From ce774e184ef733b1f3519b764ff249ae6ec1b65a Mon Sep 17 00:00:00 2001
From: Prachi Damle <prachi@cloud.com>
Date: Wed, 18 Dec 2013 14:14:55 -0800
Subject: [PATCH] Fixing the management server startup

---
 .../spring-engine-schema-core-daos-context.xml  |  9 +++------
 .../acl/dao/AclPolicyPermissionDao.java         |  3 +++
 .../acl/dao/AclPolicyPermissionDaoImpl.java     | 12 ++++++++++++
 .../entity/RoleBasedEntityAccessChecker.java    |  9 ++++++++-
 server/src/com/cloud/api/ApiServer.java         | 17 +++++++++--------
 .../apache/cloudstack/acl/AclServiceImpl.java   |  4 ++--
 setup/db/db/schema-421to430.sql                 |  2 +-
 7 files changed, 38 insertions(+), 18 deletions(-)

diff --git a/engine/schema/resources/META-INF/cloudstack/core/spring-engine-schema-core-daos-context.xml b/engine/schema/resources/META-INF/cloudstack/core/spring-engine-schema-core-daos-context.xml
index 0d2dedbdb5d..2974615ff48 100644
--- a/engine/schema/resources/META-INF/cloudstack/core/spring-engine-schema-core-daos-context.xml
+++ b/engine/schema/resources/META-INF/cloudstack/core/spring-engine-schema-core-daos-context.xml
@@ -319,13 +319,10 @@
   <bean id="FirewallRuleDetailsDaoImpl" class="org.apache.cloudstack.resourcedetail.dao.FirewallRuleDetailsDaoImpl" />
   <bean id="AclGroupDaoImpl" class="org.apache.cloudstack.acl.dao.AclGroupDaoImpl"/>
   <bean id="AclGroupJoinDaoImpl" class="com.cloud.api.query.dao.AclGroupJoinDaoImpl"/>      
-  <bean id="AclRoleDaoImpl" class="org.apache.cloudstack.acl.dao.AclRoleDaoImpl"/>  
-  <bean id="AclRoleJoinDaoImpl" class="com.cloud.api.query.dao.AclRoleJoinDaoImpl"/>    
+  <bean id="AclPolicyDaoImpl" class="org.apache.cloudstack.acl.dao.AclPolicyDaoImpl"/>  
+  <bean id="AclPolicyJoinDaoImpl" class="com.cloud.api.query.dao.AclPolicyJoinDaoImpl"/>
   <bean id="AclGroupAccountMapDaoImpl" class="org.apache.cloudstack.acl.dao.AclGroupAccountMapDaoImpl"/>
-  <bean id="AclGroupRoleMapDaoImpl" class="org.apache.cloudstack.acl.dao.AclGroupRoleMapDaoImpl"/> 
-  <bean id="AclApiPermissionDaoImpl" class="org.apache.cloudstack.acl.dao.AclApiPermissionDaoImpl"/>
-  <bean id="AclEntityPermissionDaoImpl" class="org.apache.cloudstack.acl.dao.AclEntityPermissionDaoImpl"/>  
-  <bean id="AclRolePermissionDaoImpl" class="org.apache.cloudstack.acl.dao.AclRolePermissionDaoImpl"/>
+  <bean id="AclGroupPolicyMapDaoImpl" class="org.apache.cloudstack.acl.dao.AclGroupPolicyMapDaoImpl"/> 
   <bean id="AclPolicyPermissionDaoImpl" class="org.apache.cloudstack.acl.dao.AclPolicyPermissionDaoImpl"/>  
     
   <bean id="databaseIntegrityChecker" class="com.cloud.upgrade.DatabaseIntegrityChecker" />
diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDao.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDao.java
index a64abfdcbf9..e78cc852007 100644
--- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDao.java
+++ b/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDao.java
@@ -22,6 +22,7 @@ import java.util.List;
 import org.apache.cloudstack.acl.AclPolicyPermission.Permission;
 import org.apache.cloudstack.acl.AclPolicyPermissionVO;
 import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
 
 import com.cloud.utils.db.GenericDao;
 
@@ -35,4 +36,6 @@ public interface AclPolicyPermissionDao extends GenericDao<AclPolicyPermissionVO
 
     List<AclPolicyPermissionVO> listByPolicyActionAndEntity(long policyId, String action, String entityType);
 
+    List<AclPolicyPermissionVO> listByPolicyAccessAndEntity(long id, AccessType accessType, String entityType);
+
 }
diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDaoImpl.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDaoImpl.java
index fc7b0a9128f..fc19ed73bc3 100644
--- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDaoImpl.java
+++ b/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionDaoImpl.java
@@ -24,6 +24,7 @@ import javax.naming.ConfigurationException;
 import org.apache.cloudstack.acl.AclPolicyPermission.Permission;
 import org.apache.cloudstack.acl.AclPolicyPermissionVO;
 import org.apache.cloudstack.acl.PermissionScope;
+import org.apache.cloudstack.acl.SecurityChecker.AccessType;
 
