Fixing the management server startup

2013-12-18 14:14:55 -08:00 · 2013-12-18 14:14:55 -08:00 · ce774e184e
parent 729a79e85c
commit ce774e184e
7 changed files with 38 additions and 18 deletions
--- a/engine/schema/resources/META-INF/cloudstack/core/spring-engine-schema-core-daos-context.xml
+++ b/engine/schema/resources/META-INF/cloudstack/core/spring-engine-schema-core-daos-context.xml
@ -319,13 +319,10 @@
  <bean id="FirewallRuleDetailsDaoImpl" class="org.apache.cloudstack.resourcedetail.dao.FirewallRuleDetailsDaoImpl" />
  <bean id="AclGroupDaoImpl" class="org.apache.cloudstack.acl.dao.AclGroupDaoImpl"/>
  <bean id="AclGroupJoinDaoImpl" class="com.cloud.api.query.dao.AclGroupJoinDaoImpl"/>      
-  <bean id="AclRoleDaoImpl" class="org.apache.cloudstack.acl.dao.AclRoleDaoImpl"/>  
-  <bean id="AclRoleJoinDaoImpl" class="com.cloud.api.query.dao.AclRoleJoinDaoImpl"/>    
+  <bean id="AclPolicyDaoImpl" class="org.apache.cloudstack.acl.dao.AclPolicyDaoImpl"/>  
+  <bean id="AclPolicyJoinDaoImpl" class="com.cloud.api.query.dao.AclPolicyJoinDaoImpl"/>
  <bean id="AclGroupAccountMapDaoImpl" class="org.apache.cloudstack.acl.dao.AclGroupAccountMapDaoImpl"/>
-  <bean id="AclGroupRoleMapDaoImpl" class="org.apache.cloudstack.acl.dao.AclGroupRoleMapDaoImpl"/> 
-  <bean id="AclApiPermissionDaoImpl" class="org.apache.cloudstack.acl.dao.AclApiPermissionDaoImpl"/>
-  <bean id="AclEntityPermissionDaoImpl" class="org.apache.cloudstack.acl.dao.AclEntityPermissionDaoImpl"/>  
-  <bean id="AclRolePermissionDaoImpl" class="org.apache.cloudstack.acl.dao.AclRolePermissionDaoImpl"/>
+  <bean id="AclGroupPolicyMapDaoImpl" class="org.apache.cloudstack.acl.dao.AclGroupPolicyMapDaoImpl"/> 
  <bean id="AclPolicyPermissionDaoImpl" class="org.apache.cloudstack.acl.dao.AclPolicyPermissionDaoImpl"/>  
    
  <bean id="databaseIntegrityChecker" class="com.cloud.upgrade.DatabaseIntegrityChecker" />
--- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDao.java
+++ b/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDao.java
@ -22,6 +22,7 @@ import java.util.List;
 import org.apache.cloudstack.acl.AclPolicyPermission.Permission;
 import org.apache.cloudstack.acl.AclPolicyPermissionVO;
 import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;

 import com.cloud.utils.db.GenericDao;

@ -35,4 +36,6 @@ public interface AclPolicyPermissionDao extends GenericDao<AclPolicyPermissionVO

    List<AclPolicyPermissionVO> listByPolicyActionAndEntity(long policyId, String action, String entityType);

+    List<AclPolicyPermissionVO> listByPolicyAccessAndEntity(long id, AccessType accessType, String entityType);
+
 }
--- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDaoImpl.java
+++ b/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDaoImpl.java
@ -24,6 +24,7 @@ import javax.naming.ConfigurationException;
 import org.apache.cloudstack.acl.AclPolicyPermission.Permission;
 import org.apache.cloudstack.acl.AclPolicyPermissionVO;
 import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;

 import com.cloud.utils.db.GenericDaoBase;
 import com.cloud.utils.db.SearchBuilder;
@ -51,6 +52,7 @@ public class AclPolicyPermissionDaoImpl extends GenericDaoBase<AclPolicyPermissi
        fullSearch.and("scopeId", fullSearch.entity().getScopeId(), SearchCriteria.Op.EQ);
        fullSearch.and("action", fullSearch.entity().getAction(), SearchCriteria.Op.EQ);
        fullSearch.and("permission", fullSearch.entity().getPermission(), SearchCriteria.Op.EQ);
+        fullSearch.and("accessType", fullSearch.entity().getAccessType(), SearchCriteria.Op.EQ);
        fullSearch.done();

        actionScopeSearch = createSearchBuilder();
@ -101,4 +103,14 @@ public class AclPolicyPermissionDaoImpl extends GenericDaoBase<AclPolicyPermissi
        return listBy(sc);
    }

