apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-12-15 18:12:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove old APIs and old security checker plugins. Also use QuerySelector

Browse Source 
adapater in ACL search routine.
This commit is contained in:
Min Chen 2014-01-10 14:54:31 -08:00
parent e6238baa3a
commit e42a262f6c
41 changed files with 90 additions and 3036 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
api/src/org/apache/cloudstack/acl/AclProxyService.java Normal file
View File

@ -0,0 +1,9 @@
package org.apache.cloudstack.acl;
import java.util.List;
public interface AclProxyService {
List<String> listAclGroupsByAccount(long accountId);
}

7
api/src/org/apache/cloudstack/acl/QuerySelector.java
View File

@ -54,5 +54,12 @@ public interface QuerySelector extends Adapter {
*/
List<Long> getAuthorizedResources(Account caller, String action);
/**
* Check if this account is associated with a policy with scope of ALL
* @param caller account to check
* @param action action.
* @return true if this account is attached with a policy for the given action of ALL scope.
*/
boolean isGrantedAll(Account caller, String action);
}

8
api/src/org/apache/cloudstack/api/ResponseGenerator.java
View File

@ -22,8 +22,6 @@ import java.util.EnumSet;
import java.util.List;
import java.util.Map;
import org.apache.cloudstack.acl.AclGroup;
import org.apache.cloudstack.acl.AclPolicy;
import org.apache.cloudstack.affinity.AffinityGroup;
import org.apache.cloudstack.affinity.AffinityGroupResponse;
import org.apache.cloudstack.api.ApiConstants.HostDetails;
@ -31,8 +29,6 @@ import org.apache.cloudstack.api.ApiConstants.VMDetails;
import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.command.user.job.QueryAsyncJobResultCmd;
import org.apache.cloudstack.api.response.AccountResponse;
import org.apache.cloudstack.api.response.AclGroupResponse;
import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.response.ApplicationLoadBalancerResponse;
import org.apache.cloudstack.api.response.AsyncJobResponse;
import org.apache.cloudstack.api.response.AutoScalePolicyResponse;
@ -440,8 +436,4 @@ public interface ResponseGenerator {
IsolationMethodResponse createIsolationMethodResponse(IsolationType method);
AclPolicyResponse createAclPolicyResponse(AclPolicy policy);
AclGroupResponse createAclGroupResponse(AclGroup group);
}

121
api/src/org/apache/cloudstack/api/command/admin/acl/AddAccountToAclGroupCmd.java
View File

@ -1,121 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.api.command.admin.acl;
import java.util.List;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.AclGroup;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.AccountResponse;
import org.apache.cloudstack.api.response.AclGroupResponse;
import org.apache.cloudstack.context.CallContext;
import com.cloud.event.EventTypes;
import com.cloud.exception.InsufficientCapacityException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
@APICommand(name = "addAccountToAclGroup", description = "add account to an acl group", responseObject = AclGroupResponse.class)
public class AddAccountToAclGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AddAccountToAclGroupCmd.class.getName());
private static final String s_name = "addaccounttoaclgroupresponse";
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@ACL
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
required = true, description = "The ID of the acl group")
private Long id;
@ACL
@Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that are going to be assigned to the acl group.")
private List<Long> accountIdList;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
public Long getId() {
return id;
}
public List<Long> getAccountIdList() {
return accountIdList;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@Override
public String getCommandName() {
return s_name;
}
@Override
public long getEntityOwnerId() {
return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
}
@Override
public void execute() throws ResourceUnavailableException,
InsufficientCapacityException, ServerApiException {
CallContext.current().setEventDetails("Acl group Id: " + getId());
AclGroup result = _aclService.addAccountsToGroup(accountIdList, id);
if (result != null){
AclGroupResponse response = _responseGenerator.createAclGroupResponse(result);
response.setResponseName(getCommandName());
setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add accounts to acl group");
}
}
@Override
public String getEventType() {
return EventTypes.EVENT_ACL_GROUP_UPDATE;
}
@Override
public String getEventDescription() {
return "adding accounts to acl group";
}
@Override
public ApiCommandJobType getInstanceType() {
return ApiCommandJobType.AclGroup;
}
}

144
api/src/org/apache/cloudstack/api/command/admin/acl/AddAclPermissionToAclPolicyCmd.java
View File

@ -1,144 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.api.command.admin.acl;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.AclPolicy;
import org.apache.cloudstack.acl.AclPolicyPermission.Permission;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.context.CallContext;
import com.cloud.event.EventTypes;
import com.cloud.exception.InsufficientCapacityException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
@APICommand(name = "addAclPermissionToAclPolicy", description = "Add Acl permission to an acl policy", responseObject = AclPolicyResponse.class)
public class AddAclPermissionToAclPolicyCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AddAclPermissionToAclPolicyCmd.class.getName());
private static final String s_name = "addaclpermissiontoaclpolicyresponse";
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@ACL
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
required = true, description = "The ID of the acl policy")
private Long id;
@Parameter(name = ApiConstants.ACL_ACTION, type = CommandType.STRING, required = true, description = "action api name.")
private String action;
@Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = false, description = "entity class simple name.")
private String entityType;
@Parameter(name = ApiConstants.ACL_SCOPE, type = CommandType.STRING,
required = false, description = "acl permission scope")
private String scope;
@Parameter(name = ApiConstants.ACL_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
private Long scopeId;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
public Long getId() {
return id;
}
public String getAction() {
return action;
}
public String getEntityType() {
return entityType;
}
public String getScope() {
return scope;
}
public Long getScopeId() {
return scopeId;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@Override
public String getCommandName() {
return s_name;
}
@Override
public long getEntityOwnerId() {
return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
}
@Override
public void execute() throws ResourceUnavailableException,
InsufficientCapacityException, ServerApiException {
CallContext.current().setEventDetails("Acl policy Id: " + getId());
// Only explicit ALLOW is supported for this release, no explicit deny
AclPolicy result = _aclService.addAclPermissionToAclPolicy(id, entityType, PermissionScope.valueOf(scope), scopeId, action, Permission.Allow);
if (result != null) {
AclPolicyResponse response = _responseGenerator.createAclPolicyResponse(result);
response.setResponseName(getCommandName());
setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to grant permission to acl policy " + getId());
}
}
@Override
public String getEventType() {
return EventTypes.EVENT_ACL_POLICY_GRANT;
}
@Override
public String getEventDescription() {
return "granting permission to acl policy";
}
@Override
public ApiCommandJobType getInstanceType() {
return ApiCommandJobType.AclPolicy;
}
}

121
api/src/org/apache/cloudstack/api/command/admin/acl/AttachAclPolicyToAclGroupCmd.java
View File

@ -1,121 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.api.command.admin.acl;
import java.util.List;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.AclGroup;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.AclGroupResponse;
import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.context.CallContext;
import com.cloud.event.EventTypes;
import com.cloud.exception.InsufficientCapacityException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
@APICommand(name = "attachAclPolicyToAclGroup", description = "attach acl policy to an acl group", responseObject = AclGroupResponse.class)
public class AttachAclPolicyToAclGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(AttachAclPolicyToAclGroupCmd.class.getName());
private static final String s_name = "attachaclpolicytoaclgroupresponse";
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@ACL
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
required = true, description = "The ID of the acl group")
private Long id;
@ACL
@Parameter(name = ApiConstants.ACL_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.")
private List<Long> policyIdList;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
public Long getId() {
return id;
}
public List<Long> getPolicyIdList() {
return policyIdList;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@Override
public String getCommandName() {
return s_name;
}
@Override
public long getEntityOwnerId() {
return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
}
@Override
public void execute() throws ResourceUnavailableException,
InsufficientCapacityException, ServerApiException {
CallContext.current().setEventDetails("Acl group Id: " + getId());
AclGroup result = _aclService.attachAclPoliciesToGroup(policyIdList, id);
if (result != null){
AclGroupResponse response = _responseGenerator.createAclGroupResponse(result);
response.setResponseName(getCommandName());
setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to acl group");
}
}
@Override
public String getEventType() {
return EventTypes.EVENT_ACL_GROUP_UPDATE;
}
@Override
public String getEventDescription() {
return "adding acl roles to acl group";
}
@Override
public ApiCommandJobType getInstanceType() {
return ApiCommandJobType.AclGroup;
}
}

162
api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java
View File

@ -1,162 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.api.command.admin.acl;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.AclGroup;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCreateCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.AclGroupResponse;
import org.apache.cloudstack.api.response.DomainResponse;
import org.apache.cloudstack.context.CallContext;
import com.cloud.event.EventTypes;
import com.cloud.exception.ResourceAllocationException;
import com.cloud.user.Account;
@APICommand(name = "createAclGroup", responseObject = AclGroupResponse.class, description = "Creates an acl group")
public class CreateAclGroupCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateAclGroupCmd.class.getName());
private static final String s_name = "createaclgroupresponse";
// ///////////////////////////////////////////////////
// ////////////// API parameters /////////////////////
// ///////////////////////////////////////////////////
@Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the acl group. Must be used with domainId.")
private String accountName;
@Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the acl group", entityType = DomainResponse.class)
private Long domainId;
@Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the acl group")
private String description;
@Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the acl group")
private String name;
// ///////////////////////////////////////////////////
// ///////////////// Accessors ///////////////////////
// ///////////////////////////////////////////////////
public String getAccountName() {
return accountName;
}
public String getDescription() {
return description;
}
public Long getDomainId() {
return domainId;
}
public String getName() {
return name;
}
// ///////////////////////////////////////////////////
// ///////////// API Implementation///////////////////
// ///////////////////////////////////////////////////
@Override
public String getCommandName() {
return s_name;
}
@Override
public long getEntityOwnerId() {
Account account = CallContext.current().getCallingAccount();
if ((account == null) || _accountService.isAdmin(account.getType())) {
if ((domainId != null) && (accountName != null)) {
Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
if (userAccount != null) {
return userAccount.getId();
}
}
}
if (account != null) {
return account.getId();
}
return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this
// command to SYSTEM so ERROR events
// are tracked
}
@Override
public void execute() {
AclGroup grp = _entityMgr.findById(AclGroup.class, getEntityId());
if (grp != null) {
AclGroupResponse response = _responseGenerator.createAclGroupResponse(grp);
response.setResponseName(getCommandName());
setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl group:" + name);
}
}
@Override
public void create() throws ResourceAllocationException {
Account account = CallContext.current().getCallingAccount();
AclGroup result = _aclService.createAclGroup(account, name, description);
if (result != null) {
setEntityId(result.getId());
setEntityUuid(result.getUuid());
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl group entity" + name);
}
}
@Override
public String getEventType() {
return EventTypes.EVENT_ACL_GROUP_CREATE;
}
@Override
public String getEventDescription() {
return "creating Acl group";
}
@Override
public String getCreateEventType() {
return EventTypes.EVENT_ACL_GROUP_CREATE;
}
@Override
public String getCreateEventDescription() {
return "creating acl group";
}
@Override
public ApiCommandJobType getInstanceType() {
return ApiCommandJobType.AclGroup;
}
}

