@Test public void testCreateSuccess() { AccountService accountService = Mockito.mock(AccountService.class); Account account = Mockito.mock(Account.class); Mockito.when(accountService.getAccount(Matchers.anyLong())).thenReturn(account); addVpnUserCmd._accountService = accountService; RemoteAccessVpnService ravService = Mockito.mock(RemoteAccessVpnService.class); VpnUser vpnUser = Mockito.mock(VpnUser.class); Mockito.when(ravService.addVpnUser(Matchers.anyLong(), Matchers.anyString(), Matchers.anyString())).thenReturn(vpnUser); addVpnUserCmd._ravService = ravService; addVpnUserCmd.create(); }
UserAccount createCloudstackUserAccount(final LdapUser user, String accountName, Long domainId) { Account account = _accountService.getActiveAccountByName(accountName, domainId); if (account == null) { return _accountService.createUserAccount(username, generatePassword(), user.getFirstname(), user.getLastname(), user.getEmail(), timezone, accountName, getAccountType(), getRoleId(), domainId, networkDomain, details, accountUUID, userUUID, User.Source.LDAP); } else { User newUser = _accountService.createUser(username, generatePassword(), user.getFirstname(), user.getLastname(), user.getEmail(), timezone, accountName, domainId, userUUID, User.Source.LDAP); return _accountService.getUserAccountById(newUser.getId()); } }
@Override public void execute() { User callerUser = _accountService.getActiveUser(CallContext.current().getCallingUserId()); Account callerAccount = _accountService.getActiveAccountById(callerUser.getAccountId()); Vpc result = _networkService.migrateVpcNetwork(getId(), getVpcOfferingId(), getTierNetworkOfferings(), callerAccount, callerUser, getResume()); if (result != null) { VpcResponse response = _responseGenerator.createVpcResponse(ResponseObject.ResponseView.Restricted, result); response.setResponseName(getCommandName()); setResponseObject(response); } else { throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to migrate vpc"); } }
@Override public long getEntityOwnerId() { Account caller = CallContext.current().getCallingAccount(); //For domain wide affinity groups (if the affinity group processor type allows it) if(projectId == null && domainId != null && accountName == null && _accountService.isRootAdmin(caller.getId())){ return Account.ACCOUNT_ID_SYSTEM; } Account owner = _accountService.finalizeOwner(caller, accountName, domainId, projectId); if(owner == null){ return caller.getAccountId(); } return owner.getAccountId(); }
@Override public boolean checkAccess(User user, String commandName) throws PermissionDeniedException { if (isDisabled()) { return true; } Account account = accountService.getAccount(user.getAccountId()); if (account == null) { throw new PermissionDeniedException("The account id=" + user.getAccountId() + "for user id=" + user.getId() + "is null"); } RoleType roleType = accountService.getRoleType(account); boolean isAllowed = commandsPropertiesOverrides.contains(commandName) ? commandsPropertiesRoleBasedApisMap.get(roleType).contains(commandName) : annotationRoleBasedApisMap.get( roleType).contains(commandName); if (isAllowed) { return true; } if (commandNames.contains(commandName)) { throw new PermissionDeniedException("The API is blacklisted. Role type=" + roleType.toString() + " is not allowed to request the api: " + commandName); } else { throw new UnavailableCommandException("The API " + commandName + " does not exist or is not available for this account."); } }
private void createCloudstackUserAccount(LdapUser user, String accountName, Domain domain) { Account account = _accountService.getActiveAccountByName(accountName, domain.getId()); if (account == null) { s_logger.debug("No account exists with name: " + accountName + " creating the account and an user with name: " + user.getUsername() + " in the account"); _accountService.createUserAccount(user.getUsername(), generatePassword(), user.getFirstname(), user.getLastname(), user.getEmail(), timezone, accountName, getAccountType(), getRoleId(), domain.getId(), domain.getNetworkDomain(), details, UUID.randomUUID().toString(), UUID.randomUUID().toString(), User.Source.LDAP); } else { // check if the user exists. if yes, call update UserAccount csuser = _accountService.getActiveUserAccount(user.getUsername(), domain.getId()); if (csuser == null) { s_logger.debug("No user exists with name: " + user.getUsername() + " creating a user in the account: " + accountName); _accountService.createUser(user.getUsername(), generatePassword(), user.getFirstname(), user.getLastname(), user.getEmail(), timezone, accountName, domain.getId(), UUID.randomUUID().toString(), User.Source.LDAP); } else { s_logger.debug("Account [name=%s] and user [name=%s] already exist in CloudStack. Executing the user update."); UpdateUserCmd updateUserCmd = new UpdateUserCmd(); updateUserCmd.setId(csuser.getId()); updateUserCmd.setFirstname(user.getFirstname()); updateUserCmd.setLastname(user.getLastname()); updateUserCmd.setEmail(user.getEmail()); _accountService.updateUser(updateUserCmd); } } }
Volume volume = _entityMgr.findById(Volume.class, volumeId); if (volume != null) { _accountService.checkAccess(callingAccount, SecurityChecker.AccessType.UseEntry, false, volume); } else { throw new InvalidParameterValueException("Unable to find volume by id=" + volumeId); Snapshot snapshot = _entityMgr.findById(Snapshot.class, snapshotId); if (snapshot != null) { _accountService.checkAccess(callingAccount, SecurityChecker.AccessType.UseEntry, false, snapshot); } else { throw new InvalidParameterValueException("Unable to find snapshot by id=" + snapshotId); if (project != null) { if (project.getState() == Project.State.Active) { Account projectAccount= _accountService.getAccount(project.getProjectAccountId()); _accountService.checkAccess(callingAccount, SecurityChecker.AccessType.UseEntry, false, projectAccount); return project.getProjectAccountId(); } else {
@Override public long getEntityOwnerId() { Account activeAccountByName = _accountService.getActiveAccountByName(accountName, domainId); if (activeAccountByName != null) { return activeAccountByName.getAccountId(); } return Account.ACCOUNT_ID_SYSTEM; }
@Override public void execute() { // Check permissions UserAccount userAccount = _accountService.getUserAccountById(getId()); if (userAccount == null) { throw new ServerApiException(ApiErrorCode.ACCOUNT_ERROR , "Unable to find a user account with the given ID"); } Domain domain = _domainService.getDomain(userAccount.getDomainId()); Account account = _accountService.getAccount(userAccount.getAccountId()); _accountService.checkAccess(CallContext.current().getCallingAccount(), domain); _accountService.checkAccess(CallContext.current().getCallingAccount(), SecurityChecker.AccessType.OperateEntry, true, account); CallContext.current().setEventDetails("UserId: " + getId()); SuccessResponse response = new SuccessResponse(); Boolean status = false; if (_samlAuthManager.authorizeUser(getId(), getEntityId(), getEnable())) { status = true; } response.setResponseName(getCommandName()); response.setSuccess(status); setResponseObject(response); } }
@Override public boolean checkAccess(User user, String apiCommandName) throws PermissionDeniedException { // check if api rate limiting is enabled or not if (!enabled) { return true; } Long accountId = user.getAccountId(); Account account = _accountService.getAccount(accountId); if (_accountService.isRootAdmin(account.getId())) { // no API throttling on root admin return true; } StoreEntry entry = _store.get(accountId); if (entry == null) { /* Populate the entry, thus unlocking any underlying mutex */ entry = _store.create(accountId, timeToLive); } /* Increment the client count and see whether we have hit the maximum allowed clients yet. */ int current = entry.incrementAndGet(); if (current <= maxAllowed) { s_logger.trace("account (" + account.getAccountId() + "," + account.getAccountName() + ") has current count = " + current); return true; } else { long expireAfter = entry.getExpireDuration(); // for this exception, we can just show the same message to user and admin users. String msg = "The given user has reached his/her account api limit, please retry after " + expireAfter + " ms."; s_logger.warn(msg); throw new RequestLimitException(msg); } }
