From c3f480e9b98d2ba2b8babd7fd035ccf68630a043 Mon Sep 17 00:00:00 2001 From: Min Chen Date: Wed, 4 Dec 2013 18:44:30 -0800 Subject: [PATCH] Updated db schema based on latest FS. Still need to fix old code in AclServiceImpl, RoleBasedEntityAccessChecker and QueryManagerImpl to make all build. --- .../cloudstack/acl/AclEntityPermissionVO.java | 133 ------------------ .../cloudstack/acl/AclGroupRoleMapVO.java | 81 ----------- .../acl/AclPolicyPermissionMapVO.java | 81 ----------- .../cloudstack/acl/AclRolePermissionVO.java | 118 ---------------- .../org/apache/cloudstack/acl/AclRoleVO.java | 124 ---------------- .../acl/dao/AclEntityPermissionDao.java | 32 ----- .../acl/dao/AclEntityPermissionDaoImpl.java | 85 ----------- .../acl/dao/AclGroupPolicyMapDao.java | 17 +++ .../acl/dao/AclGroupPolicyMapDaoImpl.java | 61 ++++++++ .../acl/dao/AclGroupRoleMapDao.java | 33 ----- .../acl/dao/AclGroupRoleMapDaoImpl.java | 80 ----------- .../{AclRoleDao.java => AclPolicyDao.java} | 8 +- ...RoleDaoImpl.java => AclPolicyDaoImpl.java} | 12 +- .../acl/dao/AclPolicyPermissionMapDao.java | 25 ---- .../dao/AclPolicyPermissionMapDaoImpl.java | 43 ------ .../acl/dao/AclRolePermissionDao.java | 36 ----- .../acl/dao/AclRolePermissionDaoImpl.java | 96 ------------- .../com/cloud/api/query/QueryManagerImpl.java | 4 +- .../apache/cloudstack/acl/AclServiceImpl.java | 41 +++--- 19 files changed, 109 insertions(+), 1001 deletions(-) delete mode 100644 engine/schema/src/org/apache/cloudstack/acl/AclEntityPermissionVO.java delete mode 100644 engine/schema/src/org/apache/cloudstack/acl/AclGroupRoleMapVO.java delete mode 100644 engine/schema/src/org/apache/cloudstack/acl/AclPolicyPermissionMapVO.java delete mode 100644 engine/schema/src/org/apache/cloudstack/acl/AclRolePermissionVO.java delete mode 100644 engine/schema/src/org/apache/cloudstack/acl/AclRoleVO.java delete mode 100644 engine/schema/src/org/apache/cloudstack/acl/dao/AclEntityPermissionDao.java delete mode 100644 engine/schema/src/org/apache/cloudstack/acl/dao/AclEntityPermissionDaoImpl.java create mode 100644 engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupPolicyMapDao.java create mode 100644 engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupPolicyMapDaoImpl.java delete mode 100644 engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupRoleMapDao.java delete mode 100644 engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupRoleMapDaoImpl.java rename engine/schema/src/org/apache/cloudstack/acl/dao/{AclRoleDao.java => AclPolicyDao.java} (80%) rename engine/schema/src/org/apache/cloudstack/acl/dao/{AclRoleDaoImpl.java => AclPolicyDaoImpl.java} (82%) delete mode 100644 engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionMapDao.java delete mode 100644 engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionMapDaoImpl.java delete mode 100644 engine/schema/src/org/apache/cloudstack/acl/dao/AclRolePermissionDao.java delete mode 100644 engine/schema/src/org/apache/cloudstack/acl/dao/AclRolePermissionDaoImpl.java diff --git a/engine/schema/src/org/apache/cloudstack/acl/AclEntityPermissionVO.java b/engine/schema/src/org/apache/cloudstack/acl/AclEntityPermissionVO.java deleted file mode 100644 index 151e9c0b649..00000000000 --- a/engine/schema/src/org/apache/cloudstack/acl/AclEntityPermissionVO.java +++ /dev/null @@ -1,133 +0,0 @@ -package org.apache.cloudstack.acl; - -import java.util.Date; - -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.EnumType; -import javax.persistence.Enumerated; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Table; - -import org.apache.cloudstack.acl.SecurityChecker.AccessType; - -import com.cloud.utils.db.GenericDao; - -@Entity -@Table(name = ("acl_entity_permission")) -public class AclEntityPermissionVO implements AclEntityPermission { - - @Id - @GeneratedValue(strategy = GenerationType.IDENTITY) - @Column(name = "id") - private long id; - - @Column(name = "group_id") - private long aclGroupId; - - @Column(name = "entity_type") - private String entityType; - - @Column(name = "entity_id") - private long entityId; - - @Column(name = "entity_uuid") - private String entityUuid; - - @Column(name = "access_type") - @Enumerated(value = EnumType.STRING) - AccessType accessType; - - @Column(name = "permission") - private boolean allowed; - - @Column(name = GenericDao.REMOVED_COLUMN) - private Date removed; - - @Column(name = GenericDao.CREATED_COLUMN) - private Date created; - - public AclEntityPermissionVO() { - - } - - public AclEntityPermissionVO(long groupId, String entityType, long entityId, String entityUuid, AccessType atype, - boolean permission) { - aclGroupId = groupId; - this.entityType = entityType; - this.entityId = entityId; - this.entityUuid = entityUuid; - accessType = atype; - allowed = permission; - } - - @Override - public long getId() { - return id; - } - - @Override - public Long getAclGroupId() { - return aclGroupId; - } - - @Override - public String getEntityType() { - return entityType; - } - - @Override - public Long getEntityId() { - return entityId; - } - - public String getEntityUuid() { - return entityUuid; - } - - @Override - public AccessType getAccessType() { - return accessType; - } - - - public void setAclGroupId(long aclGroupId) { - this.aclGroupId = aclGroupId; - } - - public void setEntityType(String entityType) { - this.entityType = entityType; - } - - public void setEntityId(long entityId) { - this.entityId = entityId; - } - - public void setEntityUuid(String entityUuid) { - this.entityUuid = entityUuid; - } - - public void setAccessType(AccessType accessType) { - this.accessType = accessType; - } - - public Date getRemoved() { - return removed; - } - - public Date getCreated() { - return created; - } - - @Override - public boolean isAllowed() { - return allowed; - } - - public void setAllowed(boolean allowed) { - this.allowed = allowed; - } - -} diff --git a/engine/schema/src/org/apache/cloudstack/acl/AclGroupRoleMapVO.java b/engine/schema/src/org/apache/cloudstack/acl/AclGroupRoleMapVO.java deleted file mode 100644 index b8665248406..00000000000 --- a/engine/schema/src/org/apache/cloudstack/acl/AclGroupRoleMapVO.java +++ /dev/null @@ -1,81 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.acl; - -import java.util.Date; - -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Table; - -import org.apache.cloudstack.api.InternalIdentity; - -import com.cloud.utils.db.GenericDao; - -@Entity -@Table(name = ("acl_group_role_map")) -public class AclGroupRoleMapVO implements InternalIdentity { - @Id - @GeneratedValue(strategy = GenerationType.IDENTITY) - @Column(name = "id") - private Long id; - - @Column(name = "group_id") - private long aclGroupId; - - @Column(name = "role_id") - private long aclRoleId; - - @Column(name = GenericDao.REMOVED_COLUMN) - private Date removed; - - @Column(name = GenericDao.CREATED_COLUMN) - private Date created; - - public AclGroupRoleMapVO() { - } - - public AclGroupRoleMapVO(long aclGroupId, long aclRoleId) { - this.aclGroupId = aclGroupId; - this.aclRoleId = aclRoleId; - } - - @Override - public long getId() { - return id; - } - - public long getAclGroupId() { - return aclGroupId; - } - - - public long getAclRoleId() { - return aclRoleId; - } - - public Date getRemoved() { - return removed; - } - - public Date getCreated() { - return created; - } -} diff --git a/engine/schema/src/org/apache/cloudstack/acl/AclPolicyPermissionMapVO.java b/engine/schema/src/org/apache/cloudstack/acl/AclPolicyPermissionMapVO.java deleted file mode 100644 index 7ffecbf00d3..00000000000 --- a/engine/schema/src/org/apache/cloudstack/acl/AclPolicyPermissionMapVO.java +++ /dev/null @@ -1,81 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.acl; - -import java.util.Date; - -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Table; - -import org.apache.cloudstack.api.InternalIdentity; - -import com.cloud.utils.db.GenericDao; - -@Entity -@Table(name = ("acl_policy_permission_map")) -public class AclPolicyPermissionMapVO implements InternalIdentity { - @Id - @GeneratedValue(strategy = GenerationType.IDENTITY) - @Column(name = "id") - private Long id; - - @Column(name = "policy_id") - private long aclPolicyId; - - @Column(name = "permission_id") - private long aclPermissionId; - - @Column(name = GenericDao.REMOVED_COLUMN) - private Date removed; - - @Column(name = GenericDao.CREATED_COLUMN) - private Date created; - - public AclPolicyPermissionMapVO() { - } - - public AclPolicyPermissionMapVO(long aclPolicyId, long aclPermissionId) { - this.aclPolicyId = aclPolicyId; - this.aclPermissionId = aclPermissionId; - } - - @Override - public long getId() { - return id; - } - - - public long getAclPolicyId() { - return aclPolicyId; - } - - public long getAclPermissionId() { - return aclPermissionId; - } - - public Date getRemoved() { - return removed; - } - - public Date getCreated() { - return created; - } -} diff --git a/engine/schema/src/org/apache/cloudstack/acl/AclRolePermissionVO.java b/engine/schema/src/org/apache/cloudstack/acl/AclRolePermissionVO.java deleted file mode 100644 index d1a8e32068e..00000000000 --- a/engine/schema/src/org/apache/cloudstack/acl/AclRolePermissionVO.java +++ /dev/null @@ -1,118 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.acl; - -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.EnumType; -import javax.persistence.Enumerated; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Table; - -import