169
api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclPolicyCmd.java
View File

@ -1,169 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.api.command.admin.acl;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.AclPolicy;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCreateCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.response.DomainResponse;
import org.apache.cloudstack.context.CallContext;
import com.cloud.event.EventTypes;
import com.cloud.exception.ResourceAllocationException;
import com.cloud.user.Account;
@APICommand(name = "createAclPolicy", responseObject = AclPolicyResponse.class, description = "Creates an acl policy")
public class CreateAclPolicyCmd extends BaseAsyncCreateCmd {
public static final Logger s_logger = Logger.getLogger(CreateAclPolicyCmd.class.getName());
private static final String s_name = "createaclpolicyresponse";
// ///////////////////////////////////////////////////
// ////////////// API parameters /////////////////////
// ///////////////////////////////////////////////////
@Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the acl policy. Must be used with domainId.")
private String accountName;
@Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the acl policy", entityType = DomainResponse.class)
private Long domainId;
@Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the acl policy")
private String description;
@Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the acl policy")
private String name;
@ACL
@Parameter(name = ApiConstants.ACL_PARENT_POLICY_ID, type = CommandType.UUID, description = "The ID of parent acl policy.", entityType = AclPolicyResponse.class)
private Long parentPolicyId;
// ///////////////////////////////////////////////////
// ///////////////// Accessors ///////////////////////
// ///////////////////////////////////////////////////
public String getAccountName() {
return accountName;
}
public String getDescription() {
return description;
}
public Long getDomainId() {
return domainId;
}
public String getName() {
return name;
}
public Long getParentPolicyId() {
return parentPolicyId;
}
// ///////////////////////////////////////////////////
// ///////////// API Implementation///////////////////
// ///////////////////////////////////////////////////
@Override
public String getCommandName() {
return s_name;
}
@Override
public long getEntityOwnerId() {
Account account = CallContext.current().getCallingAccount();
if ((account == null) || _accountService.isAdmin(account.getType())) {
if ((domainId != null) && (accountName != null)) {
Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId);
if (userAccount != null) {
return userAccount.getId();
}
}
}
if (account != null) {
return account.getId();
}
return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this
// command to SYSTEM so ERROR events
// are tracked
}
@Override
public void execute() {
AclPolicy policy = _entityMgr.findById(AclPolicy.class, getEntityId());
if (policy != null) {
AclPolicyResponse response = _responseGenerator.createAclPolicyResponse(policy);
response.setResponseName(getCommandName());
setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl policy:" + name);
}
}
@Override
public void create() throws ResourceAllocationException {
Account account = CallContext.current().getCallingAccount();
AclPolicy result = _aclService.createAclPolicy(account, name, description, parentPolicyId);
if (result != null) {
setEntityId(result.getId());
setEntityUuid(result.getUuid());
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl policy entity" + name);
}
}
@Override
public String getEventType() {
return EventTypes.EVENT_ACL_POLICY_CREATE;
}
@Override
public String getEventDescription() {
return "creating Acl policy";
}
@Override
public String getCreateEventType() {
return EventTypes.EVENT_ACL_POLICY_CREATE;
}
@Override
public String getCreateEventDescription() {
return "creating acl policy";
}
@Override
public ApiCommandJobType getInstanceType() {
return ApiCommandJobType.AclPolicy;
}
}

96
api/src/org/apache/cloudstack/api/command/admin/acl/DeleteAclGroupCmd.java
View File

@ -1,96 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.api.command.admin.acl;
import org.apache.log4j.Logger;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.AclGroupResponse;
import org.apache.cloudstack.api.response.SuccessResponse;
import com.cloud.event.EventTypes;
import com.cloud.user.Account;
@APICommand(name = "deleteAclGroup", description = "Deletes acl group", responseObject = SuccessResponse.class)
public class DeleteAclGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteAclGroupCmd.class.getName());
private static final String s_name = "deleteaclgroupresponse";
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@ACL
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "The ID of the acl group.", required = true, entityType = AclGroupResponse.class)
private Long id;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
public Long getId() {
return id;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@Override
public String getCommandName() {
return s_name;
}
@Override
public long getEntityOwnerId() {
return Account.ACCOUNT_ID_SYSTEM;
}
@Override
public void execute(){
boolean result = _aclService.deleteAclGroup(id);
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete acl group");
}
}
@Override
public String getEventType() {
return EventTypes.EVENT_ACL_GROUP_DELETE;
}
@Override
public String getEventDescription() {
return "Deleting Acl group";
}
@Override
public ApiCommandJobType getInstanceType() {
return ApiCommandJobType.AclGroup;
}
}

96
api/src/org/apache/cloudstack/api/command/admin/acl/DeleteAclPolicyCmd.java
View File

@ -1,96 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.api.command.admin.acl;
import org.apache.log4j.Logger;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.response.SuccessResponse;
import com.cloud.event.EventTypes;
import com.cloud.user.Account;
@APICommand(name = "deleteAclPolicy", description = "Deletes acl policy", responseObject = SuccessResponse.class)
public class DeleteAclPolicyCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(DeleteAclPolicyCmd.class.getName());
private static final String s_name = "deleteaclpolicyresponse";
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@ACL
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "The ID of the acl role.", required = true, entityType = AclPolicyResponse.class)
private Long id;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
public Long getId() {
return id;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@Override
public String getCommandName() {
return s_name;
}
@Override
public long getEntityOwnerId() {
return Account.ACCOUNT_ID_SYSTEM;
}
@Override
public void execute(){
boolean result = _aclService.deleteAclPolicy(id);
if (result) {
SuccessResponse response = new SuccessResponse(getCommandName());
setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete acl policy");
}
}
@Override
public String getEventType() {
return EventTypes.EVENT_ACL_POLICY_DELETE;
}
@Override
public String getEventDescription() {
return "Deleting Acl role";
}
@Override
public ApiCommandJobType getInstanceType() {
return ApiCommandJobType.AclPolicy;
}
}

82
api/src/org/apache/cloudstack/api/command/admin/acl/ListAclGroupsCmd.java
View File

@ -1,82 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.api.command.admin.acl;
import org.apache.log4j.Logger;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.response.AclGroupResponse;
import org.apache.cloudstack.api.response.ListResponse;
@APICommand(name = "listAclGroups", description = "Lists acl groups", responseObject = AclGroupResponse.class)
public class ListAclGroupsCmd extends BaseListDomainResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListAclGroupsCmd.class.getName());
private static final String s_name = "listaclgroupsresponse";
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "lists acl groups by name")
private String aclGroupName;
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "list the acl group by the id provided", entityType = AclGroupResponse.class)
private Long id;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
public String getAclGroupName() {
return aclGroupName;
}
public Long getId(){
return id;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@Override
public String getCommandName() {
return s_name;
}
@Override
public void execute(){
ListResponse<AclGroupResponse> response = _queryService.listAclGroups(id, aclGroupName, getDomainId(),
getStartIndex(), getPageSizeVal());
response.setResponseName(getCommandName());
setResponseObject(response);
}
@Override
public ApiCommandJobType getInstanceType() {
return ApiCommandJobType.AclGroup;
}
}

82
api/src/org/apache/cloudstack/api/command/admin/acl/ListAclPoliciesCmd.java
View File

@ -1,82 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.api.command.admin.acl;
import org.apache.log4j.Logger;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListDomainResourcesCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.response.ListResponse;
@APICommand(name = "listAclPolicies", description = "Lists acl policies", responseObject = AclPolicyResponse.class)
public class ListAclPoliciesCmd extends BaseListDomainResourcesCmd {
public static final Logger s_logger = Logger.getLogger(ListAclPoliciesCmd.class.getName());
private static final String s_name = "listaclpoliciesresponse";
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "lists acl policies by name")
private String aclPolicyName;
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "list the acl policy by the id provided", entityType = AclPolicyResponse.class)
private Long id;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
public String getAclPolicyName() {
return aclPolicyName;
}
public Long getId(){
return id;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@Override
public String getCommandName() {
return s_name;
}
@Override
public void execute(){
ListResponse<AclPolicyResponse> response = _queryService.listAclPolicies(id, aclPolicyName, getDomainId(),
getStartIndex(), getPageSizeVal());
response.setResponseName(getCommandName());
setResponseObject(response);
}
@Override
public ApiCommandJobType getInstanceType() {
return ApiCommandJobType.AclPolicy;
}
}

121
api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAccountFromAclGroupCmd.java
View File

@ -1,121 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.api.command.admin.acl;
import java.util.List;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.AclGroup;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.AccountResponse;
import org.apache.cloudstack.api.response.AclGroupResponse;
import org.apache.cloudstack.context.CallContext;
import com.cloud.event.EventTypes;
import com.cloud.exception.InsufficientCapacityException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
@APICommand(name = "removeAccountFromAclGroup", description = "remove accounts from an acl group", responseObject = AclGroupResponse.class)
public class RemoveAccountFromAclGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RemoveAccountFromAclGroupCmd.class.getName());
private static final String s_name = "removeaccountfromaclgroupresponse";
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@ACL
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
required = true, description = "The ID of the acl group")
private Long id;
@ACL
@Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that are going to be assigned to the acl group.")
private List<Long> accountIdList;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
public Long getId() {
return id;
}
public List<Long> getAccountIdList() {
return accountIdList;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@Override
public String getCommandName() {
return s_name;
}
@Override
public long getEntityOwnerId() {
return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
}
@Override
public void execute() throws ResourceUnavailableException,
InsufficientCapacityException, ServerApiException {
CallContext.current().setEventDetails("Acl group Id: " + getId());
AclGroup result = _aclService.removeAccountsFromGroup(accountIdList, id);
if (result != null){
AclGroupResponse response = _responseGenerator.createAclGroupResponse(result);
response.setResponseName(getCommandName());
setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove accounts from acl group");
}
}
@Override
public String getEventType() {
return EventTypes.EVENT_ACL_GROUP_UPDATE;
}
@Override
public String getEventDescription() {
return "removing accounts from acl group";
}
@Override
public ApiCommandJobType getInstanceType() {
return ApiCommandJobType.AclGroup;
}
}

141
api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclPermissionFromAclPolicyCmd.java
View File

