From e42a262f6cd9cd3535f5ad458b5e63d16dec8e6a Mon Sep 17 00:00:00 2001 From: Min Chen Date: Fri, 10 Jan 2014 14:54:31 -0800 Subject: [PATCH] Remove old APIs and old security checker plugins. Also use QuerySelector adapater in ACL search routine. --- .../cloudstack/acl/AclProxyService.java | 9 + .../apache/cloudstack/acl/QuerySelector.java | 7 + .../cloudstack/api/ResponseGenerator.java | 8 - .../admin/acl/AddAccountToAclGroupCmd.java | 121 --------- .../acl/AddAclPermissionToAclPolicyCmd.java | 144 ----------- .../acl/AttachAclPolicyToAclGroupCmd.java | 121 --------- .../command/admin/acl/CreateAclGroupCmd.java | 162 ------------ .../command/admin/acl/CreateAclPolicyCmd.java | 169 ------------- .../command/admin/acl/DeleteAclGroupCmd.java | 96 ------- .../command/admin/acl/DeleteAclPolicyCmd.java | 96 ------- .../command/admin/acl/ListAclGroupsCmd.java | 82 ------ .../command/admin/acl/ListAclPoliciesCmd.java | 82 ------ .../acl/RemoveAccountFromAclGroupCmd.java | 121 --------- .../RemoveAclPermissionFromAclPolicyCmd.java | 141 ----------- .../acl/RemoveAclPolicyFromAclGroupCmd.java | 121 --------- .../api/response/AccountResponse.java | 6 +- .../api/response/AclGroupResponse.java | 168 ------------- .../api/response/AclPermissionResponse.java | 125 --------- .../api/response/AclPolicyResponse.java | 156 ------------ .../apache/cloudstack/query/QueryService.java | 8 - .../acl/role-based-access-checkers/pom.xml | 32 --- .../module.properties | 18 -- ...acl-role-based-access-checkers-context.xml | 32 --- .../acl/api/RoleBasedAPIAccessChecker.java | 68 ----- .../entity/RoleBasedEntityAccessChecker.java | 131 ---------- .../entity/RoleBasedEntityQuerySelector.java | 51 ---- server/src/com/cloud/api/ApiDBUtils.java | 42 ---- .../src/com/cloud/api/ApiResponseHelper.java | 22 -- .../com/cloud/api/query/QueryManagerImpl.java | 238 ------------------ .../cloud/api/query/ViewResponseHelper.java | 36 --- .../api/query/dao/AccountJoinDaoImpl.java | 9 +- .../cloud/api/query/dao/AclGroupJoinDao.java | 38 --- .../api/query/dao/AclGroupJoinDaoImpl.java | 173 ------------- .../cloud/api/query/dao/AclPolicyJoinDao.java | 37 --- .../api/query/dao/AclPolicyJoinDaoImpl.java | 157 ------------ .../cloud/server/ManagementServerImpl.java | 24 -- .../com/cloud/user/AccountManagerImpl.java | 12 +- ...acl-role-based-access-checkers-context.xml | 4 +- .../acl/RoleBasedEntityQuerySelector.java | 16 +- .../cloudstack/acl/api/AclApiService.java | 4 +- .../cloudstack/acl/api/AclApiServiceImpl.java | 39 +++ 41 files changed, 90 insertions(+), 3036 deletions(-) create mode 100644 api/src/org/apache/cloudstack/acl/AclProxyService.java delete mode 100644 api/src/org/apache/cloudstack/api/command/admin/acl/AddAccountToAclGroupCmd.java delete mode 100644 api/src/org/apache/cloudstack/api/command/admin/acl/AddAclPermissionToAclPolicyCmd.java delete mode 100644 api/src/org/apache/cloudstack/api/command/admin/acl/AttachAclPolicyToAclGroupCmd.java delete mode 100644 api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java delete mode 100644 api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclPolicyCmd.java delete mode 100644 api/src/org/apache/cloudstack/api/command/admin/acl/DeleteAclGroupCmd.java delete mode 100644 api/src/org/apache/cloudstack/api/command/admin/acl/DeleteAclPolicyCmd.java delete mode 100644 api/src/org/apache/cloudstack/api/command/admin/acl/ListAclGroupsCmd.java delete mode 100644 api/src/org/apache/cloudstack/api/command/admin/acl/ListAclPoliciesCmd.java delete mode 100644 api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAccountFromAclGroupCmd.java delete mode 100644 api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclPermissionFromAclPolicyCmd.java delete mode 100644 api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclPolicyFromAclGroupCmd.java delete mode 100644 api/src/org/apache/cloudstack/api/response/AclGroupResponse.java delete mode 100644 api/src/org/apache/cloudstack/api/response/AclPermissionResponse.java delete mode 100644 api/src/org/apache/cloudstack/api/response/AclPolicyResponse.java delete mode 100644 plugins/acl/role-based-access-checkers/pom.xml delete mode 100644 plugins/acl/role-based-access-checkers/resources/META-INF/cloudstack/acl-role-based-access-checkers/module.properties delete mode 100644 plugins/acl/role-based-access-checkers/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml delete mode 100644 plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/api/RoleBasedAPIAccessChecker.java delete mode 100644 plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityAccessChecker.java delete mode 100644 plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityQuerySelector.java delete mode 100644 server/src/com/cloud/api/query/dao/AclGroupJoinDao.java delete mode 100644 server/src/com/cloud/api/query/dao/AclGroupJoinDaoImpl.java delete mode 100644 server/src/com/cloud/api/query/dao/AclPolicyJoinDao.java delete mode 100644 server/src/com/cloud/api/query/dao/AclPolicyJoinDaoImpl.java diff --git a/api/src/org/apache/cloudstack/acl/AclProxyService.java b/api/src/org/apache/cloudstack/acl/AclProxyService.java new file mode 100644 index 00000000000..c49693d8e68 --- /dev/null +++ b/api/src/org/apache/cloudstack/acl/AclProxyService.java @@ -0,0 +1,9 @@ +package org.apache.cloudstack.acl; + +import java.util.List; + +public interface AclProxyService { + + List listAclGroupsByAccount(long accountId); + +} diff --git a/api/src/org/apache/cloudstack/acl/QuerySelector.java b/api/src/org/apache/cloudstack/acl/QuerySelector.java index 56bf982774c..75fedb39f0a 100644 --- a/api/src/org/apache/cloudstack/acl/QuerySelector.java +++ b/api/src/org/apache/cloudstack/acl/QuerySelector.java @@ -54,5 +54,12 @@ public interface QuerySelector extends Adapter { */ List getAuthorizedResources(Account caller, String action); + /** + * Check if this account is associated with a policy with scope of ALL + * @param caller account to check + * @param action action. + * @return true if this account is attached with a policy for the given action of ALL scope. + */ + boolean isGrantedAll(Account caller, String action); } diff --git a/api/src/org/apache/cloudstack/api/ResponseGenerator.java b/api/src/org/apache/cloudstack/api/ResponseGenerator.java index 4bb2907f4e9..e47773e052c 100644 --- a/api/src/org/apache/cloudstack/api/ResponseGenerator.java +++ b/api/src/org/apache/cloudstack/api/ResponseGenerator.java @@ -22,8 +22,6 @@ import java.util.EnumSet; import java.util.List; import java.util.Map; -import org.apache.cloudstack.acl.AclGroup; -import org.apache.cloudstack.acl.AclPolicy; import org.apache.cloudstack.affinity.AffinityGroup; import org.apache.cloudstack.affinity.AffinityGroupResponse; import org.apache.cloudstack.api.ApiConstants.HostDetails; @@ -31,8 +29,6 @@ import org.apache.cloudstack.api.ApiConstants.VMDetails; import org.apache.cloudstack.api.ResponseObject.ResponseView; import org.apache.cloudstack.api.command.user.job.QueryAsyncJobResultCmd; import org.apache.cloudstack.api.response.AccountResponse; -import org.apache.cloudstack.api.response.AclGroupResponse; -import org.apache.cloudstack.api.response.AclPolicyResponse; import org.apache.cloudstack.api.response.ApplicationLoadBalancerResponse; import org.apache.cloudstack.api.response.AsyncJobResponse; import org.apache.cloudstack.api.response.AutoScalePolicyResponse; @@ -440,8 +436,4 @@ public interface ResponseGenerator { IsolationMethodResponse createIsolationMethodResponse(IsolationType method); - AclPolicyResponse createAclPolicyResponse(AclPolicy policy); - - AclGroupResponse createAclGroupResponse(AclGroup group); - } diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/AddAccountToAclGroupCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/AddAccountToAclGroupCmd.java deleted file mode 100644 index 854f2b3b0fa..00000000000 --- a/api/src/org/apache/cloudstack/api/command/admin/acl/AddAccountToAclGroupCmd.java +++ /dev/null @@ -1,121 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.api.command.admin.acl; - -import java.util.List; - -import org.apache.log4j.Logger; - -import org.apache.cloudstack.acl.AclGroup; -import org.apache.cloudstack.api.ACL; -import org.apache.cloudstack.api.APICommand; -import org.apache.cloudstack.api.ApiCommandJobType; -import org.apache.cloudstack.api.ApiConstants; -import org.apache.cloudstack.api.ApiErrorCode; -import org.apache.cloudstack.api.BaseAsyncCmd; -import org.apache.cloudstack.api.Parameter; -import org.apache.cloudstack.api.ServerApiException; -import org.apache.cloudstack.api.response.AccountResponse; -import org.apache.cloudstack.api.response.AclGroupResponse; -import org.apache.cloudstack.context.CallContext; - -import com.cloud.event.EventTypes; -import com.cloud.exception.InsufficientCapacityException; -import com.cloud.exception.ResourceUnavailableException; -import com.cloud.user.Account; - - -@APICommand(name = "addAccountToAclGroup", description = "add account to an acl group", responseObject = AclGroupResponse.class) -public class AddAccountToAclGroupCmd extends BaseAsyncCmd { - public static final Logger s_logger = Logger.getLogger(AddAccountToAclGroupCmd.class.getName()); - private static final String s_name = "addaccounttoaclgroupresponse"; - - ///////////////////////////////////////////////////// - //////////////// API parameters ///////////////////// - ///////////////////////////////////////////////////// - - - @ACL - @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class, - required = true, description = "The ID of the acl group") - private Long id; - - @ACL - @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that are going to be assigned to the acl group.") - private List accountIdList; - - - ///////////////////////////////////////////////////// - /////////////////// Accessors /////////////////////// - ///////////////////////////////////////////////////// - - - public Long getId() { - return id; - } - - - public List getAccountIdList() { - return accountIdList; - } - - ///////////////////////////////////////////////////// - /////////////// API Implementation/////////////////// - ///////////////////////////////////////////////////// - - - @Override - public String getCommandName() { - return s_name; - } - - - @Override - public long getEntityOwnerId() { - return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked - } - - @Override - public void execute() throws ResourceUnavailableException, - InsufficientCapacityException, ServerApiException { - CallContext.current().setEventDetails("Acl group Id: " + getId()); - AclGroup result = _aclService.addAccountsToGroup(accountIdList, id); - if (result != null){ - AclGroupResponse response = _responseGenerator.createAclGroupResponse(result); - response.setResponseName(getCommandName()); - setResponseObject(response); - } else { - throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add accounts to acl group"); - } - } - - @Override - public String getEventType() { - return EventTypes.EVENT_ACL_GROUP_UPDATE; - } - - @Override - public String getEventDescription() { - return "adding accounts to acl group"; - } - - @Override - public ApiCommandJobType getInstanceType() { - return ApiCommandJobType.AclGroup; - } - -} diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/AddAclPermissionToAclPolicyCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/AddAclPermissionToAclPolicyCmd.java deleted file mode 100644 index 6a634bef349..00000000000 --- a/api/src/org/apache/cloudstack/api/command/admin/acl/AddAclPermissionToAclPolicyCmd.java +++ /dev/null @@ -1,144 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.api.command.admin.acl; - -import org.apache.log4j.Logger; - -import org.apache.cloudstack.acl.AclPolicy; -import org.apache.cloudstack.acl.AclPolicyPermission.Permission; -import org.apache.cloudstack.acl.PermissionScope; -import org.apache.cloudstack.api.ACL; -import org.apache.cloudstack.api.APICommand; -import org.apache.cloudstack.api.ApiCommandJobType; -import org.apache.cloudstack.api.ApiConstants; -import org.apache.cloudstack.api.ApiErrorCode; -import org.apache.cloudstack.api.BaseAsyncCmd; -import org.apache.cloudstack.api.Parameter; -import org.apache.cloudstack.api.ServerApiException; -import org.apache.cloudstack.api.response.AclPolicyResponse; -import org.apache.cloudstack.context.CallContext; - -import com.cloud.event.EventTypes; -import com.cloud.exception.InsufficientCapacityException; -import com.cloud.exception.ResourceUnavailableException; -import com.cloud.user.Account; - - -@APICommand(name = "addAclPermissionToAclPolicy", description = "Add Acl permission to an acl policy", responseObject = AclPolicyResponse.class) -public class AddAclPermissionToAclPolicyCmd extends BaseAsyncCmd { - public static final Logger s_logger = Logger.getLogger(AddAclPermissionToAclPolicyCmd.class.getName()); - private static final String s_name = "addaclpermissiontoaclpolicyresponse"; - - ///////////////////////////////////////////////////// - //////////////// API parameters ///////////////////// - ///////////////////////////////////////////////////// - - - @ACL - @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class, - required = true, description = "The ID of the acl policy") - private Long id; - - @Parameter(name = ApiConstants.ACL_ACTION, type = CommandType.STRING, required = true, description = "action api name.") - private String action; - - @Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = false, description = "entity class simple name.") - private String entityType; - - @Parameter(name = ApiConstants.ACL_SCOPE, type = CommandType.STRING, - required = false, description = "acl permission scope") - private String scope; - - @Parameter(name = ApiConstants.ACL_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id") - private Long scopeId; - - - ///////////////////////////////////////////////////// - /////////////////// Accessors /////////////////////// - ///////////////////////////////////////////////////// - - - public Long getId() { - return id; - } - - - public String getAction() { - return action; - } - - public String getEntityType() { - return entityType; - } - - public String getScope() { - return scope; - } - - public Long getScopeId() { - return scopeId; - } - - - ///////////////////////////////////////////////////// - /////////////// API Implementation/////////////////// - ///////////////////////////////////////////////////// - - - - @Override - public