apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-11-02 20:02:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

1) replaced joinProject API with updateProjectInvitation api. You can accept/decline the invitataion with this command

Browse Source 
2) Added deleteProjectInviation command. Can be executed by project admin only
This commit is contained in:
alena 2011-10-27 18:31:09 -07:00
parent eb0fdc2925
commit b413a625f4
23 changed files with 238 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
api/src/com/cloud/api/ApiConstants.java
View File

@ -268,5 +268,6 @@ public class ApiConstants {
public static final String USER = "user";
public static final String ACTIVE_ONLY = "activeonly";
public static final String TOKEN = "token";
public static final String ACCEPT = "accept";
}

87
api/src/com/cloud/api/commands/DeleteProjectInvitationCmd.java Normal file
View File

@ -0,0 +1,87 @@
/**
* Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
*
* This software is licensed under the GNU General Public License v3 or later.
*
* It is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
package com.cloud.api.commands;
import org.apache.log4j.Logger;
import com.cloud.api.ApiConstants;
import com.cloud.api.BaseAsyncCmd;
import com.cloud.api.BaseCmd;
import com.cloud.api.Implementation;
import com.cloud.api.Parameter;
import com.cloud.api.ServerApiException;
import com.cloud.api.response.SuccessResponse;
import com.cloud.event.EventTypes;
import com.cloud.user.Account;
import com.cloud.user.UserContext;
@Implementation(description="Accepts or declines project invitation", responseObject=SuccessResponse.class)
public class DeleteProjectInvitationCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteProjectInvitationCmd.class.getName());
private static final String s_name = "deleteprojectinvitationresponse";
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@Parameter(name=ApiConstants.ID, required=true, type=CommandType.LONG, description="id of the invitation")
private Long id;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
public Long getId() {
return id;
}
@Override
public String getCommandName() {
return s_name;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@Override
public long getEntityOwnerId() {
//TODO - return project entity ownerId
return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
}
@Override
public void execute(){
UserContext.current().setEventDetails("Project invitation id " + id);
boolean result = _projectService.deleteProjectInvitation(id);
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
this.setResponseObject(response);
} else {
throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to delete the project invitation");
}
}
@Override
public String getEventType() {
return EventTypes.EVENT_PROJECT_INVITATION_REMOVE;
}
@Override
public String getEventDescription() {
return "Project invitatino id " + id + " is being removed";
}
}

9
api/src/com/cloud/api/commands/ListProjectInvitationsCmd.java
View File

@ -52,6 +52,9 @@ public class ListProjectInvitationsCmd extends BaseListCmd {
@Parameter(name=ApiConstants.STATE, type=CommandType.STRING, description="list invitations by state")
private String state;
@Parameter(name=ApiConstants.ID, type=CommandType.LONG, description="list invitations by id")
private Long id;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
@ -75,6 +78,10 @@ public class ListProjectInvitationsCmd extends BaseListCmd {
return state;
}
public Long getId() {
return id;
}
@Override
public String getCommandName() {
return s_name;
@ -86,7 +93,7 @@ public class ListProjectInvitationsCmd extends BaseListCmd {
@Override
public void execute(){
List<? extends ProjectInvitation> invites = _projectService.listProjectInvitations(projectId, accountName, domainId, state, activeOnly, this.getStartIndex(), this.getPageSizeVal());
List<? extends ProjectInvitation> invites = _projectService.listProjectInvitations(id, projectId, accountName, domainId, state, activeOnly, this.getStartIndex(), this.getPageSizeVal());
ListResponse<ProjectInvitationResponse> response = new ListResponse<ProjectInvitationResponse>();
List<ProjectInvitationResponse> projectInvitationResponses = new ArrayList<ProjectInvitationResponse>();
for (ProjectInvitation invite : invites) {

31
api/src/com/cloud/api/commands/JoinProjectCmd.java → api/src/com/cloud/api/commands/UpdateProjectInvitationCmd.java
View File