org.apache.cloudstack.acl.SecurityChecker.AccessType; - -@Entity -@Table(name = ("acl_role_permission")) -public class AclRolePermissionVO implements AclRolePermission { - - @Id - @GeneratedValue(strategy = GenerationType.IDENTITY) - @Column(name = "id") - private long id; - - @Column(name = "role_id") - private long aclRoleId; - - @Column(name = "entity_type") - private String entityType; - - @Column(name = "access_type") - @Enumerated(value = EnumType.STRING) - AccessType accessType; - - @Column(name = "scope") - @Enumerated(value = EnumType.STRING) - PermissionScope scope; - - @Column(name = "permission") - private boolean allowed; - - - public AclRolePermissionVO() { - - } - - public AclRolePermissionVO(long roleId, String entityType, AccessType atype) { - aclRoleId = roleId; - this.entityType = entityType; - accessType = atype; - } - - @Override - public long getId() { - return id; - } - - @Override - public Long getAclRoleId() { - return aclRoleId; - } - - @Override - public String getEntityType() { - return entityType; - } - - @Override - public AccessType getAccessType() { - return accessType; - } - - - public void setAclRoleId(long aclRoleId) { - this.aclRoleId = aclRoleId; - } - - public void setEntityType(String entityType) { - this.entityType = entityType; - } - - public void setAccessType(AccessType accessType) { - this.accessType = accessType; - } - - @Override - public PermissionScope getScope() { - return scope; - } - - public void setScope(PermissionScope scope) { - this.scope = scope; - } - - @Override - public boolean isAllowed() { - return allowed; - } - - public void setAllowed(boolean allowed) { - this.allowed = allowed; - } - -} diff --git a/engine/schema/src/org/apache/cloudstack/acl/AclRoleVO.java b/engine/schema/src/org/apache/cloudstack/acl/AclRoleVO.java deleted file mode 100644 index 30ba4726399..00000000000 --- a/engine/schema/src/org/apache/cloudstack/acl/AclRoleVO.java +++ /dev/null @@ -1,124 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.acl; - -import java.util.Date; -import java.util.UUID; - -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.EnumType; -import javax.persistence.Enumerated; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Table; - -import com.cloud.utils.db.GenericDao; - -@Entity -@Table(name = ("acl_role")) -public class AclRoleVO implements AclRole { - @Id - @GeneratedValue(strategy = GenerationType.IDENTITY) - @Column(name = "id") - private long id; - - @Column(name = "name") - private String name; - - @Column(name = "description") - private String description; - - @Column(name = "uuid") - private String uuid; - - - @Column(name = "domain_id") - private long domainId; - - @Column(name = GenericDao.REMOVED_COLUMN) - private Date removed; - - @Column(name = GenericDao.CREATED_COLUMN) - private Date created; - - @Column(name = "role_type") - @Enumerated(value = EnumType.STRING) - private AclRole.RoleType roleType; - - public AclRoleVO() { - uuid = UUID.randomUUID().toString(); - } - - public AclRoleVO(String name, String description) { - this.name = name; - this.description = description; - uuid = UUID.randomUUID().toString(); - this.roleType = AclRole.RoleType.Static; - } - - @Override - public long getId() { - return id; - } - - @Override - public String getName() { - return name; - } - - @Override - public String getDescription() { - return description; - } - - - @Override - public String getUuid() { - return uuid; - } - - public void setUuid(String uuid) { - this.uuid = uuid; - } - - public Date getRemoved() { - return removed; - } - - public Date getCreated() { - return created; - } - - @Override - public long getDomainId() { - return domainId; - } - - public void setDomainId(long domainId) { - this.domainId = domainId; - } - - public RoleType getRoleType() { - return roleType; - } - - public void setRoleType(RoleType roleType) { - this.roleType = roleType; - } -} diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclEntityPermissionDao.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclEntityPermissionDao.java deleted file mode 100644 index 74427a19bce..00000000000 --- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclEntityPermissionDao.java +++ /dev/null @@ -1,32 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.acl.dao; - -import java.util.List; - -import org.apache.cloudstack.acl.AclEntityPermissionVO; -import org.apache.cloudstack.acl.SecurityChecker.AccessType; - -import com.cloud.utils.db.GenericDao; - -public interface AclEntityPermissionDao extends GenericDao { - - AclEntityPermissionVO findByGroupAndEntity(long groupId, String entityType, long entityId, AccessType accessType); - - List findEntityIdByGroupAndPermission(long groupId, String entityType, AccessType accessType, boolean isAllowed); - -} diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclEntityPermissionDaoImpl.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclEntityPermissionDaoImpl.java deleted file mode 100644 index aa7aaf44909..00000000000 --- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclEntityPermissionDaoImpl.java +++ /dev/null @@ -1,85 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.acl.dao; - -import java.util.ArrayList; -import java.util.List; -import java.util.Map; - -import javax.naming.ConfigurationException; - -import org.springframework.stereotype.Component; - -import org.apache.cloudstack.acl.AclEntityPermissionVO; -import org.apache.cloudstack.acl.SecurityChecker.AccessType; - -import com.cloud.utils.db.GenericDaoBase; -import com.cloud.utils.db.SearchBuilder; -import com.cloud.utils.db.SearchCriteria; - -@Component -public class AclEntityPermissionDaoImpl extends GenericDaoBase implements AclEntityPermissionDao { - private SearchBuilder findByGroupEntity; - - public AclEntityPermissionDaoImpl() - { - - } - - @Override - public boolean configure(String name, Map params) throws ConfigurationException { - super.configure(name, params); - - findByGroupEntity = createSearchBuilder(); - findByGroupEntity.and("groupId", findByGroupEntity.entity().getAclGroupId(), SearchCriteria.Op.EQ); - findByGroupEntity.and("entityType", findByGroupEntity.entity().getEntityType(), SearchCriteria.Op.EQ); - findByGroupEntity.and("entityId", findByGroupEntity.entity().getEntityId(), SearchCriteria.Op.EQ); - findByGroupEntity.and("accessType", findByGroupEntity.entity().getAccessType(), SearchCriteria.Op.EQ); - findByGroupEntity.and("allowed", findByGroupEntity.entity().isAllowed(), SearchCriteria.Op.EQ); - findByGroupEntity.done(); - - return true; - } - - @Override - public AclEntityPermissionVO findByGroupAndEntity(long groupId, String entityType, long entityId, AccessType accessType) { - SearchCriteria sc = findByGroupEntity.create(); - sc.setParameters("groupId", groupId); - sc.setParameters("entityType", entityType); - sc.setParameters("entityId", entityId); - sc.setParameters("accessType", accessType); - return findOneBy(sc); - } - - @Override - public List findEntityIdByGroupAndPermission(long groupId, String entityType, AccessType accessType, boolean isAllowed) { - List idList = new ArrayList(); - SearchCriteria sc = findByGroupEntity.create(); - sc.setParameters("groupId", groupId); - sc.setParameters("entityType", entityType); - sc.setParameters("allowed", isAllowed); - sc.setParameters("accessType", accessType); - List permList = listBy(sc); - if (permList != null) { - for (AclEntityPermissionVO perm : permList) { - idList.add(perm.getEntityId()); - } - } - return idList; - } - -} diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupPolicyMapDao.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupPolicyMapDao.java new file mode 100644 index 00000000000..a92ce26e1ae --- /dev/null +++ b/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupPolicyMapDao.java @@ -0,0 +1,17 @@ +package org.apache.cloudstack.acl.dao; + +import java.util.List; + +import org.apache.cloudstack.acl.AclGroupPolicyMapVO; + +import com.cloud.utils.db.GenericDao; + +public interface AclGroupPolicyMapDao extends GenericDao { + + List listByGroupId(long groupId); + + List listByPolicyId(long policyId); + + AclGroupPolicyMapVO findByGroupAndPolicy(long groupId, long policyId); + +} diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupPolicyMapDaoImpl.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupPolicyMapDaoImpl.java new file mode 100644 index 00000000000..cb34a5733f1 --- /dev/null +++ b/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupPolicyMapDaoImpl.java @@ -0,0 +1,61 @@ +package org.apache.cloudstack.acl.dao; + +import java.util.List; +import java.util.Map; + +import javax.naming.ConfigurationException; + +import org.apache.cloudstack.acl.AclGroupPolicyMapVO; + +import com.cloud.utils.db.GenericDaoBase; +import com.cloud.utils.db.SearchBuilder; +import com.cloud.utils.db.SearchCriteria; + +public class AclGroupPolicyMapDaoImpl extends GenericDaoBase implements AclGroupPolicyMapDao { + + private SearchBuilder ListByGroupId; + private SearchBuilder ListByPolicyId; + private SearchBuilder findByPolicyGroupId; + + @Override + public boolean configure(String name, Map params) throws ConfigurationException { + super.configure(name, params); + + ListByGroupId = createSearchBuilder(); + ListByGroupId.and("groupId", ListByGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ); + ListByGroupId.done(); + + ListByPolicyId = createSearchBuilder(); + ListByPolicyId.and("policyId", ListByPolicyId.entity().getAclPolicyId(), SearchCriteria.Op.EQ); + ListByPolicyId.done(); + + findByPolicyGroupId = createSearchBuilder(); + findByPolicyGroupId.and("policyId", findByPolicyGroupId.entity().getAclPolicyId(), SearchCriteria.Op.EQ); + findByPolicyGroupId.and("groupId", findByPolicyGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ); + findByPolicyGroupId.done(); + + return true; + } + + @Override + public List listByGroupId(long groupId) { + SearchCriteria sc = ListByGroupId.create(); + sc.setParameters("groupId", groupId); + return listBy(sc); + } + + @Override + public List listByPolicyId(long policyId) { + SearchCriteria sc = ListByPolicyId.create(); + sc.setParameters("policyId", policyId); + return listBy(sc); + } + + @Override + public AclGroupPolicyMapVO findByGroupAndPolicy(long groupId, long policyId) { + SearchCriteria sc = findByPolicyGroupId.create(); + sc.setParameters("policyId", policyId); + sc.setParameters("groupId", groupId); + return findOneBy(sc); + } +} \ No newline at end of file diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupRoleMapDao.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupRoleMapDao.java deleted file mode 100644 index 0dfddb4e3a7..00000000000 --- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupRoleMapDao.java +++ /dev/null @@ -1,33 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.acl.dao; - -import java.util.List; - -import org.apache.cloudstack.acl.AclGroupRoleMapVO; - -import com.cloud.utils.db.GenericDao; - -public interface AclGroupRoleMapDao extends GenericDao { - - List listByGroupId(long groupId); - - List listByRoleId(long roleId); - - AclGroupRoleMapVO findByGroupAndRole(long groupId, long roleId); - -} diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupRoleMapDaoImpl.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupRoleMapDaoImpl.java deleted file mode 100644 index 3204dae2a1e..00000000000 --- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclGroupRoleMapDaoImpl.java +++ /dev/null @@ -1,80 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.acl.dao; - -import java.util.List; -import java.util.Map; - -import javax.naming.ConfigurationException; - -import org.springframework.stereotype.Component; - -import org.apache.cloudstack.acl.AclGroupRoleMapVO; - -import com.cloud.utils.db.GenericDaoBase; -import com.cloud.utils.db.SearchBuilder; -import com.cloud.utils.db.SearchCriteria; - -@Component -public class AclGroupRoleMapDaoImpl extends GenericDaoBase implements AclGroupRoleMapDao { - private SearchBuilder ListByGroupId; - private SearchBuilder ListByRoleId; - private SearchBuilder findByRoleGroupId; - - @Override - public boolean configure(String name, Map params) throws ConfigurationException { - super.configure(name, params); - - ListByGroupId = createSearchBuilder(); - ListByGroupId.and("groupId", ListByGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ); - ListByGroupId.done(); - - ListByRoleId = createSearchBuilder(); - ListByRoleId.and("roleId", ListByRoleId.entity().getAclRoleId(), SearchCriteria.Op.EQ); - ListByRoleId.done(); - - findByRoleGroupId = createSearchBuilder(); - findByRoleGroupId.and("roleId", findByRoleGroupId.entity().getAclRoleId(), SearchCriteria.Op.EQ); - findByRoleGroupId.and("groupId", findByRoleGroupId.entity().getAclGroupId(), SearchCriteria.Op.EQ); - findByRoleGroupId.done(); - - return true; - } - - @Override - public List listByGroupId(long groupId) { - SearchCriteria sc = ListByGroupId.create(); - sc.setParameters("groupId", groupId); - return listBy(sc); - } - - @Override - public List listByRoleId(long roleId) { - SearchCriteria sc = ListByRoleId.create(); - sc.setParameters("roleId", roleId); - return listBy(sc); - } - - @Override - public AclGroupRoleMapVO findByGroupAndRole(long groupId, long roleId) { - SearchCriteria sc = findByRoleGroupId.create(); - sc.setParameters("roleId", roleId); - sc.setParameters("groupId", groupId); - return findOneBy(sc); - } - -} diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclRoleDao.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyDao.java similarity index 80% rename from engine/schema/src/org/apache/cloudstack/acl/dao/AclRoleDao.java rename to engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyDao.java index e846ae234df..c74b53a8eea 100644 --- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclRoleDao.java +++ b/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyDao.java @@ -16,13 +16,13 @@ // under the License. package org.apache.cloudstack.acl.dao; -import org.apache.cloudstack.acl.AclRole; -import org.apache.cloudstack.acl.AclRoleVO; +import org.apache.cloudstack.acl.AclPolicy; +import org.apache.cloudstack.acl.AclPolicyVO; import com.cloud.utils.db.GenericDao; -public interface AclRoleDao extends GenericDao { +public interface AclPolicyDao extends GenericDao { - AclRole findByName(Long domainId, String roleName); + AclPolicy findByName(Long domainId, String policyName); } diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclRoleDaoImpl.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyDaoImpl.java similarity index 82% rename from engine/schema/src/org/apache/cloudstack/acl/dao/AclRoleDaoImpl.java rename to engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyDaoImpl.java index f1e00476bff..3cb32fde97f 100644 --- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclRoleDaoImpl.java +++ b/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyDaoImpl.java @@ -22,16 +22,16 @@ import javax.naming.ConfigurationException; import org.springframework.stereotype.Component; -import org.apache.cloudstack.acl.AclRole; -import org.apache.cloudstack.acl.AclRoleVO; +import org.apache.cloudstack.acl.AclPolicy; +import org.apache.cloudstack.acl.AclPolicyVO; import com.cloud.utils.db.GenericDaoBase; import com.cloud.utils.db.SearchBuilder; import com.cloud.utils.db.SearchCriteria; @Component -public class AclRoleDaoImpl extends GenericDaoBase implements AclRoleDao { - private SearchBuilder nameSearch; +public class AclPolicyDaoImpl extends GenericDaoBase implements AclPolicyDao { + private SearchBuilder nameSearch; @Override public boolean configure(String name, Map params) throws ConfigurationException { @@ -47,8 +47,8 @@ public class AclRoleDaoImpl extends GenericDaoBase implements A } @Override - public AclRole findByName(Long domainId, String name) { - SearchCriteria sc = nameSearch.create(); + public AclPolicy findByName(Long domainId, String name) { + SearchCriteria sc = nameSearch.create(); sc.setParameters("name", name); if (domainId != null) { sc.setParameters("domainId", domainId); diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionMapDao.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionMapDao.java deleted file mode 100644 index 0b18e363060..00000000000 --- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionMapDao.java +++ /dev/null @@ -1,25 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.acl.dao; - -import org.apache.cloudstack.acl.AclPolicyPermissionMapVO; - -import com.cloud.utils.db.GenericDao; - -public interface AclPolicyPermissionMapDao extends GenericDao { - -} diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionMapDaoImpl.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionMapDaoImpl.java deleted file mode 100644 index fe4579d3cf9..00000000000 --- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclPolicyPermissionMapDaoImpl.java +++ /dev/null @@ -1,43 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.acl.dao; - -import java.util.Map; - -import javax.naming.ConfigurationException; - -import org.apache.cloudstack.acl.AclPolicyPermissionMapVO; - -import com.cloud.utils.db.GenericDaoBase; - -public class AclPolicyPermissionMapDaoImpl extends GenericDaoBase implements - AclPolicyPermissionMapDao { - - public AclPolicyPermissionMapDaoImpl() - { - - } - - @Override - public boolean configure(String name, Map params) throws ConfigurationException { - super.configure(name, params); - - return true; - } - - -} diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclRolePermissionDao.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclRolePermissionDao.java deleted file mode 100644 index d2499635148..00000000000 --- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclRolePermissionDao.java +++ /dev/null @@ -1,36 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.acl.dao; - -import java.util.List; - -import org.apache.cloudstack.acl.AclRolePermissionVO; -import org.apache.cloudstack.acl.SecurityChecker.AccessType; - -import com.cloud.utils.db.GenericDao; - -public interface AclRolePermissionDao extends GenericDao { - - AclRolePermissionVO findByRoleEntityAndPermission(long roleId, String entityType, AccessType accessType, boolean isAllowed); - - AclRolePermissionVO findByRoleAndEntity(long roleId, String entityType, AccessType accessType); - - List listByRoleAndEntity(long roleId, String entityType, AccessType accessType); - - List listByRole(long roleId); - -} diff --git a/engine/schema/src/org/apache/cloudstack/acl/dao/AclRolePermissionDaoImpl.java b/engine/schema/src/org/apache/cloudstack/acl/dao/AclRolePermissionDaoImpl.java deleted file mode 100644 index 9ae81b2b656..00000000000 --- a/engine/schema/src/org/apache/cloudstack/acl/dao/AclRolePermissionDaoImpl.java +++ /dev/null @@ -1,96 