@Override public Boolean doInTransaction(TransactionStatus status) { List<? extends RolePermission> rolePermissions = rolePermissionsDao.findAllByRoleIdSorted(role.getId()); if (rolePermissions != null && !rolePermissions.isEmpty()) { for (RolePermission rolePermission : rolePermissions) { rolePermissionsDao.remove(rolePermission.getId()); } } if (roleDao.remove(role.getId())) { RoleVO roleVO = roleDao.findByIdIncludingRemoved(role.getId()); roleVO.setName(null); return roleDao.update(role.getId(), roleVO); } return false; } });
protected void setupResponse(final Role role) { final RoleResponse response = new RoleResponse(); response.setId(role.getUuid()); response.setRoleName(role.getName()); response.setRoleType(role.getRoleType()); response.setDescription(role.getDescription()); response.setResponseName(getCommandName()); response.setObjectName("role"); setResponseObject(response); } }
public static Short getAccountTypeByRole(final Role role, final Short accountType) { if (role != null && role.getId() > 0L) { return role.getRoleType().getAccountType(); } return accountType; } }
public static AccountResponse newAccountResponse(ResponseView view, AccountJoinVO ve) { AccountResponse response = s_accountJoinDao.newAccountResponse(view, ve); // Populate account role information if (ve.getRoleId() != null) { Role role = s_roleService.findRole(ve.getRoleId()); if (role != null) { response.setRoleId(role.getUuid()); response.setRoleType(role.getRoleType()); response.setRoleName(role.getName()); } } return response; }
private void setupResponse(final List<RolePermission> rolePermissions, final Long roleId) { final Role roleProvided = roleService.findRole(roleId); final ListResponse<RolePermissionResponse> response = new ListResponse<>(); final List<RolePermissionResponse> rolePermissionResponses = new ArrayList<>(); for (final RolePermission rolePermission : rolePermissions) { final RolePermissionResponse rolePermissionResponse = new RolePermissionResponse(); Role role = roleProvided; if (role == null) { role = roleService.findRole(rolePermission.getRoleId()); } rolePermissionResponse.setRoleId(role.getUuid()); rolePermissionResponse.setRoleName(role.getName()); rolePermissionResponse.setId(rolePermission.getUuid()); rolePermissionResponse.setRule(rolePermission.getRule()); rolePermissionResponse.setRulePermission(rolePermission.getPermission()); rolePermissionResponse.setDescription(rolePermission.getDescription()); rolePermissionResponse.setObjectName("rolepermission"); rolePermissionResponses.add(rolePermissionResponse); } response.setResponses(rolePermissionResponses); response.setResponseName(getCommandName()); setResponseObject(response); }
/** * Remove all roles that have the {@link RoleType#Admin}. */ protected void removeRootAdminRoles(List<? extends Role> roles) { if (CollectionUtils.isEmpty(roles)) { return; } Iterator<? extends Role> rolesIterator = roles.iterator(); while (rolesIterator.hasNext()) { Role role = rolesIterator.next(); if (RoleType.Admin == role.getRoleType()) { rolesIterator.remove(); } } }
private void setupResponse(final RolePermission rolePermission, final Role role) { final RolePermissionResponse response = new RolePermissionResponse(); response.setId(rolePermission.getUuid()); response.setRoleId(role.getUuid()); response.setRule(rolePermission.getRule()); response.setRulePermission(rolePermission.getPermission()); response.setDescription(rolePermission.getDescription()); response.setResponseName(getCommandName()); response.setObjectName("rolepermission"); setResponseObject(response); }
@Test public void testGetAccountTypeByRole() { Role role = Mockito.mock(Role.class); Mockito.when(role.getRoleType()).thenReturn(RoleType.Admin); Mockito.when(role.getId()).thenReturn(100L); Assert.assertEquals(RoleType.getAccountTypeByRole(role, null), (Short) RoleType.Admin.getAccountType()); } }
public static UserResponse newUserResponse(UserAccountJoinVO usr, Long domainId) { UserResponse response = s_userAccountJoinDao.newUserResponse(usr); if(!AccountManager.UseSecretKeyInResponse.value()){ response.setSecretKey(null); } // Populate user account role information if (usr.getAccountRoleId() != null) { Role role = s_roleService.findRole( usr.getAccountRoleId()); if (role != null) { response.setRoleId(role.getUuid()); response.setRoleType(role.getRoleType()); response.setRoleName(role.getName()); } } if (domainId != null && usr.getDomainId() != domainId) response.setIsCallerChildDomain(true); else response.setIsCallerChildDomain(false); return response; }
private void checkCallerAccess() { if (!isEnabled()) { throw new PermissionDeniedException("Dynamic api checker is not enabled, aborting role operation"); } Account caller = getCurrentAccount(); if (caller == null || caller.getRoleId() == null) { throw new PermissionDeniedException("Restricted API called by an invalid user account"); } Role callerRole = findRole(caller.getRoleId()); if (callerRole == null || callerRole.getRoleType() != RoleType.Admin) { throw new PermissionDeniedException("Restricted API called by an user account of non-Admin role type"); } }
private void setupResponse(final List<Role> roles) { final ListResponse<RoleResponse> response = new ListResponse<>(); final List<RoleResponse> roleResponses = new ArrayList<>(); for (final Role role : roles) { if (role == null) { continue; } final RoleResponse roleResponse = new RoleResponse(); roleResponse.setId(role.getUuid()); roleResponse.setRoleName(role.getName()); roleResponse.setRoleType(role.getRoleType()); roleResponse.setDescription(role.getDescription()); roleResponse.setObjectName("role"); roleResponses.add(roleResponse); } response.setResponses(roleResponses); response.setResponseName(getCommandName()); setResponseObject(response); }
