransactionWithoutResult(TransactionStatus status) {
// remove this group related entry in acl_group_role_map
List<AclGroupRoleMapVO> groupRoleMap = _aclGroupRoleMapDao.listByGroupId(grp.getId());
List<AclGroupRoleMapVO> groupRoleMap = _aclGroupPolicyMapDao.listByGroupId(grp.getId());
if (groupRoleMap != null) {
for (AclGroupRoleMapVO gr : groupRoleMap) {
_aclGroupRoleMapDao.remove(gr.getId());
_aclGroupPolicyMapDao.remove(gr.getId());
}
}
@ -567,7 +564,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
SearchBuilder<AclGroupAccountMapVO> groupSB = _aclGroupAccountMapDao.createSearchBuilder();
groupSB.and("account", groupSB.entity().getAccountId(), Op.EQ);
GenericSearchBuilder<AclGroupRoleMapVO, Long> roleSB = _aclGroupRoleMapDao.createSearchBuilder(Long.class);
GenericSearchBuilder<AclGroupRoleMapVO, Long> roleSB = _aclGroupPolicyMapDao.createSearchBuilder(Long.class);
roleSB.selectFields(roleSB.entity().getAclRoleId());
roleSB.join("accountgroupjoin", groupSB, groupSB.entity().getAclGroupId(), roleSB.entity().getAclGroupId(),
JoinType.INNER);
@ -575,7 +572,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
SearchCriteria<Long> roleSc = roleSB.create();
roleSc.setJoinParameters("accountgroupjoin", "account", accountId);
List<Long> roleIds = _aclGroupRoleMapDao.customSearch(roleSc, null);
List<Long> roleIds = _aclGroupPolicyMapDao.customSearch(roleSc, null);
SearchBuilder<AclRoleVO> sb = _aclRoleDao.createSearchBuilder();
sb.and("ids", sb.entity().getId(), Op.IN);
@ -591,7 +588,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
List<AclRole> roles = getAclRoles(accountId);
AclRolePermission curPerm = null;
for (AclRole role : roles) {
AclRolePermission perm = _rolePermissionDao.findByRoleEntityAndPermission(role.getId(), entityType, accessType, true);
AclRolePermission perm = _policyPermissionDao.findByRoleEntityAndPermission(role.getId(), entityType, accessType, true);
if (perm == null)
continue;
if (curPerm == null) {