@ -1,141 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.api.command.admin.acl;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.AclPolicy;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.context.CallContext;
import com.cloud.event.EventTypes;
import com.cloud.exception.InsufficientCapacityException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
@APICommand(name = "removeAclPermissionFromAclPolicy", description = "Remove acl permission from an acl policy", responseObject = AclPolicyResponse.class)
public class RemoveAclPermissionFromAclPolicyCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RemoveAclPermissionFromAclPolicyCmd.class.getName());
private static final String s_name = "removeaclpermissionfromaclpolicyresponse";
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@ACL
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class,
required = true, description = "The ID of the acl policy")
private Long id;
@Parameter(name = ApiConstants.ACL_ACTION, type = CommandType.STRING, required = true, description = "action api name.")
private String action;
@Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = false, description = "entity class simple name.")
private String entityType;
@Parameter(name = ApiConstants.ACL_SCOPE, type = CommandType.STRING,
required = false, description = "acl permission scope")
private String scope;
@Parameter(name = ApiConstants.ACL_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id")
private Long scopeId;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
public Long getId() {
return id;
}
public String getAction() {
return action;
}
public String getEntityType() {
return entityType;
}
public String getScope() {
return scope;
}
public Long getScopeId() {
return scopeId;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@Override
public String getCommandName() {
return s_name;
}
@Override
public long getEntityOwnerId() {
return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
}
@Override
public void execute() throws ResourceUnavailableException,
InsufficientCapacityException, ServerApiException {
CallContext.current().setEventDetails("Acl policy Id: " + getId());
AclPolicy result = _aclService.removeAclPermissionFromAclPolicy(id, entityType, PermissionScope.valueOf(scope), scopeId, action);
if (result != null) {
AclPolicyResponse response = _responseGenerator.createAclPolicyResponse(result);
response.setResponseName(getCommandName());
setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove permission from acl policy " + getId());
}
}
@Override
public String getEventType() {
return EventTypes.EVENT_ACL_POLICY_REVOKE;
}
@Override
public String getEventDescription() {
return "removing permission from acl policy";
}
@Override
public ApiCommandJobType getInstanceType() {
return ApiCommandJobType.AclPolicy;
}
}

121
api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclPolicyFromAclGroupCmd.java
View File

@ -1,121 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.api.command.admin.acl;
import java.util.List;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.AclGroup;
import org.apache.cloudstack.api.ACL;
import org.apache.cloudstack.api.APICommand;
import org.apache.cloudstack.api.ApiCommandJobType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.ApiErrorCode;
import org.apache.cloudstack.api.BaseAsyncCmd;
import org.apache.cloudstack.api.Parameter;
import org.apache.cloudstack.api.ServerApiException;
import org.apache.cloudstack.api.response.AclGroupResponse;
import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.context.CallContext;
import com.cloud.event.EventTypes;
import com.cloud.exception.InsufficientCapacityException;
import com.cloud.exception.ResourceUnavailableException;
import com.cloud.user.Account;
@APICommand(name = "removeAclPolicyFromAclGroup", description = "remove acl policy from an acl group", responseObject = AclGroupResponse.class)
public class RemoveAclPolicyFromAclGroupCmd extends BaseAsyncCmd {
public static final Logger s_logger = Logger.getLogger(RemoveAclPolicyFromAclGroupCmd.class.getName());
private static final String s_name = "removeaclpolicyfromaclgroupresponse";
/////////////////////////////////////////////////////
//////////////// API parameters /////////////////////
/////////////////////////////////////////////////////
@ACL
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class,
required = true, description = "The ID of the acl group")
private Long id;
@ACL
@Parameter(name = ApiConstants.ACL_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.")
private List<Long> policyIdList;
/////////////////////////////////////////////////////
/////////////////// Accessors ///////////////////////
/////////////////////////////////////////////////////
public Long getId() {
return id;
}
public List<Long> getRoleIdList() {
return policyIdList;
}
/////////////////////////////////////////////////////
/////////////// API Implementation///////////////////
/////////////////////////////////////////////////////
@Override
public String getCommandName() {
return s_name;
}
@Override
public long getEntityOwnerId() {
return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked
}
@Override
public void execute() throws ResourceUnavailableException,
InsufficientCapacityException, ServerApiException {
CallContext.current().setEventDetails("Acl group Id: " + getId());
AclGroup result = _aclService.removeAclPoliciesFromGroup(policyIdList, id);
if (result != null){
AclGroupResponse response = _responseGenerator.createAclGroupResponse(result);
response.setResponseName(getCommandName());
setResponseObject(response);
} else {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to acl group");
}
}
@Override
public String getEventType() {
return EventTypes.EVENT_ACL_GROUP_UPDATE;
}
@Override
public String getEventDescription() {
return "removing acl roles from acl group";
}
@Override
public ApiCommandJobType getInstanceType() {
return ApiCommandJobType.AclGroup;
}
}

6
api/src/org/apache/cloudstack/api/response/AccountResponse.java
View File

@ -188,8 +188,8 @@ public class AccountResponse extends BaseResponse implements ResourceLimitAndCou
private Boolean isDefault;
@SerializedName(ApiConstants.ACL_GROUPS)
@Param(description = "the list of acl groups that account belongs to", responseObject = AclGroupResponse.class)
private List<AclGroupResponse> groups;
@Param(description = "the list of acl groups that account belongs to")
private List<String> groups;
@Override
public String getObjectId() {
@ -439,7 +439,7 @@ public class AccountResponse extends BaseResponse implements ResourceLimitAndCou
this.isDefault = isDefault;
}
public void setGroups(List<AclGroupResponse> groups) {
public void setGroups(List<String> groups) {
this.groups = groups;
}

168
api/src/org/apache/cloudstack/api/response/AclGroupResponse.java
View File

@ -1,168 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.api.response;
import java.util.LinkedHashSet;
import java.util.Set;
import com.google.gson.annotations.SerializedName;
import org.apache.cloudstack.acl.AclGroup;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseResponse;
import org.apache.cloudstack.api.EntityReference;
import com.cloud.serializer.Param;
@SuppressWarnings("unused")
@EntityReference(value = AclGroup.class)
public class AclGroupResponse extends BaseResponse implements ControlledViewEntityResponse {
@SerializedName(ApiConstants.ID)
@Param(description = "the ID of the acl group")
private String id;
@SerializedName(ApiConstants.NAME)
@Param(description = "the name of the acl group")
private String name;
@SerializedName(ApiConstants.DESCRIPTION)
@Param(description = "the description of the acl group")
private String description;
@SerializedName(ApiConstants.DOMAIN_ID)
@Param(description = "the domain ID of the acl group")
private String domainId;
@SerializedName(ApiConstants.DOMAIN)
@Param(description = "the domain name of the acl role")
private String domainName;
@SerializedName(ApiConstants.ACCOUNT)
@Param(description = "the account owning the policy")
private String accountName;
@SerializedName(ApiConstants.ACL_MEMBER_ACCOUNTS)
@Param(description = "account names assigned to this acl group ")
private Set<String> accountNameList;
@SerializedName(ApiConstants.ACL_POLICIES)
@Param(description = "acl policies attached to this acl group ")
private Set<String> policyNameList;
public AclGroupResponse() {
accountNameList = new LinkedHashSet<String>();
policyNameList = new LinkedHashSet<String>();
}
@Override
public String getObjectId() {
return getId();
}
public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
public void setName(String name) {
this.name = name;
}
public void setDescription(String description) {
this.description = description;
}
@Override
public void setDomainId(String domainId) {
this.domainId = domainId;
}
@Override
public void setDomainName(String domainName) {
this.domainName = domainName;
}
@Override
public void setAccountName(String accountName) {
this.accountName = accountName;
}
@Override
public void setProjectId(String projectId) {
// TODO Auto-generated method stub
}
@Override
public void setProjectName(String projectName) {
// TODO Auto-generated method stub
}
public void setMemberAccounts(Set<String> accts) {
accountNameList = accts;
}
public void addMemberAccount(String acct) {
accountNameList.add(acct);
}
public void setPolicyList(Set<String> policies) {
policyNameList = policies;
}
public void addPolicy(String policy) {
policyNameList.add(policy);
}
public Set<String> getPolicyList() {
return policyNameList;
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((id == null) ? 0 : id.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
AclGroupResponse other = (AclGroupResponse)obj;
if (id == null) {
if (other.id != null)
return false;
} else if (!id.equals(other.id))
return false;
return true;
}
}

125
api/src/org/apache/cloudstack/api/response/AclPermissionResponse.java
View File

@ -1,125 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.api.response;
import com.google.gson.annotations.SerializedName;
import org.apache.cloudstack.acl.AclEntityType;
import org.apache.cloudstack.acl.AclPolicyPermission;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseResponse;
import com.cloud.serializer.Param;
public class AclPermissionResponse extends BaseResponse {
@SerializedName(ApiConstants.ACL_ACTION)
@Param(description = "action of this permission")
private String action;
@SerializedName(ApiConstants.ENTITY_TYPE)
@Param(description = "the entity type of this permission")
private AclEntityType entityType;
@SerializedName(ApiConstants.ACL_SCOPE)
@Param(description = "scope of this permission")
private PermissionScope scope;
@SerializedName(ApiConstants.ACL_SCOPE_ID)
@Param(description = "scope id of this permission")
private Long scopeId;
@SerializedName(ApiConstants.ACL_ALLOW_DENY)
@Param(description = "allow or deny of this permission")
private AclPolicyPermission.Permission permission;
public AclEntityType getEntityType() {
return entityType;
}
public void setEntityType(AclEntityType entityType) {
this.entityType = entityType;
}
public String getAction() {
return action;
}
public void setAction(String action) {
this.action = action;
}
public PermissionScope getScope() {
return scope;
}
public void setScope(PermissionScope scope) {
this.scope = scope;
}
public Long getScopeId() {
return scopeId;
}
public void setScopeId(Long scopeId) {
this.scopeId = scopeId;
}
public AclPolicyPermission.Permission getPermission() {
return permission;
}
public void setPermission(AclPolicyPermission.Permission permission) {
this.permission = permission;
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((action == null) ? 0 : action.hashCode());
result = prime * result + ((entityType == null) ? 0 : entityType.hashCode());
result = prime * result + ((scope == null) ? 0 : scope.hashCode());
result = prime * result + ((scopeId == null) ? 0 : scopeId.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
AclPermissionResponse other = (AclPermissionResponse) obj;
if ((entityType == null && other.entityType != null) || !entityType.equals(other.entityType)) {
return false;
} else if ((action == null && other.action != null) || !action.equals(other.action)) {
return false;
} else if ((scope == null && other.scope != null) || !scope.equals(other.scope)) {
return false;
} else if ((scopeId == null && other.scopeId != null) || !scopeId.equals(other.scopeId)) {
return false;
}
return true;
}
}