String getCommandName() { - return s_name; - } - - - @Override - public long getEntityOwnerId() { - return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked - } - - @Override - public void execute() throws ResourceUnavailableException, - InsufficientCapacityException, ServerApiException { - CallContext.current().setEventDetails("Acl policy Id: " + getId()); - // Only explicit ALLOW is supported for this release, no explicit deny - AclPolicy result = _aclService.addAclPermissionToAclPolicy(id, entityType, PermissionScope.valueOf(scope), scopeId, action, Permission.Allow); - if (result != null) { - AclPolicyResponse response = _responseGenerator.createAclPolicyResponse(result); - response.setResponseName(getCommandName()); - setResponseObject(response); - } else { - throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to grant permission to acl policy " + getId()); - } - } - - @Override - public String getEventType() { - return EventTypes.EVENT_ACL_POLICY_GRANT; - } - - @Override - public String getEventDescription() { - return "granting permission to acl policy"; - } - - @Override - public ApiCommandJobType getInstanceType() { - return ApiCommandJobType.AclPolicy; - } - -} diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/AttachAclPolicyToAclGroupCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/AttachAclPolicyToAclGroupCmd.java deleted file mode 100644 index 33cb59f24e8..00000000000 --- a/api/src/org/apache/cloudstack/api/command/admin/acl/AttachAclPolicyToAclGroupCmd.java +++ /dev/null @@ -1,121 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.api.command.admin.acl; - -import java.util.List; - -import org.apache.log4j.Logger; - -import org.apache.cloudstack.acl.AclGroup; -import org.apache.cloudstack.api.ACL; -import org.apache.cloudstack.api.APICommand; -import org.apache.cloudstack.api.ApiCommandJobType; -import org.apache.cloudstack.api.ApiConstants; -import org.apache.cloudstack.api.ApiErrorCode; -import org.apache.cloudstack.api.BaseAsyncCmd; -import org.apache.cloudstack.api.Parameter; -import org.apache.cloudstack.api.ServerApiException; -import org.apache.cloudstack.api.response.AclGroupResponse; -import org.apache.cloudstack.api.response.AclPolicyResponse; -import org.apache.cloudstack.context.CallContext; - -import com.cloud.event.EventTypes; -import com.cloud.exception.InsufficientCapacityException; -import com.cloud.exception.ResourceUnavailableException; -import com.cloud.user.Account; - - -@APICommand(name = "attachAclPolicyToAclGroup", description = "attach acl policy to an acl group", responseObject = AclGroupResponse.class) -public class AttachAclPolicyToAclGroupCmd extends BaseAsyncCmd { - public static final Logger s_logger = Logger.getLogger(AttachAclPolicyToAclGroupCmd.class.getName()); - private static final String s_name = "attachaclpolicytoaclgroupresponse"; - - ///////////////////////////////////////////////////// - //////////////// API parameters ///////////////////// - ///////////////////////////////////////////////////// - - - @ACL - @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class, - required = true, description = "The ID of the acl group") - private Long id; - - @ACL - @Parameter(name = ApiConstants.ACL_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.") - private List policyIdList; - - - ///////////////////////////////////////////////////// - /////////////////// Accessors /////////////////////// - ///////////////////////////////////////////////////// - - - public Long getId() { - return id; - } - - - public List getPolicyIdList() { - return policyIdList; - } - - ///////////////////////////////////////////////////// - /////////////// API Implementation/////////////////// - ///////////////////////////////////////////////////// - - - @Override - public String getCommandName() { - return s_name; - } - - - @Override - public long getEntityOwnerId() { - return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked - } - - @Override - public void execute() throws ResourceUnavailableException, - InsufficientCapacityException, ServerApiException { - CallContext.current().setEventDetails("Acl group Id: " + getId()); - AclGroup result = _aclService.attachAclPoliciesToGroup(policyIdList, id); - if (result != null){ - AclGroupResponse response = _responseGenerator.createAclGroupResponse(result); - response.setResponseName(getCommandName()); - setResponseObject(response); - } else { - throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to acl group"); - } - } - - @Override - public String getEventType() { - return EventTypes.EVENT_ACL_GROUP_UPDATE; - } - - @Override - public String getEventDescription() { - return "adding acl roles to acl group"; - } - - @Override - public ApiCommandJobType getInstanceType() { - return ApiCommandJobType.AclGroup; - } - -} diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java deleted file mode 100644 index d6d965fcc96..00000000000 --- a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclGroupCmd.java +++ /dev/null @@ -1,162 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.api.command.admin.acl; - -import org.apache.log4j.Logger; - -import org.apache.cloudstack.acl.AclGroup; -import org.apache.cloudstack.api.APICommand; -import org.apache.cloudstack.api.ApiCommandJobType; -import org.apache.cloudstack.api.ApiConstants; -import org.apache.cloudstack.api.ApiErrorCode; -import org.apache.cloudstack.api.BaseAsyncCreateCmd; -import org.apache.cloudstack.api.Parameter; -import org.apache.cloudstack.api.ServerApiException; -import org.apache.cloudstack.api.response.AclGroupResponse; -import org.apache.cloudstack.api.response.DomainResponse; -import org.apache.cloudstack.context.CallContext; - -import com.cloud.event.EventTypes; -import com.cloud.exception.ResourceAllocationException; -import com.cloud.user.Account; - -@APICommand(name = "createAclGroup", responseObject = AclGroupResponse.class, description = "Creates an acl group") -public class CreateAclGroupCmd extends BaseAsyncCreateCmd { - public static final Logger s_logger = Logger.getLogger(CreateAclGroupCmd.class.getName()); - - private static final String s_name = "createaclgroupresponse"; - - // /////////////////////////////////////////////////// - // ////////////// API parameters ///////////////////// - // /////////////////////////////////////////////////// - - @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the acl group. Must be used with domainId.") - private String accountName; - - @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the acl group", entityType = DomainResponse.class) - private Long domainId; - - @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the acl group") - private String description; - - @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the acl group") - private String name; - - - // /////////////////////////////////////////////////// - // ///////////////// Accessors /////////////////////// - // /////////////////////////////////////////////////// - - public String getAccountName() { - return accountName; - } - - public String getDescription() { - return description; - } - - public Long getDomainId() { - return domainId; - } - - public String getName() { - return name; - } - - - // /////////////////////////////////////////////////// - // ///////////// API Implementation/////////////////// - // /////////////////////////////////////////////////// - - - @Override - public String getCommandName() { - return s_name; - } - - @Override - public long getEntityOwnerId() { - Account account = CallContext.current().getCallingAccount(); - if ((account == null) || _accountService.isAdmin(account.getType())) { - if ((domainId != null) && (accountName != null)) { - Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId); - if (userAccount != null) { - return userAccount.getId(); - } - } - } - - if (account != null) { - return account.getId(); - } - - return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this - // command to SYSTEM so ERROR events - // are tracked - } - - @Override - public void execute() { - AclGroup grp = _entityMgr.findById(AclGroup.class, getEntityId()); - if (grp != null) { - AclGroupResponse response = _responseGenerator.createAclGroupResponse(grp); - response.setResponseName(getCommandName()); - setResponseObject(response); - } else { - throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl group:" + name); - } - } - - @Override - public void create() throws ResourceAllocationException { - Account account = CallContext.current().getCallingAccount(); - AclGroup result = _aclService.createAclGroup(account, name, description); - if (result != null) { - setEntityId(result.getId()); - setEntityUuid(result.getUuid()); - } else { - throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl group entity" + name); - } - - } - - @Override - public String getEventType() { - return EventTypes.EVENT_ACL_GROUP_CREATE; - } - - @Override - public String getEventDescription() { - return "creating Acl group"; - } - - @Override - public String getCreateEventType() { - return EventTypes.EVENT_ACL_GROUP_CREATE; - } - - @Override - public String getCreateEventDescription() { - return "creating acl group"; - } - - @Override - public ApiCommandJobType getInstanceType() { - return ApiCommandJobType.AclGroup; - } - -} diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclPolicyCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclPolicyCmd.java deleted file mode 100644 index b423dabec00..00000000000 --- a/api/src/org/apache/cloudstack/api/command/admin/acl/CreateAclPolicyCmd.java +++ /dev/null @@ -1,169 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.api.command.admin.acl; - -import org.apache.log4j.Logger; - -import org.apache.cloudstack.acl.AclPolicy; -import org.apache.cloudstack.api.ACL; -import org.apache.cloudstack.api.APICommand; -import org.apache.cloudstack.api.ApiCommandJobType; -import org.apache.cloudstack.api.ApiConstants; -import org.apache.cloudstack.api.ApiErrorCode; -import org.apache.cloudstack.api.BaseAsyncCreateCmd; -import org.apache.cloudstack.api.Parameter; -import org.apache.cloudstack.api.ServerApiException; -import org.apache.cloudstack.api.response.AclPolicyResponse; -import org.apache.cloudstack.api.response.DomainResponse; -import org.apache.cloudstack.context.CallContext; - -import com.cloud.event.EventTypes; -import com.cloud.exception.ResourceAllocationException; -import com.cloud.user.Account; - -@APICommand(name = "createAclPolicy", responseObject = AclPolicyResponse.class, description = "Creates an acl policy") -public class CreateAclPolicyCmd extends BaseAsyncCreateCmd { - public static final Logger s_logger = Logger.getLogger(CreateAclPolicyCmd.class.getName()); - - private static final String s_name = "createaclpolicyresponse"; - - // /////////////////////////////////////////////////// - // ////////////// API parameters ///////////////////// - // /////////////////////////////////////////////////// - - @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "an account for the acl policy. Must be used with domainId.") - private String accountName; - - @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, description = "domainId of the account owning the acl policy", entityType = DomainResponse.class) - private Long domainId; - - @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "optional description of the acl policy") - private String description; - - @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "name of the acl policy") - private String name; - - @ACL - @Parameter(name = ApiConstants.ACL_PARENT_POLICY_ID, type = CommandType.UUID, description = "The ID of parent acl policy.", entityType = AclPolicyResponse.class) - private Long parentPolicyId; - - - // /////////////////////////////////////////////////// - // ///////////////// Accessors /////////////////////// - // /////////////////////////////////////////////////// - - public String getAccountName() { - return accountName; - } - - public String getDescription() { - return description; - } - - public Long getDomainId() { - return domainId; - } - - public String getName() { - return name; - } - - public Long getParentPolicyId() { - return parentPolicyId; - } - - // /////////////////////////////////////////////////// - // ///////////// API Implementation/////////////////// - // /////////////////////////////////////////////////// - - @Override - public String getCommandName() { - return s_name; - } - - @Override - public long getEntityOwnerId() { - Account account = CallContext.current().getCallingAccount(); - if ((account == null) || _accountService.isAdmin(account.getType())) { - if ((domainId != null) && (accountName != null)) { - Account userAccount = _responseGenerator.findAccountByNameDomain(accountName, domainId); - if (userAccount != null) { - return userAccount.getId(); - } - } - } - - if (account != null) { - return account.getId(); - } - - return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this - // command to SYSTEM so ERROR events - // are tracked - } - - @Override - public void execute() { - AclPolicy policy = _entityMgr.findById(AclPolicy.class, getEntityId()); - if (policy != null) { - AclPolicyResponse response = _responseGenerator.createAclPolicyResponse(policy); - response.setResponseName(getCommandName()); - setResponseObject(response); - } else { - throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl policy:" + name); - } - } - - @Override - public void create() throws ResourceAllocationException { - Account account = CallContext.current().getCallingAccount(); - AclPolicy result = _aclService.createAclPolicy(account, name, description, parentPolicyId); - if (result != null) { - setEntityId(result.getId()); - setEntityUuid(result.getUuid()); - } else { - throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create acl policy entity" + name); - } - - } - - @Override - public String getEventType() { - return EventTypes.EVENT_ACL_POLICY_CREATE; - } - - @Override - public String getEventDescription() { - return "creating Acl policy"; - } - - @Override - public String getCreateEventType() { - return EventTypes.EVENT_ACL_POLICY_CREATE; - } - - @Override - public String getCreateEventDescription() { - return "creating acl policy"; - } - - @Override - public ApiCommandJobType getInstanceType() { - return ApiCommandJobType.AclPolicy; - } - -} diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/DeleteAclGroupCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/DeleteAclGroupCmd.java