@ -30,10 +30,11 @@ import com.cloud.event.EventTypes;
import com.cloud.user.Account;
import com.cloud.user.UserContext;
@Implementation(description="Makes account to join the project", responseObject=SuccessResponse.class)
public class JoinProjectCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(JoinProjectCmd.class.getName());
private static final String s_name = "joinprojectresponse";
@Implementation(description="Accepts or declines project invitation", responseObject=SuccessResponse.class)
public class UpdateProjectInvitationCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(UpdateProjectInvitationCmd.class.getName());
private static final String s_name = "updateprojectinvitationresponse";
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
@ -41,11 +42,14 @@ public class JoinProjectCmd extends BaseAsyncCmd {
@Parameter(name=ApiConstants.PROJECT_ID, required=true, type=CommandType.LONG, description="id of the project to join")
private Long projectId;
@Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, required=true, description="account that is joining the project")
@Parameter(name=ApiConstants.ACCOUNT, type=CommandType.STRING, description="account that is joining the project")
private String accountName;
@Parameter(name=ApiConstants.TOKEN, type=CommandType.STRING, description="list invitations for specified account; this parameter has to be specified with domainId")
private String token;
@Parameter(name=ApiConstants.ACCEPT, type=CommandType.BOOLEAN, description="if true, accept the invitation, decline if false. True by default")
private Boolean accept;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
@ -67,10 +71,17 @@ public class JoinProjectCmd extends BaseAsyncCmd {
return token;
}
public Boolean getAccept() {
if (accept == null) {
return true;
}
return accept;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@Override
public long getEntityOwnerId() {
//TODO - return project entity ownerId
@ -80,8 +91,8 @@ public class JoinProjectCmd extends BaseAsyncCmd {
@Override
public void execute(){
UserContext.current().setEventDetails("Project id: "+ projectId + "; accountName " + accountName);
boolean result = _projectService.joinProject(projectId, accountName, token);
UserContext.current().setEventDetails("Project id: "+ projectId + "; accountName " + accountName + "; accept " + getAccept());
boolean result = _projectService.updateInvitation(projectId, accountName, token, getAccept());
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
this.setResponseObject(response);
@ -92,11 +103,11 @@ public class JoinProjectCmd extends BaseAsyncCmd {
@Override
public String getEventType() {
return EventTypes.EVENT_PROJECT_JOIN;
return EventTypes.EVENT_PROJECT_INVITATION_UPDATE;
}
@Override
public String getEventDescription() {
return "Account " + accountName + " joining the project: " + projectId;
return "Updating project invitation for projectId " + projectId;
}
}

7
api/src/com/cloud/api/response/ProjectInvitationResponse.java
View File

@ -6,6 +6,9 @@ import com.google.gson.annotations.SerializedName;
@SuppressWarnings("unused")
public class ProjectInvitationResponse extends BaseResponse implements ControlledEntityResponse{
@SerializedName(ApiConstants.ID) @Param(description="the id of the invitation")
private Long id;
@SerializedName(ApiConstants.PROJECT_ID) @Param(description="the id of the project")
private Long projectId;
@ -26,6 +29,10 @@ public class ProjectInvitationResponse extends BaseResponse implements Controlle
@SerializedName(ApiConstants.STATE) @Param(description="the invitation state")
private String invitationState;
public void setId(Long id) {
this.id = id;
}
public void setProjectId(Long projectId) {
this.projectId = projectId;

3
api/src/com/cloud/event/EventTypes.java
View File

@ -212,6 +212,7 @@ public class EventTypes {
public static final String EVENT_PROJECT_ACTIVATE = "PROJECT.ACTIVATE";
public static final String EVENT_PROJECT_SUSPEND = "PROJECT.SUSPEND";
public static final String EVENT_PROJECT_ACCOUNT_ADD = "PROJECT.ACCOUNT.ADD";
public static final String EVENT_PROJECT_JOIN = "PROJECT.JOIN";
public static final String EVENT_PROJECT_INVITATION_UPDATE = "PROJECT.INVITATION.UPDATE";
public static final String EVENT_PROJECT_INVITATION_REMOVE = "PROJECT.INVITATION.REMOVE";
public static final String EVENT_PROJECT_ACCOUNT_REMOVE = "PROJECT.ACCOUNT.REMOVE";
}

2
api/src/com/cloud/projects/ProjectInvitation.java
View File

@ -3,7 +3,7 @@ package com.cloud.projects;
import java.util.Date;
public interface ProjectInvitation {
public enum State {Pending, Completed, Expired}
public enum State {Pending, Completed, Expired, Declined}
long getId();