156
api/src/org/apache/cloudstack/api/response/AclPolicyResponse.java
View File

@ -1,156 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.api.response;
import java.util.LinkedHashSet;
import java.util.Set;
import com.google.gson.annotations.SerializedName;
import org.apache.cloudstack.acl.AclPolicy;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseResponse;
import org.apache.cloudstack.api.EntityReference;
import com.cloud.serializer.Param;
@SuppressWarnings("unused")
@EntityReference(value = AclPolicy.class)
public class AclPolicyResponse extends BaseResponse implements ControlledViewEntityResponse {
@SerializedName(ApiConstants.ID)
@Param(description = "the ID of the acl policy")
private String id;
@SerializedName(ApiConstants.NAME)
@Param(description = "the name of the acl policy")
private String name;
@SerializedName(ApiConstants.DESCRIPTION)
@Param(description = "the description of the acl policy")
private String description;
@SerializedName(ApiConstants.DOMAIN_ID)
@Param(description = "the domain ID of the acl policy")
private String domainId;
@SerializedName(ApiConstants.DOMAIN)
@Param(description = "the domain name of the acl policy")
private String domainName;
@SerializedName(ApiConstants.ACCOUNT)
@Param(description = "the account owning the policy")
private String accountName;
@SerializedName(ApiConstants.ACL_PERMISSIONS)
@Param(description = "set of permissions for the acl policy")
private Set<AclPermissionResponse> permissionList;
public AclPolicyResponse() {
permissionList = new LinkedHashSet<AclPermissionResponse>();
}
@Override
public String getObjectId() {
return getId();
}
public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
public void setName(String name) {
this.name = name;
}
public void setDescription(String description) {
this.description = description;
}
@Override
public void setDomainId(String domainId) {
this.domainId = domainId;
}
@Override
public void setDomainName(String domainName) {
this.domainName = domainName;
}
public Set<AclPermissionResponse> getPermissionList() {
return permissionList;
}
public void setPermissionList(Set<AclPermissionResponse> perms) {
permissionList = perms;
}
public void addPermission(AclPermissionResponse perm) {
permissionList.add(perm);
}
@Override
public void setAccountName(String accountName) {
this.accountName = accountName;
}
@Override
public void setProjectId(String projectId) {
// TODO Auto-generated method stub
}
@Override
public void setProjectName(String projectName) {
// TODO Auto-generated method stub
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((id == null) ? 0 : id.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
AclPolicyResponse other = (AclPolicyResponse) obj;
if (id == null) {
if (other.id != null)
return false;
} else if (!id.equals(other.id))
return false;
return true;
}
}

8
api/src/org/apache/cloudstack/query/QueryService.java
View File

@ -44,8 +44,6 @@ import org.apache.cloudstack.api.command.user.volume.ListResourceDetailsCmd;
import org.apache.cloudstack.api.command.user.volume.ListVolumesCmd;
import org.apache.cloudstack.api.command.user.zone.ListZonesCmd;
import org.apache.cloudstack.api.response.AccountResponse;
import org.apache.cloudstack.api.response.AclGroupResponse;
import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.response.AsyncJobResponse;
import org.apache.cloudstack.api.response.DiskOfferingResponse;
import org.apache.cloudstack.api.response.DomainRouterResponse;
@ -127,10 +125,4 @@ public interface QueryService {
ListResponse<DomainRouterResponse> searchForInternalLbVms(ListInternalLBVMsCmd cmd);
public ListResponse<AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName,
Long domainId, Long startIndex, Long pageSize);
public ListResponse<AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName,
Long domainId, Long startIndex, Long pageSize);
}

32
plugins/acl/role-based-access-checkers/pom.xml
View File

@ -1,32 +0,0 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<artifactId>cloud-plugin-acl-role-based-access-checkers</artifactId>
<name>Apache CloudStack Plugin - ACL Role Based Access Checkers</name>
<parent>
<groupId>org.apache.cloudstack</groupId>
<artifactId>cloudstack-plugins</artifactId>
<version>4.3.0-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
</project>

18
plugins/acl/role-based-access-checkers/resources/META-INF/cloudstack/acl-role-based-access-checkers/module.properties
View File

@ -1,18 +0,0 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
name=acl-role-based-access-checkers
parent=api

32
plugins/acl/role-based-access-checkers/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml
View File

@ -1,32 +0,0 @@
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd"
>
<bean id="RoleBasedEntityAccessChecker" class="org.apache.cloudstack.acl.entity.RoleBasedEntityAccessChecker" />
</beans>

68
plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/api/RoleBasedAPIAccessChecker.java
View File

@ -1,68 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.acl.api;
import java.util.List;
import javax.ejb.Local;
import javax.inject.Inject;
import org.apache.cloudstack.acl.APIChecker;
import org.apache.cloudstack.acl.AclPolicy;
import org.apache.cloudstack.acl.AclRole;
import org.apache.cloudstack.acl.AclService;
import org.apache.log4j.Logger;
import com.cloud.exception.PermissionDeniedException;
import com.cloud.user.Account;
import com.cloud.user.AccountService;
import com.cloud.user.User;
import com.cloud.utils.component.AdapterBase;
// This is the Role Based API access checker that grab's the account's roles
// based on the set of roles, access is granted if any of the role has access to the api
@Local(value=APIChecker.class)
public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker {
protected static final Logger s_logger = Logger.getLogger(RoleBasedAPIAccessChecker.class);
@Inject AccountService _accountService;
@Inject AclService _aclService;
protected RoleBasedAPIAccessChecker() {
super();
}
@Override
public boolean checkAccess(User user, String commandName)
throws PermissionDeniedException {
Account account = _accountService.getAccount(user.getAccountId());
if (account == null) {
throw new PermissionDeniedException("The account id=" + user.getAccountId() + "for user id=" + user.getId() + "is null");
}
List<AclPolicy> policies = _aclService.listAclPolicies(account.getAccountId());
boolean isAllowed = _aclService.isAPIAccessibleForPolicies(commandName, policies);
if (!isAllowed) {
throw new PermissionDeniedException("The API does not exist or is blacklisted. api: " + commandName);
}
return isAllowed;
}
}

131
plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityAccessChecker.java
View File

@ -1,131 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.acl.entity;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import javax.inject.Inject;
import org.apache.cloudstack.acl.AclPolicy;
import org.apache.cloudstack.acl.AclPolicyPermissionVO;
import org.apache.cloudstack.acl.AclService;
import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.acl.AclEntityType;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.acl.SecurityChecker;
import org.apache.cloudstack.acl.dao.AclGroupAccountMapDao;
import org.apache.cloudstack.acl.dao.AclPolicyPermissionDao;
import org.apache.log4j.Logger;
import com.cloud.acl.DomainChecker;
import com.cloud.domain.dao.DomainDao;
import com.cloud.exception.PermissionDeniedException;
import com.cloud.user.Account;
import com.cloud.user.AccountService;
import com.cloud.vm.VirtualMachine;
public class RoleBasedEntityAccessChecker extends DomainChecker implements SecurityChecker {
private static final Logger s_logger = Logger.getLogger(RoleBasedEntityAccessChecker.class.getName());
@Inject
AccountService _accountService;
@Inject
AclService _aclService;
@Inject DomainDao _domainDao;
@Inject
AclGroupAccountMapDao _aclGroupAccountMapDao;
@Inject
AclPolicyPermissionDao _policyPermissionDao;
@Override
public boolean checkAccess(Account caller, ControlledEntity entity, AccessType accessType)
throws PermissionDeniedException {
return checkAccess(caller, entity, accessType, null);
}
@Override
public boolean checkAccess(Account caller, ControlledEntity entity, AccessType accessType, String action)
throws PermissionDeniedException {
String entityType = entity.getEntityType().toString();
if (accessType == null) {
accessType = AccessType.ListEntry;
}
// get all Policies of this caller w.r.t the entity
List<AclPolicy> policies = _aclService.getEffectivePolicies(caller, entity);
HashMap<AclPolicy, Boolean> policyPermissionMap = new HashMap<AclPolicy, Boolean>();
for (AclPolicy policy : policies) {
List<AclPolicyPermissionVO> permissions = new ArrayList<AclPolicyPermissionVO>();
if (action != null) {
permissions = _policyPermissionDao.listByPolicyActionAndEntity(policy.getId(),
action, entityType);
} else {
permissions = _policyPermissionDao.listByPolicyAccessAndEntity(policy.getId(), accessType, entityType);
}
for (AclPolicyPermissionVO permission : permissions) {
if (checkPermissionScope(caller, permission.getScope(), entity)) {
if (permission.getEntityType().equals(entityType)) {
policyPermissionMap.put(policy, permission.getPermission().isGranted());
break;
} else if (permission.getEntityType().equals("*")) {
policyPermissionMap.put(policy, permission.getPermission().isGranted());
}
}
}
if (policyPermissionMap.containsKey(policy) && policyPermissionMap.get(policy)) {
return true;
}
}
if (!policies.isEmpty()) { // Since we reach this point, none of the
// roles granted access
if (s_logger.isDebugEnabled()) {
s_logger.debug("Account " + caller + " does not have permission to access resource " + entity
+ " for access type: " + accessType);
}
throw new PermissionDeniedException(caller + " does not have permission to access resource " + entity);
}
return false;
}
private boolean checkPermissionScope(Account caller, PermissionScope scope, ControlledEntity entity) {
if(scope.equals(PermissionScope.ACCOUNT)){
if(caller.getAccountId() == entity.getAccountId()){
return true;
}
}else if(scope.equals(PermissionScope.DOMAIN)){
if (_domainDao.isChildDomain(caller.getDomainId(), entity.getDomainId())) {
return true;
}
}
return false;
}
}

51
plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityQuerySelector.java
View File

@ -1,51 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package org.apache.cloudstack.acl.entity;
import java.util.List;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.QuerySelector;
import com.cloud.user.Account;
import com.cloud.utils.component.AdapterBase;
public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySelector {
private static final Logger s_logger = Logger.getLogger(RoleBasedEntityQuerySelector.class.getName());
@Override
public List<Long> getAuthorizedDomains(Account caller, String action) {
// TODO Auto-generated method stub
return null;
}
@Override
public List<Long> getAuthorizedAccounts(Account caller, String action) {
// TODO Auto-generated method stub
return null;
}
@Override
public List<Long> getAuthorizedResources(Account caller, String action) {
// TODO Auto-generated method stub
return null;
}
}