deleted file mode 100644 index 661b9eda274..00000000000 --- a/api/src/org/apache/cloudstack/api/command/admin/acl/DeleteAclGroupCmd.java +++ /dev/null @@ -1,96 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.api.command.admin.acl; - -import org.apache.log4j.Logger; - -import org.apache.cloudstack.api.ACL; -import org.apache.cloudstack.api.APICommand; -import org.apache.cloudstack.api.ApiCommandJobType; -import org.apache.cloudstack.api.ApiConstants; -import org.apache.cloudstack.api.ApiErrorCode; -import org.apache.cloudstack.api.BaseAsyncCmd; -import org.apache.cloudstack.api.Parameter; -import org.apache.cloudstack.api.ServerApiException; -import org.apache.cloudstack.api.response.AclGroupResponse; -import org.apache.cloudstack.api.response.SuccessResponse; - -import com.cloud.event.EventTypes; -import com.cloud.user.Account; - -@APICommand(name = "deleteAclGroup", description = "Deletes acl group", responseObject = SuccessResponse.class) -public class DeleteAclGroupCmd extends BaseAsyncCmd { - public static final Logger s_logger = Logger.getLogger(DeleteAclGroupCmd.class.getName()); - private static final String s_name = "deleteaclgroupresponse"; - - ///////////////////////////////////////////////////// - //////////////// API parameters ///////////////////// - ///////////////////////////////////////////////////// - - @ACL - @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "The ID of the acl group.", required = true, entityType = AclGroupResponse.class) - private Long id; - - - ///////////////////////////////////////////////////// - /////////////////// Accessors /////////////////////// - ///////////////////////////////////////////////////// - - public Long getId() { - return id; - } - - ///////////////////////////////////////////////////// - /////////////// API Implementation/////////////////// - ///////////////////////////////////////////////////// - - @Override - public String getCommandName() { - return s_name; - } - - @Override - public long getEntityOwnerId() { - return Account.ACCOUNT_ID_SYSTEM; - } - - @Override - public void execute(){ - boolean result = _aclService.deleteAclGroup(id); - if (result) { - SuccessResponse response = new SuccessResponse(getCommandName()); - setResponseObject(response); - } else { - throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete acl group"); - } - } - - @Override - public String getEventType() { - return EventTypes.EVENT_ACL_GROUP_DELETE; - } - - @Override - public String getEventDescription() { - return "Deleting Acl group"; - } - - @Override - public ApiCommandJobType getInstanceType() { - return ApiCommandJobType.AclGroup; - } -} diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/DeleteAclPolicyCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/DeleteAclPolicyCmd.java deleted file mode 100644 index d7216fa46ed..00000000000 --- a/api/src/org/apache/cloudstack/api/command/admin/acl/DeleteAclPolicyCmd.java +++ /dev/null @@ -1,96 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.api.command.admin.acl; - -import org.apache.log4j.Logger; - -import org.apache.cloudstack.api.ACL; -import org.apache.cloudstack.api.APICommand; -import org.apache.cloudstack.api.ApiCommandJobType; -import org.apache.cloudstack.api.ApiConstants; -import org.apache.cloudstack.api.ApiErrorCode; -import org.apache.cloudstack.api.BaseAsyncCmd; -import org.apache.cloudstack.api.Parameter; -import org.apache.cloudstack.api.ServerApiException; -import org.apache.cloudstack.api.response.AclPolicyResponse; -import org.apache.cloudstack.api.response.SuccessResponse; - -import com.cloud.event.EventTypes; -import com.cloud.user.Account; - -@APICommand(name = "deleteAclPolicy", description = "Deletes acl policy", responseObject = SuccessResponse.class) -public class DeleteAclPolicyCmd extends BaseAsyncCmd { - public static final Logger s_logger = Logger.getLogger(DeleteAclPolicyCmd.class.getName()); - private static final String s_name = "deleteaclpolicyresponse"; - - ///////////////////////////////////////////////////// - //////////////// API parameters ///////////////////// - ///////////////////////////////////////////////////// - - @ACL - @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "The ID of the acl role.", required = true, entityType = AclPolicyResponse.class) - private Long id; - - - ///////////////////////////////////////////////////// - /////////////////// Accessors /////////////////////// - ///////////////////////////////////////////////////// - - public Long getId() { - return id; - } - - ///////////////////////////////////////////////////// - /////////////// API Implementation/////////////////// - ///////////////////////////////////////////////////// - - @Override - public String getCommandName() { - return s_name; - } - - @Override - public long getEntityOwnerId() { - return Account.ACCOUNT_ID_SYSTEM; - } - - @Override - public void execute(){ - boolean result = _aclService.deleteAclPolicy(id); - if (result) { - SuccessResponse response = new SuccessResponse(getCommandName()); - setResponseObject(response); - } else { - throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete acl policy"); - } - } - - @Override - public String getEventType() { - return EventTypes.EVENT_ACL_POLICY_DELETE; - } - - @Override - public String getEventDescription() { - return "Deleting Acl role"; - } - - @Override - public ApiCommandJobType getInstanceType() { - return ApiCommandJobType.AclPolicy; - } -} diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/ListAclGroupsCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/ListAclGroupsCmd.java deleted file mode 100644 index 881b65afd27..00000000000 --- a/api/src/org/apache/cloudstack/api/command/admin/acl/ListAclGroupsCmd.java +++ /dev/null @@ -1,82 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.api.command.admin.acl; - -import org.apache.log4j.Logger; - -import org.apache.cloudstack.api.APICommand; -import org.apache.cloudstack.api.ApiCommandJobType; -import org.apache.cloudstack.api.ApiConstants; -import org.apache.cloudstack.api.BaseListDomainResourcesCmd; -import org.apache.cloudstack.api.Parameter; -import org.apache.cloudstack.api.response.AclGroupResponse; -import org.apache.cloudstack.api.response.ListResponse; - - -@APICommand(name = "listAclGroups", description = "Lists acl groups", responseObject = AclGroupResponse.class) -public class ListAclGroupsCmd extends BaseListDomainResourcesCmd { - public static final Logger s_logger = Logger.getLogger(ListAclGroupsCmd.class.getName()); - - private static final String s_name = "listaclgroupsresponse"; - - ///////////////////////////////////////////////////// - //////////////// API parameters ///////////////////// - ///////////////////////////////////////////////////// - - @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "lists acl groups by name") - private String aclGroupName; - - @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "list the acl group by the id provided", entityType = AclGroupResponse.class) - private Long id; - - - ///////////////////////////////////////////////////// - /////////////////// Accessors /////////////////////// - ///////////////////////////////////////////////////// - public String getAclGroupName() { - return aclGroupName; - } - - - public Long getId(){ - return id; - } - - ///////////////////////////////////////////////////// - /////////////// API Implementation/////////////////// - ///////////////////////////////////////////////////// - - @Override - public String getCommandName() { - return s_name; - } - - @Override - public void execute(){ - - ListResponse response = _queryService.listAclGroups(id, aclGroupName, getDomainId(), - getStartIndex(), getPageSizeVal()); - response.setResponseName(getCommandName()); - setResponseObject(response); - - } - - @Override - public ApiCommandJobType getInstanceType() { - return ApiCommandJobType.AclGroup; - } -} diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/ListAclPoliciesCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/ListAclPoliciesCmd.java deleted file mode 100644 index 7c9cdbe47d7..00000000000 --- a/api/src/org/apache/cloudstack/api/command/admin/acl/ListAclPoliciesCmd.java +++ /dev/null @@ -1,82 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.api.command.admin.acl; - -import org.apache.log4j.Logger; - -import org.apache.cloudstack.api.APICommand; -import org.apache.cloudstack.api.ApiCommandJobType; -import org.apache.cloudstack.api.ApiConstants; -import org.apache.cloudstack.api.BaseListDomainResourcesCmd; -import org.apache.cloudstack.api.Parameter; -import org.apache.cloudstack.api.response.AclPolicyResponse; -import org.apache.cloudstack.api.response.ListResponse; - - -@APICommand(name = "listAclPolicies", description = "Lists acl policies", responseObject = AclPolicyResponse.class) -public class ListAclPoliciesCmd extends BaseListDomainResourcesCmd { - public static final Logger s_logger = Logger.getLogger(ListAclPoliciesCmd.class.getName()); - - private static final String s_name = "listaclpoliciesresponse"; - - ///////////////////////////////////////////////////// - //////////////// API parameters ///////////////////// - ///////////////////////////////////////////////////// - - @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "lists acl policies by name") - private String aclPolicyName; - - @Parameter(name = ApiConstants.ID, type = CommandType.UUID, description = "list the acl policy by the id provided", entityType = AclPolicyResponse.class) - private Long id; - - - ///////////////////////////////////////////////////// - /////////////////// Accessors /////////////////////// - ///////////////////////////////////////////////////// - public String getAclPolicyName() { - return aclPolicyName; - } - - - public Long getId(){ - return id; - } - - ///////////////////////////////////////////////////// - /////////////// API Implementation/////////////////// - ///////////////////////////////////////////////////// - - @Override - public String getCommandName() { - return s_name; - } - - @Override - public void execute(){ - - ListResponse response = _queryService.listAclPolicies(id, aclPolicyName, getDomainId(), - getStartIndex(), getPageSizeVal()); - response.setResponseName(getCommandName()); - setResponseObject(response); - - } - - @Override - public ApiCommandJobType getInstanceType() { - return ApiCommandJobType.AclPolicy; - } -} diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAccountFromAclGroupCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAccountFromAclGroupCmd.java deleted file mode 100644 index d5c5c7cb6fc..00000000000 --- a/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAccountFromAclGroupCmd.java +++ /dev/null @@ -1,121 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.api.command.admin.acl; - -import java.util.List; - -import org.apache.log4j.Logger; - -import org.apache.cloudstack.acl.AclGroup; -import org.apache.cloudstack.api.ACL; -import org.apache.cloudstack.api.APICommand; -import org.apache.cloudstack.api.ApiCommandJobType; -import org.apache.cloudstack.api.ApiConstants; -import org.apache.cloudstack.api.ApiErrorCode; -import org.apache.cloudstack.api.BaseAsyncCmd; -import org.apache.cloudstack.api.Parameter; -import org.apache.cloudstack.api.ServerApiException; -import org.apache.cloudstack.api.response.AccountResponse; -import org.apache.cloudstack.api.response.AclGroupResponse; -import org.apache.cloudstack.context.CallContext; - -import com.cloud.event.EventTypes; -import com.cloud.exception.InsufficientCapacityException; -import com.cloud.exception.ResourceUnavailableException; -import com.cloud.user.Account; - - -@APICommand(name = "removeAccountFromAclGroup", description = "remove accounts from an acl group", responseObject = AclGroupResponse.class) -public class RemoveAccountFromAclGroupCmd extends BaseAsyncCmd { - public static final Logger s_logger = Logger.getLogger(RemoveAccountFromAclGroupCmd.class.getName()); - private static final String s_name = "removeaccountfromaclgroupresponse"; - - ///////////////////////////////////////////////////// - //////////////// API parameters ///////////////////// - ///////////////////////////////////////////////////// - - - @ACL - @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class, - required = true, description = "The ID of the acl group") - private Long id; - - @ACL - @Parameter(name = ApiConstants.ACCOUNTS, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AccountResponse.class, description = "comma separated list of account id that are going to be assigned to the acl group.") - private List accountIdList; - - - ///////////////////////////////////////////////////// - /////////////////// Accessors /////////////////////// - ///////////////////////////////////////////////////// - - - public Long getId() { - return id; - } - - - public List getAccountIdList() { - return accountIdList; - } - - ///////////////////////////////////////////////////// - /////////////// API Implementation/////////////////// - ///////////////////////////////////////////////////// - - - @Override - public String getCommandName() { - return s_name; - } - - - @Override - public long getEntityOwnerId() { - return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked - } - - @Override - public void execute() throws ResourceUnavailableException, - InsufficientCapacityException, ServerApiException { - CallContext.current().setEventDetails("Acl group Id: " + getId()); - AclGroup result = _aclService.removeAccountsFromGroup(accountIdList, id); - if (result != null){ - AclGroupResponse response = _responseGenerator.createAclGroupResponse(result); - response.setResponseName(getCommandName()); - setResponseObject(response); - } else { - throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove accounts from acl group"); - } - } - - @Override - public String getEventType() { - return EventTypes.EVENT_ACL_GROUP_UPDATE; - } - - @Override - public String getEventDescription() { - return "removing accounts from acl group"; - } - - @Override - public ApiCommandJobType getInstanceType() { - return ApiCommandJobType.AclGroup; - } - -} diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclPermissionFromAclPolicyCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclPermissionFromAclPolicyCmd.java deleted file mode 100644 index 84d35301545..00000000000 --- a/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclPermissionFromAclPolicyCmd.java +++ /dev/null @@ -1,141 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.api.command.admin.acl; - -import org.apache.log4j.Logger; - -import org.apache.cloudstack.acl.AclPolicy; -import org.apache.cloudstack.acl.PermissionScope; -import org.apache.cloudstack.api.ACL; -import org.apache.cloudstack.api.APICommand; -import org.apache.cloudstack.api.ApiCommandJobType; -import org.apache.cloudstack.api.ApiConstants; -import org.apache.cloudstack.api.ApiErrorCode; -import org.apache.cloudstack.api.BaseAsyncCmd; -import org.apache.cloudstack.api.Parameter; -import org.apache.cloudstack.api.ServerApiException; -import org.apache.cloudstack.api.response.AclPolicyResponse; -import org.apache.cloudstack.context.CallContext; - -import com.cloud.event.EventTypes; -import com.cloud.exception.InsufficientCapacityException; -import com.cloud.exception.ResourceUnavailableException; -import com.cloud.user.Account; - - -@APICommand(name = "removeAclPermissionFromAclPolicy", description = "Remove acl permission from an acl policy", responseObject = AclPolicyResponse.class) -public class RemoveAclPermissionFromAclPolicyCmd extends BaseAsyncCmd { - public static final Logger s_logger = Logger.getLogger(RemoveAclPermissionFromAclPolicyCmd.class.getName()); - private static final String s_name = "removeaclpermissionfromaclpolicyresponse"; - - ///////////////////////////////////////////////////// - //////////////// API parameters ///////////////////// - ///////////////////////////////////////////////////// - - - @ACL - @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclPolicyResponse.class, - required = true, description = "The ID of the acl policy") - private Long id; - - @Parameter(name = ApiConstants.ACL_ACTION, type = CommandType.STRING, required = true, description = "action api name.") - private String action; - - @Parameter(name = ApiConstants.ENTITY_TYPE, type = CommandType.STRING, required = false, description = "entity class simple name.") - private String entityType; - - @Parameter(name = ApiConstants.ACL_SCOPE, type = CommandType.STRING, - required = false, description = "acl permission scope") - private String scope; - - @Parameter(name = ApiConstants.ACL_SCOPE_ID, type = CommandType.UUID, required = false, description = "The ID of the permission scope id") - private Long scopeId; - - - ///////////////////////////////////////////////////// - /////////////////// Accessors /////////////////////// - ///////////////////////////////////////////////////// - - - public Long getId() { - return id; - } - - - public String getAction() { - return action; - } - - public String getEntityType() { - return entityType; - } - - public String getScope() { - return scope; - } - - public Long getScopeId() { - return scopeId; - } - - - ///////////////////////////////////////////////////// - /////////////// API Implementation/////////////////// - ///////////////////////////////////////////////////// - - - @Override - public String getCommandName() { - return s_name; - } - - - @Override - public long getEntityOwnerId() { - return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked - } - - @Override - public void execute() throws ResourceUnavailableException, - InsufficientCapacityException, ServerApiException { - CallContext.current().setEventDetails("Acl policy Id: " + getId()); - AclPolicy result = _aclService.removeAclPermissionFromAclPolicy(id, entityType, PermissionScope.valueOf(scope), scopeId, action); - if (result != null) { - AclPolicyResponse response = _responseGenerator.createAclPolicyResponse(result); - response.setResponseName(getCommandName()); - setResponseObject(response); - } else { - throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove permission from acl policy " + getId()); - } - } - - @Override - public String getEventType() { - return EventTypes.EVENT_ACL_POLICY_REVOKE; - } - - @Override - public String getEventDescription() { - return "removing permission from acl policy"; - } - - @Override - public ApiCommandJobType getInstanceType() { - return ApiCommandJobType.AclPolicy; - } - -} diff --git a/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclPolicyFromAclGroupCmd.java b/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclPolicyFromAclGroupCmd.java deleted file mode 100644 index 4b92a1e209a..00000000000 --- a/api/src/org/apache/cloudstack/api/command/admin/acl/RemoveAclPolicyFromAclGroupCmd.java +++ /dev/null @@ -1,121 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.api.command.admin.acl; - -import java.util.List; - -import org.apache.log4j.Logger; - -import org.apache.cloudstack.acl.AclGroup; -import org.apache.cloudstack.api.ACL; -import org.apache.cloudstack.api.APICommand; -import org.apache.cloudstack.api.ApiCommandJobType; -import org.apache.cloudstack.api.ApiConstants; -import org.apache.cloudstack.api.ApiErrorCode; -import org.apache.cloudstack.api.BaseAsyncCmd; -import org.apache.cloudstack.api.Parameter; -import org.apache.cloudstack.api.ServerApiException; -import org.apache.cloudstack.api.response.AclGroupResponse; -import org.apache.cloudstack.api.response.AclPolicyResponse; -import org.apache.cloudstack.context.CallContext; - -import com.cloud.event.EventTypes; -import com.cloud.exception.InsufficientCapacityException; -import com.cloud.exception.ResourceUnavailableException; -import com.cloud.user.Account; - - -@APICommand(name = "removeAclPolicyFromAclGroup", description = "remove acl policy from an acl group", responseObject = AclGroupResponse.class) -public class RemoveAclPolicyFromAclGroupCmd extends BaseAsyncCmd { - public static final Logger s_logger = Logger.getLogger(RemoveAclPolicyFromAclGroupCmd.class.getName()); - private static final String s_name = "removeaclpolicyfromaclgroupresponse"; - - ///////////////////////////////////////////////////// - //////////////// API parameters ///////////////////// - ///////////////////////////////////////////////////// - - - @ACL - @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AclGroupResponse.class, - required = true, description = "The ID of the acl group") - private Long id; - - @ACL - @Parameter(name = ApiConstants.ACL_POLICIES, type = CommandType.LIST, collectionType = CommandType.UUID, entityType = AclPolicyResponse.class, description = "comma separated list of acl policy id that are going to be applied to the acl group.") - private List policyIdList; - - - ///////////////////////////////////////////////////// - /////////////////// Accessors /////////////////////// - ///////////////////////////////////////////////////// - - - public Long getId() { - return id; - } - - - public List getRoleIdList() { - return policyIdList; - } - - ///////////////////////////////////////////////////// - /////////////// API Implementation/////////////////// - ///////////////////////////////////////////////////// - - - @Override - public String getCommandName() { - return s_name; - } - - - @Override - public long getEntityOwnerId() { - return Account.ACCOUNT_ID_SYSTEM; // no account info given, parent this command to SYSTEM so ERROR events are tracked - } - - @Override - public void execute() throws ResourceUnavailableException, - InsufficientCapacityException, ServerApiException { - CallContext.current().setEventDetails("Acl group Id: " + getId()); - AclGroup result = _aclService.removeAclPoliciesFromGroup(policyIdList, id); - if (result != null){ - AclGroupResponse response = _responseGenerator.createAclGroupResponse(result); - response.setResponseName(getCommandName()); - setResponseObject(response); - } else { - throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add roles to acl group"); - } - } - - @Override - public String getEventType() { - return EventTypes.EVENT_ACL_GROUP_UPDATE; - } - - @Override - public String getEventDescription() { - return "removing acl roles from acl group"; - } - - @Override - public ApiCommandJobType getInstanceType() { - return ApiCommandJobType.AclGroup; - } - -} diff --git a/api/src/org/apache/cloudstack/api/response/AccountResponse.java b/api/src/org/apache/cloudstack/api/response/AccountResponse.java index da52368275e..e6e055d43d2 100644 --- a/api/src/org/apache/cloudstack/api/response/AccountResponse.java +++ b/api/src/org/apache/cloudstack/api/response/AccountResponse.java @@ -188,8 +188,8 @@ public class AccountResponse extends BaseResponse implements ResourceLimitAndCou private Boolean isDefault; @SerializedName(ApiConstants.ACL_GROUPS) - @Param(description = "the list of acl groups that account belongs to", responseObject = AclGroupResponse.class) - private List groups; + @Param(description = "the list of acl groups that account belongs to") + private List groups; @Override public String getObjectId() { @@ -439,7 +439,7 @@ public class AccountResponse extends BaseResponse implements ResourceLimitAndCou this.isDefault = isDefault; } - public void setGroups(List groups) { + public void setGroups(List groups) { this.groups = groups; } diff --git a/api/src/org/apache/cloudstack/api/response/AclGroupResponse.java b/api/src/org/apache/cloudstack/api/response/AclGroupResponse.java deleted file mode 100644 index b0c54e802f6..00000000000 --- a/api/src/org/apache/cloudstack/api/response/AclGroupResponse.java +++ /dev/null @@ -1,168 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.api.response; - -import java.util.LinkedHashSet; -import java.util.Set; - -import com.google.gson.annotations.SerializedName; - -import org.apache.cloudstack.acl.AclGroup; -import org.apache.cloudstack.api.ApiConstants; -import org.apache.cloudstack.api.BaseResponse; -import org.apache.cloudstack.api.EntityReference; - -import com.cloud.serializer.Param; - -@SuppressWarnings("unused") -@EntityReference(value = AclGroup.class) -public class AclGroupResponse extends BaseResponse implements ControlledViewEntityResponse { - - @SerializedName(ApiConstants.ID) - @Param(description = "the ID of the acl group") - private String id; - - @SerializedName(ApiConstants.NAME) - @Param(description = "the name of the acl group") - private String name; - - @SerializedName(ApiConstants.DESCRIPTION) - @Param(description = "the description of the acl group") - private String description; - - @SerializedName(ApiConstants.DOMAIN_ID) - @Param(description = "the domain ID of the acl group") - private String domainId; - - @SerializedName(ApiConstants.DOMAIN) - @Param(description = "the domain name of the acl role") - private String domainName; - - @SerializedName(ApiConstants.ACCOUNT) - @Param(description = "the account owning the policy") - private String accountName; - - @SerializedName(ApiConstants.ACL_MEMBER_ACCOUNTS) - @Param(description = "account names assigned to this acl group ") - private Set accountNameList; - - @SerializedName(ApiConstants.ACL_POLICIES) - @Param(description = "acl policies attached to this acl group ") - private Set policyNameList; - - public AclGroupResponse() { - accountNameList = new LinkedHashSet(); - policyNameList = new LinkedHashSet(); - } - - @Override - public String getObjectId() { - return getId(); - } - - - public String getId() { - return id; - } - - public void setId(String id) { - this.id = id; - } - - - public void setName(String name) { - this.name = name; - } - - public void setDescription(String description) { - this.description = description; - } - - @Override - public void setDomainId(String domainId) { - this.domainId = domainId; - } - - @Override - public void setDomainName(String domainName) { - this.domainName = domainName; - } - - @Override - public void setAccountName(String accountName) { - this.accountName = accountName; - - } - - @Override - public void setProjectId(String projectId) { - // TODO Auto-generated method stub - - } - - @Override - public void setProjectName(String projectName) { - // TODO Auto-generated method stub - - } - - public void setMemberAccounts(Set accts) { - accountNameList = accts; - } - - public void addMemberAccount(String acct) { - accountNameList.add(acct); - } - - public void setPolicyList(Set policies) { - policyNameList = policies; - } - - public void addPolicy(String policy) { - policyNameList.add(policy); - } - - public Set getPolicyList() { - return policyNameList; - } - - @Override - public int hashCode() { - final int prime = 31; - int result = 1; - result = prime * result + ((id == null) ? 0 : id.hashCode()); - return result; - } - - @Override - public boolean equals(Object obj) { - if (this == obj) - return true; - if (obj == null) - return false; - if (getClass() != obj.getClass()) - return false; - AclGroupResponse other = (AclGroupResponse)obj; - if (id == null) { - if (other.id != null) - return false; - } else if (!id.equals(other.id)) - return false; - return true; - } - -} diff --git a/api/src/org/apache/cloudstack/api/response/AclPermissionResponse.java b/api/src/org/apache/cloudstack/api/response/AclPermissionResponse.java deleted file mode 100644 index ad928dc4e40..00000000000 --- a/api/src/org/apache/cloudstack/api/response/AclPermissionResponse.java +++ /dev/null @@ -1,125 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.api.response; - -import com.google.gson.annotations.SerializedName; - -import org.apache.cloudstack.acl.AclEntityType; -import org.apache.cloudstack.acl.AclPolicyPermission; -import org.apache.cloudstack.acl.PermissionScope; -import org.apache.cloudstack.api.ApiConstants; -import org.apache.cloudstack.api.BaseResponse; - -import com.cloud.serializer.Param; - -public class AclPermissionResponse extends BaseResponse { - - @SerializedName(ApiConstants.ACL_ACTION) - @Param(description = "action of this permission") - private String action; - - @SerializedName(ApiConstants.ENTITY_TYPE) - @Param(description = "the entity type of this permission") - private AclEntityType entityType; - - @SerializedName(ApiConstants.ACL_SCOPE) - @Param(description = "scope of this permission") - private PermissionScope scope; - - @SerializedName(ApiConstants.ACL_SCOPE_ID) - @Param(description = "scope id of this permission") - private Long scopeId; - - @SerializedName(ApiConstants.ACL_ALLOW_DENY) - @Param(description = "allow or deny of this permission") - private AclPolicyPermission.Permission permission; - - public AclEntityType getEntityType() { - return entityType; - } - - public void setEntityType(AclEntityType entityType) { - this.entityType = entityType; - } - - public String getAction() { - return action; - } - - public void setAction(String action) { - this.action = action; - } - - public PermissionScope getScope() { - return scope; - } - - public void setScope(PermissionScope scope) { - this.scope = scope; - } - - public Long getScopeId() { - return scopeId; - } - - public void setScopeId(Long scopeId) { - this.scopeId = scopeId; - } - - public AclPolicyPermission.Permission getPermission() { - return permission; - } - - public void setPermission(AclPolicyPermission.Permission permission) { - this.permission = permission; - } - - @Override - public int hashCode() { - final int prime = 31; - int result = 1; - result = prime * result + ((action == null) ? 