apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Refactoring the lockUser cmd

Browse Source
This commit is contained in:
abhishek 2010-08-20 14:20:27 -07:00
parent 934173db2e
commit 58598bb0cb
3 changed files with 66 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
server/src/com/cloud/api/commands/LockUserCmd.java
View File

@ -17,29 +17,18 @@
*/ */
package com.cloud.api.commands; package com.cloud.api.commands;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import com.cloud.api.BaseCmd; import com.cloud.api.BaseCmd;
import com.cloud.api.Implementation;
import com.cloud.api.Parameter; import com.cloud.api.Parameter;
import com.cloud.api.ServerApiException; import com.cloud.api.BaseCmd.Manager;
import com.cloud.user.Account;
import com.cloud.user.User;
import com.cloud.utils.Pair;
@Implementation(method="lockUser", manager=Manager.ManagementServer)
public class LockUserCmd extends BaseCmd { public class LockUserCmd extends BaseCmd {
public static final Logger s_logger = Logger.getLogger(LockUserCmd.class.getName()); public static final Logger s_logger = Logger.getLogger(LockUserCmd.class.getName());
private static final String s_name = "lockuserresponse"; private static final String s_name = "lockuserresponse";
private static final List<Pair<Enum, Boolean>> s_properties = new ArrayList<Pair<Enum, Boolean>>();
static {
s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.ID, Boolean.TRUE));
s_properties.add(new Pair<Enum, Boolean>(BaseCmd.Properties.ACCOUNT_OBJ, Boolean.FALSE));
}
///////////////////////////////////////////////////// /////////////////////////////////////////////////////
//////////////// API parameters ///////////////////// //////////////// API parameters /////////////////////
@ -63,36 +52,39 @@ public class LockUserCmd extends BaseCmd {
public String getName() { public String getName() {
return s_name; return s_name;
} }
public List<Pair<Enum, Boolean>> getProperties() {
return s_properties;
}
@Override // @Override
public List<Pair<String, Object>> execute(Map<String, Object> params) { // public List<Pair<String, Object>> execute(Map<String, Object> params) {
Account adminAccount = (Account)params.get(BaseCmd.Properties.ACCOUNT_OBJ.getName()); // Account adminAccount = (Account)params.get(BaseCmd.Properties.ACCOUNT_OBJ.getName());
Long id = (Long)params.get(BaseCmd.Properties.ID.getName()); // Long id = (Long)params.get(BaseCmd.Properties.ID.getName());
//
// // Check if user with id exists in the system
// User user = getManagementServer().findUserById(id);
// if (user == null) {
// throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to find user by id");
// } else if (user.getRemoved() != null) {
// throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to find user by id");
// }
//
// // If the user is a System user, return an error. We do not allow this
// Account account = getManagementServer().findAccountById(user.getAccountId());
// if ((account != null) && (account.getId() == Account.ACCOUNT_ID_SYSTEM)) {
// throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "user id : " + id + " is a system user, locking is not allowed");
// }
//
// if ((adminAccount != null) && !getManagementServer().isChildDomain(adminAccount.getDomainId(), account.getDomainId())) {
// throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Failed to lock user " + id + ", permission denied.");
// }
//
// boolean success = getManagementServer().lockUser(id.longValue());
// List<Pair<String, Object>> returnValues = new ArrayList<Pair<String, Object>>();
// returnValues.add(new Pair<String, Object>(BaseCmd.Properties.SUCCESS.getName(), Boolean.valueOf(success).toString()));
// return returnValues;
// }
// Check if user with id exists in the system @Override
User user = getManagementServer().findUserById(id); public String getResponse() {
if (user == null) { // TODO Auto-generated method stub
throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to find user by id"); return null;
} else if (user.getRemoved() != null) { }
throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to find user by id");
}
// If the user is a System user, return an error. We do not allow this
Account account = getManagementServer().findAccountById(user.getAccountId());
if ((account != null) && (account.getId() == Account.ACCOUNT_ID_SYSTEM)) {
throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "user id : " + id + " is a system user, locking is not allowed");
}
if ((adminAccount != null) && !getManagementServer().isChildDomain(adminAccount.getDomainId(), account.getDomainId())) {
throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Failed to lock user " + id + ", permission denied.");
}
boolean success = getManagementServer().lockUser(id.longValue());
List<Pair<String, Object>> returnValues = new ArrayList<Pair<String, Object>>();
returnValues.add(new Pair<String, Object>(BaseCmd.Properties.SUCCESS.getName(), Boolean.valueOf(success).toString()));
return returnValues;
}
} }