42
server/src/com/cloud/api/ApiDBUtils.java
View File

@ -25,8 +25,6 @@ import java.util.Set;
import javax.annotation.PostConstruct;
import javax.inject.Inject;
import org.apache.cloudstack.acl.AclGroup;
import org.apache.cloudstack.acl.AclPolicy;
import org.apache.cloudstack.affinity.AffinityGroup;
import org.apache.cloudstack.affinity.AffinityGroupResponse;
import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
@ -35,8 +33,6 @@ import org.apache.cloudstack.api.ApiConstants.HostDetails;
import org.apache.cloudstack.api.ApiConstants.VMDetails;
import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.response.AccountResponse;
import org.apache.cloudstack.api.response.AclGroupResponse;
import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.response.AsyncJobResponse;
import org.apache.cloudstack.api.response.DiskOfferingResponse;
import org.apache.cloudstack.api.response.DomainRouterResponse;
@ -69,8 +65,6 @@ import org.apache.cloudstack.storage.datastore.db.PrimaryDataStoreDao;
import org.apache.cloudstack.storage.datastore.db.StoragePoolVO;
import com.cloud.api.query.dao.AccountJoinDao;
import com.cloud.api.query.dao.AclGroupJoinDao;
import com.cloud.api.query.dao.AclPolicyJoinDao;
import com.cloud.api.query.dao.AffinityGroupJoinDao;
import com.cloud.api.query.dao.AsyncJobJoinDao;
import com.cloud.api.query.dao.DataCenterJoinDao;
@ -91,8 +85,6 @@ import com.cloud.api.query.dao.UserAccountJoinDao;
import com.cloud.api.query.dao.UserVmJoinDao;
import com.cloud.api.query.dao.VolumeJoinDao;
import com.cloud.api.query.vo.AccountJoinVO;
import com.cloud.api.query.vo.AclGroupJoinVO;
import com.cloud.api.query.vo.AclPolicyJoinVO;
import com.cloud.api.query.vo.AffinityGroupJoinVO;
import com.cloud.api.query.vo.AsyncJobJoinVO;
import com.cloud.api.query.vo.DataCenterJoinVO;
@ -411,8 +403,6 @@ public class ApiDBUtils {
static GlobalLoadBalancingRulesService _gslbService;
static NetworkACLDao _networkACLDao;
static AccountService _accountService;
static AclPolicyJoinDao _aclPolicyJoinDao;
static AclGroupJoinDao _aclGroupJoinDao;
static ResourceMetaDataService _resourceDetailsService;
@Inject
@ -526,10 +516,6 @@ public class ApiDBUtils {
@Inject private NetworkACLDao networkACLDao;
@Inject private ServiceOfferingDetailsDao serviceOfferingDetailsDao;
@Inject private AccountService accountService;
@Inject
private AclPolicyJoinDao aclPolicyJoinDao;
@Inject
private AclGroupJoinDao aclGroupJoinDao;
@Inject private ConfigurationManager configMgr;
@Inject private DataCenterDetailsDao zoneDetailsDao;
@Inject private ResourceMetaDataService resourceDetailsService;
@ -643,8 +629,6 @@ public class ApiDBUtils {
_statsCollector = StatsCollector.getInstance();
_networkACLDao = networkACLDao;
_accountService = accountService;
_aclPolicyJoinDao = aclPolicyJoinDao;
_aclGroupJoinDao = aclGroupJoinDao;
_resourceDetailsService = resourceDetailsService;
}
@ -1520,9 +1504,6 @@ public class ApiDBUtils {
return _userAccountJoinDao.searchByAccountId(accountId);
}
public static List<AclGroupJoinVO> findAclGroupByAccountId(long accountId) {
return _aclGroupJoinDao.findAclGroupsByAccount(accountId);
}
public static ProjectAccountResponse newProjectAccountResponse(ProjectAccountJoinVO proj) {
return _projectAccountJoinDao.newProjectAccountResponse(proj);
@ -1698,29 +1679,6 @@ public class ApiDBUtils {
return _affinityGroupJoinDao.setAffinityGroupResponse(resp, group);
}
public static List<AclPolicyJoinVO> newAclPolicyView(AclPolicy policy) {
return _aclPolicyJoinDao.newAclPolicyView(policy);
}
public static AclPolicyResponse newAclPolicyResponse(AclPolicyJoinVO policy) {
return _aclPolicyJoinDao.newAclPolicyResponse(policy);
}
public static AclPolicyResponse fillAclPolicyDetails(AclPolicyResponse resp, AclPolicyJoinVO policy) {
return _aclPolicyJoinDao.setAclPolicyResponse(resp, policy);
}
public static List<AclGroupJoinVO> newAclGroupView(AclGroup group) {
return _aclGroupJoinDao.newAclGroupView(group);
}
public static AclGroupResponse newAclGroupResponse(AclGroupJoinVO group) {
return _aclGroupJoinDao.newAclGroupResponse(group);
}
public static AclGroupResponse fillAclGroupDetails(AclGroupResponse resp, AclGroupJoinVO group) {
return _aclGroupJoinDao.setAclGroupResponse(resp, group);
}
public static List<? extends LoadBalancer> listSiteLoadBalancers(long gslbRuleId) {
return _gslbService.listSiteLoadBalancers(gslbRuleId);

22
server/src/com/cloud/api/ApiResponseHelper.java
View File

@ -33,8 +33,6 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.AclGroup;
import org.apache.cloudstack.acl.AclPolicy;
import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.acl.ControlledEntity.ACLType;
import org.apache.cloudstack.affinity.AffinityGroup;
@ -45,8 +43,6 @@ import org.apache.cloudstack.api.ResponseGenerator;
import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.command.user.job.QueryAsyncJobResultCmd;
import org.apache.cloudstack.api.response.AccountResponse;
import org.apache.cloudstack.api.response.AclGroupResponse;
import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.response.ApplicationLoadBalancerInstanceResponse;
import org.apache.cloudstack.api.response.ApplicationLoadBalancerResponse;
import org.apache.cloudstack.api.response.ApplicationLoadBalancerRuleResponse;
@ -154,8 +150,6 @@ import org.apache.cloudstack.usage.UsageTypes;
import com.cloud.api.query.ViewResponseHelper;
import com.cloud.api.query.vo.AccountJoinVO;
import com.cloud.api.query.vo.AclGroupJoinVO;
import com.cloud.api.query.vo.AclPolicyJoinVO;
import com.cloud.api.query.vo.AsyncJobJoinVO;
import com.cloud.api.query.vo.ControlledViewEntity;
import com.cloud.api.query.vo.DataCenterJoinVO;
@ -3707,22 +3701,6 @@ public class ApiResponseHelper implements ResponseGenerator {
}
}
@Override
public AclPolicyResponse createAclPolicyResponse(AclPolicy policy) {
List<AclPolicyJoinVO> viewPolicies = ApiDBUtils.newAclPolicyView(policy);
List<AclPolicyResponse> listPolicies = ViewResponseHelper.createAclPolicyResponses(viewPolicies);
assert listPolicies != null && listPolicies.size() == 1 : "There should be one acl policy returned";
return listPolicies.get(0);
}
@Override
public AclGroupResponse createAclGroupResponse(AclGroup group) {
List<AclGroupJoinVO> viewGroups = ApiDBUtils.newAclGroupView(group);
List<AclGroupResponse> listGroups = ViewResponseHelper.createAclGroupResponses(viewGroups);
assert listGroups != null && listGroups.size() == 1 : "There should be one acl role returned";
return listGroups.get(0);
}
@Override
public PortableIpRangeResponse createPortableIPRangeResponse(PortableIpRange ipRange) {