0 : action.hashCode()); - result = prime * result + ((entityType == null) ? 0 : entityType.hashCode()); - result = prime * result + ((scope == null) ? 0 : scope.hashCode()); - result = prime * result + ((scopeId == null) ? 0 : scopeId.hashCode()); - return result; - } - - @Override - public boolean equals(Object obj) { - if (this == obj) - return true; - if (obj == null) - return false; - if (getClass() != obj.getClass()) - return false; - AclPermissionResponse other = (AclPermissionResponse) obj; - if ((entityType == null && other.entityType != null) || !entityType.equals(other.entityType)) { - return false; - } else if ((action == null && other.action != null) || !action.equals(other.action)) { - return false; - } else if ((scope == null && other.scope != null) || !scope.equals(other.scope)) { - return false; - } else if ((scopeId == null && other.scopeId != null) || !scopeId.equals(other.scopeId)) { - return false; - } - return true; - } - - - -} diff --git a/api/src/org/apache/cloudstack/api/response/AclPolicyResponse.java b/api/src/org/apache/cloudstack/api/response/AclPolicyResponse.java deleted file mode 100644 index 6527fa41d48..00000000000 --- a/api/src/org/apache/cloudstack/api/response/AclPolicyResponse.java +++ /dev/null @@ -1,156 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.api.response; - -import java.util.LinkedHashSet; -import java.util.Set; - -import com.google.gson.annotations.SerializedName; - -import org.apache.cloudstack.acl.AclPolicy; -import org.apache.cloudstack.api.ApiConstants; -import org.apache.cloudstack.api.BaseResponse; -import org.apache.cloudstack.api.EntityReference; - -import com.cloud.serializer.Param; - -@SuppressWarnings("unused") -@EntityReference(value = AclPolicy.class) -public class AclPolicyResponse extends BaseResponse implements ControlledViewEntityResponse { - - @SerializedName(ApiConstants.ID) - @Param(description = "the ID of the acl policy") - private String id; - - @SerializedName(ApiConstants.NAME) - @Param(description = "the name of the acl policy") - private String name; - - @SerializedName(ApiConstants.DESCRIPTION) - @Param(description = "the description of the acl policy") - private String description; - - @SerializedName(ApiConstants.DOMAIN_ID) - @Param(description = "the domain ID of the acl policy") - private String domainId; - - @SerializedName(ApiConstants.DOMAIN) - @Param(description = "the domain name of the acl policy") - private String domainName; - - @SerializedName(ApiConstants.ACCOUNT) - @Param(description = "the account owning the policy") - private String accountName; - - @SerializedName(ApiConstants.ACL_PERMISSIONS) - @Param(description = "set of permissions for the acl policy") - private Set permissionList; - - public AclPolicyResponse() { - permissionList = new LinkedHashSet(); - } - - @Override - public String getObjectId() { - return getId(); - } - - - public String getId() { - return id; - } - - public void setId(String id) { - this.id = id; - } - - - public void setName(String name) { - this.name = name; - } - - public void setDescription(String description) { - this.description = description; - } - - @Override - public void setDomainId(String domainId) { - this.domainId = domainId; - } - - @Override - public void setDomainName(String domainName) { - this.domainName = domainName; - } - - public Set getPermissionList() { - return permissionList; - } - - public void setPermissionList(Set perms) { - permissionList = perms; - } - - public void addPermission(AclPermissionResponse perm) { - permissionList.add(perm); - } - - @Override - public void setAccountName(String accountName) { - this.accountName = accountName; - } - - @Override - public void setProjectId(String projectId) { - // TODO Auto-generated method stub - - } - - @Override - public void setProjectName(String projectName) { - // TODO Auto-generated method stub - - } - - @Override - public int hashCode() { - final int prime = 31; - int result = 1; - result = prime * result + ((id == null) ? 0 : id.hashCode()); - return result; - } - - @Override - public boolean equals(Object obj) { - if (this == obj) - return true; - if (obj == null) - return false; - if (getClass() != obj.getClass()) - return false; - AclPolicyResponse other = (AclPolicyResponse) obj; - if (id == null) { - if (other.id != null) - return false; - } else if (!id.equals(other.id)) - return false; - return true; - } - - - -} diff --git a/api/src/org/apache/cloudstack/query/QueryService.java b/api/src/org/apache/cloudstack/query/QueryService.java index 9c9274f6242..a9fce348546 100644 --- a/api/src/org/apache/cloudstack/query/QueryService.java +++ b/api/src/org/apache/cloudstack/query/QueryService.java @@ -44,8 +44,6 @@ import org.apache.cloudstack.api.command.user.volume.ListResourceDetailsCmd; import org.apache.cloudstack.api.command.user.volume.ListVolumesCmd; import org.apache.cloudstack.api.command.user.zone.ListZonesCmd; import org.apache.cloudstack.api.response.AccountResponse; -import org.apache.cloudstack.api.response.AclGroupResponse; -import org.apache.cloudstack.api.response.AclPolicyResponse; import org.apache.cloudstack.api.response.AsyncJobResponse; import org.apache.cloudstack.api.response.DiskOfferingResponse; import org.apache.cloudstack.api.response.DomainRouterResponse; @@ -127,10 +125,4 @@ public interface QueryService { ListResponse searchForInternalLbVms(ListInternalLBVMsCmd cmd); - public ListResponse listAclPolicies(Long aclPolicyId, String aclPolicyName, - Long domainId, Long startIndex, Long pageSize); - - public ListResponse listAclGroups(Long aclGroupId, String aclGroupName, - Long domainId, Long startIndex, Long pageSize); - } diff --git a/plugins/acl/role-based-access-checkers/pom.xml b/plugins/acl/role-based-access-checkers/pom.xml deleted file mode 100644 index 06cee2020db..00000000000 --- a/plugins/acl/role-based-access-checkers/pom.xml +++ /dev/null @@ -1,32 +0,0 @@ - - - 4.0.0 - cloud-plugin-acl-role-based-access-checkers - Apache CloudStack Plugin - ACL Role Based Access Checkers - - org.apache.cloudstack - cloudstack-plugins - 4.3.0-SNAPSHOT - ../../pom.xml - - diff --git a/plugins/acl/role-based-access-checkers/resources/META-INF/cloudstack/acl-role-based-access-checkers/module.properties b/plugins/acl/role-based-access-checkers/resources/META-INF/cloudstack/acl-role-based-access-checkers/module.properties deleted file mode 100644 index 206e1b0e6d1..00000000000 --- a/plugins/acl/role-based-access-checkers/resources/META-INF/cloudstack/acl-role-based-access-checkers/module.properties +++ /dev/null @@ -1,18 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -name=acl-role-based-access-checkers -parent=api \ No newline at end of file diff --git a/plugins/acl/role-based-access-checkers/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml b/plugins/acl/role-based-access-checkers/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml deleted file mode 100644 index 78b233da309..00000000000 --- a/plugins/acl/role-based-access-checkers/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml +++ /dev/null @@ -1,32 +0,0 @@ - - - - - - diff --git a/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/api/RoleBasedAPIAccessChecker.java b/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/api/RoleBasedAPIAccessChecker.java deleted file mode 100644 index 23f25ca1254..00000000000 --- a/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/api/RoleBasedAPIAccessChecker.java +++ /dev/null @@ -1,68 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.acl.api; - -import java.util.List; - -import javax.ejb.Local; -import javax.inject.Inject; - -import org.apache.cloudstack.acl.APIChecker; -import org.apache.cloudstack.acl.AclPolicy; -import org.apache.cloudstack.acl.AclRole; -import org.apache.cloudstack.acl.AclService; -import org.apache.log4j.Logger; - -import com.cloud.exception.PermissionDeniedException; -import com.cloud.user.Account; -import com.cloud.user.AccountService; -import com.cloud.user.User; -import com.cloud.utils.component.AdapterBase; - -// This is the Role Based API access checker that grab's the account's roles -// based on the set of roles, access is granted if any of the role has access to the api -@Local(value=APIChecker.class) -public class RoleBasedAPIAccessChecker extends AdapterBase implements APIChecker { - - protected static final Logger s_logger = Logger.getLogger(RoleBasedAPIAccessChecker.class); - - @Inject AccountService _accountService; - @Inject AclService _aclService; - - protected RoleBasedAPIAccessChecker() { - super(); - } - - @Override - public boolean checkAccess(User user, String commandName) - throws PermissionDeniedException { - Account account = _accountService.getAccount(user.getAccountId()); - if (account == null) { - throw new PermissionDeniedException("The account id=" + user.getAccountId() + "for user id=" + user.getId() + "is null"); - } - - List policies = _aclService.listAclPolicies(account.getAccountId()); - - - boolean isAllowed = _aclService.isAPIAccessibleForPolicies(commandName, policies); - if (!isAllowed) { - throw new PermissionDeniedException("The API does not exist or is blacklisted. api: " + commandName); - } - return isAllowed; - } - -} diff --git a/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityAccessChecker.java b/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityAccessChecker.java deleted file mode 100644 index c057bc02a91..00000000000 --- a/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityAccessChecker.java +++ /dev/null @@ -1,131 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.acl.entity; - -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; - -import javax.inject.Inject; - -import org.apache.cloudstack.acl.AclPolicy; -import org.apache.cloudstack.acl.AclPolicyPermissionVO; -import org.apache.cloudstack.acl.AclService; -import org.apache.cloudstack.acl.ControlledEntity; -import org.apache.cloudstack.acl.AclEntityType; -import org.apache.cloudstack.acl.PermissionScope; -import org.apache.cloudstack.acl.SecurityChecker; -import org.apache.cloudstack.acl.dao.AclGroupAccountMapDao; -import org.apache.cloudstack.acl.dao.AclPolicyPermissionDao; -import org.apache.log4j.Logger; - -import com.cloud.acl.DomainChecker; -import com.cloud.domain.dao.DomainDao; -import com.cloud.exception.PermissionDeniedException; -import com.cloud.user.Account; -import com.cloud.user.AccountService; -import com.cloud.vm.VirtualMachine; - -public class RoleBasedEntityAccessChecker extends DomainChecker implements SecurityChecker { - - private static final Logger s_logger = Logger.getLogger(RoleBasedEntityAccessChecker.class.getName()); - - @Inject - AccountService _accountService; - @Inject - AclService _aclService; - - @Inject DomainDao _domainDao; - - @Inject - AclGroupAccountMapDao _aclGroupAccountMapDao; - - @Inject - AclPolicyPermissionDao _policyPermissionDao; - - - @Override - public boolean checkAccess(Account caller, ControlledEntity entity, AccessType accessType) - throws PermissionDeniedException { - return checkAccess(caller, entity, accessType, null); - } - - @Override - public boolean checkAccess(Account caller, ControlledEntity entity, AccessType accessType, String action) - throws PermissionDeniedException { - - String entityType = entity.getEntityType().toString(); - - if (accessType == null) { - accessType = AccessType.ListEntry; - } - - // get all Policies of this caller w.r.t the entity - List policies = _aclService.getEffectivePolicies(caller, entity); - HashMap policyPermissionMap = new HashMap(); - - for (AclPolicy policy : policies) { - List permissions = new ArrayList(); - - if (action != null) { - permissions = _policyPermissionDao.listByPolicyActionAndEntity(policy.getId(), - action, entityType); - } else { - permissions = _policyPermissionDao.listByPolicyAccessAndEntity(policy.getId(), accessType, entityType); - } - for (AclPolicyPermissionVO permission : permissions) { - if (checkPermissionScope(caller, permission.getScope(), entity)) { - if (permission.getEntityType().equals(entityType)) { - policyPermissionMap.put(policy, permission.getPermission().isGranted()); - break; - } else if (permission.getEntityType().equals("*")) { - policyPermissionMap.put(policy, permission.getPermission().isGranted()); - } - } - } - if (policyPermissionMap.containsKey(policy) && policyPermissionMap.get(policy)) { - return true; - } - } - - if (!policies.isEmpty()) { // Since we reach this point, none of the - // roles granted access - if (s_logger.isDebugEnabled()) { - s_logger.debug("Account " + caller + " does not have permission to access resource " + entity - + " for access type: " + accessType); - } - throw new PermissionDeniedException(caller + " does not have permission to access resource " + entity); - } - - return false; - } - - private boolean checkPermissionScope(Account caller, PermissionScope scope, ControlledEntity entity) { - - if(scope.equals(PermissionScope.ACCOUNT)){ - if(caller.getAccountId() == entity.getAccountId()){ - return true; - } - }else if(scope.equals(PermissionScope.DOMAIN)){ - if (_domainDao.isChildDomain(caller.getDomainId(), entity.getDomainId())) { - return true; - } - } - - return false; - } -} diff --git a/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityQuerySelector.java b/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityQuerySelector.java deleted file mode 100644 index 3deea5c05b7..00000000000 --- a/plugins/acl/role-based-access-checkers/src/org/apache/cloudstack/acl/entity/RoleBasedEntityQuerySelector.java +++ /dev/null @@ -1,51 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package org.apache.cloudstack.acl.entity; - -import java.util.List; - -import org.apache.log4j.Logger; - -import org.apache.cloudstack.acl.QuerySelector; - -import com.cloud.user.Account; -import com.cloud.utils.component.AdapterBase; - -public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySelector { - - private static final Logger s_logger = Logger.getLogger(RoleBasedEntityQuerySelector.class.getName()); - - @Override - public List getAuthorizedDomains(Account caller, String action) { - // TODO Auto-generated method stub - return null; - } - - @Override - public List getAuthorizedAccounts(Account caller, String action) { - // TODO Auto-generated method stub - return null; - } - - @Override - public List getAuthorizedResources(Account caller, String action) { - // TODO Auto-generated method stub - return null; - } - - -} diff --git a/server/src/com/cloud/api/ApiDBUtils.java b/server/src/com/cloud/api/ApiDBUtils.java index 5b894fbe451..7a7b84aaa4e 100755 --- a/server/src/com/cloud/api/ApiDBUtils.java +++ b/server/src/com/cloud/api/ApiDBUtils.java @@ -25,8 +25,6 @@ import java.util.Set; import javax.annotation.PostConstruct; import javax.inject.Inject; -import org.apache.cloudstack.acl.AclGroup; -import org.apache.cloudstack.acl.AclPolicy; import org.apache.cloudstack.affinity.AffinityGroup; import org.apache.cloudstack.affinity.AffinityGroupResponse; import org.apache.cloudstack.affinity.dao.AffinityGroupDao; @@ -35,8 +33,6 @@ import org.apache.cloudstack.api.ApiConstants.HostDetails; import org.apache.cloudstack.api.ApiConstants.VMDetails; import org.apache.cloudstack.api.ResponseObject.ResponseView; import org.apache.cloudstack.api.response.AccountResponse; -import org.apache.cloudstack.api.response.AclGroupResponse; -import org.apache.cloudstack.api.response.AclPolicyResponse; import org.apache.cloudstack.api.response.AsyncJobResponse; import org.apache.cloudstack.api.response.DiskOfferingResponse; import org.apache.cloudstack.api.response.DomainRouterResponse; @@ -69,8 +65,6 @@ import org.apache.cloudstack.storage.datastore.db.PrimaryDataStoreDao; import org.apache.cloudstack.storage.datastore.db.StoragePoolVO; import com.cloud.api.query.dao.AccountJoinDao; -import com.cloud.api.query.dao.AclGroupJoinDao; -import com.cloud.api.query.dao.AclPolicyJoinDao; import com.cloud.api.query.dao.AffinityGroupJoinDao; import com.cloud.api.query.dao.AsyncJobJoinDao; import com.cloud.api.query.dao.DataCenterJoinDao; @@ -91,8 +85,6 @@ import com.cloud.api.query.dao.UserAccountJoinDao; import com.cloud.api.query.dao.UserVmJoinDao; import com.cloud.api.query.dao.VolumeJoinDao; import com.cloud.api.query.vo.AccountJoinVO; -import com.cloud.api.query.vo.AclGroupJoinVO; -import com.cloud.api.query.vo.AclPolicyJoinVO; import com.cloud.api.query.vo.AffinityGroupJoinVO; import com.cloud.api.query.vo.AsyncJobJoinVO; import com.cloud.api.query.vo.DataCenterJoinVO; @@ -411,8 +403,6 @@ public class ApiDBUtils { static GlobalLoadBalancingRulesService _gslbService; static NetworkACLDao _networkACLDao; static AccountService _accountService; - static AclPolicyJoinDao _aclPolicyJoinDao; - static AclGroupJoinDao _aclGroupJoinDao; static ResourceMetaDataService _resourceDetailsService; @Inject @@ -526,10 +516,6 @@ public class ApiDBUtils { @Inject private NetworkACLDao networkACLDao; @Inject private ServiceOfferingDetailsDao serviceOfferingDetailsDao; @Inject private AccountService accountService; - @Inject - private AclPolicyJoinDao aclPolicyJoinDao; - @Inject - private AclGroupJoinDao aclGroupJoinDao; @Inject private ConfigurationManager configMgr; @Inject private DataCenterDetailsDao zoneDetailsDao; @Inject private ResourceMetaDataService resourceDetailsService; @@ -643,8 +629,6 @@ public class ApiDBUtils { _statsCollector = StatsCollector.getInstance(); _networkACLDao = networkACLDao; _accountService = accountService; - _aclPolicyJoinDao = aclPolicyJoinDao; - _aclGroupJoinDao = aclGroupJoinDao; _resourceDetailsService = resourceDetailsService; } @@ -1520,9 +1504,6 @@ public class ApiDBUtils { return _userAccountJoinDao.searchByAccountId(accountId); } - public static List findAclGroupByAccountId(long accountId) { - return _aclGroupJoinDao.findAclGroupsByAccount(accountId); - } public static ProjectAccountResponse newProjectAccountResponse(ProjectAccountJoinVO proj) { return _projectAccountJoinDao.newProjectAccountResponse(proj); @@ -1698,29 +1679,6 @@ public class ApiDBUtils { return _affinityGroupJoinDao.setAffinityGroupResponse(resp, group); } - public static List newAclPolicyView(AclPolicy policy) { - return _aclPolicyJoinDao.newAclPolicyView(policy); - } - - public static AclPolicyResponse newAclPolicyResponse(AclPolicyJoinVO policy) { - return _aclPolicyJoinDao.newAclPolicyResponse(policy); - } - - public static AclPolicyResponse fillAclPolicyDetails(AclPolicyResponse resp, AclPolicyJoinVO policy) { - return _aclPolicyJoinDao.setAclPolicyResponse(resp, policy); - } - - public static List newAclGroupView(AclGroup group) { - return _aclGroupJoinDao.newAclGroupView(group); - } - - public static AclGroupResponse newAclGroupResponse(AclGroupJoinVO group) { - return _aclGroupJoinDao.newAclGroupResponse(group); - } - - public static AclGroupResponse fillAclGroupDetails(AclGroupResponse resp, AclGroupJoinVO group) { - return _aclGroupJoinDao.setAclGroupResponse(resp, group); - } public static List listSiteLoadBalancers(long gslbRuleId) { return _gslbService.listSiteLoadBalancers(gslbRuleId); diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java index b3f42f809dd..1a999acb06f 100755 --- a/server/src/com/cloud/api/ApiResponseHelper.java +++ b/server/src/com/cloud/api/ApiResponseHelper.java @@ -33,8 +33,6 @@ import javax.inject.Inject; import org.apache.log4j.Logger; -import org.apache.cloudstack.acl.AclGroup; -import org.apache.cloudstack.acl.AclPolicy; import org.apache.cloudstack.acl.ControlledEntity; import org.apache.cloudstack.acl.ControlledEntity.ACLType; import org.apache.cloudstack.affinity.AffinityGroup; @@ -45,8 +43,6 @@ import org.apache.cloudstack.api.ResponseGenerator; import org.apache.cloudstack.api.ResponseObject.ResponseView; import org.apache.cloudstack.api.command.user.job.QueryAsyncJobResultCmd; import org.apache.cloudstack.api.response.AccountResponse; -import org.apache.cloudstack.api.response.AclGroupResponse; -import org.apache.cloudstack.api.response.AclPolicyResponse; import org.apache.cloudstack.api.response.ApplicationLoadBalancerInstanceResponse; import org.apache.cloudstack.api.response.ApplicationLoadBalancerResponse; import org.apache.cloudstack.api.response.ApplicationLoadBalancerRuleResponse; @@ -154,8 +150,6 @@ import org.apache.cloudstack.usage.UsageTypes; import com.cloud.api.query.ViewResponseHelper; import com.cloud.api.query.vo.AccountJoinVO; -import com.cloud.api.query.vo.AclGroupJoinVO; -import com.cloud.api.query.vo.AclPolicyJoinVO; import com.cloud.api.query.vo.AsyncJobJoinVO; import com.cloud.api.query.vo.ControlledViewEntity; import com.cloud.api.query.vo.DataCenterJoinVO; @@ -3707,22 +3701,6 @@ public class ApiResponseHelper implements ResponseGenerator { } } - @Override - public AclPolicyResponse createAclPolicyResponse(AclPolicy policy) { - List viewPolicies = ApiDBUtils.newAclPolicyView(policy); - List listPolicies = ViewResponseHelper.createAclPolicyResponses(viewPolicies); - assert listPolicies != null && listPolicies.size() == 1 : "There should be one acl policy returned"; - return listPolicies.get(0); - } - - @Override - public AclGroupResponse createAclGroupResponse(AclGroup group) { - List viewGroups = ApiDBUtils.newAclGroupView(group); - List listGroups = ViewResponseHelper.createAclGroupResponses(viewGroups); - assert listGroups != null && listGroups.size() == 1 : "There should be one acl role returned"; - return listGroups.get(0); - } - @Override public PortableIpRangeResponse createPortableIPRangeResponse(PortableIpRange ipRange) { diff --git a/server/src/com/cloud/api/query/QueryManagerImpl.java b/server/src/com/cloud/api/query/QueryManagerImpl.java index b807f4a9b29..fd1804a8a99 100644 --- a/server/src/com/cloud/api/query/QueryManagerImpl.java +++ b/server/src/com/cloud/api/query/QueryManagerImpl.java @@ -29,12 +29,7 @@ import javax.inject.Inject; import org.apache.log4j.Logger; import org.springframework.stereotype.Component; -import org.apache.cloudstack.acl.AclGroup; -import org.apache.cloudstack.acl.AclPolicy; -import org.apache.cloudstack.acl.AclService; import org.apache.cloudstack.acl.ControlledEntity.ACLType; -import org.apache.cloudstack.acl.dao.AclGroupDao; -import org.apache.cloudstack.acl.dao.AclPolicyDao; import org.apache.cloudstack.affinity.AffinityGroupDomainMapVO; import org.apache.cloudstack.affinity.AffinityGroupResponse; import org.apache.cloudstack.affinity.AffinityGroupVMMapVO; @@ -74,8 +69,6 @@ import org.apache.cloudstack.api.command.user.volume.ListResourceDetailsCmd; import org.apache.cloudstack.api.command.user.volume.ListVolumesCmd; import org.apache.cloudstack.api.command.user.zone.ListZonesCmd; import org.apache.cloudstack.api.response.AccountResponse; -import org.apache.cloudstack.api.response.AclGroupResponse; -import org.apache.cloudstack.api.response.AclPolicyResponse; import org.apache.cloudstack.api.response.AsyncJobResponse; import org.apache.cloudstack.api.response.DiskOfferingResponse; import org.apache.cloudstack.api.response.DomainRouterResponse; @@ -103,8 +96,6 @@ import org.apache.cloudstack.framework.config.dao.ConfigurationDao; import org.apache.cloudstack.query.QueryService; import com.cloud.api.query.dao.AccountJoinDao; -import com.cloud.api.query.dao.AclGroupJoinDao; -import com.cloud.api.query.dao.AclPolicyJoinDao; import com.cloud.api.query.dao.AffinityGroupJoinDao; import com.cloud.api.query.dao.AsyncJobJoinDao; import com.cloud.api.query.dao.DataCenterJoinDao; @@ -125,9 +116,6 @@ import com.cloud.api.query.dao.UserAccountJoinDao; import com.cloud.api.query.dao.UserVmJoinDao; import com.cloud.api.query.dao.VolumeJoinDao; import com.cloud.api.query.vo.AccountJoinVO; -import com.cloud.api.query.vo.AclGroupJoinVO; -import com.cloud.api.query.vo.AclPolicyJoinVO; -import com.cloud.api.query.vo.AclRoleJoinVO; import com.cloud.api.query.vo.AffinityGroupJoinVO; import com.cloud.api.query.vo.AsyncJobJoinVO; import com.cloud.api.query.vo.DataCenterJoinVO; @@ -218,8 +206,6 @@ public class QueryManagerImpl extends ManagerBase implements QueryService { public static final Logger s_logger = Logger.getLogger(QueryManagerImpl.class); - // public static ViewResponseHelper _responseGenerator; - @Inject private AccountManager _accountMgr; @@ -354,20 +340,6 @@ public class QueryManagerImpl extends ManagerBase implements QueryService { @Inject AffinityGroupDomainMapDao _affinityGroupDomainMapDao; - @Inject - AclPolicyJoinDao _aclPolicyJoinDao; - - @Inject - AclPolicyDao _aclPolicyDao; - - @Inject - AclGroupJoinDao _aclGroupJoinDao; - - @Inject - AclGroupDao _aclGroupDao; - - @Inject - AclService _aclService; @Inject NetworkDetailsDao _networkDetailsDao; @@ -3334,214 +3306,4 @@ public class QueryManagerImpl extends ManagerBase implements QueryService { return resourceDetailResponse; } - @Override - public ListResponse listAclPolicies(Long aclPolicyId, String aclPolicyName, Long domainId, Long startIndex, Long pageSize) { - Pair, Integer> result = listAclPoliciesInternal(aclPolicyId, aclPolicyName, domainId, true, true, startIndex, pageSize); - ListResponse response = new ListResponse(); - - List roleResponses = ViewResponseHelper.createAclPolicyResponses(result.first()); - response.setResponses(roleResponses, result.second()); - return response; - } - - private Pair, Integer> listAclPoliciesInternal(Long aclPolicyId, String aclPolicyName, Long domainId, boolean isRecursive, boolean listAll, - Long startIndex, - Long pageSize) { - - Account caller = CallContext.current().getCallingAccount(); - Boolean listForDomain = false; - - if (aclPolicyId != null) { - AclPolicy policy = _aclPolicyDao.findById(aclPolicyId); - if (policy == null) { - throw new InvalidParameterValueException("Unable to find acl policy by id " + aclPolicyId); - } - - _accountMgr.checkAccess(caller, null, true, policy); - } - - if (domainId != null) { - Domain domain = _domainDao.findById(domainId); - if (domain == null) { - throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist"); - } - - _accountMgr.checkAccess(caller, domain); - - if (aclPolicyName != null) { - AclPolicy policy = _aclPolicyDao.findByName(domainId, aclPolicyName); - if (policy == null) { - throw new InvalidParameterValueException("Unable to find acl policy by name " + aclPolicyName - + " in domain " + domainId); - } - _accountMgr.checkAccess(caller, null, true, policy); - } - } - - if (aclPolicyId == null) { - if (_accountMgr.isAdmin(caller.getType()) && listAll && domainId == null) { - listForDomain = true; - isRecursive = true; - if (domainId == null) { - domainId = caller.getDomainId(); - } - } else if (_accountMgr.isAdmin(caller.getType()) && domainId != null) { - listForDomain = true; - } - } - - Filter searchFilter = new Filter(AclRoleJoinVO.class, "id", true, startIndex, pageSize); - - - SearchBuilder sb = _aclPolicyJoinDao.createSearchBuilder(); - sb.select(null, Func.DISTINCT, sb.entity().getId()); // select distinct ids - - sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ); - sb.and("domainId", sb.entity().getDomainId(), SearchCriteria.Op.EQ); - sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ); - - if (listForDomain && isRecursive) { - sb.and("path", sb.entity().getDomainPath(), SearchCriteria.Op.LIKE); - } - - SearchCriteria sc = sb.create(); - - if (aclPolicyName != null) { - sc.setParameters("name", aclPolicyName); - } - - if (aclPolicyId != null) { - sc.setParameters("id", aclPolicyId); - } - - if (listForDomain) { - if (isRecursive) { - Domain domain = _domainDao.findById(domainId); - sc.setParameters("path", domain.getPath() + "%"); - } else { - sc.setParameters("domainId", domainId); - } - } - - - // search policy details by ids - Pair, Integer> uniqueRolePair = _aclPolicyJoinDao.searchAndCount(sc, searchFilter); - Integer count = uniqueRolePair.second(); - if (count.intValue() == 0) { - // empty result - return uniqueRolePair; - } - List uniqueRoles = uniqueRolePair.first(); - Long[] vrIds = new Long[uniqueRoles.size()]; - int i = 0; - for (AclPolicyJoinVO v : uniqueRoles) { - vrIds[i++] = v.getId(); - } - List vrs = _aclPolicyJoinDao.searchByIds(vrIds); - return new Pair, Integer>(vrs, count); - } - - @Override - public ListResponse listAclGroups(Long aclGroupId, String aclGroupName, Long domainId, Long startIndex, Long pageSize) { - Pair, Integer> result = listAclGroupsInternal(aclGroupId, aclGroupName, domainId, true, true, startIndex, pageSize); - ListResponse response = new ListResponse(); - - List groupResponses = ViewResponseHelper.createAclGroupResponses(result.first()); - response.setResponses(groupResponses, result.second()); - return response; - } - - private Pair, Integer> listAclGroupsInternal(Long aclGroupId, String aclGroupName, Long domainId, boolean isRecursive, boolean listAll, Long startIndex, - Long pageSize) { - - Account caller = CallContext.current().getCallingAccount(); - Boolean listForDomain = false; - - if (aclGroupId != null) { - AclGroup group = _aclGroupDao.findById(aclGroupId); - if (group == null) { - throw new InvalidParameterValueException("Unable to find acl group by id " + aclGroupId); - } - - _accountMgr.checkAccess(caller, null, true, group); - } - - if (domainId != null) { - Domain domain = _domainDao.findById(domainId); - if (domain == null) { - throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist"); - } - - _accountMgr.checkAccess(caller, domain); - - if (aclGroupName != null) { - AclGroup group = _aclGroupDao.findByName(domainId, aclGroupName); - if (group == null) { - throw new InvalidParameterValueException("Unable to find acl group by name " + aclGroupName - + " in domain " + domainId); - } - _accountMgr.checkAccess(caller, null, true, group); - } - } - - if (aclGroupId == null) { - if (_accountMgr.isAdmin(caller.getType()) && listAll && domainId == null) { - listForDomain = true; - isRecursive = true; - if (domainId == null) { - domainId = caller.getDomainId(); - } - } else if (_accountMgr.isAdmin(caller.getType()) && domainId != null) { - listForDomain = true; - } - } - - Filter searchFilter = new Filter(AclGroupJoinVO.class, "id", true, startIndex, pageSize); - - SearchBuilder sb = _aclGroupJoinDao.createSearchBuilder(); - sb.select(null, Func.DISTINCT, sb.entity().getId()); // select distinct ids - - sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ); - sb.and("domainId", sb.entity().getDomainId(), SearchCriteria.Op.EQ); - sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ); - - if (listForDomain && isRecursive) { - sb.and("path", sb.entity().getDomainPath(), SearchCriteria.Op.LIKE); - } - - SearchCriteria sc = sb.create(); - - if (aclGroupName != null) { - sc.setParameters("name", aclGroupName); - } - - if (aclGroupId != null) { - sc.setParameters("id", aclGroupId); - } - - if (listForDomain) { - if (isRecursive) { - Domain domain = _domainDao.findById(domainId); - sc.setParameters("path", domain.getPath() + "%"); - } else { - sc.setParameters("domainId", domainId); - } - } - - // search group details by ids - Pair, Integer> uniqueGroupPair = _aclGroupJoinDao.searchAndCount(sc, searchFilter); - Integer count = uniqueGroupPair.second(); - if (count.intValue() == 0) { - // empty result - return uniqueGroupPair; - } - List uniqueGroups = uniqueGroupPair.first(); - Long[] vrIds = new Long[uniqueGroups.size()]; - int i = 0; - for (AclGroupJoinVO v : uniqueGroups) { - vrIds[i++] = v.getId(); - } - List vrs = _aclGroupJoinDao.searchByIds(vrIds); - return new Pair, Integer>(vrs, count); - } } diff --git a/server/src/com/cloud/api/query/ViewResponseHelper.java b/server/src/com/cloud/api/query/ViewResponseHelper.java index 478cbfb33d9..3a35c9650f5 100644 --- a/server/src/com/cloud/api/query/ViewResponseHelper.java +++ b/server/src/com/cloud/api/query/ViewResponseHelper.java @@ -28,8 +28,6 @@ import org.apache.cloudstack.api.ApiConstants.HostDetails; import org.apache.cloudstack.api.ApiConstants.VMDetails; import org.apache.cloudstack.api.ResponseObject.ResponseView; import org.apache.cloudstack.api.response.AccountResponse; -import org.apache.cloudstack.api.response.AclGroupResponse; -import org.apache.cloudstack.api.response.AclPolicyResponse; import org.apache.cloudstack.api.response.AsyncJobResponse; import org.apache.cloudstack.api.response.DiskOfferingResponse; import org.apache.cloudstack.api.response.DomainRouterResponse; @@ -54,8 +52,6 @@ import org.apache.cloudstack.context.CallContext; import com.cloud.api.ApiDBUtils; import com.cloud.api.query.vo.AccountJoinVO; -import com.cloud.api.query.vo.AclGroupJoinVO; -import com.cloud.api.query.vo.AclPolicyJoinVO; import com.cloud.api.query.vo.AffinityGroupJoinVO; import com.cloud.api.query.vo.AsyncJobJoinVO; import com.cloud.api.query.vo.DataCenterJoinVO; @@ -444,36 +440,4 @@ public class ViewResponseHelper { } return new ArrayList(vrDataList.values()); } - - public static List createAclPolicyResponses(List policies) { - Hashtable vrDataList = new Hashtable(); - for (AclPolicyJoinVO vr : policies) { - AclPolicyResponse vrData = vrDataList.get(vr.getId()); - if (vrData == null) { - // first time encountering this Acl policy - vrData = ApiDBUtils.newAclPolicyResponse(vr); - } else { - // update vms - vrData = ApiDBUtils.fillAclPolicyDetails(vrData, vr); - } - vrDataList.put(vr.getId(), vrData); - } - return new ArrayList(vrDataList.values()); - } - - public static List createAclGroupResponses(List groups) { - Hashtable vrDataList = new Hashtable(); - for (AclGroupJoinVO vr : groups) { - AclGroupResponse vrData = vrDataList.get(vr.getId()); - if (vrData == null) { - // first time encountering this Acl role - vrData = ApiDBUtils.newAclGroupResponse(vr); - } else { - // update vms - vrData = ApiDBUtils.fillAclGroupDetails(vrData, vr); - } - vrDataList.put(vr.getId(), vrData); - } - return new ArrayList(vrDataList.values()); - } } diff --git a/server/src/com/cloud/api/query/dao/AccountJoinDaoImpl.java b/server/src/com/cloud/api/query/dao/AccountJoinDaoImpl.java index da13bad818b..8c2b1953d1b 100644 --- a/server/src/com/cloud/api/query/dao/AccountJoinDaoImpl.java +++ b/server/src/com/cloud/api/query/dao/AccountJoinDaoImpl.java @@ -24,16 +24,15 @@ import javax.inject.Inject; import org.apache.log4j.Logger; import org.springframework.stereotype.Component; +import org.apache.cloudstack.acl.AclProxyService; import org.apache.cloudstack.api.ResponseObject.ResponseView; import org.apache.cloudstack.api.response.AccountResponse; -import org.apache.cloudstack.api.response.AclGroupResponse; import org.apache.cloudstack.api.response.ResourceLimitAndCountResponse; import org.apache.cloudstack.api.response.UserResponse; import com.cloud.api.ApiDBUtils; import com.cloud.api.query.ViewResponseHelper; import com.cloud.api.query.vo.AccountJoinVO; -import com.cloud.api.query.vo.AclGroupJoinVO; import com.cloud.api.query.vo.UserAccountJoinVO; import com.cloud.configuration.Resource.ResourceType; import com.cloud.user.Account; @@ -50,6 +49,8 @@ public class AccountJoinDaoImpl extends GenericDaoBase impl private final SearchBuilder acctIdSearch; @Inject public AccountManager _accountMgr; + @Inject + AclProxyService _aclProxy; protected AccountJoinDaoImpl() { @@ -105,9 +106,7 @@ public class AccountJoinDaoImpl extends GenericDaoBase impl accountResponse.setObjectName("account"); // add all the acl groups for an account - List groupsForAccount = ApiDBUtils.findAclGroupByAccountId(account.getId()); - List groupResponses = ViewResponseHelper.createAclGroupResponses(groupsForAccount); - accountResponse.setGroups(groupResponses); + accountResponse.setGroups(_aclProxy.listAclGroupsByAccount(account.getId())); return accountResponse; } diff --git a/server/src/com/cloud/api/query/dao/AclGroupJoinDao.java b/server/src/com/cloud/api/query/dao/AclGroupJoinDao.java deleted file mode 100644 index ccebf2100b5..00000000000 --- a/server/src/com/cloud/api/query/dao/AclGroupJoinDao.java +++ /dev/null @@ -1,38 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package com.cloud.api.query.dao; - -import java.util.List; - -import org.apache.cloudstack.acl.AclGroup; -import org.apache.cloudstack.api.response.AclGroupResponse; - -import com.cloud.api.query.vo.AclGroupJoinVO; -import com.cloud.utils.db.GenericDao; - -public interface AclGroupJoinDao extends GenericDao { - - AclGroupResponse newAclGroupResponse(AclGroupJoinVO group); - - AclGroupResponse setAclGroupResponse(AclGroupResponse response, AclGroupJoinVO os); - - List newAclGroupView(AclGroup group); - - List searchByIds(Long... ids); - - List findAclGroupsByAccount(long accountId); -} diff --git a/server/src/com/cloud/api/query/dao/AclGroupJoinDaoImpl.java b/server/src/com/cloud/api/query/dao/AclGroupJoinDaoImpl.java deleted file mode 100644 index 355f5618cb4..00000000000 --- a/server/src/com/cloud/api/query/dao/AclGroupJoinDaoImpl.java +++ /dev/null @@ -1,173 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package com.cloud.api.query.dao; - -import java.util.ArrayList; -import java.util.HashSet; -import java.util.List; -import java.util.Set; - -import javax.ejb.Local; -import javax.inject.Inject; - -import org.apache.log4j.Logger; -import org.springframework.stereotype.Component; - -import org.apache.cloudstack.acl.AclGroup; -import org.apache.cloudstack.acl.AclGroupAccountMapVO; -import org.apache.cloudstack.acl.dao.AclGroupAccountMapDao; -import org.apache.cloudstack.api.response.AclGroupResponse; -import org.apache.cloudstack.framework.config.dao.ConfigurationDao; - -import com.cloud.api.query.vo.AclGroupJoinVO; -import com.cloud.user.AccountManager; -import com.cloud.utils.db.GenericDaoBase; -import com.cloud.utils.db.SearchBuilder; -import com.cloud.utils.db.SearchCriteria; - -@Component -@Local(value = {AclGroupJoinDao.class}) -public class AclGroupJoinDaoImpl extends GenericDaoBase implements AclGroupJoinDao { - public static final Logger s_logger = Logger.getLogger(AclGroupJoinDaoImpl.class); - - - private final SearchBuilder grpIdSearch; - private final SearchBuilder grpSearch; - @Inject - public AccountManager _accountMgr; - @Inject - public ConfigurationDao _configDao; - @Inject - public AclGroupAccountMapDao _grpAccountDao; - - protected AclGroupJoinDaoImpl() { - - grpSearch = createSearchBuilder(); - grpSearch.and("idIN", grpSearch.entity().getId(), SearchCriteria.Op.IN); - grpSearch.done(); - - grpIdSearch = createSearchBuilder(); - grpIdSearch.and("id", grpIdSearch.entity().getId(), SearchCriteria.Op.EQ); - grpIdSearch.done(); - - _count = "select count(distinct id) from acl_group_view WHERE "; - } - - - - @Override - public AclGroupResponse newAclGroupResponse(AclGroupJoinVO group) { - - AclGroupResponse response = new AclGroupResponse(); - response.setId(group.getUuid()); - response.setName(group.getName()); - response.setDescription(group.getDescription()); - response.setDomainId(group.getDomainUuid()); - response.setDomainName(group.getName()); - response.setAccountName(group.getAccountName()); - if (group.getMemberAccountId() > 0) { - response.addMemberAccount(group.getMemberAccountName()); - } - if (group.getPolicyId() > 0) { - response.addPolicy(group.getPolicyName()); - } - - response.setObjectName("aclgroup"); - - return response; - } - - @Override - public AclGroupResponse setAclGroupResponse(AclGroupResponse response, AclGroupJoinVO group) { - if (group.getMemberAccountId() > 0) { - response.addMemberAccount(group.getMemberAccountName()); - } - if (group.getPolicyId() > 0) { - response.addPolicy(group.getPolicyName()); - } - - return response; - } - - @Override - public List newAclGroupView(AclGroup group) { - SearchCriteria sc = grpIdSearch.create(); - sc.setParameters("id", group.getId()); - return searchIncludingRemoved(sc, null, null, false); - - } - - @Override - public List searchByIds(Long... grpIds) { - // set detail batch query size - int DETAILS_BATCH_SIZE = 2000; - String batchCfg = _configDao.getValue("detail.batch.query.size"); - if (batchCfg != null) { - DETAILS_BATCH_SIZE = Integer.parseInt(batchCfg); - } - // query details by batches - List uvList = new ArrayList(); - // query details by batches - int curr_index = 0; - if (grpIds.length > DETAILS_BATCH_SIZE) { - while ((curr_index + DETAILS_BATCH_SIZE) <= grpIds.length) { - Long[] ids = new Long[DETAILS_BATCH_SIZE]; - for (int k = 0, j = curr_index; j < curr_index + DETAILS_BATCH_SIZE; j++, k++) { - ids[k] = grpIds[j]; - } - SearchCriteria sc = grpSearch.create(); - sc.setParameters("idIN", ids); - List vms = searchIncludingRemoved(sc, null, null, false); - if (vms != null) { - uvList.addAll(vms); - } - curr_index += DETAILS_BATCH_SIZE; - } - } - if (curr_index < grpIds.length) { - int batch_size = (grpIds.length - curr_index); - // set the ids value - Long[] ids = new Long[batch_size]; - for (int k = 0, j = curr_index; j < curr_index + batch_size; j++, k++) { - ids[k] = grpIds[j]; - } - SearchCriteria sc = grpSearch.create(); - sc.setParameters("idIN", ids); - List vms = searchIncludingRemoved(sc, null, null, false); - if (vms != null) { - uvList.addAll(vms); - } - } - return uvList; - } - - @Override - public List findAclGroupsByAccount(long accountId) { - List grpMap = _grpAccountDao.listByAccountId(accountId); - if (grpMap != null && grpMap.size() > 0) { - Set grpList = new HashSet(); - for (AclGroupAccountMapVO m : grpMap) { - grpList.add(m.getAclGroupId()); - } - return searchByIds(grpList.toArray(new Long[grpList.size()])); - } - else{ - return null; - } - } - -} diff --git a/server/src/com/cloud/api/query/dao/AclPolicyJoinDao.java b/server/src/com/cloud/api/query/dao/AclPolicyJoinDao.java deleted file mode 100644 index 8f0046497b8..00000000000 --- a/server/src/com/cloud/api/query/dao/AclPolicyJoinDao.java +++ /dev/null @@ -1,37 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package com.cloud.api.query.dao; - -import java.util.List; - -import org.apache.cloudstack.acl.AclPolicy; -import org.apache.cloudstack.api.response.AclPolicyResponse; - -import com.cloud.api.query.vo.AclPolicyJoinVO; -import com.cloud.utils.db.GenericDao; - - -public interface AclPolicyJoinDao extends GenericDao { - - AclPolicyResponse newAclPolicyResponse(AclPolicyJoinVO role); - - AclPolicyResponse setAclPolicyResponse(AclPolicyResponse response, AclPolicyJoinVO os); - - List newAclPolicyView(AclPolicy role); - - List searchByIds(Long... ids); -} diff --git a/server/src/com/cloud/api/query/dao/AclPolicyJoinDaoImpl.java b/server/src/com/cloud/api/query/dao/AclPolicyJoinDaoImpl.java deleted file mode 100644 index 7929c3a7b8d..00000000000 --- a/server/src/com/cloud/api/query/dao/AclPolicyJoinDaoImpl.java +++ /dev/null @@ -1,157 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -package com.cloud.api.query.dao; - -import java.util.ArrayList; -import java.util.List; - -import javax.ejb.Local; -import javax.inject.Inject; - -import org.apache.log4j.Logger; -import