From d9be7bb968d889710208c6532ebaf4c46930b9bf Mon Sep 17 00:00:00 2001 From: Min Chen Date: Fri, 27 Dec 2013 17:17:35 -0800 Subject: [PATCH] Move ACL response class into iam plugin, also fix AclAPiService to invoke IAMService method to hide internal IAM schema. --- .../acl/RoleBasedAPIAccessChecker.java | 8 +- .../acl/RoleBasedEntityAccessChecker.java | 11 +- .../cloudstack/acl/api/AclApiService.java | 20 +- .../cloudstack/acl/api/AclApiServiceImpl.java | 521 +++--------------- .../api/command/AddAccountToAclGroupCmd.java | 14 +- .../AddAclPermissionToAclPolicyCmd.java | 16 +- .../command/AttachAclPolicyToAclGroupCmd.java | 16 +- .../acl/api/command/CreateAclGroupCmd.java | 14 +- .../acl/api/command/CreateAclPolicyCmd.java | 14 +- .../acl/api/command/DeleteAclGroupCmd.java | 10 +- .../acl/api/command/DeleteAclPolicyCmd.java | 10 +- .../acl/api/command/ListAclGroupsCmd.java | 10 +- .../acl/api/command/ListAclPoliciesCmd.java | 10 +- .../command/RemoveAccountFromAclGroupCmd.java | 14 +- .../RemoveAclPermissionFromAclPolicyCmd.java | 14 +- .../RemoveAclPolicyFromAclGroupCmd.java | 16 +- .../acl/api/response/AclGroupResponse.java | 169 ++++++ .../api/response/AclPermissionResponse.java | 125 +++++ .../acl/api/response/AclPolicyResponse.java | 157 ++++++ .../apache/cloudstack/iam/api/IAMService.java | 4 + .../cloudstack/iam/server/IAMServiceImpl.java | 13 + 21 files changed, 673 insertions(+), 513 deletions(-) create mode 100644 services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclGroupResponse.java create mode 100644 services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclPermissionResponse.java create mode 100644 services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclPolicyResponse.java diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java index 3e901744e8b..f133f370a05 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java +++ b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedAPIAccessChecker.java @@ -21,13 +21,11 @@ import java.util.List; import javax.ejb.Local; import javax.inject.Inject; -import org.apache.cloudstack.acl.APIChecker; -import org.apache.cloudstack.acl.AclPolicy; -import org.apache.cloudstack.acl.AclRole; -import org.apache.cloudstack.acl.api.AclApiService; - import org.apache.log4j.Logger; +import org.apache.cloudstack.acl.api.AclApiService; +import org.apache.cloudstack.iam.api.AclPolicy; + import com.cloud.exception.PermissionDeniedException; import com.cloud.user.Account; import com.cloud.user.AccountService; diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java index 6b9433be25a..fa746044ff4 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java +++ b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityAccessChecker.java @@ -22,23 +22,18 @@ import java.util.List; import javax.inject.Inject; -import org.apache.cloudstack.acl.AclPolicy; -import org.apache.cloudstack.acl.AclPolicyPermissionVO; -import org.apache.cloudstack.acl.ControlledEntity; -import org.apache.cloudstack.acl.AclEntityType; -import org.apache.cloudstack.acl.PermissionScope; -import org.apache.cloudstack.acl.SecurityChecker; +import org.apache.log4j.Logger; + import org.apache.cloudstack.acl.api.AclApiService; import org.apache.cloudstack.acl.dao.AclGroupAccountMapDao; import org.apache.cloudstack.acl.dao.AclPolicyPermissionDao; -import org.apache.log4j.Logger; +import org.apache.cloudstack.iam.api.AclPolicy; import com.cloud.acl.DomainChecker; import com.cloud.domain.dao.DomainDao; import com.cloud.exception.PermissionDeniedException; import com.cloud.user.Account; import com.cloud.user.AccountService; -import com.cloud.vm.VirtualMachine; public class RoleBasedEntityAccessChecker extends DomainChecker implements SecurityChecker { diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java index d02dd535fdd..344e59c2e46 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java +++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java @@ -18,12 +18,15 @@ package org.apache.cloudstack.acl.api; import java.util.List; -import org.apache.cloudstack.acl.AclGroup; -import org.apache.cloudstack.acl.AclPolicy; -import org.apache.cloudstack.acl.AclPolicyPermission; import org.apache.cloudstack.acl.ControlledEntity; import org.apache.cloudstack.acl.PermissionScope; -import org.apache.cloudstack.acl.AclPolicyPermission.Permission; +import org.apache.cloudstack.acl.api.response.AclGroupResponse; +import org.apache.cloudstack.acl.api.response.AclPolicyResponse; +import org.apache.cloudstack.api.response.ListResponse; +import org.apache.cloudstack.iam.api.AclGroup; +import org.apache.cloudstack.iam.api.AclPolicy; +import org.apache.cloudstack.iam.api.AclPolicyPermission; +import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission; import com.cloud.user.Account; @@ -61,5 +64,14 @@ public interface AclApiService { List getEffectivePolicies(Account caller, ControlledEntity entity); + /* Response Generation */ + AclPolicyResponse createAclPolicyResponse(AclPolicy policy); + AclGroupResponse createAclGroupResponse(AclGroup group); + + ListResponse listAclGroups(Long aclGroupId, String aclGroupName, + Long domainId, Long startIndex, Long pageSize); + + ListResponse listAclPolicies(Long aclPolicyId, String aclPolicyName, + Long domainId, Long startIndex, Long pageSize); } diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java index 468e087db05..5e7d10ec5c8 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java +++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java @@ -16,7 +16,6 @@ // under the License. package org.apache.cloudstack.acl.api; -import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -25,53 +24,33 @@ import javax.inject.Inject; import org.apache.log4j.Logger; -import org.apache.cloudstack.acl.AclGroup; -import org.apache.cloudstack.acl.AclGroupAccountMapVO; -import org.apache.cloudstack.acl.AclGroupPolicyMapVO; -import org.apache.cloudstack.acl.AclGroupVO; -import org.apache.cloudstack.acl.AclPolicy; -import org.apache.cloudstack.acl.AclPolicyPermission; -import org.apache.cloudstack.acl.AclPolicyPermissionVO; -import org.apache.cloudstack.acl.AclPolicyVO; import org.apache.cloudstack.acl.ControlledEntity; import org.apache.cloudstack.acl.PermissionScope; -import org.apache.cloudstack.acl.SecurityChecker; -import org.apache.cloudstack.acl.AclPolicyPermission.Permission; import org.apache.cloudstack.acl.SecurityChecker.AccessType; -import org.apache.cloudstack.acl.dao.AclGroupAccountMapDao; -import org.apache.cloudstack.acl.dao.AclGroupDao; -import org.apache.cloudstack.acl.dao.AclGroupPolicyMapDao; -import org.apache.cloudstack.acl.dao.AclPolicyDao; -import org.apache.cloudstack.acl.dao.AclPolicyPermissionDao; +import org.apache.cloudstack.acl.api.response.AclGroupResponse; +import org.apache.cloudstack.acl.api.response.AclPolicyResponse; import org.apache.cloudstack.api.BaseListCmd; -import org.apache.cloudstack.context.CallContext; +import org.apache.cloudstack.api.response.ListResponse; +import org.apache.cloudstack.iam.api.AclGroup; +import org.apache.cloudstack.iam.api.AclPolicy; +import org.apache.cloudstack.iam.api.AclPolicyPermission; +import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission; +import org.apache.cloudstack.iam.api.IAMService; import com.cloud.api.ApiServerService; import com.cloud.domain.Domain; +import com.cloud.domain.dao.DomainDao; import com.cloud.event.ActionEvent; import com.cloud.event.EventTypes; import com.cloud.exception.InvalidParameterValueException; -import com.cloud.exception.PermissionDeniedException; import com.cloud.storage.Snapshot; import com.cloud.storage.Volume; import com.cloud.template.VirtualMachineTemplate; import com.cloud.user.Account; -import com.cloud.user.AccountManager; -import com.cloud.user.dao.AccountDao; import com.cloud.uservm.UserVm; import com.cloud.utils.component.Manager; import com.cloud.utils.component.ManagerBase; import com.cloud.utils.db.DB; -import com.cloud.utils.db.EntityManager; -import com.cloud.utils.db.GenericSearchBuilder; -import com.cloud.utils.db.JoinBuilder.JoinType; -import com.cloud.utils.db.SearchBuilder; -import com.cloud.utils.db.SearchCriteria; -import com.cloud.utils.db.SearchCriteria.Op; -import com.cloud.utils.db.Transaction; -import com.cloud.utils.db.TransactionCallback; -import com.cloud.utils.db.TransactionCallbackNoReturn; -import com.cloud.utils.db.TransactionStatus; @Local(value = {AclApiService.class}) public class AclApiServiceImpl extends ManagerBase implements AclApiService, Manager { @@ -79,36 +58,15 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man public static final Logger s_logger = Logger.getLogger(AclApiServiceImpl.class); private String _name; - @Inject - AccountManager _accountMgr; - - @Inject - AccountDao _accountDao; - - @Inject - AclPolicyDao _aclPolicyDao; - - @Inject - AclGroupDao _aclGroupDao; - - @Inject - EntityManager _entityMgr; - - @Inject - AclGroupPolicyMapDao _aclGroupPolicyMapDao; - - @Inject - AclGroupAccountMapDao _aclGroupAccountMapDao; - - // @Inject - // AclApiPermissionDao _apiPermissionDao; - - @Inject - AclPolicyPermissionDao _policyPermissionDao; - @Inject ApiServerService _apiServer; + @Inject + IAMService _iamSrv; + + @Inject + DomainDao _domainDao; + public static HashMap entityClassMap = new HashMap(); @@ -125,355 +83,71 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_CREATE, eventDescription = "Creating Acl Group", create = true) public AclGroup createAclGroup(Account caller, String aclGroupName, String description) { Long domainId = caller.getDomainId(); - - if (!