6
api/src/com/cloud/projects/ProjectService.java
View File

@ -58,13 +58,15 @@ public interface ProjectService {
List<? extends ProjectAccount> listProjectAccounts(long projectId, String accountName, String role, Long startIndex, Long pageSizeVal);
List<? extends ProjectInvitation> listProjectInvitations(Long projectId, String accountName, Long domainId, String state, boolean activeOnly, Long startIndex, Long pageSizeVal);
List<? extends ProjectInvitation> listProjectInvitations(Long id, Long projectId, String accountName, Long domainId, String state, boolean activeOnly, Long startIndex, Long pageSizeVal);
boolean joinProject(long projectId, String accountName, String token);
boolean updateInvitation(long projectId, String accountName, String token, boolean accept);
Project activateProject(long projectId);
Project suspendProject(long projectId) throws ConcurrentOperationException, ResourceUnavailableException;
Project enableProject(long projectId);
boolean deleteProjectInvitation(long invitationId);
}

3
client/tomcatconf/commands.properties.in
View File

@ -278,7 +278,8 @@ addAccountToProject=com.cloud.api.commands.AddAccountToProjectCmd;15
deleteAccountFromProject=com.cloud.api.commands.DeleteAccountFromProjectCmd;15
listProjectAccounts=com.cloud.api.commands.ListProjectAccountsCmd;15
listProjectInvitations=com.cloud.api.commands.ListProjectInvitationsCmd;15
joinProject=com.cloud.api.commands.JoinProjectCmd;15
updateProjectInvitation=com.cloud.api.commands.UpdateProjectInvitationCmd;15
deleteProjectInvitation=com.cloud.api.commands.DeleteProjectInvitationCmd;15
####
createFirewallRule=com.cloud.api.commands.CreateFirewallRuleCmd;15

1
server/src/com/cloud/api/ApiResponseHelper.java
View File

@ -2540,6 +2540,7 @@ public class ApiResponseHelper implements ResponseGenerator {
@Override
public ProjectInvitationResponse createProjectInvitationResponse(ProjectInvitation invite) {
ProjectInvitationResponse response = new ProjectInvitationResponse();
response.setId(invite.getId());
response.setProjectId(invite.getProjectId());
response.setProjectName(ApiDBUtils.findProjectById(invite.getProjectId()).getName());
response.setInvitationState(invite.getState().toString());

4
server/src/com/cloud/baremetal/BareMetalVmManagerImpl.java
View File

@ -244,8 +244,8 @@ public class BareMetalVmManagerImpl extends UserVmManagerImpl implements BareMet
if (domain == null) {
throw new CloudRuntimeException("Unable to find the domain " + dc.getDomainId() + " for the zone: " + dc);
}
_accountMgr.checkAccess(caller, domain, null);
_accountMgr.checkAccess(owner, domain, null);
_accountMgr.checkAccess(caller, domain);
_accountMgr.checkAccess(owner, domain);
}
// check if account/domain is with in resource limits to create a new vm

4
server/src/com/cloud/network/NetworkManagerImpl.java
View File

@ -1559,7 +1559,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
if (domain == null) {
throw new InvalidParameterValueException("Unable to find domain by id " + cmd.getDomainId());
}
_accountMgr.checkAccess(caller, domain, null);
_accountMgr.checkAccess(caller, domain);
isDomainSpecific = true;
}
}
@ -1856,7 +1856,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist in the system");
}
_accountMgr.checkAccess(caller, domain, null);
_accountMgr.checkAccess(caller, domain);
if (accountName != null) {
Account owner = _accountMgr.getActiveAccountByName(accountName, domainId);
if (owner == null) {

2
server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
View File

@ -1042,7 +1042,7 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
if (domain == null) {
throw new InvalidParameterValueException("Unable to find domain by id " + domainId);
}
_accountMgr.checkAccess(caller, domain, null);
_accountMgr.checkAccess(caller, domain);
if (accountName != null) {
Account account = _accountMgr.getActiveAccountByName(accountName, domainId);
if (account == null) {

