Repository: cloudstack Updated Branches: refs/heads/4.4 4f9b29881 -> 683c242ed
CLOUDSTACK-6513: Optimize code by removing deprecated utility to QueryManagerImpl as private method just used for listTemplates and listAffinityGroups to avoid misuse by new list APIs. Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/683c242e Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/683c242e Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/683c242e Branch: refs/heads/4.4 Commit: 683c242ed343c56483768849c97b0398e407605a Parents: 4f9b298 Author: Min Chen <min.c...@citrix.com> Authored: Tue Apr 29 18:33:10 2014 -0700 Committer: Daan Hoogland <d...@onecht.net> Committed: Wed Apr 30 10:40:39 2014 +0200 ---------------------------------------------------------------------- .../contrail/management/MockAccountManager.java | 6 -- .../com/cloud/api/query/QueryManagerImpl.java | 92 +++++++++++++++++++- server/src/com/cloud/user/AccountManager.java | 5 -- .../src/com/cloud/user/AccountManagerImpl.java | 87 ------------------ .../com/cloud/user/MockAccountManagerImpl.java | 7 -- 5 files changed, 89 insertions(+), 108 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/683c242e/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java ---------------------------------------------------------------------- diff --git a/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java b/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java index 3517cc9..e12a4bf 100644 --- a/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java +++ b/plugins/network-elements/juniper-contrail/test/org/apache/cloudstack/network/contrail/management/MockAccountManager.java @@ -388,11 +388,5 @@ public class MockAccountManager extends ManagerBase implements AccountManager { } - @Override - public void buildACLSearchParameters(Account caller, Long id, String accountName, Long projectId, List<Long> permittedAccounts, - Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject, boolean listAll, boolean forProjectInvitation) { - // TODO Auto-generated method stub - - } } http://git-wip-us.apache.org/repos/asf/cloudstack/blob/683c242e/server/src/com/cloud/api/query/QueryManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/api/query/QueryManagerImpl.java b/server/src/com/cloud/api/query/QueryManagerImpl.java index 16c68b1..9c31f47 100644 --- a/server/src/com/cloud/api/query/QueryManagerImpl.java +++ b/server/src/com/cloud/api/query/QueryManagerImpl.java @@ -3081,6 +3081,92 @@ public class QueryManagerImpl extends ManagerBase implements QueryService { } + // This method should only be used for keeping old listTemplates and listAffinityGroups behavior, PLEASE DON'T USE IT FOR USE LIST APIs + private void buildTemplateAffinityGroupSearchParameters(Account caller, Long id, String accountName, Long projectId, List<Long> + permittedAccounts, Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject, + boolean listAll, boolean forProjectInvitation) { + Long domainId = domainIdRecursiveListProject.first(); + if (domainId != null) { + Domain domain = _domainDao.findById(domainId); + if (domain == null) { + throw new InvalidParameterValueException("Unable to find domain by id " + domainId); + } + // check permissions + _accountMgr.checkAccess(caller, domain); + } + + if (accountName != null) { + if (projectId != null) { + throw new InvalidParameterValueException("Account and projectId can't be specified together"); + } + + Account userAccount = null; + Domain domain = null; + if (domainId != null) { + userAccount = _accountDao.findActiveAccount(accountName, domainId); + domain = _domainDao.findById(domainId); + } else { + userAccount = _accountDao.findActiveAccount(accountName, caller.getDomainId()); + domain = _domainDao.findById(caller.getDomainId()); + } + + if (userAccount != null) { + _accountMgr.checkAccess(caller, null, false, userAccount); + // check permissions + permittedAccounts.add(userAccount.getId()); + } else { + throw new InvalidParameterValueException("could not find account " + accountName + " in domain " + domain.getUuid()); + } + } + + // set project information + if (projectId != null) { + if (!forProjectInvitation) { + if (projectId.longValue() == -1) { + if (_accountMgr.isNormalUser(caller.getId())) { + permittedAccounts.addAll(_projectMgr.listPermittedProjectAccounts(caller.getId())); + } else { + domainIdRecursiveListProject.third(Project.ListProjectResourcesCriteria.ListProjectResourcesOnly); + } + } else { + Project project = _projectMgr.getProject(projectId); + if (project == null) { + throw