_accountMgr.isRootAdmin(caller.getAccountId())) { - // domain admin can only create role for his domain - if (caller.getDomainId() != domainId.longValue()) { - throw new PermissionDeniedException("Can't create acl group in domain " + domainId + ", permission denied"); - } + Domain callerDomain = _domainDao.findById(domainId); + if (callerDomain == null) { + throw new InvalidParameterValueException("Caller does not have a domain"); } - // check if the role is already existing - AclGroup grp = _aclGroupDao.findByName(domainId, aclGroupName); - if (grp != null) { - throw new InvalidParameterValueException( - "Unable to create acl group with name " + aclGroupName - + " already exisits for domain " + domainId); - } - AclGroupVO rvo = new AclGroupVO(aclGroupName, description); - rvo.setAccountId(caller.getAccountId()); - rvo.setDomainId(domainId); - - return _aclGroupDao.persist(rvo); + return _iamSrv.createAclGroup(aclGroupName, description, callerDomain.getPath()); } @DB @Override @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_DELETE, eventDescription = "Deleting Acl Group") public boolean deleteAclGroup(final Long aclGroupId) { - Account caller = CallContext.current().getCallingAccount(); - // get the Acl Role entity - final AclGroup grp = _aclGroupDao.findById(aclGroupId); - if (grp == null) { - throw new InvalidParameterValueException("Unable to find acl group: " + aclGroupId - + "; failed to delete acl group."); - } - // check permissions - _accountMgr.checkAccess(caller, null, true, grp); - - Transaction.execute(new TransactionCallbackNoReturn() { - @Override - public void doInTransactionWithoutResult(TransactionStatus status) { - // remove this group related entry in acl_group_role_map - List groupPolicyMap = _aclGroupPolicyMapDao.listByGroupId(grp.getId()); - if (groupPolicyMap != null) { - for (AclGroupPolicyMapVO gr : groupPolicyMap) { - _aclGroupPolicyMapDao.remove(gr.getId()); - } - } - - // remove this group related entry in acl_group_account table - List groupAcctMap = _aclGroupAccountMapDao.listByGroupId(grp.getId()); - if (groupAcctMap != null) { - for (AclGroupAccountMapVO grpAcct : groupAcctMap) { - _aclGroupAccountMapDao.remove(grpAcct.getId()); - } - } - - // remove this group from acl_group table - _aclGroupDao.remove(aclGroupId); - } - }); - - return true; + return _iamSrv.deleteAclGroup(aclGroupId); } @Override public List listAclGroups(long accountId) { - - GenericSearchBuilder groupSB = _aclGroupAccountMapDao.createSearchBuilder(Long.class); - groupSB.selectFields(groupSB.entity().getAclGroupId()); - groupSB.and("account", groupSB.entity().getAccountId(), Op.EQ); - SearchCriteria groupSc = groupSB.create(); - - List groupIds = _aclGroupAccountMapDao.customSearch(groupSc, null); - - SearchBuilder sb = _aclGroupDao.createSearchBuilder(); - sb.and("ids", sb.entity().getId(), Op.IN); - SearchCriteria sc = sb.create(); - sc.setParameters("ids", groupIds.toArray(new Object[groupIds.size()])); - List groups = _aclGroupDao.search(sc, null); - - return new ArrayList(groups); + return _iamSrv.listAclGroups(accountId); } @DB @Override @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Adding accounts to acl group") public AclGroup addAccountsToGroup(final List acctIds, final Long groupId) { - final Account caller = CallContext.current().getCallingAccount(); - // get the Acl Group entity - AclGroup group = _aclGroupDao.findById(groupId); - if (group == null) { - throw new InvalidParameterValueException("Unable to find acl group: " + groupId - + "; failed to add accounts to acl group."); - } - // check group permissions - _accountMgr.checkAccess(caller, null, true, group); - - Transaction.execute(new TransactionCallbackNoReturn() { - @Override - public void doInTransactionWithoutResult(TransactionStatus status) { - // add entries in acl_group_account_map table - for (Long acctId : acctIds) { - // check account permissions - Account account = _accountDao.findById(acctId); - if (account == null) { - throw new InvalidParameterValueException("Unable to find account: " + acctId - + "; failed to add account to acl group."); - } - _accountMgr.checkAccess(caller, null, true, account); - - AclGroupAccountMapVO grMap = _aclGroupAccountMapDao.findByGroupAndAccount(groupId, acctId); - if (grMap == null) { - // not there already - grMap = new AclGroupAccountMapVO(groupId, acctId); - _aclGroupAccountMapDao.persist(grMap); - } - } - } - }); - return group; + return _iamSrv.addAccountsToGroup(acctIds, groupId); } @DB @Override @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Removing accounts from acl group") public AclGroup removeAccountsFromGroup(final List acctIds, final Long groupId) { - final Account caller = CallContext.current().getCallingAccount(); - // get the Acl Group entity - AclGroup group = _aclGroupDao.findById(groupId); - if (group == null) { - throw new InvalidParameterValueException("Unable to find acl group: " + groupId - + "; failed to remove accounts from acl group."); - } - // check group permissions - _accountMgr.checkAccess(caller, null, true, group); - - Transaction.execute(new TransactionCallbackNoReturn() { - @Override - public void doInTransactionWithoutResult(TransactionStatus status) { - // remove entries from acl_group_account_map table - for (Long acctId : acctIds) { - // check account permissions - Account account = _accountDao.findById(acctId); - if (account == null) { - throw new InvalidParameterValueException("Unable to find account: " + acctId - + "; failed to add account to acl group."); - } - _accountMgr.checkAccess(caller, null, true, account); - - AclGroupAccountMapVO grMap = _aclGroupAccountMapDao.findByGroupAndAccount(groupId, acctId); - if (grMap != null) { - // not removed yet - _aclGroupAccountMapDao.remove(grMap.getId()); - } - } - } - }); - return group; + return _iamSrv.removeAccountsFromGroup(acctIds, groupId); } @DB @Override @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_CREATE, eventDescription = "Creating Acl Policy", create = true) public AclPolicy createAclPolicy(Account caller, final String aclPolicyName, final String description, final Long parentPolicyId) { - Long domainId = caller.getDomainId(); - - if (!