238
server/src/com/cloud/api/query/QueryManagerImpl.java
View File

@ -29,12 +29,7 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.springframework.stereotype.Component;
import org.apache.cloudstack.acl.AclGroup;
import org.apache.cloudstack.acl.AclPolicy;
import org.apache.cloudstack.acl.AclService;
import org.apache.cloudstack.acl.ControlledEntity.ACLType;
import org.apache.cloudstack.acl.dao.AclGroupDao;
import org.apache.cloudstack.acl.dao.AclPolicyDao;
import org.apache.cloudstack.affinity.AffinityGroupDomainMapVO;
import org.apache.cloudstack.affinity.AffinityGroupResponse;
import org.apache.cloudstack.affinity.AffinityGroupVMMapVO;
@ -74,8 +69,6 @@ import org.apache.cloudstack.api.command.user.volume.ListResourceDetailsCmd;
import org.apache.cloudstack.api.command.user.volume.ListVolumesCmd;
import org.apache.cloudstack.api.command.user.zone.ListZonesCmd;
import org.apache.cloudstack.api.response.AccountResponse;
import org.apache.cloudstack.api.response.AclGroupResponse;
import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.response.AsyncJobResponse;
import org.apache.cloudstack.api.response.DiskOfferingResponse;
import org.apache.cloudstack.api.response.DomainRouterResponse;
@ -103,8 +96,6 @@ import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
import org.apache.cloudstack.query.QueryService;
import com.cloud.api.query.dao.AccountJoinDao;
import com.cloud.api.query.dao.AclGroupJoinDao;
import com.cloud.api.query.dao.AclPolicyJoinDao;
import com.cloud.api.query.dao.AffinityGroupJoinDao;
import com.cloud.api.query.dao.AsyncJobJoinDao;
import com.cloud.api.query.dao.DataCenterJoinDao;
@ -125,9 +116,6 @@ import com.cloud.api.query.dao.UserAccountJoinDao;
import com.cloud.api.query.dao.UserVmJoinDao;
import com.cloud.api.query.dao.VolumeJoinDao;
import com.cloud.api.query.vo.AccountJoinVO;
import com.cloud.api.query.vo.AclGroupJoinVO;
import com.cloud.api.query.vo.AclPolicyJoinVO;
import com.cloud.api.query.vo.AclRoleJoinVO;
import com.cloud.api.query.vo.AffinityGroupJoinVO;
import com.cloud.api.query.vo.AsyncJobJoinVO;
import com.cloud.api.query.vo.DataCenterJoinVO;
@ -218,8 +206,6 @@ public class QueryManagerImpl extends ManagerBase implements QueryService {
public static final Logger s_logger = Logger.getLogger(QueryManagerImpl.class);
// public static ViewResponseHelper _responseGenerator;
@Inject
private AccountManager _accountMgr;
@ -354,20 +340,6 @@ public class QueryManagerImpl extends ManagerBase implements QueryService {
@Inject
AffinityGroupDomainMapDao _affinityGroupDomainMapDao;
@Inject
AclPolicyJoinDao _aclPolicyJoinDao;
@Inject
AclPolicyDao _aclPolicyDao;
@Inject
AclGroupJoinDao _aclGroupJoinDao;
@Inject
AclGroupDao _aclGroupDao;
@Inject
AclService _aclService;
@Inject NetworkDetailsDao _networkDetailsDao;
@ -3334,214 +3306,4 @@ public class QueryManagerImpl extends ManagerBase implements QueryService {
return resourceDetailResponse;
}
@Override
public ListResponse<AclPolicyResponse> listAclPolicies(Long aclPolicyId, String aclPolicyName, Long domainId, Long startIndex, Long pageSize) {
Pair<List<AclPolicyJoinVO>, Integer> result = listAclPoliciesInternal(aclPolicyId, aclPolicyName, domainId, true, true, startIndex, pageSize);
ListResponse<AclPolicyResponse> response = new ListResponse<AclPolicyResponse>();
List<AclPolicyResponse> roleResponses = ViewResponseHelper.createAclPolicyResponses(result.first());
response.setResponses(roleResponses, result.second());
return response;
}
private Pair<List<AclPolicyJoinVO>, Integer> listAclPoliciesInternal(Long aclPolicyId, String aclPolicyName, Long domainId, boolean isRecursive, boolean listAll,
Long startIndex,
Long pageSize) {
Account caller = CallContext.current().getCallingAccount();
Boolean listForDomain = false;
if (aclPolicyId != null) {
AclPolicy policy = _aclPolicyDao.findById(aclPolicyId);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy by id " + aclPolicyId);
}
_accountMgr.checkAccess(caller, null, true, policy);
}
if (domainId != null) {
Domain domain = _domainDao.findById(domainId);
if (domain == null) {
throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
}
_accountMgr.checkAccess(caller, domain);
if (aclPolicyName != null) {
AclPolicy policy = _aclPolicyDao.findByName(domainId, aclPolicyName);
if (policy == null) {
throw new InvalidParameterValueException("Unable to find acl policy by name " + aclPolicyName
+ " in domain " + domainId);
}
_accountMgr.checkAccess(caller, null, true, policy);
}
}
if (aclPolicyId == null) {
if (_accountMgr.isAdmin(caller.getType()) && listAll && domainId == null) {
listForDomain = true;
isRecursive = true;
if (domainId == null) {
domainId = caller.getDomainId();
}
} else if (_accountMgr.isAdmin(caller.getType()) && domainId != null) {
listForDomain = true;
}
}
Filter searchFilter = new Filter(AclRoleJoinVO.class, "id", true, startIndex, pageSize);
SearchBuilder<AclPolicyJoinVO> sb = _aclPolicyJoinDao.createSearchBuilder();
sb.select(null, Func.DISTINCT, sb.entity().getId()); // select distinct ids
sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ);
sb.and("domainId", sb.entity().getDomainId(), SearchCriteria.Op.EQ);
sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
if (listForDomain && isRecursive) {
sb.and("path", sb.entity().getDomainPath(), SearchCriteria.Op.LIKE);
}
SearchCriteria<AclPolicyJoinVO> sc = sb.create();
if (aclPolicyName != null) {
sc.setParameters("name", aclPolicyName);
}
if (aclPolicyId != null) {
sc.setParameters("id", aclPolicyId);
}
if (listForDomain) {
if (isRecursive) {
Domain domain = _domainDao.findById(domainId);
sc.setParameters("path", domain.getPath() + "%");
} else {
sc.setParameters("domainId", domainId);
}
}
// search policy details by ids
Pair<List<AclPolicyJoinVO>, Integer> uniqueRolePair = _aclPolicyJoinDao.searchAndCount(sc, searchFilter);
Integer count = uniqueRolePair.second();
if (count.intValue() == 0) {
// empty result
return uniqueRolePair;
}
List<AclPolicyJoinVO> uniqueRoles = uniqueRolePair.first();
Long[] vrIds = new Long[uniqueRoles.size()];
int i = 0;
for (AclPolicyJoinVO v : uniqueRoles) {
vrIds[i++] = v.getId();
}
List<AclPolicyJoinVO> vrs = _aclPolicyJoinDao.searchByIds(vrIds);
return new Pair<List<AclPolicyJoinVO>, Integer>(vrs, count);
}
@Override
public ListResponse<AclGroupResponse> listAclGroups(Long aclGroupId, String aclGroupName, Long domainId, Long startIndex, Long pageSize) {
Pair<List<AclGroupJoinVO>, Integer> result = listAclGroupsInternal(aclGroupId, aclGroupName, domainId, true, true, startIndex, pageSize);
ListResponse<AclGroupResponse> response = new ListResponse<AclGroupResponse>();
List<AclGroupResponse> groupResponses = ViewResponseHelper.createAclGroupResponses(result.first());
response.setResponses(groupResponses, result.second());
return response;
}
private Pair<List<AclGroupJoinVO>, Integer> listAclGroupsInternal(Long aclGroupId, String aclGroupName, Long domainId, boolean isRecursive, boolean listAll, Long startIndex,
Long pageSize) {
Account caller = CallContext.current().getCallingAccount();
Boolean listForDomain = false;
if (aclGroupId != null) {
AclGroup group = _aclGroupDao.findById(aclGroupId);
if (group == null) {
throw new InvalidParameterValueException("Unable to find acl group by id " + aclGroupId);
}
_accountMgr.checkAccess(caller, null, true, group);
}
if (domainId != null) {
Domain domain = _domainDao.findById(domainId);
if (domain == null) {
throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist");
}
_accountMgr.checkAccess(caller, domain);
if (aclGroupName != null) {
AclGroup group = _aclGroupDao.findByName(domainId, aclGroupName);
if (group == null) {
throw new InvalidParameterValueException("Unable to find acl group by name " + aclGroupName
+ " in domain " + domainId);
}
_accountMgr.checkAccess(caller, null, true, group);
}
}
if (aclGroupId == null) {
if (_accountMgr.isAdmin(caller.getType()) && listAll && domainId == null) {
listForDomain = true;
isRecursive = true;
if (domainId == null) {
domainId = caller.getDomainId();
}
} else if (_accountMgr.isAdmin(caller.getType()) && domainId != null) {
listForDomain = true;
}
}
Filter searchFilter = new Filter(AclGroupJoinVO.class, "id", true, startIndex, pageSize);
SearchBuilder<AclGroupJoinVO> sb = _aclGroupJoinDao.createSearchBuilder();
sb.select(null, Func.DISTINCT, sb.entity().getId()); // select distinct ids
sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ);
sb.and("domainId", sb.entity().getDomainId(), SearchCriteria.Op.EQ);
sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ);
if (listForDomain && isRecursive) {
sb.and("path", sb.entity().getDomainPath(), SearchCriteria.Op.LIKE);
}
SearchCriteria<AclGroupJoinVO> sc = sb.create();
if (aclGroupName != null) {
sc.setParameters("name", aclGroupName);
}
if (aclGroupId != null) {
sc.setParameters("id", aclGroupId);
}
if (listForDomain) {
if (isRecursive) {
Domain domain = _domainDao.findById(domainId);
sc.setParameters("path", domain.getPath() + "%");
} else {
sc.setParameters("domainId", domainId);
}
}
// search group details by ids
Pair<List<AclGroupJoinVO>, Integer> uniqueGroupPair = _aclGroupJoinDao.searchAndCount(sc, searchFilter);
Integer count = uniqueGroupPair.second();
if (count.intValue() == 0) {
// empty result
return uniqueGroupPair;
}
List<AclGroupJoinVO> uniqueGroups = uniqueGroupPair.first();
Long[] vrIds = new Long[uniqueGroups.size()];
int i = 0;
for (AclGroupJoinVO v : uniqueGroups) {
vrIds[i++] = v.getId();
}
List<AclGroupJoinVO> vrs = _aclGroupJoinDao.searchByIds(vrIds);
return new Pair<List<AclGroupJoinVO>, Integer>(vrs, count);
}
}

36
server/src/com/cloud/api/query/ViewResponseHelper.java
View File

@ -28,8 +28,6 @@ import org.apache.cloudstack.api.ApiConstants.HostDetails;
import org.apache.cloudstack.api.ApiConstants.VMDetails;
import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.response.AccountResponse;
import org.apache.cloudstack.api.response.AclGroupResponse;
import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.api.response.AsyncJobResponse;
import org.apache.cloudstack.api.response.DiskOfferingResponse;
import org.apache.cloudstack.api.response.DomainRouterResponse;
@ -54,8 +52,6 @@ import org.apache.cloudstack.context.CallContext;
import com.cloud.api.ApiDBUtils;
import com.cloud.api.query.vo.AccountJoinVO;
import com.cloud.api.query.vo.AclGroupJoinVO;
import com.cloud.api.query.vo.AclPolicyJoinVO;
import com.cloud.api.query.vo.AffinityGroupJoinVO;
import com.cloud.api.query.vo.AsyncJobJoinVO;
import com.cloud.api.query.vo.DataCenterJoinVO;
@ -444,36 +440,4 @@ public class ViewResponseHelper {
}
return new ArrayList<AffinityGroupResponse>(vrDataList.values());
}
public static List<AclPolicyResponse> createAclPolicyResponses(List<AclPolicyJoinVO> policies) {
Hashtable<Long, AclPolicyResponse> vrDataList = new Hashtable<Long, AclPolicyResponse>();
for (AclPolicyJoinVO vr : policies) {
AclPolicyResponse vrData = vrDataList.get(vr.getId());
if (vrData == null) {
// first time encountering this Acl policy
vrData = ApiDBUtils.newAclPolicyResponse(vr);
} else {
// update vms
vrData = ApiDBUtils.fillAclPolicyDetails(vrData, vr);
}
vrDataList.put(vr.getId(), vrData);
}
return new ArrayList<AclPolicyResponse>(vrDataList.values());
}
public static List<AclGroupResponse> createAclGroupResponses(List<AclGroupJoinVO> groups) {
Hashtable<Long, AclGroupResponse> vrDataList = new Hashtable<Long, AclGroupResponse>();
for (AclGroupJoinVO vr : groups) {
AclGroupResponse vrData = vrDataList.get(vr.getId());
if (vrData == null) {
// first time encountering this Acl role
vrData = ApiDBUtils.newAclGroupResponse(vr);
} else {
// update vms
vrData = ApiDBUtils.fillAclGroupDetails(vrData, vr);
}
vrDataList.put(vr.getId(), vrData);
}
return new ArrayList<AclGroupResponse>(vrDataList.values());
}
}

9
server/src/com/cloud/api/query/dao/AccountJoinDaoImpl.java
View File

@ -24,16 +24,15 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.springframework.stereotype.Component;
import org.apache.cloudstack.acl.AclProxyService;
import org.apache.cloudstack.api.ResponseObject.ResponseView;
import org.apache.cloudstack.api.response.AccountResponse;
import org.apache.cloudstack.api.response.AclGroupResponse;
import org.apache.cloudstack.api.response.ResourceLimitAndCountResponse;
import org.apache.cloudstack.api.response.UserResponse;
import com.cloud.api.ApiDBUtils;
import com.cloud.api.query.ViewResponseHelper;
import com.cloud.api.query.vo.AccountJoinVO;
import com.cloud.api.query.vo.AclGroupJoinVO;
import com.cloud.api.query.vo.UserAccountJoinVO;
import com.cloud.configuration.Resource.ResourceType;
import com.cloud.user.Account;
@ -50,6 +49,8 @@ public class AccountJoinDaoImpl extends GenericDaoBase<AccountJoinVO, Long> impl
private final SearchBuilder<AccountJoinVO> acctIdSearch;
@Inject
public AccountManager _accountMgr;
@Inject
AclProxyService _aclProxy;
protected AccountJoinDaoImpl() {
@ -105,9 +106,7 @@ public class AccountJoinDaoImpl extends GenericDaoBase<AccountJoinVO, Long> impl
accountResponse.setObjectName("account");
// add all the acl groups for an account
List<AclGroupJoinVO> groupsForAccount = ApiDBUtils.findAclGroupByAccountId(account.getId());
List<AclGroupResponse> groupResponses = ViewResponseHelper.createAclGroupResponses(groupsForAccount);
accountResponse.setGroups(groupResponses);
accountResponse.setGroups(_aclProxy.listAclGroupsByAccount(account.getId()));
return accountResponse;
}