+    @Override
+    public List<AclPolicyPermissionVO> listByPolicyAccessAndEntity(long policyId, AccessType accessType,
+            String entityType) {
+        SearchCriteria<AclPolicyPermissionVO> sc = fullSearch.create();
+        sc.setParameters("policyId", policyId);
+        sc.setParameters("entityType", entityType);
+        sc.setParameters("accessType", accessType);
+        return listBy(sc);
+    }
+
 }
--- a/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityAccessChecker.java
+++ b/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityAccessChecker.java
@ -16,6 +16,7 @@
 // under the License.
 package org.apache.cloudstack.acl.entity;

+import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;

@ -78,8 +79,14 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
        HashMap<AclPolicy, Boolean> policyPermissionMap = new HashMap<AclPolicy, Boolean>();

        for (AclPolicy policy : policies) {
-            List<AclPolicyPermissionVO> permissions = _policyPermissionDao.listByPolicyActionAndEntity(policy.getId(),
+            List<AclPolicyPermissionVO> permissions = new ArrayList<AclPolicyPermissionVO>();
+
+            if (action != null) {
+                permissions = _policyPermissionDao.listByPolicyActionAndEntity(policy.getId(),
                    action, entityType);
+            } else {
+                permissions = _policyPermissionDao.listByPolicyAccessAndEntity(policy.getId(), accessType, entityType);
+            }
            for (AclPolicyPermissionVO permission : permissions) {
                if (checkPermissionScope(caller, permission.getScope(), entity)) {
                    if (permission.getEntityType().equals(entityType)) {
--- a/server/src/com/cloud/api/ApiServer.java
+++ b/server/src/com/cloud/api/ApiServer.java
@ -389,16 +389,17 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
                }
                _aclPermissionDao.persist(apiPermission);
            }
-        }
+        } else {

-        for (AclEntityType entityType : entityTypes) {
-            apiPermission = new AclPolicyPermissionVO(role.ordinal() + 1, apiName, entityType.toString(), null,
-                    permissionScope, new Long(-1), Permission.Allow);
-            if (apiPermission != null) {
-                if (isReadCommand) {
-                    apiPermission.setAccessType(AccessType.ListEntry);
+            for (AclEntityType entityType : entityTypes) {
+                apiPermission = new AclPolicyPermissionVO(role.ordinal() + 1, apiName, entityType.toString(), null,
+                        permissionScope, new Long(-1), Permission.Allow);
+                if (apiPermission != null) {
+                    if (isReadCommand) {
+                        apiPermission.setAccessType(AccessType.ListEntry);
+                    }
+                    _aclPermissionDao.persist(apiPermission);
                }
-                _aclPermissionDao.persist(apiPermission);
            }
        }

--- a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
+++ b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
@ -90,8 +90,8 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
    @Inject
    AclGroupAccountMapDao _aclGroupAccountMapDao;

-    @Inject
-    AclApiPermissionDao _apiPermissionDao;
+    // @Inject
+    // AclApiPermissionDao _apiPermissionDao;

    @Inject
    AclPolicyPermissionDao _policyPermissionDao;
--- a/setup/db/db/schema-421to430.sql
+++ b/setup/db/db/schema-421to430.sql
@ -360,7 +360,7 @@ CREATE TABLE `acl_policy_permission` (
  `policy_id` bigint(20) unsigned NOT NULL,
  `action` varchar(100) NOT NULL,
  `resource_type` varchar(100) DEFAULT NULL,
-  `scope_id` bigint(20) unsigned,
+  `scope_id` bigint(20) DEFAULT NULL,
  `scope` varchar(40) DEFAULT NULL,
  `access_type` varchar(40) DEFAULT NULL,
  `permission`  varchar(40) NOT NULL COMMENT 'Allow or Deny',