88
server/src/com/cloud/projects/ProjectManagerImpl.java
View File

@ -216,7 +216,7 @@ public class ProjectManagerImpl implements ProjectManager, Manager{
throw new InvalidParameterValueException("Unable to find project by id " + projectId);
}
_accountMgr.checkAccess(caller, _domainDao.findById(project.getDomainId()), AccessType.ModifyProject);
_accountMgr.checkAccess(caller,AccessType.ModifyProject, _accountMgr.getAccount(project.getProjectAccountId()));
//at this point enabling project doesn't require anything, so just update the state
project.setState(State.Active);
@ -239,7 +239,7 @@ public class ProjectManagerImpl implements ProjectManager, Manager{
throw new InvalidParameterValueException("Unable to find project by id " + projectId);
}
_accountMgr.checkAccess(caller, _domainDao.findById(project.getDomainId()), AccessType.ModifyProject);
_accountMgr.checkAccess(caller,AccessType.ModifyProject, _accountMgr.getAccount(project.getProjectAccountId()));
//mark project as inactive first, so you can't add resources to it
Transaction txn = Transaction.currentTxn();
@ -335,7 +335,7 @@ public class ProjectManagerImpl implements ProjectManager, Manager{
throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist in the system");
}
_accountMgr.checkAccess(caller, domain, null);
_accountMgr.checkAccess(caller, domain);
if (accountName != null) {
Account owner = _accountMgr.getActiveAccountByName(accountName, domainId);
@ -438,7 +438,7 @@ public class ProjectManagerImpl implements ProjectManager, Manager{
return true;
} else if (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) {
Account owner = _accountMgr.getAccount(accountId);
_accountMgr.checkAccess(caller, _domainDao.findById(owner.getDomainId()), null);
_accountMgr.checkAccess(caller, _domainDao.findById(owner.getDomainId()));
return true;
}
@ -451,7 +451,7 @@ public class ProjectManagerImpl implements ProjectManager, Manager{
return true;
} else if (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) {
Account owner = _accountMgr.getAccount(accountId);
_accountMgr.checkAccess(caller, _domainDao.findById(owner.getDomainId()), null);
_accountMgr.checkAccess(caller, _domainDao.findById(owner.getDomainId()));
return true;
}
return _projectAccountDao.canModifyProjectAccount(caller.getId(), accountId);
@ -470,7 +470,7 @@ public class ProjectManagerImpl implements ProjectManager, Manager{
}
//verify permissions
_accountMgr.checkAccess(caller, _domainDao.findById(project.getDomainId()), AccessType.ModifyProject);
_accountMgr.checkAccess(caller,AccessType.ModifyProject, _accountMgr.getAccount(project.getProjectAccountId()));
Transaction txn = Transaction.currentTxn();
txn.start();
@ -532,8 +532,8 @@ public class ProjectManagerImpl implements ProjectManager, Manager{
throw new InvalidParameterValueException("Unable to find account name=" + accountName + " in domain id=" + project.getDomainId());
}
//verify permissions
_accountMgr.checkAccess(caller, _domainDao.findById(project.getDomainId()), AccessType.ModifyProject);
//verify permissions - only project owner can assign
_accountMgr.checkAccess(caller, AccessType.ModifyProject, _accountMgr.getAccount(project.getProjectAccountId()));
//Check if the account already added to the project
ProjectAccount projectAccount = _projectAccountDao.findByProjectIdAccountId(projectId, account.getId());
@ -601,7 +601,7 @@ public class ProjectManagerImpl implements ProjectManager, Manager{
}
//verify permissions
_accountMgr.checkAccess(caller, _domainDao.findById(project.getDomainId()), AccessType.ModifyProject);
_accountMgr.checkAccess(caller,AccessType.ModifyProject, _accountMgr.getAccount(project.getProjectAccountId()));
//Check if the account exists in the project
ProjectAccount projectAccount = _projectAccountDao.findByProjectIdAccountId(projectId, account.getId());
@ -630,7 +630,7 @@ public class ProjectManagerImpl implements ProjectManager, Manager{
}
//verify permissions
_accountMgr.checkAccess(caller, _domainDao.findById(project.getDomainId()), null);
_accountMgr.checkAccess(caller, _domainDao.findById(project.getDomainId()));
Filter searchFilter = new Filter(ProjectAccountVO.class, "id", false, startIndex, pageSizeVal);
SearchBuilder<ProjectAccountVO> sb = _projectAccountDao.createSearchBuilder();
@ -706,7 +706,7 @@ public class ProjectManagerImpl implements ProjectManager, Manager{
}
@Override
public List<? extends ProjectInvitation> listProjectInvitations(Long projectId, String accountName, Long domainId, String state, boolean activeOnly, Long startIndex, Long pageSizeVal) {
public List<? extends ProjectInvitation> listProjectInvitations(Long id, Long projectId, String accountName, Long domainId, String state, boolean activeOnly, Long startIndex, Long pageSizeVal) {
Account caller = UserContext.current().getCaller();
Long accountId = null;
String domainPath = null;
@ -725,7 +725,7 @@ public class ProjectManagerImpl implements ProjectManager, Manager{
if (domain == null) {
throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
}
_accountMgr.checkAccess(caller, domain, null);
_accountMgr.checkAccess(caller, domain);
if (accountName != null) {
Account account = _accountDao.findActiveAccount(accountName, domainId);
@ -746,6 +746,7 @@ public class ProjectManagerImpl implements ProjectManager, Manager{
sb.and("projectId", sb.entity().getProjectId(), SearchCriteria.Op.EQ);
sb.and("state", sb.entity().getState(), SearchCriteria.Op.EQ);
sb.and("created", sb.entity().getCreated(), SearchCriteria.Op.GT);
sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