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.acl.dao; - -import java.util.List; -import java.util.Map; - -import javax.naming.ConfigurationException; - -import org.springframework.stereotype.Component; - -import org.apache.cloudstack.acl.AclRolePermissionVO; -import org.apache.cloudstack.acl.SecurityChecker.AccessType; - -import com.cloud.utils.db.GenericDaoBase; -import com.cloud.utils.db.SearchBuilder; -import com.cloud.utils.db.SearchCriteria; - -@Component -public class AclRolePermissionDaoImpl extends GenericDaoBase implements AclRolePermissionDao { - private SearchBuilder findByRoleEntity; - - public AclRolePermissionDaoImpl() - { - - } - - @Override - public boolean configure(String name, Map params) throws ConfigurationException { - super.configure(name, params); - - findByRoleEntity = createSearchBuilder(); - findByRoleEntity.and("roleId", findByRoleEntity.entity().getAclRoleId(), SearchCriteria.Op.EQ); - findByRoleEntity.and().op("entityType", findByRoleEntity.entity().getEntityType(), SearchCriteria.Op.EQ); - findByRoleEntity.or("entityTypeStar", findByRoleEntity.entity().getEntityType(), SearchCriteria.Op.EQ); - findByRoleEntity.cp(); - findByRoleEntity.and("accessType", findByRoleEntity.entity().getAccessType(), SearchCriteria.Op.EQ); - findByRoleEntity.and("allowed", findByRoleEntity.entity().isAllowed(), SearchCriteria.Op.EQ); - findByRoleEntity.done(); - - return true; - } - - @Override - public AclRolePermissionVO findByRoleEntityAndPermission(long roleId, String entityType, AccessType accessType, boolean isAllowed) { - SearchCriteria sc = findByRoleEntity.create(); - sc.setParameters("roleId", roleId); - sc.setParameters("entityType", entityType); - sc.setParameters("accessType", accessType); - sc.setParameters("entityTypeStar", "*"); - sc.setParameters("allowed", isAllowed); - return findOneBy(sc); - } - - @Override - public AclRolePermissionVO findByRoleAndEntity(long roleId, String entityType, AccessType accessType) { - SearchCriteria sc = findByRoleEntity.create(); - sc.setParameters("roleId", roleId); - sc.setParameters("entityType", entityType); - sc.setParameters("accessType", accessType); - sc.setParameters("entityTypeStar", "*"); - return findOneBy(sc); - } - - @Override - public List listByRoleAndEntity(long roleId, String entityType, AccessType accessType) { - SearchCriteria sc = findByRoleEntity.create(); - sc.setParameters("roleId", roleId); - sc.setParameters("entityType", entityType); - sc.setParameters("accessType", accessType); - sc.setParameters("entityTypeStar", "*"); - return listBy(sc); - } - - @Override - public List listByRole(long roleId) { - SearchCriteria sc = findByRoleEntity.create(); - sc.setParameters("roleId", roleId); - return listBy(sc); - } - -} diff --git a/server/src/com/cloud/api/query/QueryManagerImpl.java b/server/src/com/cloud/api/query/QueryManagerImpl.java index d436453d2bf..8eff952f711 100644 --- a/server/src/com/cloud/api/query/QueryManagerImpl.java +++ b/server/src/com/cloud/api/query/QueryManagerImpl.java @@ -34,7 +34,7 @@ import org.apache.cloudstack.acl.AclRole; import org.apache.cloudstack.acl.AclService; import org.apache.cloudstack.acl.ControlledEntity.ACLType; import org.apache.cloudstack.acl.dao.AclGroupDao; -import org.apache.cloudstack.acl.dao.AclRoleDao; +import org.apache.cloudstack.acl.dao.AclPolicyDao; import org.apache.cloudstack.affinity.AffinityGroupDomainMapVO; import org.apache.cloudstack.affinity.AffinityGroupResponse; import org.apache.cloudstack.affinity.AffinityGroupVMMapVO; @@ -353,7 +353,7 @@ public class QueryManagerImpl extends ManagerBase implements QueryService { AclRoleJoinDao _aclRoleJoinDao; @Inject - AclRoleDao _aclRoleDao; + AclPolicyDao _aclRoleDao; @Inject AclGroupJoinDao _aclGroupJoinDao; diff --git a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java index 320b5422cf4..3e952f48389 100644 --- a/server/src/org/apache/cloudstack/acl/AclServiceImpl.java +++ b/server/src/org/apache/cloudstack/acl/AclServiceImpl.java @@ -29,12 +29,11 @@ import org.apache.log4j.Logger; import org.apache.cloudstack.acl.SecurityChecker.AccessType; import org.apache.cloudstack.acl.dao.AclApiPermissionDao; -import org.apache.cloudstack.acl.dao.AclEntityPermissionDao; import org.apache.cloudstack.acl.dao.AclGroupAccountMapDao; import org.apache.cloudstack.acl.dao.AclGroupDao; -import org.apache.cloudstack.acl.dao.AclGroupRoleMapDao; -import org.apache.cloudstack.acl.dao.AclRoleDao; -import org.apache.cloudstack.acl.dao.AclRolePermissionDao; +import org.apache.cloudstack.acl.dao.AclGroupPolicyMapDao; +import org.apache.cloudstack.acl.dao.AclPolicyDao; +import org.apache.cloudstack.acl.dao.AclPolicyPermissionDao; import org.apache.cloudstack.api.Identity; import