From ed22dfef1b7c5a0f55fbded4e71fba885977b78c Mon Sep 17 00:00:00 2001
From: Min Chen <min.chen@citrix.com>
Date: Fri, 27 Sep 2013 10:14:13 -0700
Subject: [PATCH] Add transaction handling in AclServiceImpl, and parent role
 support in createAclRole.

---
 .../org/apache/cloudstack/acl/AclService.java |  2 +-
 .../command/admin/acl/CreateAclRoleCmd.java   | 10 ++++++++-
 .../apache/cloudstack/acl/AclServiceImpl.java | 21 ++++++++++++++++++-
 3 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/api/src/org/apache/cloudstack/acl/AclService.java b/api/src/org/apache/cloudstack/acl/AclService.java
index a8ed501ed4b..0b83a21a8ab 100644
--- a/api/src/org/apache/cloudstack/acl/AclService.java
+++ b/api/src/org/apache/cloudstack/acl/AclService.java
@@ -31,7 +31,7 @@ public interface AclService {
      * @return AclRole
      */
 
-    AclRole createAclRole(Long domainId, String aclRoleName, String description);
+    AclRole createAclRole(Long domainId, String aclRoleName, String description, Long parentRoleId);
 
     /**
      * Delete an acl role.
diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java
index 0e6867acf40..05afbcafdca 100644
--- a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java
+++ b/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclRoleCmd.java
@@ -19,6 +19,7 @@ package org.apache.cloudstack.api.command.admin.acl;
 import org.apache.log4j.Logger;
 
 import org.apache.cloudstack.acl.AclRole;
+import org.apache.cloudstack.api.ACL;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiCommandJobType;
 import org.apache.cloudstack.api.ApiConstants;
@@ -52,6 +53,10 @@ public class CreateAclRoleCmd extends BaseAsyncCreateCmd {
     @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the acl group")
     private String name;
 
+    @ACL
+    @Parameter(name = ApiConstants.ACL_PARENT_ROLE_ID, type = CommandType.UUID, description = "The ID of parent acl role.", entityType = AclRoleResponse.class)
+    private Long parentRoleId;
+
 
     // ///////////////////////////////////////////////////
     // ///////////////// Accessors ///////////////////////
@@ -70,6 +75,9 @@ public class CreateAclRoleCmd extends BaseAsyncCreateCmd {
         return name;
     }
 
+    public Long getParentRoleId() {
+        return parentRoleId;
+    }
 
     // ///////////////////////////////////////////////////
     // ///////////// API Implementation///////////////////
@@ -99,7 +107,7 @@ public class CreateAclRoleCmd extends BaseAsyncCreateCmd {
 
     @Override
     public void create() throws ResourceAllocationException {
-        AclRole result = _aclService.createAclRole(domainId, name, description);
+        AclRole result = _aclService.createAclRole(domainId, name, description, parentRoleId);
         if (result != null) {
             setEntityId(result.getId());
             setEntityUuid(result.getUuid());
diff --git a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
index d1741f7ef20..2ace72c37d0 100644
--- a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
+++ b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java
@@ -41,6 +41,7 @@ import com.cloud.utils.Pair;
 import com.cloud.utils.component.Manager;
 import com.cloud.utils.component.ManagerBase;
 import com.cloud.utils.db.DB;
+import com.cloud.utils.db.Transaction;
 
 @Local(value = {AclService.class})
 public class AclServiceImpl extends ManagerBase implements AclService, Manager {
@@ -73,7 +74,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
     @DB
     @Override
     @ActionEvent(eventType = EventTypes.EVENT_ACL_ROLE_CREATE, eventDescription = "Creating Acl Role", create = true)
-    public AclRole createAclRole(Long domainId, String aclRoleName, String description) {
+    public AclRole createAclRole(Long domainId, String aclRoleName, String description, Long parentRoleId) {
         Account caller = CallContext.current().getCallingAccount();
         if (!_accountMgr.isRootAdmin(caller.getAccountId())) {
             // domain admin can only create role for his domain
@@ -92,6 +93,9 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
         if (domainId != null) {
             rvo.setDomainId(domainId);
         }
+        if (parentRoleId != null) {
+            rvo.setParentRoleId(parentRoleId);
+        }
         return _aclRoleDao.persist(rvo);
     }
 
@@ -109,6 +113,8 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
         // check permissions
         _accountMgr.checkAccess(caller, null, true, role);
 
+        Transaction txn = Transaction.currentTxn();
+        txn.start();
         // remove this role related entry in acl_group_role_map
         List<AclGroupRoleMapVO> groupRoleMap = _aclGroupRoleMapDao.listByRoleId(role.getId());
         if (groupRoleMap != null) {
@@ -127,6 +133,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
 
         // remove this role from acl_role table
         _aclRoleDao.remove(aclRoleId);
+        txn.commit();
 
         return true;
     }
@@ -146,6 +153,8 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
         // check permissions
         _accountMgr.checkAccess(caller, null, true, role);
 
+        Transaction txn = Transaction.currentTxn();
+        txn.start();
         // add entries in acl_api_permission table
         for (String api : apiNames) {
             AclApiPermissionVO perm = _apiPermissionDao.findByRoleAndApi(aclRoleId, api);
@@ -155,6 +164,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
                 _apiPermissionDao.persist(perm);
             }
         }
+        txn.commit();
         return role;
 
     }
@@ -173,6 +183,8 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
         // check permissions
         _accountMgr.checkAccess(caller, null, true, role);
 
+        Transaction txn = Transaction.currentTxn();
+        txn.start();
         // add entries in acl_api_permission table
         for (String api : apiNames) {
             AclApiPermissionVO perm = _apiPermissionDao.findByRoleAndApi(aclRoleId, api);
@@ -181,6 +193,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
                 _apiPermissionDao.remove(perm.getId());
             }
         }
+        txn.commit();
         return role;
     }
 
@@ -198,6 +211,8 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
         // check group permissions
         _accountMgr.checkAccess(caller, null, true, group);
  
+        Transaction txn = Transaction.currentTxn();
+        txn.start();
         // add entries in acl_group_role_map table
         for (Long roleId : roleIds) {
             // check role permissions
@@ -215,6 +230,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
                 _aclGroupRoleMapDao.persist(grMap);
             }
         }
+        txn.commit();
         return group;
     }
 
@@ -232,6 +248,8 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
         // check group permissions
         _accountMgr.checkAccess(caller, null, true, group);
 
+        Transaction txn = Transaction.currentTxn();
+        txn.start();
         // add entries in acl_group_role_map table
         for (Long roleId : roleIds) {
             // check role permissions
@@ -248,6 +266,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager {
                 _aclGroupRoleMapDao.remove(grMap.getId());
             }
         }
+        txn.commit();
         return group;
     }