 import com.cloud.utils.db.GenericDaoBase;
 import com.cloud.utils.db.SearchBuilder;
@@ -51,6 +52,7 @@ public class AclPolicyPermissionDaoImpl extends GenericDaoBase<AclPolicyPermissi
         fullSearch.and("scopeId", fullSearch.entity().getScopeId(), SearchCriteria.Op.EQ);
         fullSearch.and("action", fullSearch.entity().getAction(), SearchCriteria.Op.EQ);
         fullSearch.and("permission", fullSearch.entity().getPermission(), SearchCriteria.Op.EQ);
+        fullSearch.and("accessType", fullSearch.entity().getAccessType(), SearchCriteria.Op.EQ);
         fullSearch.done();
 
         actionScopeSearch = createSearchBuilder();
@@ -101,4 +103,14 @@ public class AclPolicyPermissionDaoImpl extends GenericDaoBase<AclPolicyPermissi
         return listBy(sc);
     }
 
+    @Override
+    public List<AclPolicyPermissionVO> listByPolicyAccessAndEntity(long policyId, AccessType accessType,
+            String entityType) {
+        SearchCriteria<AclPolicyPermissionVO> sc = fullSearch.create();
+        sc.setParameters("policyId", policyId);
+        sc.setParameters("entityType", entityType);
+        sc.setParameters("accessType", accessType);
+        return listBy(sc);
+    }
+
 }
diff --git a/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityAccessChecker.java b/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityAccessChecker.java
index 129c0019b6e..c057bc02a91 100644
--- a/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityAccessChecker.java
+++ b/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityAccessChecker.java
@@ -16,6 +16,7 @@
 // under the License.
 package org.apache.cloudstack.acl.entity;
 
+import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 
@@ -78,8 +79,14 @@ public class RoleBasedEntityAccessChecker extends DomainChecker implements Secur
         HashMap<AclPolicy, Boolean> policyPermissionMap = new HashMap<AclPolicy, Boolean>();
 
         for (AclPolicy policy : policies) {
-            List<AclPolicyPermissionVO> permissions = _policyPermissionDao.listByPolicyActionAndEntity(policy.getId(),
+            List<AclPolicyPermissionVO> permissions = new ArrayList<AclPolicyPermissionVO>();
+
+            if (action != null) {
+                permissions = _policyPermissionDao.listByPolicyActionAndEntity(policy.getId(),
                     action, entityType);
+            } else {
+                permissions = _policyPermissionDao.listByPolicyAccessAndEntity(policy.getId(), accessType, entityType);
+            }
             for (AclPolicyPermissionVO permission : permissions) {
                 if (checkPermissionScope(caller, permission.getScope(), entity)) {
                     if (permission.getEntityType().equals(entityType)) {
diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java
index 882a5b1fe12..95e13a580fd 100755
--- a/server/src/com/cloud/api/ApiServer.java
+++ b/server/src/com/cloud/api/ApiServer.java
@@ -389,16 +389,17 @@ public class ApiServer extends ManagerBase implements HttpRequestHandler, ApiSer
                 }
                 _aclPermissionDao.persist(apiPermission);
             }
-        }
+        } else {
 
-        for (AclEntityType entityType : entityTypes) {
-            apiPermission = new AclPolicyPermissionVO(role.ordinal() + 1, apiName, entityType.toString(), null,
-                    permissionScope, new Long(-1), Permission.Allow);
-            if (apiPermission != null) {
-                if (isReadCommand) {
-                    apiPermission.setAccessType(AccessType.ListEntry);
+            for (AclEntityType entityType : entityTypes) {
+                apiPermission = new AclPolicyPermissionVO(role.ordinal() + 1, apiName, entityType.toString(), null,
+                        permissionScope, new Long(-1), Permission.Allow);
+                if (apiPermission != null) {
+                    if (isReadCommand) {
+                        apiPermission.setAccessType(AccessType.ListEntry);
+                    }
+                    _aclPermissionDao.persist(apiPermission);
                 }
-                _aclPermissionDao.persist(apiPermission);
             }
         }
 
diff --git a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
index f8ea1e6518d..3581ef07303 100644
--- a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
+++ b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
@@ -90,8 +90,8 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
     @Inject
     AclGroupAccountMapDao _aclGroupAccountMapDao;
 
-    @Inject
-    AclApiPermissionDao _apiPermissionDao;
+    // @Inject
+    // AclApiPermissionDao _apiPermissionDao;
 
     @Inject
     AclPolicyPermissionDao _policyPermissionDao;
diff --git a/setup/db/db/schema-421to430.sql b/setup/db/db/schema-421to430.sql
index ef0745817de..53e52b26def 100644
--- a/setup/db/db/schema-421to430.sql
+++ b/setup/db/db/schema-421to430.sql
@@ -360,7 +360,7 @@ CREATE TABLE `acl_policy_permission` (
   `policy_id` bigint(20) unsigned NOT NULL,
   `action` varchar(100) NOT NULL,
   `resource_type` varchar(100) DEFAULT NULL,
-  `scope_id` bigint(20) unsigned,
+  `scope_id` bigint(20) DEFAULT NULL,
   `scope` varchar(40) DEFAULT NULL,
   `access_type` varchar(40) DEFAULT NULL,
   `permission`  varchar(40) NOT NULL COMMENT 'Allow or Deny',