org.apache.cloudstack.context.CallContext; @@ -78,7 +77,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager { AccountDao _accountDao; @Inject - AclRoleDao _aclRoleDao; + AclPolicyDao _aclRoleDao; @Inject AclGroupDao _aclGroupDao; @@ -87,7 +86,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager { EntityManager _entityMgr; @Inject - AclGroupRoleMapDao _aclGroupRoleMapDao; + AclGroupPolicyMapDao _aclGroupPolicyMapDao; @Inject AclGroupAccountMapDao _aclGroupAccountMapDao; @@ -96,10 +95,8 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager { AclApiPermissionDao _apiPermissionDao; @Inject - AclRolePermissionDao _rolePermissionDao; + AclPolicyPermissionDao _policyPermissionDao; - @Inject - AclEntityPermissionDao _entityPermissionDao; public static HashMap entityClassMap = new HashMap(); @@ -142,11 +139,11 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager { AclRole role = _aclRoleDao.persist(rvo); if (parentRoleId != null) { // copy parent role permissions - List perms = _rolePermissionDao.listByRole(parentRoleId); + List perms = _policyPermissionDao.listByRole(parentRoleId); if (perms != null) { for (AclRolePermissionVO perm : perms) { perm.setAclRoleId(role.getId()); - _rolePermissionDao.persist(perm); + _policyPermissionDao.persist(perm); } } } @@ -176,10 +173,10 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager { @Override public void doInTransactionWithoutResult(TransactionStatus status) { // remove this role related entry in acl_group_role_map - List groupRoleMap = _aclGroupRoleMapDao.listByRoleId(role.getId()); + List groupRoleMap = _aclGroupPolicyMapDao.listByRoleId(role.getId()); if (groupRoleMap != null) { for (AclGroupRoleMapVO gr : groupRoleMap) { - _aclGroupRoleMapDao.remove(gr.getId()); + _aclGroupPolicyMapDao.remove(gr.getId()); } } @@ -364,11 +361,11 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager { } _accountMgr.checkAccess(caller, null, true, role); - AclGroupRoleMapVO grMap = _aclGroupRoleMapDao.findByGroupAndRole(groupId, roleId); + AclGroupRoleMapVO grMap = _aclGroupPolicyMapDao.findByGroupAndRole(groupId, roleId); if (grMap == null) { // not there already grMap = new AclGroupRoleMapVO(groupId, roleId); - _aclGroupRoleMapDao.persist(grMap); + _aclGroupPolicyMapDao.persist(grMap); } } } @@ -404,10 +401,10 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager { } _accountMgr.checkAccess(caller, null, true, role); - AclGroupRoleMapVO grMap = _aclGroupRoleMapDao.findByGroupAndRole(groupId, roleId); + AclGroupRoleMapVO grMap = _aclGroupPolicyMapDao.findByGroupAndRole(groupId, roleId); if (grMap != null) { // not removed yet - _aclGroupRoleMapDao.remove(grMap.getId()); + _aclGroupPolicyMapDao.remove(grMap.getId()); } } } @@ -537,10 +534,10 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager { @Override public void doInTransactionWithoutResult(TransactionStatus status) { // remove this group related entry in acl_group_role_map - List groupRoleMap = _aclGroupRoleMapDao.listByGroupId(grp.getId()); + List groupRoleMap = _aclGroupPolicyMapDao.listByGroupId(grp.getId()); if (groupRoleMap != null) { for (AclGroupRoleMapVO gr : groupRoleMap) { - _aclGroupRoleMapDao.remove(gr.getId()); + _aclGroupPolicyMapDao.remove(gr.getId()); } } @@ -567,7 +564,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager { SearchBuilder groupSB = _aclGroupAccountMapDao.createSearchBuilder(); groupSB.and("account", groupSB.entity().getAccountId(), Op.EQ); - GenericSearchBuilder roleSB = _aclGroupRoleMapDao.createSearchBuilder(Long.class); + GenericSearchBuilder roleSB = _aclGroupPolicyMapDao.createSearchBuilder(Long.class); roleSB.selectFields(roleSB.entity().getAclRoleId()); roleSB.join("accountgroupjoin", groupSB, groupSB.entity().getAclGroupId(), roleSB.entity().getAclGroupId(), JoinType.INNER); @@ -575,7 +572,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager { SearchCriteria roleSc = roleSB.create(); roleSc.setJoinParameters("accountgroupjoin", "account", accountId); - List roleIds = _aclGroupRoleMapDao.customSearch(roleSc, null); + List roleIds = _aclGroupPolicyMapDao.customSearch(roleSc, null); SearchBuilder sb = _aclRoleDao.createSearchBuilder(); sb.and("ids", sb.entity().getId(), Op.IN); @@ -591,7 +588,7 @@ public class AclServiceImpl extends ManagerBase implements AclService, Manager { List roles = getAclRoles(accountId); AclRolePermission curPerm = null; for (AclRole role : roles) { - AclRolePermission perm = _rolePermissionDao.findByRoleEntityAndPermission(role.getId(), entityType, accessType, true); + AclRolePermission perm = _policyPermissionDao.findByRoleEntityAndPermission(role.getId(), entityType, accessType, true); if (perm == null) continue; if (curPerm == null) {