Add transaction handling in AclServiceImpl, and parent role support in

createAclRole.
2013-09-27 10:14:13 -07:00 · 2013-09-27 10:14:13 -07:00 · ed22dfef1b
parent 97fd99b09a
commit ed22dfef1b
3 changed files with 30 additions and 3 deletions
--- a/api/src/org/apache/cloudstack/acl/AclService.java
+++ b/api/src/org/apache/cloudstack/acl/AclService.java
@ -31,7 +31,7 @@ public interface AclService {
     * @return AclRole
     */

-    AclRole createAclRole(Long domainId, String aclRoleName, String description);
+    AclRole createAclRole(Long domainId, String aclRoleName, String description, Long parentRoleId);

    /**
     * Delete an acl role.
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java
@ -19,6 +19,7 @@ package org.apache.cloudstack.api.command.admin.acl;
 import org.apache.log4j.Logger;

 import org.apache.cloudstack.acl.AclRole;
+import org.apache.cloudstack.api.ACL;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiCommandJobType;
 import org.apache.cloudstack.api.ApiConstants;
@ -52,6 +53,10 @@ public class CreateAclRoleCmd extends BaseAsyncCreateCmd {
    @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the acl group")
    private String name;

+    @ACL
+    @Parameter(name = ApiConstants.ACL_PARENT_ROLE_ID, type = CommandType.UUID, description = "The ID of parent acl role.", entityType = AclRoleResponse.class)
+    private Long parentRoleId;
+

    // ///////////////////////////////////////////////////
    // ///////////////// Accessors ///////////////////////
@ -70,6 +75,9 @@ public class CreateAclRoleCmd extends BaseAsyncCreateCmd {
        return name;
    }

+    public Long getParentRoleId() {
+        return parentRoleId;
+    }

    // ///////////////////////////////////////////////////
    // ///////////// API Implementation///////////////////
@ -99,7 +107,7 @@ public class CreateAclRoleCmd extends BaseAsyncCreateCmd {

    @Override
    public void create() throws ResourceAllocationException {
-        AclRole result = _aclService.createAclRole(domainId, name, description);
+        AclRole result = _aclService.createAclRole(domainId, name, description, parentRoleId);
        if (result != null) {
            setEntityId(result.getId());
            setEntityUuid(result.getUuid());
--- a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
+++ b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
@ -41,6 +41,7 @@ import com.cloud.utils.Pair;
 import com.cloud.utils.component.Manager;
 import com.cloud.utils.component.ManagerBase;
 import com.cloud.utils.db.DB;
+import com.cloud.utils.db.Transaction;

@Local(value = {AclService.class})
 public class AclServiceImpl extends ManagerBase implements AclService, Manager {
@ -73,7 +74,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
    @DB
    @Override
    @ActionEvent(eventType = EventTypes.EVENT_ACL_ROLE_CREATE, eventDescription = "Creating Acl Role", create = true)
-    public AclRole createAclRole(Long domainId, String aclRoleName, String description) {
+    public AclRole createAclRole(Long domainId, String aclRoleName, String description, Long parentRoleId) {
        Account caller = CallContext.current().getCallingAccount();
        if (!_accountMgr.isRootAdmin(caller.getAccountId())) {
            // domain admin can only create role for his domain
@ -92,6 +93,9 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
        if (domainId != null) {
            rvo.setDomainId(domainId);
        }
+        if (parentRoleId != null) {
+            rvo.setParentRoleId(parentRoleId);
+        }
        return _aclRoleDao.persist(rvo);
    }

@ -109,6 +113,8 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
        // check permissions
        _accountMgr.checkAccess(caller, null, true, role);

+        Transaction txn = Transaction.currentTxn();
+        txn.start();
        // remove this role related entry in acl_group_role_map
        List<AclGroupRoleMapVO> groupRoleMap = _aclGroupRoleMapDao.listByRoleId(role.getId());
        if (groupRoleMap != null) {
@ -127,6 +133,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {

        // remove this role from acl_role table
        _aclRoleDao.remove(aclRoleId);
+        txn.commit();

        return true;
    }
@ -146,6 +153,8 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
        // check permissions
        _accountMgr.checkAccess(caller, null, true, role);

+        Transaction txn = Transaction.currentTxn();
+        txn.start();
        // add entries in acl_api_permission table
        for (String api : apiNames) {
            AclApiPermissionVO perm = _apiPermissionDao.findByRoleAndApi(aclRoleId, api);
@ -155,6 +164,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
                _apiPermissionDao.persist(perm);
            }
        }
+        txn.commit();
        return role;

    }
@ -173,6 +183,8 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
        // check permissions
        _accountMgr.checkAccess(caller, null, true, role);

+        Transaction txn = Transaction.currentTxn();
+        txn.start();
        // add entries in acl_api_permission table
        for (String api : apiNames) {
            AclApiPermissionVO perm = _apiPermissionDao.findByRoleAndApi(aclRoleId, api);
@ -181,6 +193,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
                _apiPermissionDao.remove(perm.getId());
            }
        }
+        txn.commit();
        return role;
    }

@ -198,6 +211,8 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
        // check group permissions
        _accountMgr.checkAccess(caller, null, true, group);
 
+        Transaction txn = Transaction.currentTxn();
+        txn.start();
        // add entries in acl_group_role_map table
        for (Long roleId : roleIds) {
            // check role permissions
@ -215,6 +230,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
                _aclGroupRoleMapDao.persist(grMap);
            }
        }
+        txn.commit();
        return group;
    }

@ -232,6 +248,8 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
        // check group permissions
        _accountMgr.checkAccess(caller, null, true, group);

+        Transaction txn = Transaction.currentTxn();
+        txn.start();
        // add entries in acl_group_role_map table
        for (Long roleId : roleIds) {
            // check role permissions
@ -248,6 +266,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
                _aclGroupRoleMapDao.remove(grMap.getId());
            }
        }
+        txn.commit();
        return group;
    }