new InvalidParameterValueException("Unable to find project by id " + projectId); + } + if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { + throw new PermissionDeniedException("Account " + caller + " can't access project id=" + projectId); + } + permittedAccounts.add(project.getProjectAccountId()); + } + } + } else { + if (id == null) { + domainIdRecursiveListProject.third(Project.ListProjectResourcesCriteria.SkipProjectResources); + } + if (permittedAccounts.isEmpty() && domainId == null) { + if (_accountMgr.isNormalUser(caller.getId())) { + permittedAccounts.add(caller.getId()); + } else if (!listAll) { + if (id == null) { + permittedAccounts.add(caller.getId()); + } else if (!_accountMgr.isRootAdmin(caller.getId())) { + domainIdRecursiveListProject.first(caller.getDomainId()); + domainIdRecursiveListProject.second(true); + } + } else if (domainId == null) { + if (_accountMgr.isDomainAdmin(caller.getId())) { + domainIdRecursiveListProject.first(caller.getDomainId()); + domainIdRecursiveListProject.second(true); + } + } + } else if (domainId != null) { + if (_accountMgr.isNormalUser(caller.getId())) { + permittedAccounts.add(caller.getId()); + } + } + } + } + private Pair<List<TemplateJoinVO>, Integer> searchForTemplatesInternal(ListTemplatesCmd cmd) { TemplateFilter templateFilter = TemplateFilter.valueOf(cmd.getTemplateFilter()); Long id = cmd.getId(); @@ -3100,7 +3186,7 @@ public class QueryManagerImpl extends ManagerBase implements QueryService { List<Long> permittedAccountIds = new ArrayList<Long>(); Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject = new Ternary<Long, Boolean, ListProjectResourcesCriteria>( cmd.getDomainId(), cmd.isRecursive(), null); - _accountMgr.buildACLSearchParameters(caller, id, cmd.getAccountName(), cmd.getProjectId(), permittedAccountIds, + buildTemplateAffinityGroupSearchParameters(caller, id, cmd.getAccountName(), cmd.getProjectId(), permittedAccountIds, domainIdRecursiveListProject, listAll, false); ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third(); List<Account> permittedAccounts = new ArrayList<Account>(); @@ -3412,7 +3498,7 @@ public class QueryManagerImpl extends ManagerBase implements QueryService { List<Long> permittedAccountIds = new ArrayList<Long>(); Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject = new Ternary<Long, Boolean, ListProjectResourcesCriteria>( cmd.getDomainId(), cmd.isRecursive(), null); - _accountMgr.buildACLSearchParameters(caller, id, cmd.getAccountName(), cmd.getProjectId(), permittedAccountIds, + buildTemplateAffinityGroupSearchParameters(caller, id, cmd.getAccountName(), cmd.getProjectId(), permittedAccountIds, domainIdRecursiveListProject, listAll, false); ListProjectResourcesCriteria listProjectResourcesCriteria = domainIdRecursiveListProject.third(); List<Account> permittedAccounts = new ArrayList<Account>(); @@ -3499,7 +3585,7 @@ public class QueryManagerImpl extends ManagerBase implements QueryService { List<Long> permittedAccounts = new ArrayList<Long>(); Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject = new Ternary<Long, Boolean, ListProjectResourcesCriteria>( domainId, isRecursive, null); - _accountMgr.buildACLSearchParameters(caller, affinityGroupId, accountName, null, permittedAccounts, + buildTemplateAffinityGroupSearchParameters(caller, affinityGroupId, accountName, null, permittedAccounts, domainIdRecursiveListProject, listAll, true); domainId = domainIdRecursiveListProject.first(); isRecursive = domainIdRecursiveListProject.second(); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/683c242e/server/src/com/cloud/user/AccountManager.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/user/AccountManager.java b/server/src/com/cloud/user/AccountManager.java index 748be2b2c..03bf842 100755 --- a/server/src/com/cloud/user/AccountManager.java +++ b/server/src/com/cloud/user/AccountManager.java @@ -102,11 +102,6 @@ public interface AccountManager extends AccountService { List<Long> permittedResources, ListProjectResourcesCriteria listProjectResourcesCriteria); - // deprecated methods that should only be used in listTemplates due to backwards compatibility of templateFilter. - void buildACLSearchParameters(Account caller, Long id, - String accountName, Long projectId, List<Long> permittedAccounts, Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject, boolean listAll, - boolean forProjectInvitation); - /** * Deletes a user by userId * http://git-wip-us.apache.org/repos/asf/cloudstack/blob/683c242e/server/src/com/cloud/user/AccountManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java