3
server/src/com/cloud/server/ManagementServer.java
View File

@ -29,6 +29,7 @@ import com.cloud.api.commands.CreatePortForwardingServiceRuleCmd;
import com.cloud.api.commands.EnableAccountCmd; import com.cloud.api.commands.EnableAccountCmd;
import com.cloud.api.commands.EnableUserCmd; import com.cloud.api.commands.EnableUserCmd;
import com.cloud.api.commands.GetCloudIdentifierCmd; import com.cloud.api.commands.GetCloudIdentifierCmd;
import com.cloud.api.commands.LockUserCmd;
import com.cloud.api.commands.RebootSystemVmCmd; import com.cloud.api.commands.RebootSystemVmCmd;
import com.cloud.api.commands.RegisterCmd; import com.cloud.api.commands.RegisterCmd;
import com.cloud.api.commands.RemovePortForwardingServiceCmd; import com.cloud.api.commands.RemovePortForwardingServiceCmd;
@ -252,7 +253,7 @@ public interface ManagementServer {
* @param userId * @param userId
* @return true if enable was successful, false otherwise * @return true if enable was successful, false otherwise
*/ */
boolean lockUser(long userId); boolean lockUser(LockUserCmd cmd);
/** /**
* registerPreallocatedLun registers a preallocated lun in our database. * registerPreallocatedLun registers a preallocated lun in our database.

31
server/src/com/cloud/server/ManagementServerImpl.java
View File

@ -71,6 +71,7 @@ import com.cloud.api.commands.DeployVMCmd;
import com.cloud.api.commands.EnableAccountCmd; import com.cloud.api.commands.EnableAccountCmd;
import com.cloud.api.commands.EnableUserCmd; import com.cloud.api.commands.EnableUserCmd;
import com.cloud.api.commands.GetCloudIdentifierCmd; import com.cloud.api.commands.GetCloudIdentifierCmd;
import com.cloud.api.commands.LockUserCmd;
import com.cloud.api.commands.PrepareForMaintenanceCmd; import com.cloud.api.commands.PrepareForMaintenanceCmd;
import com.cloud.api.commands.PreparePrimaryStorageForMaintenanceCmd; import com.cloud.api.commands.PreparePrimaryStorageForMaintenanceCmd;
import com.cloud.api.commands.RebootSystemVmCmd; import com.cloud.api.commands.RebootSystemVmCmd;
@ -1082,18 +1083,38 @@ public class ManagementServerImpl implements ManagementServer {
} }
@Override @Override
public boolean lockUser(long userId) { public boolean lockUser(LockUserCmd cmd) {
boolean success = false; boolean success = false;
Account adminAccount = (Account)UserContext.current().getAccountObject();
Long id = cmd.getId();
// Check if user with id exists in the system
User user = _userDao.findById(id);
if (user == null) {
throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to find user by id");
} else if (user.getRemoved() != null) {
throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to find user by id");
}
// If the user is a System user, return an error. We do not allow this
Account account = _accountDao.findById(user.getAccountId());
if ((account != null) && (account.getId() == Account.ACCOUNT_ID_SYSTEM)) {
throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "user id : " + id + " is a system user, locking is not allowed");
}
if ((adminAccount != null) && !_domainDao.isChildDomain(adminAccount.getDomainId(), account.getDomainId())) {
throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Failed to lock user " + id + ", permission denied.");
}
// make sure the account is enabled too // make sure the account is enabled too
UserVO user = _userDao.findById(userId);
if (user != null) { if (user != null) {
// if the user is either locked already or disabled already, don't change state...only lock currently enabled users // if the user is either locked already or disabled already, don't change state...only lock currently enabled users
if (user.getState().equals(Account.ACCOUNT_STATE_LOCKED)) { if (user.getState().equals(Account.ACCOUNT_STATE_LOCKED)) {
// already locked...no-op // already locked...no-op
return true; return true;
} else if (user.getState().equals(Account.ACCOUNT_STATE_ENABLED)) { } else if (user.getState().equals(Account.ACCOUNT_STATE_ENABLED)) {
success = doSetUserStatus(userId, Account.ACCOUNT_STATE_LOCKED); success = doSetUserStatus(user.getId(), Account.ACCOUNT_STATE_LOCKED);
boolean lockAccount = true; boolean lockAccount = true;
List<UserVO> allUsersByAccount = _userDao.listByAccount(user.getAccountId()); List<UserVO> allUsersByAccount = _userDao.listByAccount(user.getAccountId());
@ -1109,11 +1130,11 @@ public class ManagementServerImpl implements ManagementServer {
} }
} else { } else {
if (s_logger.isInfoEnabled()) { if (s_logger.isInfoEnabled()) {
s_logger.info("Attempting to lock a non-enabled user, current state is " + user.getState() + " (userId: " + userId + "), locking failed."); s_logger.info("Attempting to lock a non-enabled user, current state is " + user.getState() + " (userId: " + user.getId() + "), locking failed.");
} }
} }
} else { } else {
s_logger.warn("Unable to find user with id: " + userId); s_logger.warn("Unable to find user with id: " + UserContext.current().getUserId());
} }
return success; return success;
} }