@Override public RolePermissionVO doInTransaction(TransactionStatus status) { return rolePermissionsDao.persist(new RolePermissionVO(role.getId(), rule.toString(), permission, description)); } });
if (accountRole == null || accountRole.getId() < 1L) { denyApiAccess(commandName); if (accountRole.getRoleType() == RoleType.Admin && accountRole.getId() == RoleType.Admin.getId()) { return true; for (final RolePermission permission : roleService.findAllPermissionsBy(accountRole.getId())) { if (permission.getRule().matches(commandName)) { if (RolePermission.Permission.ALLOW.equals(permission.getPermission())) { if (annotationRoleBasedApisMap.get(accountRole.getRoleType()) != null && annotationRoleBasedApisMap.get(accountRole.getRoleType()).contains(commandName)) { return true;
@Test public void testUpdateSuccess() { when(roleService.findRole(updateRoleCmd.getRoleId())).thenReturn(role); when(role.getId()).thenReturn(1L); when(role.getUuid()).thenReturn("12345-abcgdkajd"); when(role.getDescription()).thenReturn("Defualt user"); when(role.getName()).thenReturn("User"); when(role.getRoleType()).thenReturn(RoleType.User); when(roleService.updateRole(role,updateRoleCmd.getRoleName(),updateRoleCmd.getRoleType(),updateRoleCmd.getRoleDescription())).thenReturn(role); when(role.getId()).thenReturn(1L); when(role.getDescription()).thenReturn("Description Initial"); when(role.getName()).thenReturn("User"); updateRoleCmd.execute(); RoleResponse response = (RoleResponse) updateRoleCmd.getResponseObject(); assertEquals((String)ReflectionTestUtils.getField(response, "roleName"),role.getName()); assertEquals((String)ReflectionTestUtils.getField(response, "roleDescription"),role.getDescription()); } }
@Override @ActionEvent(eventType = EventTypes.EVENT_ROLE_UPDATE, eventDescription = "updating Role") public Role updateRole(final Role role, final String name, final RoleType roleType, final String description) { checkCallerAccess(); if (roleType != null && roleType == RoleType.Unknown) { throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Unknown is not a valid role type"); } RoleVO roleVO = (RoleVO)role; if (!Strings.isNullOrEmpty(name)) { roleVO.setName(name); } if (roleType != null) { if (role.getId() <= RoleType.User.getId()) { throw new PermissionDeniedException("The role type of default roles cannot be changed"); } List<? extends Account> accounts = accountDao.findAccountsByRole(role.getId()); if (accounts == null || accounts.isEmpty()) { roleVO.setRoleType(roleType); } else { throw new PermissionDeniedException("Found accounts that have role in use, won't allow to change role type"); } } if (!Strings.isNullOrEmpty(description)) { roleVO.setDescription(description); } roleDao.update(role.getId(), roleVO); return role; }
@Override public Boolean doInTransaction(TransactionStatus status) { final String failMessage = "The role's rule permissions list has changed while you were making updates, aborted re-ordering of rules. Please try again."; final List<RolePermissionVO> currentOrder = findAllByRoleIdSorted(role.getId()); if (role.getId() < 1L || newOrder.size() != currentOrder.size()) { throw new CloudRuntimeException(failMessage); final SearchCriteria<RolePermissionVO> sc = RolePermissionsSearch.create(); sc.setParameters("uuid", rolePermission.getUuid()); sc.setParameters("roleId", role.getId()); sc.setParameters("sortOrder", rolePermission.getSortOrder());
return false; if (role.getId() <= RoleType.User.getId()) { throw new PermissionDeniedException("Default roles cannot be deleted"); List<? extends Account> accounts = accountDao.findAccountsByRole(role.getId()); if (accounts == null || accounts.size() == 0) { return Transaction.execute(new TransactionCallback<Boolean>() {
@Override public boolean update(Role role, RolePermission rolePermission, Permission permission) { if (role == null || rolePermission == null || permission == null) { return false; } RolePermissionVO rolePermissionVO = findById(rolePermission.getId()); if (rolePermissionVO == null || role.getId() != rolePermission.getRoleId() || rolePermissionVO.getId() != rolePermission.getId()) { return false; } rolePermissionVO.setPermission(permission); return update(rolePermission.getId(), rolePermissionVO); }
@Override public void execute() { Role role = roleService.findRole(getRoleId()); if (role == null) { throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Cannot find the role with provided id"); } CallContext.current().setEventDetails("Role id: " + role.getId()); boolean result = roleService.deleteRole(role); SuccessResponse response = new SuccessResponse(getCommandName()); response.setSuccess(result); setResponseObject(response); } }
@Override public void execute() { final Role role = roleService.findRole(getRoleId()); if (role == null) { throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Invalid role id provided"); } CallContext.current().setEventDetails("Role id: " + role.getId() + ", rule:" + getRule() + ", permission: " + getPermission() + ", description: " + getDescription()); final RolePermission rolePermission = roleService.createRolePermission(role, getRule(), getPermission(), getDescription()); if (rolePermission == null) { throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create role permission"); } setupResponse(rolePermission, role); } }