org.springframework.stereotype.Component; - -import org.apache.cloudstack.acl.AclPolicy; -import org.apache.cloudstack.api.response.AclPermissionResponse; -import org.apache.cloudstack.api.response.AclPolicyResponse; -import org.apache.cloudstack.framework.config.dao.ConfigurationDao; - -import com.cloud.api.query.vo.AclPolicyJoinVO; -import com.cloud.user.AccountManager; -import com.cloud.utils.db.GenericDaoBase; -import com.cloud.utils.db.SearchBuilder; -import com.cloud.utils.db.SearchCriteria; - -@Component -@Local(value = {AclPolicyJoinDao.class}) -public class AclPolicyJoinDaoImpl extends GenericDaoBase implements AclPolicyJoinDao { - public static final Logger s_logger = Logger.getLogger(AclPolicyJoinDaoImpl.class); - - - private final SearchBuilder policyIdSearch; - private final SearchBuilder policySearch; - @Inject - public AccountManager _accountMgr; - @Inject - public ConfigurationDao _configDao; - - protected AclPolicyJoinDaoImpl() { - - policySearch = createSearchBuilder(); - policySearch.and("idIN", policySearch.entity().getId(), SearchCriteria.Op.IN); - policySearch.done(); - - policyIdSearch = createSearchBuilder(); - policyIdSearch.and("id", policyIdSearch.entity().getId(), SearchCriteria.Op.EQ); - policyIdSearch.done(); - - _count = "select count(distinct id) from acl_policy_view WHERE "; - } - - - - @Override - public AclPolicyResponse newAclPolicyResponse(AclPolicyJoinVO policy) { - - AclPolicyResponse response = new AclPolicyResponse(); - response.setId(policy.getUuid()); - response.setName(policy.getName()); - response.setDescription(policy.getDescription()); - response.setDomainId(policy.getDomainUuid()); - response.setDomainName(policy.getName()); - response.setAccountName(policy.getAccountName()); - if (policy.getPermissionAction() != null) { - AclPermissionResponse perm = new AclPermissionResponse(); - perm.setAction(policy.getPermissionAction()); - perm.setEntityType(policy.getPermissionEntityType()); - perm.setScope(policy.getPermissionScope()); - perm.setScopeId(policy.getPermissionScopeId()); - perm.setPermission(policy.getPermissionAllowDeny()); - response.addPermission(perm); - } - - response.setObjectName("aclpolicy"); - return response; - } - - @Override - public AclPolicyResponse setAclPolicyResponse(AclPolicyResponse response, AclPolicyJoinVO policy) { - if (policy.getPermissionAction() != null) { - AclPermissionResponse perm = new AclPermissionResponse(); - perm.setAction(policy.getPermissionAction()); - perm.setEntityType(policy.getPermissionEntityType()); - perm.setScope(policy.getPermissionScope()); - perm.setScopeId(policy.getPermissionScopeId()); - perm.setPermission(policy.getPermissionAllowDeny()); - response.addPermission(perm); - } - return response; - } - - @Override - public List newAclPolicyView(AclPolicy policy) { - SearchCriteria sc = policyIdSearch.create(); - sc.setParameters("id", policy.getId()); - return searchIncludingRemoved(sc, null, null, false); - - } - - @Override - public List searchByIds(Long... policyIds) { - // set detail batch query size - int DETAILS_BATCH_SIZE = 2000; - String batchCfg = _configDao.getValue("detail.batch.query.size"); - if (batchCfg != null) { - DETAILS_BATCH_SIZE = Integer.parseInt(batchCfg); - } - // query details by batches - List uvList = new ArrayList(); - // query details by batches - int curr_index = 0; - if (policyIds.length > DETAILS_BATCH_SIZE) { - while ((curr_index + DETAILS_BATCH_SIZE) <= policyIds.length) { - Long[] ids = new Long[DETAILS_BATCH_SIZE]; - for (int k = 0, j = curr_index; j < curr_index + DETAILS_BATCH_SIZE; j++, k++) { - ids[k] = policyIds[j]; - } - SearchCriteria sc = policySearch.create(); - sc.setParameters("idIN", ids); - List vms = searchIncludingRemoved(sc, null, null, false); - if (vms != null) { - uvList.addAll(vms); - } - curr_index += DETAILS_BATCH_SIZE; - } - } - if (curr_index < policyIds.length) { - int batch_size = (policyIds.length - curr_index); - // set the ids value - Long[] ids = new Long[batch_size]; - for (int k = 0, j = curr_index; j < curr_index + batch_size; j++, k++) { - ids[k] = policyIds[j]; - } - SearchCriteria sc = policySearch.create(); - sc.setParameters("idIN", ids); - List vms = searchIncludingRemoved(sc, null, null, false); - if (vms != null) { - uvList.addAll(vms); - } - } - return uvList; - } - -} diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java index d2caf67ed1b..22e72b4b0f8 100755 --- a/server/src/com/cloud/server/ManagementServerImpl.java +++ b/server/src/com/cloud/server/ManagementServerImpl.java @@ -57,18 +57,6 @@ import org.apache.cloudstack.api.command.admin.account.DisableAccountCmd; import org.apache.cloudstack.api.command.admin.account.EnableAccountCmd; import org.apache.cloudstack.api.command.admin.account.LockAccountCmd; import org.apache.cloudstack.api.command.admin.account.UpdateAccountCmd; -import org.apache.cloudstack.api.command.admin.acl.AddAccountToAclGroupCmd; -import org.apache.cloudstack.api.command.admin.acl.AddAclPermissionToAclPolicyCmd; -import org.apache.cloudstack.api.command.admin.acl.AttachAclPolicyToAclGroupCmd; -import org.apache.cloudstack.api.command.admin.acl.CreateAclGroupCmd; -import org.apache.cloudstack.api.command.admin.acl.CreateAclPolicyCmd; -import org.apache.cloudstack.api.command.admin.acl.DeleteAclGroupCmd; -import org.apache.cloudstack.api.command.admin.acl.DeleteAclPolicyCmd; -import org.apache.cloudstack.api.command.admin.acl.ListAclGroupsCmd; -import org.apache.cloudstack.api.command.admin.acl.ListAclPoliciesCmd; -import org.apache.cloudstack.api.command.admin.acl.RemoveAccountFromAclGroupCmd; -import org.apache.cloudstack.api.command.admin.acl.RemoveAclPermissionFromAclPolicyCmd; -import org.apache.cloudstack.api.command.admin.acl.RemoveAclPolicyFromAclGroupCmd; import org.apache.cloudstack.api.command.admin.autoscale.CreateCounterCmd; import org.apache.cloudstack.api.command.admin.autoscale.DeleteCounterCmd; import org.apache.cloudstack.api.command.admin.cluster.AddClusterCmd; @@ -2880,18 +2868,6 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe cmdList.add(ReplaceNetworkACLListCmd.class); cmdList.add(UpdateNetworkACLItemCmd.class); cmdList.add(CleanVMReservationsCmd.class); - cmdList.add(CreateAclPolicyCmd.class); - cmdList.add(DeleteAclPolicyCmd.class); - cmdList.add(ListAclPoliciesCmd.class); - cmdList.add(AddAclPermissionToAclPolicyCmd.class); - cmdList.add(RemoveAclPermissionFromAclPolicyCmd.class); - cmdList.add(AttachAclPolicyToAclGroupCmd.class); - cmdList.add(RemoveAclPolicyFromAclGroupCmd.class); - cmdList.add(CreateAclGroupCmd.class); - cmdList.add(DeleteAclGroupCmd.class); - cmdList.add(ListAclGroupsCmd.class); - cmdList.add(AddAccountToAclGroupCmd.class); - cmdList.add(RemoveAccountFromAclGroupCmd.class); return cmdList; } diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java index adabec6976a..15d0c55a3e0 100755 --- a/server/src/com/cloud/user/AccountManagerImpl.java +++ b/server/src/com/cloud/user/AccountManagerImpl.java @@ -46,6 +46,7 @@ import org.apache.cloudstack.acl.AclPolicyPermission; import org.apache.cloudstack.acl.AclService; import org.apache.cloudstack.acl.ControlledEntity; import org.apache.cloudstack.acl.PermissionScope; +import org.apache.cloudstack.acl.QuerySelector; import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.acl.SecurityChecker; import org.apache.cloudstack.acl.SecurityChecker.AccessType; @@ -262,6 +263,9 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M @Inject private AclService _aclService; + @Inject + QuerySelector _aclQuerySelector; // we assume that there should be one type of QuerySelector adapter + @Inject private AclPolicyPermissionDao _aclPolicyPermissionDao; @@ -2490,16 +2494,16 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M // search for policy permissions associated with caller to get all his authorized domains, accounts, and resources // Assumption: if a domain is in grantedDomains, then all the accounts under this domain will not be returned in "grantedAccounts". Similarly, if an account // is in grantedAccounts, then all the resources owned by this account will not be returned in "grantedResources". - boolean grantedAll = _aclService.isGrantedAll(caller.getId(), action); + boolean grantedAll = _aclQuerySelector.isGrantedAll(caller, action); if ( grantedAll ){ if ( domainId != null ){ permittedDomains.add(domainId); } } else { - List grantedDomains = _aclService.getGrantedDomains(caller.getId(), action); - List grantedAccounts = _aclService.getGrantedAccounts(caller.getId(), action); - List grantedResources = _aclService.getGrantedResources(caller.getId(), action); + List grantedDomains = _aclQuerySelector.getAuthorizedDomains(caller, action); + List grantedAccounts = _aclQuerySelector.getAuthorizedAccounts(caller, action); + List grantedResources = _aclQuerySelector.getAuthorizedResources(caller, action); if (domainId != null) { // specific domain is specified diff --git a/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml b/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml index 78b233da309..66f5253adb2 100644 --- a/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml +++ b/services/iam/plugin/resources/META-INF/cloudstack/acl-role-based-access-checkers/spring-acl-role-based-access-checkers-context.xml @@ -27,6 +27,8 @@ http://www.springframework.org/schema/context/spring-context-3.0.xsd" > - + + + diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityQuerySelector.java b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityQuerySelector.java index e32b2d163d1..3e76a7e50c8 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityQuerySelector.java +++ b/services/iam/plugin/src/org/apache/cloudstack/acl/RoleBasedEntityQuerySelector.java @@ -23,8 +23,6 @@ import javax.inject.Inject; import org.apache.log4j.Logger; -import org.apache.cloudstack.acl.PermissionScope; -import org.apache.cloudstack.acl.QuerySelector; import org.apache.cloudstack.iam.api.AclPolicy; import org.apache.cloudstack.iam.api.AclPolicyPermission; import org.apache.cloudstack.iam.api.IAMService; @@ -99,5 +97,19 @@ public class RoleBasedEntityQuerySelector extends AdapterBase implements QuerySe return entityIds; } + @Override + public boolean isGrantedAll(Account caller, String action) { + long accountId = caller.getAccountId(); + // Get the static Policies of the Caller + List policies = _iamService.listAclPolicies(accountId); + // for each policy, find granted permission with ALL scope + for (AclPolicy policy : policies) { + List pp = _iamService.listPolicyPermissionsByScope(policy.getId(), action, PermissionScope.ALL.toString()); + if (pp != null && pp.size() > 0) { + return true; + } + } + return false; + } } diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java index 3d7bb3c32ce..273c3833241 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java +++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiService.java @@ -18,6 +18,7 @@ package org.apache.cloudstack.acl.api; import java.util.List; +import org.apache.cloudstack.acl.AclProxyService; import org.apache.cloudstack.acl.PermissionScope; import org.apache.cloudstack.acl.api.response.AclGroupResponse; import org.apache.cloudstack.acl.api.response.AclPolicyResponse; @@ -28,8 +29,9 @@ import org.apache.cloudstack.iam.api.AclPolicyPermission; import org.apache.cloudstack.iam.api.AclPolicyPermission.Permission; import com.cloud.user.Account; +import com.cloud.utils.component.PluggableService; -public interface AclApiService { +public interface AclApiService extends AclProxyService, PluggableService { /* ACL group related interfaces */ AclGroup createAclGroup(Account caller, String aclGroupName, String description); diff --git a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java index 3fca5d5e8e3..8a1d70f3d10 100644 --- a/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java +++ b/services/iam/plugin/src/org/apache/cloudstack/acl/api/AclApiServiceImpl.java @@ -27,6 +27,18 @@ import org.apache.log4j.Logger; import org.apache.cloudstack.acl.AclEntityType; import org.apache.cloudstack.acl.PermissionScope; import org.apache.cloudstack.acl.SecurityChecker.AccessType; +import org.apache.cloudstack.acl.api.command.AddAccountToAclGroupCmd; +import org.apache.cloudstack.acl.api.command.AddAclPermissionToAclPolicyCmd; +import org.apache.cloudstack.acl.api.command.AttachAclPolicyToAclGroupCmd; +import org.apache.cloudstack.acl.api.command.CreateAclGroupCmd; +import org.apache.cloudstack.acl.api.command.CreateAclPolicyCmd; +import org.apache.cloudstack.acl.api.command.DeleteAclGroupCmd; +import org.apache.cloudstack.acl.api.command.DeleteAclPolicyCmd; +import org.apache.cloudstack.acl.api.command.ListAclGroupsCmd; +import org.apache.cloudstack.acl.api.command.ListAclPoliciesCmd; +import org.apache.cloudstack.acl.api.command.RemoveAccountFromAclGroupCmd; +import org.apache.cloudstack.acl.api.command.RemoveAclPermissionFromAclPolicyCmd; +import org.apache.cloudstack.acl.api.command.RemoveAclPolicyFromAclGroupCmd; import org.apache.cloudstack.acl.api.response.AclGroupResponse; import org.apache.cloudstack.acl.api.response.AclPermissionResponse; import org.apache.cloudstack.acl.api.response.AclPolicyResponse; @@ -100,6 +112,16 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man return _iamSrv.listAclGroups(accountId); } + @Override + public List listAclGroupsByAccount(long accountId) { + List groups = listAclGroups(accountId); + List groupNames = new ArrayList(); + for (AclGroup grp : groups) { + groupNames.add(grp.getName()); + } + return groupNames; + } + @DB @Override @ActionEvent(eventType = EventTypes.EVENT_ACL_GROUP_UPDATE, eventDescription = "Adding accounts to acl group") @@ -330,4 +352,21 @@ public class AclApiServiceImpl extends ManagerBase implements AclApiService, Man return response; } + @Override + public List> getCommands() { + List> cmdList = new ArrayList>(); + cmdList.add(CreateAclPolicyCmd.class); + cmdList.add(DeleteAclPolicyCmd.class); + cmdList.add(ListAclPoliciesCmd.class); + cmdList.add(AddAclPermissionToAclPolicyCmd.class); + cmdList.add(RemoveAclPermissionFromAclPolicyCmd.class); + cmdList.add(AttachAclPolicyToAclGroupCmd.class); + cmdList.add(RemoveAclPolicyFromAclGroupCmd.class); + cmdList.add(CreateAclGroupCmd.class); + cmdList.add(DeleteAclGroupCmd.class); + cmdList.add(ListAclGroupsCmd.class); + cmdList.add(AddAccountToAclGroupCmd.class); + cmdList.add(RemoveAccountFromAclGroupCmd.class); + return cmdList; + } }