38
server/src/com/cloud/api/query/dao/AclGroupJoinDao.java
View File

@ -1,38 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.api.query.dao;
import java.util.List;
import org.apache.cloudstack.acl.AclGroup;
import org.apache.cloudstack.api.response.AclGroupResponse;
import com.cloud.api.query.vo.AclGroupJoinVO;
import com.cloud.utils.db.GenericDao;
public interface AclGroupJoinDao extends GenericDao<AclGroupJoinVO, Long> {
AclGroupResponse newAclGroupResponse(AclGroupJoinVO group);
AclGroupResponse setAclGroupResponse(AclGroupResponse response, AclGroupJoinVO os);
List<AclGroupJoinVO> newAclGroupView(AclGroup group);
List<AclGroupJoinVO> searchByIds(Long... ids);
List<AclGroupJoinVO> findAclGroupsByAccount(long accountId);
}

173
server/src/com/cloud/api/query/dao/AclGroupJoinDaoImpl.java
View File

@ -1,173 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.api.query.dao;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.ejb.Local;
import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.springframework.stereotype.Component;
import org.apache.cloudstack.acl.AclGroup;
import org.apache.cloudstack.acl.AclGroupAccountMapVO;
import org.apache.cloudstack.acl.dao.AclGroupAccountMapDao;
import org.apache.cloudstack.api.response.AclGroupResponse;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
import com.cloud.api.query.vo.AclGroupJoinVO;
import com.cloud.user.AccountManager;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
@Component
@Local(value = {AclGroupJoinDao.class})
public class AclGroupJoinDaoImpl extends GenericDaoBase<AclGroupJoinVO, Long> implements AclGroupJoinDao {
public static final Logger s_logger = Logger.getLogger(AclGroupJoinDaoImpl.class);
private final SearchBuilder<AclGroupJoinVO> grpIdSearch;
private final SearchBuilder<AclGroupJoinVO> grpSearch;
@Inject
public AccountManager _accountMgr;
@Inject
public ConfigurationDao _configDao;
@Inject
public AclGroupAccountMapDao _grpAccountDao;
protected AclGroupJoinDaoImpl() {
grpSearch = createSearchBuilder();
grpSearch.and("idIN", grpSearch.entity().getId(), SearchCriteria.Op.IN);
grpSearch.done();
grpIdSearch = createSearchBuilder();
grpIdSearch.and("id", grpIdSearch.entity().getId(), SearchCriteria.Op.EQ);
grpIdSearch.done();
_count = "select count(distinct id) from acl_group_view WHERE ";
}
@Override
public AclGroupResponse newAclGroupResponse(AclGroupJoinVO group) {
AclGroupResponse response = new AclGroupResponse();
response.setId(group.getUuid());
response.setName(group.getName());
response.setDescription(group.getDescription());
response.setDomainId(group.getDomainUuid());
response.setDomainName(group.getName());
response.setAccountName(group.getAccountName());
if (group.getMemberAccountId() > 0) {
response.addMemberAccount(group.getMemberAccountName());
}
if (group.getPolicyId() > 0) {
response.addPolicy(group.getPolicyName());
}
response.setObjectName("aclgroup");
return response;
}
@Override
public AclGroupResponse setAclGroupResponse(AclGroupResponse response, AclGroupJoinVO group) {
if (group.getMemberAccountId() > 0) {
response.addMemberAccount(group.getMemberAccountName());
}
if (group.getPolicyId() > 0) {
response.addPolicy(group.getPolicyName());
}
return response;
}
@Override
public List<AclGroupJoinVO> newAclGroupView(AclGroup group) {
SearchCriteria<AclGroupJoinVO> sc = grpIdSearch.create();
sc.setParameters("id", group.getId());
return searchIncludingRemoved(sc, null, null, false);
}
@Override
public List<AclGroupJoinVO> searchByIds(Long... grpIds) {
// set detail batch query size
int DETAILS_BATCH_SIZE = 2000;
String batchCfg = _configDao.getValue("detail.batch.query.size");
if (batchCfg != null) {
DETAILS_BATCH_SIZE = Integer.parseInt(batchCfg);
}
// query details by batches
List<AclGroupJoinVO> uvList = new ArrayList<AclGroupJoinVO>();
// query details by batches
int curr_index = 0;
if (grpIds.length > DETAILS_BATCH_SIZE) {
while ((curr_index + DETAILS_BATCH_SIZE) <= grpIds.length) {
Long[] ids = new Long[DETAILS_BATCH_SIZE];
for (int k = 0, j = curr_index; j < curr_index + DETAILS_BATCH_SIZE; j++, k++) {
ids[k] = grpIds[j];
}
SearchCriteria<AclGroupJoinVO> sc = grpSearch.create();
sc.setParameters("idIN", ids);
List<AclGroupJoinVO> vms = searchIncludingRemoved(sc, null, null, false);
if (vms != null) {
uvList.addAll(vms);
}
curr_index += DETAILS_BATCH_SIZE;
}
}
if (curr_index < grpIds.length) {
int batch_size = (grpIds.length - curr_index);
// set the ids value
Long[] ids = new Long[batch_size];
for (int k = 0, j = curr_index; j < curr_index + batch_size; j++, k++) {
ids[k] = grpIds[j];
}
SearchCriteria<AclGroupJoinVO> sc = grpSearch.create();
sc.setParameters("idIN", ids);
List<AclGroupJoinVO> vms = searchIncludingRemoved(sc, null, null, false);
if (vms != null) {
uvList.addAll(vms);
}
}
return uvList;
}
@Override
public List<AclGroupJoinVO> findAclGroupsByAccount(long accountId) {
List<AclGroupAccountMapVO> grpMap = _grpAccountDao.listByAccountId(accountId);
if (grpMap != null && grpMap.size() > 0) {
Set<Long> grpList = new HashSet<Long>();
for (AclGroupAccountMapVO m : grpMap) {
grpList.add(m.getAclGroupId());
}
return searchByIds(grpList.toArray(new Long[grpList.size()]));
}
else{
return null;
}
}
}

37
server/src/com/cloud/api/query/dao/AclPolicyJoinDao.java
View File

@ -1,37 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.api.query.dao;
import java.util.List;
import org.apache.cloudstack.acl.AclPolicy;
import org.apache.cloudstack.api.response.AclPolicyResponse;
import com.cloud.api.query.vo.AclPolicyJoinVO;
import com.cloud.utils.db.GenericDao;
public interface AclPolicyJoinDao extends GenericDao<AclPolicyJoinVO, Long> {
AclPolicyResponse newAclPolicyResponse(AclPolicyJoinVO role);
AclPolicyResponse setAclPolicyResponse(AclPolicyResponse response, AclPolicyJoinVO os);
List<AclPolicyJoinVO> newAclPolicyView(AclPolicy role);
List<AclPolicyJoinVO> searchByIds(Long... ids);
}

157
server/src/com/cloud/api/query/dao/AclPolicyJoinDaoImpl.java
View File

@ -1,157 +0,0 @@
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.api.query.dao;
import java.util.ArrayList;
import java.util.List;
import javax.ejb.Local;
import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.springframework.stereotype.Component;
import org.apache.cloudstack.acl.AclPolicy;
import org.apache.cloudstack.api.response.AclPermissionResponse;
import org.apache.cloudstack.api.response.AclPolicyResponse;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
import com.cloud.api.query.vo.AclPolicyJoinVO;
import com.cloud.user.AccountManager;
import com.cloud.utils.db.GenericDaoBase;
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;
@Component
@Local(value = {AclPolicyJoinDao.class})
public class AclPolicyJoinDaoImpl extends GenericDaoBase<AclPolicyJoinVO, Long> implements AclPolicyJoinDao {
public static final Logger s_logger = Logger.getLogger(AclPolicyJoinDaoImpl.class);
private final SearchBuilder<AclPolicyJoinVO> policyIdSearch;
private final SearchBuilder<AclPolicyJoinVO> policySearch;
@Inject
public AccountManager _accountMgr;
@Inject
public ConfigurationDao _configDao;
protected AclPolicyJoinDaoImpl() {
policySearch = createSearchBuilder();
policySearch.and("idIN", policySearch.entity().getId(), SearchCriteria.Op.IN);
policySearch.done();
policyIdSearch = createSearchBuilder();
policyIdSearch.and("id", policyIdSearch.entity().getId(), SearchCriteria.Op.EQ);
policyIdSearch.done();
_count = "select count(distinct id) from acl_policy_view WHERE ";
}
@Override
public AclPolicyResponse newAclPolicyResponse(AclPolicyJoinVO policy) {
AclPolicyResponse response = new AclPolicyResponse();
response.setId(policy.getUuid());
response.setName(policy.getName());
response.setDescription(policy.getDescription());
response.setDomainId(policy.getDomainUuid());
response.setDomainName(policy.getName());
response.setAccountName(policy.getAccountName());
if (policy.getPermissionAction() != null) {
AclPermissionResponse perm = new AclPermissionResponse();
perm.setAction(policy.getPermissionAction());
perm.setEntityType(policy.getPermissionEntityType());
perm.setScope(policy.getPermissionScope());
perm.setScopeId(policy.getPermissionScopeId());
perm.setPermission(policy.getPermissionAllowDeny());
response.addPermission(perm);
}
response.setObjectName("aclpolicy");
return response;
}
@Override
public AclPolicyResponse setAclPolicyResponse(AclPolicyResponse response, AclPolicyJoinVO policy) {
if (policy.getPermissionAction() != null) {
AclPermissionResponse perm = new AclPermissionResponse();
perm.setAction(policy.getPermissionAction());
perm.setEntityType(policy.getPermissionEntityType());
perm.setScope(policy.getPermissionScope());
perm.setScopeId(policy.getPermissionScopeId());
perm.setPermission(policy.getPermissionAllowDeny());
response.addPermission(perm);
}
return response;
}
@Override
public List<AclPolicyJoinVO> newAclPolicyView(AclPolicy policy) {
SearchCriteria<AclPolicyJoinVO> sc = policyIdSearch.create();
sc.setParameters("id", policy.getId());
return searchIncludingRemoved(sc, null, null, false);
}
@Override
public List<AclPolicyJoinVO> searchByIds(Long... policyIds) {
// set detail batch query size
int DETAILS_BATCH_SIZE = 2000;
String batchCfg = _configDao.getValue("detail.batch.query.size");
if (batchCfg != null) {
DETAILS_BATCH_SIZE = Integer.parseInt(batchCfg);
}
// query details by batches
List<AclPolicyJoinVO> uvList = new ArrayList<AclPolicyJoinVO>();
// query details by batches
int curr_index = 0;
if (policyIds.length > DETAILS_BATCH_SIZE) {
while ((curr_index + DETAILS_BATCH_SIZE) <= policyIds.length) {
Long[] ids = new Long[DETAILS_BATCH_SIZE];
for (int k = 0, j = curr_index; j < curr_index + DETAILS_BATCH_SIZE; j++, k++) {
ids[k] = policyIds[j];
}
SearchCriteria<AclPolicyJoinVO> sc = policySearch.create();
sc.setParameters("idIN", ids);
List<AclPolicyJoinVO> vms = searchIncludingRemoved(sc, null, null, false);
if (vms != null) {
uvList.addAll(vms);
}
curr_index += DETAILS_BATCH_SIZE;
}
}
if (curr_index < policyIds.length) {
int batch_size = (policyIds.length - curr_index);
// set the ids value
Long[] ids = new Long[batch_size];
for (int k = 0, j = curr_index; j < curr_index + batch_size; j++, k++) {
ids[k] = policyIds[j];
}
SearchCriteria<AclPolicyJoinVO> sc = policySearch.create();
sc.setParameters("idIN", ids);
List<AclPolicyJoinVO> vms = searchIncludingRemoved(sc, null, null, false);
if (vms != null) {
uvList.addAll(vms);
}
}
return uvList;
}
}