_accountMgr.isRootAdmin(caller.getAccountId())) { - // domain admin can only create role for his domain - if (caller.getDomainId() != domainId.longValue()) { - throw new PermissionDeniedException("Can't create acl role in domain " + domainId + ", permission denied"); - } - } - // check if the role is already existing - AclPolicy ro = _aclPolicyDao.findByName(domainId, aclPolicyName); - if (ro != null) { - throw new InvalidParameterValueException( - "Unable to create acl policy with name " + aclPolicyName - + " already exisits for domain " + domainId); - } - - final long account_id = caller.getAccountId(); - final long domain_id = domainId; - AclPolicy role = Transaction.execute(new TransactionCallback() { - @Override - public AclPolicy doInTransaction(TransactionStatus status) { - AclPolicyVO rvo = new AclPolicyVO(aclPolicyName, description); - rvo.setAccountId(account_id); - rvo.setDomainId(domain_id); - AclPolicy role = _aclPolicyDao.persist(rvo); - if (parentPolicyId != null) { - // copy parent role permissions - List perms = _policyPermissionDao.listByPolicy(parentPolicyId); - if (perms != null) { - for (AclPolicyPermissionVO perm : perms) { - perm.setAclPolicyId(role.getId()); - _policyPermissionDao.persist(perm); - } - } - } - return role; - } - }); - - - return role; + return _iamSrv.createAclPolicy(aclPolicyName, description, parentPolicyId); } @DB @Override @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_DELETE, eventDescription = "Deleting Acl Policy") public boolean deleteAclPolicy(final long aclPolicyId) { - Account caller = CallContext.current().getCallingAccount(); - // get the Acl Policy entity - final AclPolicy policy = _aclPolicyDao.findById(aclPolicyId); - if (policy == null) { - throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId - + "; failed to delete acl policy."); - } - // check permissions - _accountMgr.checkAccess(caller, null, true, policy); - - Transaction.execute(new TransactionCallbackNoReturn() { - @Override - public void doInTransactionWithoutResult(TransactionStatus status) { - // remove this role related entry in acl_group_role_map - List groupPolicyMap = _aclGroupPolicyMapDao.listByPolicyId(policy.getId()); - if (groupPolicyMap != null) { - for (AclGroupPolicyMapVO gr : groupPolicyMap) { - _aclGroupPolicyMapDao.remove(gr.getId()); - } - } - - // remove this policy related entry in acl_policy_permission table - List policyPermMap = _policyPermissionDao.listByPolicy(policy.getId()); - if (policyPermMap != null) { - for (AclPolicyPermissionVO policyPerm : policyPermMap) { - _policyPermissionDao.remove(policyPerm.getId()); - } - } - - // remove this role from acl_role table - _aclPolicyDao.remove(aclPolicyId); - } - }); - - return true; + return _iamSrv.deleteAclPolicy(aclPolicyId); } @Override public List listAclPolicies(long accountId) { - - // static policies of the account - SearchBuilder groupSB = _aclGroupAccountMapDao.createSearchBuilder(); - groupSB.and("account", groupSB.entity().getAccountId(), Op.EQ); - - GenericSearchBuilder policySB = _aclGroupPolicyMapDao.createSearchBuilder(Long.class); - policySB.selectFields(policySB.entity().getAclPolicyId()); - policySB.join("accountgroupjoin", groupSB, groupSB.entity().getAclGroupId(), policySB.entity().getAclGroupId(), - JoinType.INNER); - policySB.done(); - SearchCriteria policySc = policySB.create(); - policySc.setJoinParameters("accountgroupjoin", "account", accountId); - - List policyIds = _aclGroupPolicyMapDao.customSearch(policySc, null); - - SearchBuilder sb = _aclPolicyDao.createSearchBuilder(); - sb.and("ids", sb.entity().getId(), Op.IN); - SearchCriteria sc = sb.create(); - sc.setParameters("ids", policyIds.toArray(new Object[policyIds.size()])); - List policies = _aclPolicyDao.customSearch(sc, null); - - return new ArrayList(policies); + return _iamSrv.listAclPolicies(accountId); } @DB @Override @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Attaching policy to acl group") public AclGroup attachAclPoliciesToGroup(final List policyIds, final Long groupId) { - final Account caller = CallContext.current().getCallingAccount(); - // get the Acl Group entity - AclGroup group = _aclGroupDao.findById(groupId); - if (group == null) { - throw new InvalidParameterValueException("Unable to find acl group: " + groupId - + "; failed to add roles to acl group."); - } - // check group permissions - _accountMgr.checkAccess(caller, null, true, group); - - Transaction.execute(new TransactionCallbackNoReturn() { - @Override - public void doInTransactionWithoutResult(TransactionStatus status) { - // add entries in acl_group_policy_map table - for (Long policyId : policyIds) { - // check policy permissions - AclPolicy policy = _aclPolicyDao.findById(policyId); - if (policy == null) { - throw new InvalidParameterValueException("Unable to find acl policy: " + policyId - + "; failed to add policies to acl group."); - } - _accountMgr.checkAccess(caller, null, true, policy); - - AclGroupPolicyMapVO grMap = _aclGroupPolicyMapDao.findByGroupAndPolicy(groupId, policyId); - if (grMap == null) { - // not there already - grMap = new AclGroupPolicyMapVO(groupId, policyId); - _aclGroupPolicyMapDao.persist(grMap); - } - } - } - }); - - return group; + return _iamSrv.attachAclPoliciesToGroup(policyIds, groupId); } @DB @Override @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Removing policies from acl group") public AclGroup removeAclPoliciesFromGroup(final List policyIds, final Long groupId) { - final Account caller = CallContext.current().getCallingAccount(); - // get the Acl Group entity - AclGroup group = _aclGroupDao.findById(groupId); - if (group == null) { - throw new InvalidParameterValueException("Unable to find acl group: " + groupId - + "; failed to remove roles from acl group."); - } - // check group permissions - _accountMgr.checkAccess(caller, null, true, group); - - Transaction.execute(new TransactionCallbackNoReturn() { - @Override - public void doInTransactionWithoutResult(TransactionStatus status) { - // add entries in acl_group_role_map table - for (Long policyId : policyIds) { - // check policy permissions - AclPolicy policy = _aclPolicyDao.findById(policyId); - if (policy == null) { - throw new InvalidParameterValueException("Unable to find acl policy: " + policyId - + "; failed to add policies to acl group."); - } - _accountMgr.checkAccess(caller, null, true, policy); - - AclGroupPolicyMapVO grMap = _aclGroupPolicyMapDao.findByGroupAndPolicy(groupId, policyId); - if (grMap != null) { - // not removed yet - _aclGroupPolicyMapDao.remove(grMap.getId()); - } - } - } - }); - return group; + return _iamSrv.removeAclPoliciesFromGroup(policyIds, groupId); } /* @@ -545,95 +219,33 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man @Override @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_GRANT, eventDescription = "Granting acl permission to Acl Policy") public AclPolicy addAclPermissionToAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId, String action, Permission perm) { - Account caller = CallContext.current().getCallingAccount(); - // get the Acl Policy entity - AclPolicy policy = _aclPolicyDao.findById(aclPolicyId); - if (policy == null) { - throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId - + "; failed to add permission to policy."); + Class cmdClass = _apiServer.getCmdClass(action); + AccessType accessType = null; + if (BaseListCmd.class.isAssignableFrom(cmdClass)) { + accessType = AccessType.ListEntry; } - // check permissions - _accountMgr.checkAccess(caller, null, true, policy); - - // get the entity and check permission - Class entityClass = entityClassMap.get(entityType); - if (entityClass == null) { - throw new InvalidParameterValueException("Entity type " + entityType + " permission granting is not supported yet"); - } - if (scope == PermissionScope.RESOURCE && scopeId != null) { - ControlledEntity entity = (ControlledEntity)_entityMgr.findById(entityClass, scopeId); - if (entity == null) { - throw new InvalidParameterValueException("Unable to find entity " + entityType + " by id: " + scopeId); - } - _accountMgr.checkAccess(caller, null, true, entity); - } - - // add entry in acl_policy_permission table - AclPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, perm); - if (permit == null) { - // not there already - Class cmdClass = _apiServer.getCmdClass(action); - AccessType accessType = null; - if (BaseListCmd.class.isAssignableFrom(cmdClass)) { - accessType = AccessType.ListEntry; - } - permit = new AclPolicyPermissionVO(aclPolicyId, action, entityType, accessType, - scope, scopeId, perm); - _policyPermissionDao.persist(permit); - } - return policy; - + return _iamSrv.addAclPermissionToAclPolicy(aclPolicyId, entityType, scope.toString(), scopeId, action, accessType.toString(), perm); } @DB @Override @ActionEvent(eventType = EventTypes.EVENT_ACL_POLICY_REVOKE, eventDescription = "Revoking acl permission from Acl Policy") public AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, PermissionScope scope, Long scopeId, String action) { - Account caller = CallContext.current().getCallingAccount(); - // get the Acl Policy entity - AclPolicy policy = _aclPolicyDao.findById(aclPolicyId); - if (policy == null) { - throw new InvalidParameterValueException("Unable to find acl policy: " + aclPolicyId - + "; failed to revoke permission from policy."); - } - // check permissions - _accountMgr.checkAccess(caller, null, true, policy); - - // get the entity and check permission - Class entityClass = entityClassMap.get(entityType); - if (entityClass == null) { - throw new InvalidParameterValueException("Entity type " + entityType + " permission revoke is not supported yet"); - } - if (scope == PermissionScope.RESOURCE && scopeId != null) { - ControlledEntity entity = (ControlledEntity)_entityMgr.findById(entityClass, scopeId); - if (entity == null) { - throw new InvalidParameterValueException("Unable to find entity " + entityType + " by id: " + scopeId); - } - _accountMgr.checkAccess(caller, null, true, entity); - } - - // remove entry from acl_entity_permission table - AclPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity(aclPolicyId, entityType, scope, scopeId, action, null); - if (permit != null) { - // not removed yet - _policyPermissionDao.remove(permit.getId()); - } - return policy; + return _iamSrv.removeAclPermissionFromAclPolicy(aclPolicyId, entityType, scope.toString(), scopeId, action); } - - @Override public AclPolicyPermission getAclPolicyPermission(long accountId, String entityType, String action) { - List roles = listAclPolicies(accountId); + List policies = _iamSrv.listAclPolicies(accountId); AclPolicyPermission curPerm = null; - for (AclPolicy role : roles) { - AclPolicyPermissionVO perm = _policyPermissionDao.findByPolicyAndEntity(role.getId(), entityType, null, null, action, Permission.Allow); - if (perm == null) + for (AclPolicy policy : policies) { + List perms = _iamSrv.listPollcyPermissionByEntityType(policy.getId(), action, entityType); + if (perms == null || perms.size() == 0) continue; + AclPolicyPermission perm = perms.get(0); // just pick one if (curPerm == null) { curPerm = perm; - } else if (perm.getScope().greaterThan(curPerm.getScope())) { + } else if (PermissionScope.valueOf(perm.getScope()).greaterThan(PermissionScope.valueOf(curPerm.getScope()))) { // pick the more relaxed allowed permission curPerm = perm; } @@ -646,44 +258,47 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man @Override public boolean isAPIAccessibleForPolicies(String apiName, List policies) { - - boolean accessible = false; - - List policyIds = new ArrayList(); - for (AclPolicy policy : policies) { - policyIds.add(policy.getId()); - } - - SearchBuilder sb = _policyPermissionDao.createSearchBuilder(); - sb.and("action", sb.entity().getAction(), Op.EQ); - sb.and("policyId", sb.entity().getAclPolicyId(), Op.IN); - - SearchCriteria sc = sb.create(); - sc.setParameters("policyId", policyIds.toArray(new Object[policyIds.size()])); - - List permissions = _policyPermissionDao.customSearch(sc, null); - - if (permissions != null && !permissions.isEmpty()) { - accessible = true; - } - - return accessible; + return _iamSrv.isAPIAccessibleForPolicies(apiName, policies); } @Override public List getEffectivePolicies(Account caller, ControlledEntity entity) { // Get the static Policies of the Caller - List policies = listAclPolicies(caller.getId()); + List policies = _iamSrv.listAclPolicies(caller.getId()); // add any dynamic policies w.r.t the entity if (caller.getId() == entity.getAccountId()) { // The caller owns the entity - AclPolicy owner = _aclPolicyDao.findByName(Domain.ROOT_DOMAIN, "RESOURCE_OWNER"); - policies.add(owner); + policies.add(_iamSrv.getResourceOwnerPolicy()); } return policies; } + @Override + public AclPolicyResponse createAclPolicyResponse(AclPolicy policy) { + // TODO Auto-generated method stub + return null; + } + + @Override + public AclGroupResponse createAclGroupResponse(AclGroup group) { + // TODO Auto-generated method stub + return null; + } + + @Override + public ListResponse listAclGroups(Long aclGroupId, String aclGroupName, Long domainId, Long startIndex, Long pageSize) { + // TODO Auto-generated method stub + return null; + } + + @Override + public ListResponse listAclPolicies(Long aclPolicyId, String aclPolicyName, Long domainId, Long startIndex, + Long pageSize) { + // TODO Auto-generated method stub + return null; + } + } diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/AddAccountToAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/AddAccountToAclGroupCmd.java index 47d9b3f6ff8..a24a4987d54 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/AddAccountToAclGroupCmd.java +++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/AddAccountToAclGroupCmd.java @@ -18,9 +18,12 @@ package org.apache.cloudstack.acl.api.command; import java.util.List; +import javax.inject.Inject; + import org.apache.log4j.Logger; -import org.apache.cloudstack.acl.AclGroup; +import org.apache.cloudstack.acl.api.AclApiService; +import org.apache.cloudstack.acl.api.response.AclGroupResponse; import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiCommandJobType; @@ -30,8 +33,8 @@ import org.apache.cloudstack.api.BaseAsyncCmd; import org.apache.cloudstack.api.Parameter; import org.apache.cloudstack.api.ServerApiException; import org.apache.cloudstack.api.response.AccountResponse; -import org.apache.cloudstack.api.response.AclGroupResponse; import org.apache.cloudstack.context.CallContext; +import org.apache.cloudstack.iam.api.AclGroup; import com.cloud.event.EventTypes; import com.cloud.exception.InsufficientCapacityException; @@ -44,6 +47,9 @@ public class AddAccountToAclGroupCmd extends BaseAsyncCmd { public static final Logger s_logger = Logger.getLogger(AddAccountToAclGroupCmd.class.getName()); private static final String s_name = "addaccounttoaclgroupresponse"; + @Inject + public AclApiService _aclApiSrv; + ///////////////////////////////////////////////////// //////////////// API parameters ///////////////////// ///////////////////////////////////////////////////// @@ -93,9 +99,9 @@ public class AddAccountToAclGroupCmd extends BaseAsyncCmd { public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException { CallContext.current().setEventDetails("Acl group Id: " + getId()); - AclGroup result = _aclService.addAccountsToGroup(accountIdList, id); + AclGroup result = _aclApiSrv.addAccountsToGroup(accountIdList, id); if (result != null){ - AclGroupResponse response = _responseGenerator.createAclGroupResponse(result); + AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result); response.setResponseName(getCommandName()); setResponseObject(response); } else { diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/AddAclPermissionToAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/AddAclPermissionToAclPolicyCmd.java index 73deaf2c8fa..33cae754158 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/AddAclPermissionToAclPolicyCmd.java +++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/AddAclPermissionToAclPolicyCmd.java @@ -16,11 +16,13 @@ // under the License. package org.apache.cloudstack.acl.api.command; +import javax.inject.Inject; + import org.apache.log4j.Logger; -import org.apache.cloudstack.acl.AclPolicy; -import org.apache.cloudstack.acl.AclPolicyPermission.Permission; import org.apache.cloudstack.acl.PermissionScope; +import org.apache.cloudstack.acl.api.AclApiService; +import org.apache.cloudstack.acl.api.response.AclPolicyResponse; import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiCommandJobType; @@ -29,8 +31,9 @@ import org.apache.cloudstack.api.ApiErrorCode; import org.apache.cloudstack.api.BaseAsyncCmd; import org.apache.cloudstack.api.Parameter; import org.apache.cloudstack.api.ServerApiException; -import org.apache.cloudstack.api.response.AclPolicyResponse; import org.apache.cloudstack.context.CallContext; +import org.apache.cloudstack.iam.api.AclPolicy; +import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission; import com.cloud.event.EventTypes; import com.cloud.exception.InsufficientCapacityException; @@ -43,6 +46,9 @@ public class AddAclPermissionToAclPolicyCmd extends BaseAsyncCmd { public static final Logger s_logger = Logger.getLogger(AddAclPermissionToAclPolicyCmd.class.getName()); private static final String s_name = "addaclpermissiontoaclpolicyresponse"; + @Inject + public AclApiService _aclApiSrv; + ///////////////////////////////////////////////////// //////////////// API parameters ///////////////////// ///////////////////////////////////////////////////// @@ -116,9 +122,9 @@ public class AddAclPermissionToAclPolicyCmd extends BaseAsyncCmd { InsufficientCapacityException, ServerApiException { CallContext.current().setEventDetails("Acl policy Id: " + getId()); // Only explicit ALLOW is supported for this release, no explicit deny - AclPolicy result = _aclService.addAclPermissionToAclPolicy(id, entityType, PermissionScope.valueOf(scope), scopeId, action, Permission.Allow); + AclPolicy result = _aclApiSrv.addAclPermissionToAclPolicy(id, entityType, PermissionScope.valueOf(scope), scopeId, action, Permission.Allow); if (result != null) { - AclPolicyResponse response = _responseGenerator.createAclPolicyResponse(result); + AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(result); response.setResponseName(getCommandName()); setResponseObject(response); } else { diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/AttachAclPolicyToAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/AttachAclPolicyToAclGroupCmd.java index db543ee48c0..c691934e74f 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/AttachAclPolicyToAclGroupCmd.java +++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/AttachAclPolicyToAclGroupCmd.java @@ -18,9 +18,13 @@ package org.apache.cloudstack.acl.api.command; import java.util.List; +import javax.inject.Inject; + import org.apache.log4j.Logger; -import org.apache.cloudstack.acl.AclGroup; +import org.apache.cloudstack.acl.api.AclApiService; +import org.apache.cloudstack.acl.api.response.AclGroupResponse; +import org.apache.cloudstack.acl.api.response.AclPolicyResponse; import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiCommandJobType; @@ -29,9 +33,8 @@ import org.apache.cloudstack.api.ApiErrorCode; import org.apache.cloudstack.api.BaseAsyncCmd; import org.apache.cloudstack.api.Parameter; import org.apache.cloudstack.api.ServerApiException; -import org.apache.cloudstack.api.response.AclGroupResponse; -import org.apache.cloudstack.api.response.AclPolicyResponse; import org.apache.cloudstack.context.CallContext; +import org.apache.cloudstack.iam.api.AclGroup; import com.cloud.event.EventTypes; import com.cloud.exception.InsufficientCapacityException; @@ -44,6 +47,9 @@ public class AttachAclPolicyToAclGroupCmd extends BaseAsyncCmd { public static final Logger s_logger = Logger.getLogger(AttachAclPolicyToAclGroupCmd.class.getName()); private static final String s_name = "attachaclpolicytoaclgroupresponse"; + @Inject + public AclApiService _aclApiSrv; + ///////////////////////////////////////////////////// //////////////// API parameters ///////////////////// ///////////////////////////////////////////////////// @@ -93,9 +99,9 @@ public class AttachAclPolicyToAclGroupCmd extends BaseAsyncCmd { public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException { CallContext.current().setEventDetails("Acl group Id: " + getId()); - AclGroup result = _aclService.attachAclPoliciesToGroup(policyIdList, id); + AclGroup result = _aclApiSrv.attachAclPoliciesToGroup(policyIdList, id); if (result != null){ - AclGroupResponse response = _responseGenerator.createAclGroupResponse(result); + AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result); response.setResponseName(getCommandName()); setResponseObject(response); } else { diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/CreateAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/CreateAclGroupCmd.java index 60294cd53b0..5ae34b80e68 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/CreateAclGroupCmd.java +++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/CreateAclGroupCmd.java @@ -16,9 +16,12 @@ // under the License. package org.apache.cloudstack.acl.api.command; +import javax.inject.Inject; + import org.apache.log4j.Logger; -import org.apache.cloudstack.acl.AclGroup; +import org.apache.cloudstack.acl.api.AclApiService; +import org.apache.cloudstack.acl.api.response.AclGroupResponse; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiCommandJobType; import org.apache.cloudstack.api.ApiConstants; @@ -26,9 +29,9 @@ import org.apache.cloudstack.api.ApiErrorCode; import org.apache.cloudstack.api.BaseAsyncCreateCmd; import org.apache.cloudstack.api.Parameter; import org.apache.cloudstack.api.ServerApiException; -import org.apache.cloudstack.api.response.AclGroupResponse; import org.apache.cloudstack.api.response.DomainResponse; import org.apache.cloudstack.context.CallContext; +import org.apache.cloudstack.iam.api.AclGroup; import com.cloud.event.EventTypes; import com.cloud.exception.ResourceAllocationException; @@ -40,6 +43,9 @@ public class CreateAclGroupCmd extends BaseAsyncCreateCmd { private static final String s_name = "createaclgroupresponse"; + @Inject + public AclApiService _aclApiSrv; + // /////////////////////////////////////////////////// // ////////////// API parameters ///////////////////// // /////////////////////////////////////////////////// @@ -113,7 +119,7 @@ public class CreateAclGroupCmd extends BaseAsyncCreateCmd { public void execute() { AclGroup grp = _entityMgr.findById(AclGroup.class, getEntityId()); if (grp != null) { - AclGroupResponse response = _responseGenerator.createAclGroupResponse(grp); + AclGroupResponse response = _aclApiSrv.createAclGroupResponse(grp); response.setResponseName(getCommandName()); setResponseObject(response); } else { @@ -124,7 +130,7 @@ public class CreateAclGroupCmd extends BaseAsyncCreateCmd { @Override public void create() throws ResourceAllocationException { Account account = CallContext.current().getCallingAccount(); - AclGroup result = _aclService.createAclGroup(account, name, description); + AclGroup result = _aclApiSrv.createAclGroup(account, name, description); if (result != null) { setEntityId(result.getId()); setEntityUuid(result.getUuid()); diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/CreateAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/CreateAclPolicyCmd.java index 2aaa38a4393..8f0657c8b15 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/CreateAclPolicyCmd.java +++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/CreateAclPolicyCmd.java @@ -16,9 +16,12 @@ // under the License. package org.apache.cloudstack.acl.api.command; +import javax.inject.Inject; + import org.apache.log4j.Logger; -import org.apache.cloudstack.acl.AclPolicy; +import org.apache.cloudstack.acl.api.AclApiService; +import org.apache.cloudstack.acl.api.response.AclPolicyResponse; import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiCommandJobType; @@ -27,9 +30,9 @@ import org.apache.cloudstack.api.ApiErrorCode; import org.apache.cloudstack.api.BaseAsyncCreateCmd; import org.apache.cloudstack.api.Parameter; import org.apache.cloudstack.api.ServerApiException; -import org.apache.cloudstack.api.response.AclPolicyResponse; import org.apache.cloudstack.api.response.DomainResponse; import org.apache.cloudstack.context.CallContext; +import org.apache.cloudstack.iam.api.AclPolicy; import com.cloud.event.EventTypes; import com.cloud.exception.ResourceAllocationException; @@ -41,6 +44,9 @@ public class CreateAclPolicyCmd extends BaseAsyncCreateCmd { private static final String s_name = "createaclpolicyresponse"; + @Inject + public AclApiService _aclApiSrv; + // /////////////////////////////////////////////////// // ////////////// API parameters ///////////////////// // /////////////////////////////////////////////////// @@ -120,7 +126,7 @@ public class CreateAclPolicyCmd extends BaseAsyncCreateCmd { public void execute() { AclPolicy policy = _entityMgr.findById(AclPolicy.class, getEntityId()); if (policy != null) { - AclPolicyResponse response = _responseGenerator.createAclPolicyResponse(policy); + AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(policy); response.setResponseName(getCommandName()); setResponseObject(response); } else { @@ -131,7 +137,7 @@ public class CreateAclPolicyCmd extends BaseAsyncCreateCmd { @Override public void create() throws ResourceAllocationException { Account account = CallContext.current().getCallingAccount(); - AclPolicy result = _aclService.createAclPolicy(account, name, description, parentPolicyId); + AclPolicy result = _aclApiSrv.createAclPolicy(account, name, description, parentPolicyId); if (result != null) { setEntityId(result.getId()); setEntityUuid(result.getUuid()); diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/DeleteAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/DeleteAclGroupCmd.java index 939a501662c..9b2df95cd3a 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/DeleteAclGroupCmd.java +++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/DeleteAclGroupCmd.java @@ -16,8 +16,12 @@ // under the License. package org.apache.cloudstack.acl.api.command; +import javax.inject.Inject; + import org.apache.log4j.Logger; +import org.apache.cloudstack.acl.api.AclApiService; +import org.apache.cloudstack.acl.api.response.AclGroupResponse; import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiCommandJobType; @@ -26,7 +30,6 @@ import org.apache.cloudstack.api.ApiErrorCode; import org.apache.cloudstack.api.BaseAsyncCmd; import org.apache.cloudstack.api.Parameter; import org.apache.cloudstack.api.ServerApiException; -import org.apache.cloudstack.api.response.AclGroupResponse; import org.apache.cloudstack.api.response.SuccessResponse; import com.cloud.event.EventTypes; @@ -37,6 +40,9 @@ public class DeleteAclGroupCmd extends BaseAsyncCmd { public static final Logger s_logger = Logger.getLogger(DeleteAclGroupCmd.class.getName()); private static final String s_name = "deleteaclgroupresponse"; + @Inject + public AclApiService _aclApiSrv; + ///////////////////////////////////////////////////// //////////////// API parameters ///////////////////// ///////////////////////////////////////////////////// @@ -70,7 +76,7 @@ public class DeleteAclGroupCmd extends BaseAsyncCmd { @Override public void execute(){ - boolean result = _aclService.deleteAclGroup(id); + boolean result = _aclApiSrv.deleteAclGroup(id); if (result) { SuccessResponse response = new SuccessResponse(getCommandName()); setResponseObject(response); diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/DeleteAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/DeleteAclPolicyCmd.java index ea0a39f6a3e..0e72f65064c 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/DeleteAclPolicyCmd.java +++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/DeleteAclPolicyCmd.java @@ -16,8 +16,12 @@ // under the License. package org.apache.cloudstack.acl.api.command; +import javax.inject.Inject; + import org.apache.log4j.Logger; +import org.apache.cloudstack.acl.api.AclApiService; +import org.apache.cloudstack.acl.api.response.AclPolicyResponse; import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiCommandJobType; @@ -26,7 +30,6 @@ import org.apache.cloudstack.api.ApiErrorCode; import org.apache.cloudstack.api.BaseAsyncCmd; import org.apache.cloudstack.api.Parameter; import org.apache.cloudstack.api.ServerApiException; -import org.apache.cloudstack.api.response.AclPolicyResponse; import org.apache.cloudstack.api.response.SuccessResponse; import com.cloud.event.EventTypes; @@ -37,6 +40,9 @@ public class DeleteAclPolicyCmd extends BaseAsyncCmd { public static final Logger s_logger = Logger.getLogger(DeleteAclPolicyCmd.class.getName()); private static final String s_name = "deleteaclpolicyresponse"; + @Inject + public AclApiService _aclApiSrv; + ///////////////////////////////////////////////////// //////////////// API parameters ///////////////////// ///////////////////////////////////////////////////// @@ -70,7 +76,7 @@ public class DeleteAclPolicyCmd extends BaseAsyncCmd { @Override public void execute(){ - boolean result = _aclService.deleteAclPolicy(id); + boolean result = _aclApiSrv.deleteAclPolicy(id); if (result) { SuccessResponse response = new SuccessResponse(getCommandName()); setResponseObject(response); diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/ListAclGroupsCmd.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/ListAclGroupsCmd.java index 9bb9f02cf14..df40354a80c 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/ListAclGroupsCmd.java +++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/ListAclGroupsCmd.java @@ -16,14 +16,17 @@ // under the License. package org.apache.cloudstack.acl.api.command; +import javax.inject.Inject; + import org.apache.log4j.Logger; +import org.apache.cloudstack.acl.api.AclApiService; +import org.apache.cloudstack.acl.api.response.AclGroupResponse; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiCommandJobType; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.BaseListDomainResourcesCmd; import org.apache.cloudstack.api.Parameter; -import org.apache.cloudstack.api.response.AclGroupResponse; import org.apache.cloudstack.api.response.ListResponse; @@ -33,6 +36,9 @@ public class ListAclGroupsCmd extends BaseListDomainResourcesCmd { private static final String s_name = "listaclgroupsresponse"; + @Inject + public AclApiService _aclApiSrv; + ///////////////////////////////////////////////////// //////////////// API parameters ///////////////////// ///////////////////////////////////////////////////// @@ -68,7 +74,7 @@ public class ListAclGroupsCmd extends BaseListDomainResourcesCmd { @Override public void execute(){ - ListResponse response = _queryService.listAclGroups(id, aclGroupName, getDomainId(), + ListResponse response = _aclApiSrv.listAclGroups(id, aclGroupName, getDomainId(), getStartIndex(), getPageSizeVal()); response.setResponseName(getCommandName()); setResponseObject(response); diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/ListAclPoliciesCmd.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/ListAclPoliciesCmd.java index 9937187c99f..28eeab38eb6 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/ListAclPoliciesCmd.java +++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/ListAclPoliciesCmd.java @@ -16,14 +16,17 @@ // under the License. package org.apache.cloudstack.acl.api.command; +import javax.inject.Inject; + import org.apache.log4j.Logger; +import org.apache.cloudstack.acl.api.AclApiService; +import org.apache.cloudstack.acl.api.response.AclPolicyResponse; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiCommandJobType; import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.BaseListDomainResourcesCmd; import org.apache.cloudstack.api.Parameter; -import org.apache.cloudstack.api.response.AclPolicyResponse; import org.apache.cloudstack.api.response.ListResponse; @@ -33,6 +36,9 @@ public class ListAclPoliciesCmd extends BaseListDomainResourcesCmd { private static final String s_name = "listaclpoliciesresponse"; + @Inject + public AclApiService _aclApiSrv; + ///////////////////////////////////////////////////// //////////////// API parameters ///////////////////// ///////////////////////////////////////////////////// @@ -68,7 +74,7 @@ public class ListAclPoliciesCmd extends BaseListDomainResourcesCmd { @Override public void execute(){ - ListResponse response = _queryService.listAclPolicies(id, aclPolicyName, getDomainId(), + ListResponse response = _aclApiSrv.listAclPolicies(id, aclPolicyName, getDomainId(), getStartIndex(), getPageSizeVal()); response.setResponseName(getCommandName()); setResponseObject(response); diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/RemoveAccountFromAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/RemoveAccountFromAclGroupCmd.java index 96cbbd633de..239d9e3131d 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/RemoveAccountFromAclGroupCmd.java +++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/RemoveAccountFromAclGroupCmd.java @@ -18,9 +18,12 @@ package org.apache.cloudstack.acl.api.command; import java.util.List; +import javax.inject.Inject; + import org.apache.log4j.Logger; -import org.apache.cloudstack.acl.AclGroup; +import org.apache.cloudstack.acl.api.AclApiService; +import org.apache.cloudstack.acl.api.response.AclGroupResponse; import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiCommandJobType; @@ -30,8 +33,8 @@ import org.apache.cloudstack.api.BaseAsyncCmd; import org.apache.cloudstack.api.Parameter; import org.apache.cloudstack.api.ServerApiException; import org.apache.cloudstack.api.response.AccountResponse; -import org.apache.cloudstack.api.response.AclGroupResponse; import org.apache.cloudstack.context.CallContext; +import org.apache.cloudstack.iam.api.AclGroup; import com.cloud.event.EventTypes; import com.cloud.exception.InsufficientCapacityException; @@ -44,6 +47,9 @@ public class RemoveAccountFromAclGroupCmd extends BaseAsyncCmd { public static final Logger s_logger = Logger.getLogger(RemoveAccountFromAclGroupCmd.class.getName()); private static final String s_name = "removeaccountfromaclgroupresponse"; + @Inject + public AclApiService _aclApiSrv; + ///////////////////////////////////////////////////// //////////////// API parameters ///////////////////// ///////////////////////////////////////////////////// @@ -93,9 +99,9 @@ public class RemoveAccountFromAclGroupCmd extends BaseAsyncCmd { public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException { CallContext.current().setEventDetails("Acl group Id: " + getId()); - AclGroup result = _aclService.removeAccountsFromGroup(accountIdList, id); + AclGroup result = _aclApiSrv.removeAccountsFromGroup(accountIdList, id); if (result != null){ - AclGroupResponse response = _responseGenerator.createAclGroupResponse(result); + AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result); response.setResponseName(getCommandName()); setResponseObject(response); } else { diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/RemoveAclPermissionFromAclPolicyCmd.