if (domainPath != null) {
// do a domain LIKE match for the admin case if isRecursive is true
@ -772,6 +773,10 @@ public class ProjectManagerImpl implements ProjectManager, Manager{
sc.setParameters("state", state);
}
if (id != null) {
sc.setParameters("id", id);
}
if (activeOnly) {
sc.setParameters("state", ProjectInvitation.State.Pending);
sc.setParameters("created", new Date((System.currentTimeMillis() >> 10) - _invitationTimeOut));
@ -781,12 +786,17 @@ public class ProjectManagerImpl implements ProjectManager, Manager{
}
@Override @DB
@ActionEvent(eventType = EventTypes.EVENT_PROJECT_JOIN, eventDescription = "account joining from project", async=true)
public boolean joinProject(long projectId, String accountName, String token) {
@ActionEvent(eventType = EventTypes.EVENT_PROJECT_INVITATION_UPDATE, eventDescription = "updating project invitation", async=true)
public boolean updateInvitation(long projectId, String accountName, String token, boolean accept) {
Account caller = UserContext.current().getCaller();
Long accountId = null;
boolean result = true;
//if accountname and token are null, default accountname to caller's account name
if (accountName == null && token == null) {
accountName = caller.getAccountName();
}
//check that the project exists
Project project = getProject(projectId);
@ -802,7 +812,8 @@ public class ProjectManagerImpl implements ProjectManager, Manager{
}
//verify permissions
_accountMgr.checkAccess(caller, _domainDao.findById(project.getDomainId()), AccessType.ModifyProject);
_accountMgr.checkAccess(caller, null, account);
accountId = account.getId();
} else {
accountId = caller.getId();
@ -817,18 +828,21 @@ public class ProjectManagerImpl implements ProjectManager, Manager{
}
if (invite != null) {
if (!_projectInvitationDao.isActive(invite.getId(), _invitationTimeOut)) {
if (!_projectInvitationDao.isActive(invite.getId(), _invitationTimeOut) && accept) {
expireInvitation(invite);
throw new InvalidParameterValueException("Invitation is expired for account id=" + accountName + " to the project id=" + projectId);
} else {
Transaction txn = Transaction.currentTxn();
txn.start();
//complete invitation
s_logger.debug("Marking invitation " + invite + " with state " + ProjectInvitation.State.Completed);
invite.setState(ProjectInvitation.State.Completed);
ProjectInvitation.State newState = accept ? ProjectInvitation.State.Completed : ProjectInvitation.State.Declined;
//update invitation
s_logger.debug("Marking invitation " + invite + " with state " + newState);
invite.setState(newState);
result = _projectInvitationDao.update(invite.getId(), invite);
if (result) {
if (result && accept) {
//check if account already exists for the project (was added before invitation got accepted)
ProjectAccount projectAccount = _projectAccountDao.findByProjectIdAccountId(projectId, accountId);
if (projectAccount != null) {
@ -837,13 +851,13 @@ public class ProjectManagerImpl implements ProjectManager, Manager{
assignAccountToProject(project, accountId, ProjectAccount.Role.Regular);
}
} else {
s_logger.warn("Failed to update project invitation " + invite + " with state " + ProjectInvitation.State.Completed);
s_logger.warn("Failed to update project invitation " + invite + " with state " + newState);
}
txn.commit();
}
} else {
throw new InvalidParameterValueException("Unable to find invitation for account id=" + accountName + " to the project id=" + projectId);
throw new InvalidParameterValueException("Unable to find invitation for account name=" + accountName + " to the project id=" + projectId);
}
return result;
@ -867,7 +881,7 @@ public class ProjectManagerImpl implements ProjectManager, Manager{
}
//verify permissions
_accountMgr.checkAccess(caller, _domainDao.findById(project.getDomainId()), AccessType.ModifyProject);
_accountMgr.checkAccess(caller,AccessType.ModifyProject, _accountMgr.getAccount(project.getProjectAccountId()));
//allow project activation only when it's in Suspended state
Project.State currentState = project.getState();
@ -899,7 +913,7 @@ public class ProjectManagerImpl implements ProjectManager, Manager{
throw new InvalidParameterValueException("Unable to find project by id " + projectId);
}
_accountMgr.checkAccess(caller, _domainDao.findById(project.getDomainId()), AccessType.ModifyProject);
_accountMgr.checkAccess(caller,AccessType.ModifyProject, _accountMgr.getAccount(project.getProjectAccountId()));
if (suspendProject(project)) {
s_logger.debug("Successfully suspended project id=" + projectId);
@ -1021,4 +1035,30 @@ public class ProjectManagerImpl implements ProjectManager, Manager{
}
}
}
@Override @DB
@ActionEvent(eventType = EventTypes.EVENT_PROJECT_INVITATION_REMOVE, eventDescription = "removing project invitation", async=true)
public boolean deleteProjectInvitation(long id) {
Account caller = UserContext.current().getCaller();
ProjectInvitation invitation = _projectInvitationDao.findById(id);
if (invitation == null) {
throw new InvalidParameterValueException("Unable to find project invitation by id " + id);
}
//check that the project exists
Project project = getProject(invitation.getProjectId());
//check permissions - only project owner can remove the invitations
_accountMgr.checkAccess(caller, AccessType.ModifyProject, _accountMgr.getAccount(project.getProjectAccountId()));
if (_projectInvitationDao.remove(id)) {
s_logger.debug("Project Invitation id=" + id + " is removed");
return true;
} else {
s_logger.debug("Failed to remove project invitation id=" + id);
return false;
}
}
}