index 3ffcafc..3ab26cc 100755 --- a/server/src/com/cloud/user/AccountManagerImpl.java +++ b/server/src/com/cloud/user/AccountManagerImpl.java @@ -2183,93 +2183,6 @@ public class AccountManagerImpl extends ManagerBase implements AccountManager, M return _userAccountDao.getUserByApiKey(apiKey); } - // NOTE: This method should only be used in listTemplates call, all other list calls should use the new buildACLSearchParameters which takes - // "action" as extra parameter and uses new IAM model. - @Override - public void buildACLSearchParameters(Account caller, Long id, String accountName, Long projectId, List<Long> - permittedAccounts, Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject, - boolean listAll, boolean forProjectInvitation) { - Long domainId = domainIdRecursiveListProject.first(); - if (domainId != null) { - Domain domain = _domainDao.findById(domainId); - if (domain == null) { - throw new InvalidParameterValueException("Unable to find domain by id " + domainId); - } - // check permissions - checkAccess(caller, domain); - } - - if (accountName != null) { - if (projectId != null) { - throw new InvalidParameterValueException("Account and projectId can't be specified together"); - } - - Account userAccount = null; - Domain domain = null; - if (domainId != null) { - userAccount = _accountDao.findActiveAccount(accountName, domainId); - domain = _domainDao.findById(domainId); - } else { - userAccount = _accountDao.findActiveAccount(accountName, caller.getDomainId()); - domain = _domainDao.findById(caller.getDomainId()); - } - - if (userAccount != null) { - checkAccess(caller, null, false, userAccount); - // check permissions - permittedAccounts.add(userAccount.getId()); - } else { - throw new InvalidParameterValueException("could not find account " + accountName + " in domain " + domain.getUuid()); - } - } - - // set project information - if (projectId != null) { - if (!forProjectInvitation) { - if (projectId.longValue() == -1) { - if (isNormalUser(caller.getId())) { - permittedAccounts.addAll(_projectMgr.listPermittedProjectAccounts(caller.getId())); - } else { - domainIdRecursiveListProject.third(Project.ListProjectResourcesCriteria.ListProjectResourcesOnly); - } - } else { - Project project = _projectMgr.getProject(projectId); - if (project == null) { - throw new InvalidParameterValueException("Unable to find project by id " + projectId); - } - if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) { - throw new PermissionDeniedException("Account " + caller + " can't access project id=" + projectId); - } - permittedAccounts.add(project.getProjectAccountId()); - } - } - } else { - if (id == null) { - domainIdRecursiveListProject.third(Project.ListProjectResourcesCriteria.SkipProjectResources); - } - if (permittedAccounts.isEmpty() && domainId == null) { - if (isNormalUser(caller.getId())) { - permittedAccounts.add(caller.getId()); - } else if (!listAll) { - if (id == null) { - permittedAccounts.add(caller.getId()); - } else if (!isRootAdmin(caller.getId())) { - domainIdRecursiveListProject.first(caller.getDomainId()); - domainIdRecursiveListProject.second(true); - } - } else if (domainId == null) { - if (isDomainAdmin(caller.getId())) { - domainIdRecursiveListProject.first(caller.getDomainId()); - domainIdRecursiveListProject.second(true); - } - } - } else if (domainId != null) { - if (isNormalUser(caller.getId())) { - permittedAccounts.add(caller.getId()); - } - } - } - } @Override public void buildACLSearchParameters(Account caller, Long id, String accountName, Long projectId, List<Long> permittedDomains, List<Long> permittedAccounts, http://git-wip-us.apache.org/repos/asf/cloudstack/blob/683c242e/server/test/com/cloud/user/MockAccountManagerImpl.java ---------------------------------------------------------------------- diff --git a/server/test/com/cloud/user/MockAccountManagerImpl.java b/server/test/com/cloud/user/MockAccountManagerImpl.java index 81ee1a4..4a7d4eb 100644 --- a/server/test/com/cloud/user/MockAccountManagerImpl.java +++ b/server/test/com/cloud/user/MockAccountManagerImpl.java @@ -364,11 +364,4 @@ public class MockAccountManagerImpl extends ManagerBase implements Manager, Acco } - @Override - public void buildACLSearchParameters(Account caller, Long id, String accountName, Long projectId, List<Long> permittedAccounts, - Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject, boolean listAll, boolean forProjectInvitation) { - // TODO Auto-generated method stub - - } - }