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/RemoveAclPermissionFromAclPolicyCmd.java index f741e789ad7..ab1a06c4582 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/RemoveAclPermissionFromAclPolicyCmd.java +++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/RemoveAclPermissionFromAclPolicyCmd.java @@ -16,10 +16,13 @@ // under the License. package org.apache.cloudstack.acl.api.command; +import javax.inject.Inject; + import org.apache.log4j.Logger; -import org.apache.cloudstack.acl.AclPolicy; import org.apache.cloudstack.acl.PermissionScope; +import org.apache.cloudstack.acl.api.AclApiService; +import org.apache.cloudstack.acl.api.response.AclPolicyResponse; import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiCommandJobType; @@ -28,8 +31,8 @@ import org.apache.cloudstack.api.ApiErrorCode; import org.apache.cloudstack.api.BaseAsyncCmd; import org.apache.cloudstack.api.Parameter; import org.apache.cloudstack.api.ServerApiException; -import org.apache.cloudstack.api.response.AclPolicyResponse; import org.apache.cloudstack.context.CallContext; +import org.apache.cloudstack.iam.api.AclPolicy; import com.cloud.event.EventTypes; import com.cloud.exception.InsufficientCapacityException; @@ -42,6 +45,9 @@ public class RemoveAclPermissionFromAclPolicyCmd extends BaseAsyncCmd { public static final Logger s_logger = Logger.getLogger(RemoveAclPermissionFromAclPolicyCmd.class.getName()); private static final String s_name = "removeaclpermissionfromaclpolicyresponse"; + @Inject + public AclApiService _aclApiSrv; + ///////////////////////////////////////////////////// //////////////// API parameters ///////////////////// ///////////////////////////////////////////////////// @@ -113,9 +119,9 @@ public class RemoveAclPermissionFromAclPolicyCmd extends BaseAsyncCmd { public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException { CallContext.current().setEventDetails("Acl policy Id: " + getId()); - AclPolicy result = _aclService.removeAclPermissionFromAclPolicy(id, entityType, PermissionScope.valueOf(scope), scopeId, action); + AclPolicy result = _aclApiSrv.removeAclPermissionFromAclPolicy(id, entityType, PermissionScope.valueOf(scope), scopeId, action); if (result != null) { - AclPolicyResponse response = _responseGenerator.createAclPolicyResponse(result); + AclPolicyResponse response = _aclApiSrv.createAclPolicyResponse(result); response.setResponseName(getCommandName()); setResponseObject(response); } else { diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/RemoveAclPolicyFromAclGroupCmd.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/RemoveAclPolicyFromAclGroupCmd.java index b7d61b616a4..c3838adc4ab 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/RemoveAclPolicyFromAclGroupCmd.java +++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/command/RemoveAclPolicyFromAclGroupCmd.java @@ -18,9 +18,13 @@ package org.apache.cloudstack.acl.api.command; import java.util.List; +import javax.inject.Inject; + import org.apache.log4j.Logger; -import org.apache.cloudstack.acl.AclGroup; +import org.apache.cloudstack.acl.api.AclApiService; +import org.apache.cloudstack.acl.api.response.AclGroupResponse; +import org.apache.cloudstack.acl.api.response.AclPolicyResponse; import org.apache.cloudstack.api.ACL; import org.apache.cloudstack.api.APICommand; import org.apache.cloudstack.api.ApiCommandJobType; @@ -29,9 +33,8 @@ import org.apache.cloudstack.api.ApiErrorCode; import org.apache.cloudstack.api.BaseAsyncCmd; import org.apache.cloudstack.api.Parameter; import org.apache.cloudstack.api.ServerApiException; -import org.apache.cloudstack.api.response.AclGroupResponse; -import org.apache.cloudstack.api.response.AclPolicyResponse; import org.apache.cloudstack.context.CallContext; +import org.apache.cloudstack.iam.api.AclGroup; import com.cloud.event.EventTypes; import com.cloud.exception.InsufficientCapacityException; @@ -44,6 +47,9 @@ public class RemoveAclPolicyFromAclGroupCmd extends BaseAsyncCmd { public static final Logger s_logger = Logger.getLogger(RemoveAclPolicyFromAclGroupCmd.class.getName()); private static final String s_name = "removeaclpolicyfromaclgroupresponse"; + @Inject + public AclApiService _aclApiSrv; + ///////////////////////////////////////////////////// //////////////// API parameters ///////////////////// ///////////////////////////////////////////////////// @@ -93,9 +99,9 @@ public class RemoveAclPolicyFromAclGroupCmd extends BaseAsyncCmd { public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException { CallContext.current().setEventDetails("Acl group Id: " + getId()); - AclGroup result = _aclService.removeAclPoliciesFromGroup(policyIdList, id); + AclGroup result = _aclApiSrv.removeAclPoliciesFromGroup(policyIdList, id); if (result != null){ - AclGroupResponse response = _responseGenerator.createAclGroupResponse(result); + AclGroupResponse response = _aclApiSrv.createAclGroupResponse(result); response.setResponseName(getCommandName()); setResponseObject(response); } else { diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclGroupResponse.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclGroupResponse.java new file mode 100644 index 00000000000..209aa7a7bf0 --- /dev/null +++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclGroupResponse.java @@ -0,0 +1,169 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package org.apache.cloudstack.acl.api.response; + +import java.util.LinkedHashSet; +import java.util.Set; + +import com.google.gson.annotations.SerializedName; + +import org.apache.cloudstack.acl.AclGroup; +import org.apache.cloudstack.api.ApiConstants; +import org.apache.cloudstack.api.BaseResponse; +import org.apache.cloudstack.api.EntityReference; +import org.apache.cloudstack.api.response.ControlledViewEntityResponse; + +import com.cloud.serializer.Param; + +@SuppressWarnings("unused") +@EntityReference(value = AclGroup.class) +public class AclGroupResponse extends BaseResponse implements ControlledViewEntityResponse { + + @SerializedName(ApiConstants.ID) + @Param(description = "the ID of the acl group") + private String id; + + @SerializedName(ApiConstants.NAME) + @Param(description = "the name of the acl group") + private String name; + + @SerializedName(ApiConstants.DESCRIPTION) + @Param(description = "the description of the acl group") + private String description; + + @SerializedName(ApiConstants.DOMAIN_ID) + @Param(description = "the domain ID of the acl group") + private String domainId; + + @SerializedName(ApiConstants.DOMAIN) + @Param(description = "the domain name of the acl role") + private String domainName; + + @SerializedName(ApiConstants.ACCOUNT) + @Param(description = "the account owning the policy") + private String accountName; + + @SerializedName(ApiConstants.ACL_MEMBER_ACCOUNTS) + @Param(description = "account names assigned to this acl group ") + private Set accountNameList; + + @SerializedName(ApiConstants.ACL_POLICIES) + @Param(description = "acl policies attached to this acl group ") + private Set policyNameList; + + public AclGroupResponse() { + accountNameList = new LinkedHashSet(); + policyNameList = new LinkedHashSet(); + } + + @Override + public String getObjectId() { + return getId(); + } + + + public String getId() { + return id; + } + + public void setId(String id) { + this.id = id; + } + + + public void setName(String name) { + this.name = name; + } + + public void setDescription(String description) { + this.description = description; + } + + @Override + public void setDomainId(String domainId) { + this.domainId = domainId; + } + + @Override + public void setDomainName(String domainName) { + this.domainName = domainName; + } + + @Override + public void setAccountName(String accountName) { + this.accountName = accountName; + + } + + @Override + public void setProjectId(String projectId) { + // TODO Auto-generated method stub + + } + + @Override + public void setProjectName(String projectName) { + // TODO Auto-generated method stub + + } + + public void setMemberAccounts(Set accts) { + accountNameList = accts; + } + + public void addMemberAccount(String acct) { + accountNameList.add(acct); + } + + public void setPolicyList(Set policies) { + policyNameList = policies; + } + + public void addPolicy(String policy) { + policyNameList.add(policy); + } + + public Set getPolicyList() { + return policyNameList; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((id == null) ? 