24
server/src/com/cloud/server/ManagementServerImpl.java
View File

@ -57,18 +57,6 @@ import org.apache.cloudstack.api.command.admin.account.DisableAccountCmd;
import org.apache.cloudstack.api.command.admin.account.EnableAccountCmd;
import org.apache.cloudstack.api.command.admin.account.LockAccountCmd;
import org.apache.cloudstack.api.command.admin.account.UpdateAccountCmd;
import org.apache.cloudstack.api.command.admin.acl.AddAccountToAclGroupCmd;
import org.apache.cloudstack.api.command.admin.acl.AddAclPermissionToAclPolicyCmd;
import org.apache.cloudstack.api.command.admin.acl.AttachAclPolicyToAclGroupCmd;
import org.apache.cloudstack.api.command.admin.acl.CreateAclGroupCmd;
import org.apache.cloudstack.api.command.admin.acl.CreateAclPolicyCmd;
import org.apache.cloudstack.api.command.admin.acl.DeleteAclGroupCmd;
import org.apache.cloudstack.api.command.admin.acl.DeleteAclPolicyCmd;
import org.apache.cloudstack.api.command.admin.acl.ListAclGroupsCmd;
import org.apache.cloudstack.api.command.admin.acl.ListAclPoliciesCmd;
import org.apache.cloudstack.api.command.admin.acl.RemoveAccountFromAclGroupCmd;
import org.apache.cloudstack.api.command.admin.acl.RemoveAclPermissionFromAclPolicyCmd;
import org.apache.cloudstack.api.command.admin.acl.RemoveAclPolicyFromAclGroupCmd;
import org.apache.cloudstack.api.command.admin.autoscale.CreateCounterCmd;
import org.apache.cloudstack.api.command.admin.autoscale.DeleteCounterCmd;
import org.apache.cloudstack.api.command.admin.cluster.AddClusterCmd;
@ -2880,18 +2868,6 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
cmdList.add(ReplaceNetworkACLListCmd.class);
cmdList.add(UpdateNetworkACLItemCmd.class);
cmdList.add(CleanVMReservationsCmd.class);
cmdList.add(CreateAclPolicyCmd.class);
cmdList.add(DeleteAclPolicyCmd.class);
cmdList.add(ListAclPoliciesCmd.class);
cmdList.add(AddAclPermissionToAclPolicyCmd.class);
cmdList.add(RemoveAclPermissionFromAclPolicyCmd.class);
cmdList.add(AttachAclPolicyToAclGroupCmd.class);
cmdList.add(RemoveAclPolicyFromAclGroupCmd.class);
cmdList.add(CreateAclGroupCmd.class);
cmdList.add(DeleteAclGroupCmd.class);
cmdList.add(ListAclGroupsCmd.class);
cmdList.add(AddAccountToAclGroupCmd.class);
cmdList.add(RemoveAccountFromAclGroupCmd.class);
return cmdList;
}

12
server/src/com/cloud/user/AccountManagerImpl.java
View File

@ -46,6 +46,7 @@ import org.apache.cloudstack.acl.AclPolicyPermission;
import org.apache.cloudstack.acl.AclService;
import org.apache.cloudstack.acl.ControlledEntity;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.acl.QuerySelector;
import org.apache.cloudstack.acl.RoleType;
import org.apache.cloudstack.acl.SecurityChecker;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
@ -262,6 +263,9 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
@Inject
private AclService _aclService;
@Inject
QuerySelector _aclQuerySelector; // we assume that there should be one type of QuerySelector adapter
@Inject
private AclPolicyPermissionDao _aclPolicyPermissionDao;
@ -2490,16 +2494,16 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M
// search for policy permissions associated with caller to get all his authorized domains, accounts, and resources
// Assumption: if a domain is in grantedDomains, then all the accounts under this domain will not be returned in "grantedAccounts". Similarly, if an account
// is in grantedAccounts, then all the resources owned by this account will not be returned in "grantedResources".
boolean grantedAll = _aclService.isGrantedAll(caller.getId(), action);
boolean grantedAll = _aclQuerySelector.isGrantedAll(caller, action);
if ( grantedAll ){
if ( domainId != null ){
permittedDomains.add(domainId);
}
}
else {
List<Long> grantedDomains = _aclService.getGrantedDomains(caller.getId(), action);
List<Long> grantedAccounts = _aclService.getGrantedAccounts(caller.getId(), action);
List<Long> grantedResources = _aclService.getGrantedResources(caller.getId(), action);
List<Long> grantedDomains = _aclQuerySelector.getAuthorizedDomains(caller, action);
List<Long> grantedAccounts = _aclQuerySelector.getAuthorizedAccounts(caller, action);
List<Long> grantedResources = _aclQuerySelector.getAuthorizedResources(caller, action);
if (domainId != null) {
// specific domain is specified

4
services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml
View File

@ -27,6 +27,8 @@
http://www.springframework.org/schema/context/spring-context-3.0.xsd"
>
<bean id="RoleBasedEntityAccessChecker" class="org.apache.cloudstack.acl.entity.RoleBasedEntityAccessChecker" />
<bean id="RoleBasedAPIAccessChecker" class="org.apache.cloudstack.acl.RoleBasedAPIAccessChecker" />
<bean id="RoleBasedEntityAccessChecker" class="org.apache.cloudstack.acl.RoleBasedEntityAccessChecker" />
<bean id="RoleBasedEntityQuerySelector" class="org.apache.cloudstack.acl.RoleBasedEntityQuerySelector" />
</beans>

16
services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityQuerySelector.java
View File

@ -23,8 +23,6 @@ import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.acl.QuerySelector;
import org.apache.cloudstack.iam.api.AclPolicy;
import org.apache.cloudstack.iam.api.AclPolicyPermission;
import org.apache.cloudstack.iam.api.IAMService;
@ -99,5 +97,19 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe
return entityIds;
}
@Override
public boolean isGrantedAll(Account caller, String action) {
long accountId = caller.getAccountId();
// Get the static Policies of the Caller
List<AclPolicy> policies = _iamService.listAclPolicies(accountId);
// for each policy, find granted permission with ALL scope
for (AclPolicy policy : policies) {
List<AclPolicyPermission> pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ALL.toString());
if (pp != null && pp.size() > 0) {
return true;
}
}
return false;
}
}

4
services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java
View File

@ -18,6 +18,7 @@ package org.apache.cloudstack.acl.api;
import java.util.List;
import org.apache.cloudstack.acl.AclProxyService;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.acl.api.response.AclGroupResponse;
import org.apache.cloudstack.acl.api.response.AclPolicyResponse;
@ -28,8 +29,9 @@ import org.apache.cloudstack.iam.api.AclPolicyPermission;
import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission;
import com.cloud.user.Account;
import com.cloud.utils.component.PluggableService;
public interface AclApiService {
public interface AclApiService extends AclProxyService, PluggableService {
/* ACL group related interfaces */
AclGroup createAclGroup(Account caller, String aclGroupName, String description);

39
services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java
View File

@ -27,6 +27,18 @@ import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.AclEntityType;
import org.apache.cloudstack.acl.PermissionScope;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.acl.api.command.AddAccountToAclGroupCmd;
import org.apache.cloudstack.acl.api.command.AddAclPermissionToAclPolicyCmd;
import org.apache.cloudstack.acl.api.command.AttachAclPolicyToAclGroupCmd;
import org.apache.cloudstack.acl.api.command.CreateAclGroupCmd;
import org.apache.cloudstack.acl.api.command.CreateAclPolicyCmd;
import org.apache.cloudstack.acl.api.command.DeleteAclGroupCmd;
import org.apache.cloudstack.acl.api.command.DeleteAclPolicyCmd;
import org.apache.cloudstack.acl.api.command.ListAclGroupsCmd;
import org.apache.cloudstack.acl.api.command.ListAclPoliciesCmd;
import org.apache.cloudstack.acl.api.command.RemoveAccountFromAclGroupCmd;
import org.apache.cloudstack.acl.api.command.RemoveAclPermissionFromAclPolicyCmd;
import org.apache.cloudstack.acl.api.command.RemoveAclPolicyFromAclGroupCmd;
import org.apache.cloudstack.acl.api.response.AclGroupResponse;
import org.apache.cloudstack.acl.api.response.AclPermissionResponse;
import org.apache.cloudstack.acl.api.response.AclPolicyResponse;
@ -100,6 +112,16 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
return _iamSrv.listAclGroups(accountId);
}
@Override
public List<String> listAclGroupsByAccount(long accountId) {
List<AclGroup> groups = listAclGroups(accountId);
List<String> groupNames = new ArrayList<String>();
for (AclGroup grp : groups) {
groupNames.add(grp.getName());
}
return groupNames;
}
@DB
@Override
@ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Adding accounts to acl group")
@ -330,4 +352,21 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man
return response;
}
@Override
public List<Class<?>> getCommands() {
List<Class<?>> cmdList = new ArrayList<Class<?>>();
cmdList.add(CreateAclPolicyCmd.class);
cmdList.add(DeleteAclPolicyCmd.class);
cmdList.add(ListAclPoliciesCmd.class);
cmdList.add(AddAclPermissionToAclPolicyCmd.class);
cmdList.add(RemoveAclPermissionFromAclPolicyCmd.class);
cmdList.add(AttachAclPolicyToAclGroupCmd.class);
cmdList.add(RemoveAclPolicyFromAclGroupCmd.class);
cmdList.add(CreateAclGroupCmd.class);
cmdList.add(DeleteAclGroupCmd.class);
cmdList.add(ListAclGroupsCmd.class);
cmdList.add(AddAccountToAclGroupCmd.class);
cmdList.add(RemoveAccountFromAclGroupCmd.class);
return cmdList;
}
}