3
server/src/com/cloud/projects/dao/ProjectInvitationDao.java
View File

@ -29,5 +29,6 @@ public interface ProjectInvitationDao extends GenericDao<ProjectInvitationVO, Lo
boolean isActive(long id, long timeout);
ProjectInvitationVO findPendingByEmailAndProjectId(String email, long projectId);
ProjectInvitationVO findPendingByTokenAndProjectId(String token, long projectId);
void cleanupInvitations(long projectId);
void cleanupInvitations(long projectId);
ProjectInvitationVO findPendingById(long id);
}

10
server/src/com/cloud/projects/dao/ProjectInvitationDaoImpl.java
View File

@ -28,6 +28,7 @@ public class ProjectInvitationDaoImpl extends GenericDaoBase<ProjectInvitationVO
AllFieldsSearch.and("state", AllFieldsSearch.entity().getState(), SearchCriteria.Op.EQ);
AllFieldsSearch.and("email", AllFieldsSearch.entity().getEmail(), SearchCriteria.Op.EQ);
AllFieldsSearch.and("token", AllFieldsSearch.entity().getToken(), SearchCriteria.Op.EQ);
AllFieldsSearch.and("id", AllFieldsSearch.entity().getId(), SearchCriteria.Op.EQ);
AllFieldsSearch.done();
InactiveSearch = createSearchBuilder();
@ -118,6 +119,15 @@ public class ProjectInvitationDaoImpl extends GenericDaoBase<ProjectInvitationVO
return findOneBy(sc);
}
@Override
public ProjectInvitationVO findPendingById(long id) {
SearchCriteria<ProjectInvitationVO> sc = AllFieldsSearch.create();
sc.setParameters("id", id);
sc.setParameters("state", State.Pending);
return findOneBy(sc);
}
@Override
public void cleanupInvitations(long projectId) {
SearchCriteria<ProjectInvitationVO> sc = AllFieldsSearch.create();