0 : id.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + AclGroupResponse other = (AclGroupResponse)obj; + if (id == null) { + if (other.id != null) + return false; + } else if (!id.equals(other.id)) + return false; + return true; + } + +} diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclPermissionResponse.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclPermissionResponse.java new file mode 100644 index 00000000000..8ad662a9ce9 --- /dev/null +++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclPermissionResponse.java @@ -0,0 +1,125 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package org.apache.cloudstack.acl.api.response; + +import com.google.gson.annotations.SerializedName; + +import org.apache.cloudstack.acl.AclEntityType; +import org.apache.cloudstack.acl.AclPolicyPermission; +import org.apache.cloudstack.acl.PermissionScope; +import org.apache.cloudstack.api.ApiConstants; +import org.apache.cloudstack.api.BaseResponse; + +import com.cloud.serializer.Param; + +public class AclPermissionResponse extends BaseResponse { + + @SerializedName(ApiConstants.ACL_ACTION) + @Param(description = "action of this permission") + private String action; + + @SerializedName(ApiConstants.ENTITY_TYPE) + @Param(description = "the entity type of this permission") + private AclEntityType entityType; + + @SerializedName(ApiConstants.ACL_SCOPE) + @Param(description = "scope of this permission") + private PermissionScope scope; + + @SerializedName(ApiConstants.ACL_SCOPE_ID) + @Param(description = "scope id of this permission") + private Long scopeId; + + @SerializedName(ApiConstants.ACL_ALLOW_DENY) + @Param(description = "allow or deny of this permission") + private AclPolicyPermission.Permission permission; + + public AclEntityType getEntityType() { + return entityType; + } + + public void setEntityType(AclEntityType entityType) { + this.entityType = entityType; + } + + public String getAction() { + return action; + } + + public void setAction(String action) { + this.action = action; + } + + public PermissionScope getScope() { + return scope; + } + + public void setScope(PermissionScope scope) { + this.scope = scope; + } + + public Long getScopeId() { + return scopeId; + } + + public void setScopeId(Long scopeId) { + this.scopeId = scopeId; + } + + public AclPolicyPermission.Permission getPermission() { + return permission; + } + + public void setPermission(AclPolicyPermission.Permission permission) { + this.permission = permission; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((action == null) ? 0 : action.hashCode()); + result = prime * result + ((entityType == null) ? 0 : entityType.hashCode()); + result = prime * result + ((scope == null) ? 0 : scope.hashCode()); + result = prime * result + ((scopeId == null) ? 0 : scopeId.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + AclPermissionResponse other = (AclPermissionResponse) obj; + if ((entityType == null && other.entityType != null) || !entityType.equals(other.entityType)) { + return false; + } else if ((action == null && other.action != null) || !action.equals(other.action)) { + return false; + } else if ((scope == null && other.scope != null) || !scope.equals(other.scope)) { + return false; + } else if ((scopeId == null && other.scopeId != null) || !scopeId.equals(other.scopeId)) { + return false; + } + return true; + } + + + +} diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclPolicyResponse.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclPolicyResponse.java new file mode 100644 index 00000000000..5a6db0cfef4 --- /dev/null +++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/response/AclPolicyResponse.java @@ -0,0 +1,157 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package org.apache.cloudstack.acl.api.response; + +import java.util.LinkedHashSet; +import java.util.Set; + +import com.google.gson.annotations.SerializedName; + +import org.apache.cloudstack.acl.AclPolicy; +import org.apache.cloudstack.api.ApiConstants; +import org.apache.cloudstack.api.BaseResponse; +import org.apache.cloudstack.api.EntityReference; +import org.apache.cloudstack.api.response.ControlledViewEntityResponse; + +import com.cloud.serializer.Param; + +@SuppressWarnings("unused") +@EntityReference(value = AclPolicy.class) +public class AclPolicyResponse extends BaseResponse implements ControlledViewEntityResponse { + + @SerializedName(ApiConstants.ID) + @Param(description = "the ID of the acl policy") + private String id; + + @SerializedName(ApiConstants.NAME) + @Param(description = "the name of the acl policy") + private String name; + + @SerializedName(ApiConstants.DESCRIPTION) + @Param(description = "the description of the acl policy") + private String description; + + @SerializedName(ApiConstants.DOMAIN_ID) + @Param(description = "the domain ID of the acl policy") + private String domainId; + + @SerializedName(ApiConstants.DOMAIN) + @Param(description = "the domain name of the acl policy") + private String domainName; + + @SerializedName(ApiConstants.ACCOUNT) + @Param(description = "the account owning the policy") + private String accountName; + + @SerializedName(ApiConstants.ACL_PERMISSIONS) + @Param(description = "set of permissions for the acl policy") + private Set permissionList; + + public AclPolicyResponse() { + permissionList = new LinkedHashSet(); + } + + @Override + public String getObjectId() { + return getId(); + } + + + public String getId() { + return id; + } + + public void setId(String id) { + this.id = id; + } + + + public void setName(String name) { + this.name = name; + } + + public void setDescription(String description) { + this.description = description; + } + + @Override + public void setDomainId(String domainId) { + this.domainId = domainId; + } + + @Override + public void setDomainName(String domainName) { + this.domainName = domainName; + } + + public Set getPermissionList() { + return permissionList; + } + + public void setPermissionList(Set perms) { + permissionList = perms; + } + + public void addPermission(AclPermissionResponse perm) { + permissionList.add(perm); + } + + @Override + public void setAccountName(String accountName) { + this.accountName = accountName; + } + + @Override + public void setProjectId(String projectId) { + // TODO Auto-generated method stub + + } + + @Override + public void setProjectName(String projectName) { + // TODO Auto-generated method stub + + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((id == null) ? 0 : id.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + AclPolicyResponse other = (AclPolicyResponse) obj; + if (id == null) { + if (other.id != null) + return false; + } else if (!id.equals(other.id)) + return false; + return true; + } + + + +} diff --git a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java index 9695efda200..ed82f65eeeb 100644 --- a/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java +++ b/services/iam/server/src/org/apache/cloudstack/iam/api/IAMService.java @@ -50,8 +50,12 @@ public interface IAMService { AclPolicy removeAclPermissionFromAclPolicy(long aclPolicyId, String entityType, String scope, Long scopeId, String action); + AclPolicy getResourceOwnerPolicy(); + List listPolicyPermissionsByScope(long policyId, String action, String scope); + List listPollcyPermissionByEntityType(long policyId, String action, String entityType); + boolean isAPIAccessibleForPolicies(String apiName, List policies); List getGrantedEntities(long accountId, String action, String scope); diff --git a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java index b04e1006da4..8c87afc860e 100644 --- a/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java +++ b/services/iam/server/src/org/apache/cloudstack/iam/server/IAMServiceImpl.java @@ -535,4 +535,17 @@ public class IAMServiceImpl extends ManagerBase implements IAMService, Manager { return pl; } + @Override + public List listPollcyPermissionByEntityType(long policyId, String action, String entityType) { + List pp = _policyPermissionDao.listByPolicyActionAndEntity(policyId, action, entityType); + List pl = new ArrayList(); + pl.addAll(pp); + return pl; + } + + @Override + public AclPolicy getResourceOwnerPolicy() { + return _aclPolicyDao.findByName("RESOURCE_OWNER"); + } + }