@Test public void testExecuteWithNotBlankPassword() { ReflectionTestUtils.setField(createAccountCmd, "password", "Test"); try { createAccountCmd.execute(); } catch (ServerApiException e) { Assert.assertTrue("Received exception as the mock accountService createUserAccount returns null user", true); } Mockito.verify(accountService, Mockito.times(1)).createUserAccount(null, "Test", null, null, null, null, null, accountType, roleId, domainId, null, null, null, null); }
@Test public void testExecuteWithNotBlankPassword() { ReflectionTestUtils.setField(createUserCmd, "password", "Test"); try { createUserCmd.execute(); } catch (ServerApiException e) { Assert.assertTrue("Received exception as the mock accountService createUser returns null user", true); } Mockito.verify(accountService, Mockito.times(1)).createUser(null, "Test", null, null, null, null, null, null, null); }
Account account = _accountService.getActiveAccountByName(admin, domainId); if (account == null) { try { UserAccount userAccount = _accountService .createUserAccount(admin, "", ldapUser.getFirstname(), ldapUser.getLastname(), ldapUser.getEmail(), null, admin, Account.ACCOUNT_TYPE_DOMAIN_ADMIN, RoleType.DomainAdmin.getId(), domainId, null, null, UUID.randomUUID().toString(), UUID.randomUUID().toString(), User.Source.LDAP); response.setAdminId(String.valueOf(userAccount.getAccountId()));
public Account getAccount(){ return _accountService.getActiveAccountById(getEntityOwnerId()); } public void getReservationContext() {
@Override public long getEntityOwnerId() { Long accountId = _accountService.finalyzeAccountId(accountName, domainId, null, true); if (accountId == null) { accountId = CallContext.current().getCallingAccount().getId(); } return accountId; }
} else { if (_accountService.isRootAdmin(account.getId())) { return true; else if (_accountService.isNormalUser(account.getId()) || account.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN || _accountService.isDomainAdmin(account.getId()) || account.getType() == Account.ACCOUNT_TYPE_PROJECT) { if (account.getDomainId() == dof.getDomainId()) {
@Override @ActionEvent(eventType = EventTypes.EVENT_TEMPLATE_CREATE, eventDescription = "creating template") public VirtualMachineTemplate registerTemplate(RegisterTemplateCmd cmd) throws URISyntaxException, ResourceAllocationException { Account account = CallContext.current().getCallingAccount(); if (cmd.getTemplateTag() != null) { if (!_accountService.isRootAdmin(account.getId())) { throw new PermissionDeniedException("Parameter templatetag can only be specified by a Root Admin, permission denied"); } } if (cmd.isRoutingType() != null) { if (!_accountService.isRootAdmin(account.getId())) { throw new PermissionDeniedException("Parameter isrouting can only be specified by a Root Admin, permission denied"); } } TemplateAdapter adapter = getAdapter(HypervisorType.getType(cmd.getHypervisor())); TemplateProfile profile = adapter.prepare(cmd); VMTemplateVO template = adapter.create(profile); if (template != null) { return template; } else { throw new CloudRuntimeException("Failed to create a template"); } }
@Override public void execute() { UserAccount result = _accountService.getUserByApiKey(getApiKey()); if (result != null) { UserResponse response = _responseGenerator.createUserResponse(result); response.setResponseName(getCommandName()); response.setResponseName(getCommandName()); this.setResponseObject(response); } else { throw new InvalidParameterValueException("User with specified API key does not exist"); } } }
if (_accountService.isRootAdmin(caller.getId())) { isAdmin = true; } else if (_accountService.isDomainAdmin(caller.getId())) { isDomainAdmin = true;
if (_accountService.isRootAdmin(caller.getId()) || (owner.getId() == caller.getId())) { return true; if (!_accountService.isRootAdmin(caller.getId()) && owner.getId() != caller.getId()) { return false; } else { if (_accountService.isNormalUser(caller.getId())) { Account account = _accountDao.findById(entity.getAccountId());