8
server/src/com/cloud/resourcelimit/ResourceLimitManagerImpl.java
View File

@ -323,7 +323,7 @@ public class ResourceLimitManagerImpl implements ResourceLimitService, Manager{
return limits;
}
_accountMgr.checkAccess(caller, domain, null);
_accountMgr.checkAccess(caller, domain);
if (accountId != null) {
//Verify account information and permissions
@ -356,7 +356,7 @@ public class ResourceLimitManagerImpl implements ResourceLimitService, Manager{
_accountMgr.checkAccess(caller, null, _accountDao.findById(vo.getAccountId()));
limits.add(vo);
} else if (vo.getDomainId() != null) {
_accountMgr.checkAccess(caller, _domainDao.findById(vo.getDomainId()), null);
_accountMgr.checkAccess(caller, _domainDao.findById(vo.getDomainId()));
limits.add(vo);
}
@ -493,7 +493,7 @@ public class ResourceLimitManagerImpl implements ResourceLimitService, Manager{
} else if (domainId != null) {
Domain domain = _entityMgr.findById(Domain.class, domainId);
_accountMgr.checkAccess(caller, domain, null);
_accountMgr.checkAccess(caller, domain);
if ((caller.getDomainId() == domainId.longValue()) && caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN || caller.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) {
// if the admin is trying to update their own domain, disallow...
@ -550,7 +550,7 @@ public class ResourceLimitManagerImpl implements ResourceLimitService, Manager{
if (domain == null) {
throw new InvalidParameterValueException("Please specify a valid domain ID.");
}
_accountMgr.checkAccess(callerAccount, domain, null);
_accountMgr.checkAccess(callerAccount, domain);
if (resourceType != null) {
resourceTypes.add(resourceType);

10
server/src/com/cloud/server/ManagementServerImpl.java
View File

@ -601,7 +601,7 @@ public class ManagementServerImpl implements ManagementServer {
throw new InvalidParameterValueException("Unable to find domain by id=" + domainId);
}
_accountMgr.checkAccess(caller, domain, null);
_accountMgr.checkAccess(caller, domain);
} else {
// default domainId to the admin's domain
domainId = caller.getDomainId();
@ -1431,7 +1431,7 @@ public class ManagementServerImpl implements ManagementServer {
if (domain == null) {
throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
}
_accountMgr.checkAccess(caller, domain, null);
_accountMgr.checkAccess(caller, domain);
if (accountName != null) {
Account account = _accountDao.findActiveAccount(accountName, domainId);
@ -2007,7 +2007,7 @@ public class ManagementServerImpl implements ManagementServer {
if (domain == null) {
throw new InvalidParameterValueException("Unable to find domain by id " + domainId);
}
_accountMgr.checkAccess(caller, domain, null);
_accountMgr.checkAccess(caller, domain);
if (accountName != null) {
Account userAccount = _accountDao.findActiveAccount(accountName, domainId);
@ -2371,7 +2371,7 @@ public class ManagementServerImpl implements ManagementServer {
// check permissions
Account caller = UserContext.current().getCaller();
_accountMgr.checkAccess(caller, domain, null);
_accountMgr.checkAccess(caller, domain);
//domain name is unique in the cloud
if (domainName != null) {
@ -2691,7 +2691,7 @@ public class ManagementServerImpl implements ManagementServer {
throw new InvalidParameterValueException("Unable to find domain by id " + domainId);
}
_accountMgr.checkAccess(caller, domain, null);
_accountMgr.checkAccess(caller, domain);
if (acctName != null) {
Account userAccount = _accountDao.findActiveAccount(acctName, domainId);

2
server/src/com/cloud/user/AccountManager.java
View File

@ -42,7 +42,7 @@ public interface AccountManager extends AccountService {
boolean deleteAccount(AccountVO account, long callerUserId, Account caller);
void checkAccess(Account account, Domain domain, AccessType accessType) throws PermissionDeniedException;
void checkAccess(Account account, Domain domain) throws PermissionDeniedException;
void checkAccess(Account account, AccessType accessType, ControlledEntity... entities) throws PermissionDeniedException;

12
server/src/com/cloud/user/AccountManagerImpl.java
View File

@ -266,7 +266,7 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag
}
@Override
public void checkAccess(Account caller, Domain domain, AccessType accessType) throws PermissionDeniedException {
public void checkAccess(Account caller, Domain domain) throws PermissionDeniedException {
for (SecurityChecker checker : _securityCheckers) {
if (checker.checkAccess(caller, domain)) {
if (s_logger.isDebugEnabled()) {
@ -619,7 +619,7 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag
}
//Check permissions
checkAccess(UserContext.current().getCaller(), domain, null);
checkAccess(UserContext.current().getCaller(), domain);
if (!_userAccountDao.validateUsernameInDomain(userName, domainId)) {
@ -670,7 +670,7 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag
throw new CloudRuntimeException("The user cannot be created as domain " + domain.getName() + " is being deleted");
}
checkAccess(UserContext.current().getCaller(), domain, null);
checkAccess(UserContext.current().getCaller(), domain);
Account account = _accountDao.findActiveAccount(accountName, domainId);
if (account == null || account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
@ -1045,7 +1045,7 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag
}
// Check if user performing the action is allowed to modify this account
checkAccess(UserContext.current().getCaller(), _domainMgr.getDomain(account.getDomainId()), null);
checkAccess(UserContext.current().getCaller(), _domainMgr.getDomain(account.getDomainId()));
// check if the given account name is unique in this domain for updating
Account duplicateAcccount = _accountDao.findAccount(newAccountName, domainId);
@ -1252,7 +1252,7 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag
if (owner == null) {
throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId);
}
checkAccess(caller, domain, null);
checkAccess(caller, domain);
return owner;
} else if (!isAdmin(caller.getType()) && accountName != null && domainId != null) {
@ -1320,7 +1320,7 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag
throw new InvalidParameterValueException("Unable to find the domain by id=" + domainId);
}
checkAccess(caller, domain, null);
checkAccess(caller, domain);
if (accountName != null) {
Account owner = getActiveAccountByName(accountName, domainId);

4
server/src/com/cloud/user/DomainManagerImpl.java
View File

@ -135,7 +135,7 @@ public class DomainManagerImpl implements DomainManager, DomainService, Manager{
throw new CloudRuntimeException("The domain cannot be created as the parent domain " + parentDomain.getName() + " is being deleted");
}
_accountMgr.checkAccess(caller, parentDomain, null);
_accountMgr.checkAccess(caller, parentDomain);
return createDomain(name, parentId, caller.getId(), networkDomain);
@ -208,7 +208,7 @@ public class DomainManagerImpl implements DomainManager, DomainService, Manager{
throw new PermissionDeniedException("Can't delete ROOT domain");
}
_accountMgr.checkAccess(caller, domain, null);
_accountMgr.checkAccess(caller, domain);
return deleteDomain(domain, cleanup);
}

8
server/src/com/cloud/vm/UserVmManagerImpl.java
View File

@ -2299,9 +2299,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
throw new CloudRuntimeException("Unable to find the domain " + zone.getDomainId() + " for the zone: " + zone);
}
// check that caller can operate with domain
_accountMgr.checkAccess(caller, domain, null);
_accountMgr.checkAccess(caller, domain);
// check that vm owner can create vm in the domain
_accountMgr.checkAccess(owner, domain, null);
_accountMgr.checkAccess(owner, domain);
}
// check if account/domain is with in resource limits to create a new vm
@ -2906,7 +2906,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
if (domain == null) {
throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
}
_accountMgr.checkAccess(caller, domain, null);
_accountMgr.checkAccess(caller, domain);
}
boolean isAdmin = false;
@ -3331,7 +3331,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
// VV 5: check that vm owner can create vm in the domain
DomainVO domain = _domainDao.findById(oldAccount.getDomainId());
_accountMgr.checkAccess(newAccount, domain, null);
_accountMgr.checkAccess(newAccount, domain);
DataCenterVO zone = _dcDao.findById(vm.getDataCenterIdToDeployIn());
VMInstanceVO vmoi = _itMgr.findByIdAndType(vm.getType(), vm.getId());

2
server/test/com/cloud/user/MockAccountManagerImpl.java
View File

@ -179,7 +179,7 @@ public class MockAccountManagerImpl implements Manager, AccountManager {
}
@Override
public void checkAccess(Account account, Domain domain, AccessType accessType) throws PermissionDeniedException {
public void checkAccess(Account account, Domain domain) throws PermissionDeniedException {
// TODO Auto-generated method stub
}