@Override public RoleType getRoleType(Account account) { if (account == null) { return RoleType.Unknown; } return RoleType.getByAccountType(account.getType()); }
public boolean isInternalAccount(long accountId) { Account account = _accountDao.findById(accountId); if (account == null) { return false; //account is deleted or does not exist } if (isRootAdmin(accountId) || (account.getType() == Account.ACCOUNT_ID_SYSTEM)) { return true; } return false; }
public void testMyResource() { ClientConfig config = new DefaultClientConfig(); config.getClasses().add(JacksonJaxbJsonProvider.class); config.getFeatures().put(JSONConfiguration.FEATURE_POJO_MAPPING, Boolean.TRUE); Client c = Client.create(config); WebResource resource = c.resource(Main.BASE_URI); ClientResponse response = resource.path("account") .accept("application/json").get(ClientResponse.class); List<Account> accounts = response.getEntity(new GenericType<List<Account>>(){}); StringBuilder builder = new StringBuilder("=== Accounts ===\n"); for (Account account: accounts) { builder.append("Name: ").append(account.getName()).append(", ") .append("Type: ").append(account.getType()).append("\n"); } builder.append("=================="); System.out.println(builder.toString()); }
private ProjectVO getProject(long accountId) { Account account = _accountDao.findById(accountId); if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) { return _projectDao.findByProjectAccountId(account.getId()); } return null; }
@Override public String getProjectName(long accountId) { Account account = _accountDao.findById(accountId); if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) { ProjectVO project = _projectDao.findByProjectAccountId(account.getId()); if (project != null) { return project.getName(); } } return VNC_DEFAULT_PROJECT; }
@Override public List<? extends NicSecondaryIp> listVmNicSecondaryIps(ListNicsCmd cmd) { Account caller = CallContext.current().getCallingAccount(); Long nicId = cmd.getNicId(); long vmId = cmd.getVmId(); String keyword = cmd.getKeyword(); UserVmVO userVm = _userVmDao.findById(vmId); if (userVm == null || (!userVm.isDisplayVm() && caller.getType() == Account.ACCOUNT_TYPE_NORMAL)) { throwInvalidIdException("Virtual machine id does not exist", Long.valueOf(vmId).toString(), "vmId"); } _accountMgr.checkAccess(caller, null, true, userVm); return _nicSecondaryIpDao.listSecondaryIpUsingKeyword(nicId, keyword); }
private void checkAccountAndAccess(UserVO user, Account account) { // don't allow to delete the user from the account of type Project if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) { throw new InvalidParameterValueException("Project users cannot be deleted or moved."); } checkAccess(getCurrentCallingAccount(), AccessType.OperateEntry, true, account); CallContext.current().putContextParameter(User.class, user.getUuid()); }
@Override public List<? extends Nic> listNics(ListNicsCmd cmd) { Account caller = CallContext.current().getCallingAccount(); Long nicId = cmd.getNicId(); long vmId = cmd.getVmId(); String keyword = cmd.getKeyword(); Long networkId = cmd.getNetworkId(); UserVmVO userVm = _userVmDao.findById(vmId); if (userVm == null || (!userVm.isDisplayVm() && caller.getType() == Account.ACCOUNT_TYPE_NORMAL)) { throwInvalidIdException("Virtual machine id does not exist", Long.valueOf(vmId).toString(), "vmId"); } _accountMgr.checkAccess(caller, null, true, userVm); return _networkMgr.listVmNics(vmId, nicId, networkId, keyword); }
public boolean shouldSkipField(FieldAttributes f) { Param param = f.getAnnotation(Param.class); if (param != null) { RoleType[] allowedRoles = param.authorized(); if (allowedRoles.length > 0) { boolean permittedParameter = false; Account caller = CallContext.current().getCallingAccount(); for (RoleType allowedRole : allowedRoles) { if (allowedRole.getAccountType() == caller.getType()) { permittedParameter = true; break; } } if (!permittedParameter) { return true; } } } return false; } }
@Override public boolean archiveEvents(final ArchiveEventsCmd cmd) { final Account caller = getCaller(); final List<Long> ids = cmd.getIds(); boolean result = true; List<Long> permittedAccountIds = new ArrayList<Long>(); if (_accountService.isNormalUser(caller.getId()) || caller.getType() == Account.ACCOUNT_TYPE_PROJECT) { permittedAccountIds.add(caller.getId()); } else { final DomainVO domain = _domainDao.findById(caller.getDomainId()); final List<Long> permittedDomainIds = _domainDao.getDomainChildrenIds(domain.getPath()); permittedAccountIds = _accountDao.getAccountIdsForDomains(permittedDomainIds); } final List<EventVO> events = _eventDao.listToArchiveOrDeleteEvents(ids, cmd.getType(), cmd.getStartDate(), cmd.getEndDate(), permittedAccountIds); final ControlledEntity[] sameOwnerEvents = events.toArray(new ControlledEntity[events.size()]); _accountMgr.checkAccess(CallContext.current().getCallingAccount(), null, false, sameOwnerEvents); if (ids != null && events.size() < ids.size()) { result = false; return result; } _eventDao.archiveEvents(events); return result; }
private void populateAccount(ControlledEntityResponse response, long accountId) { Account account = ApiDBUtils.findAccountById(accountId); if (account == null) { s_logger.debug("Unable to find account with id: " + accountId); } else if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) { // find the project Project project = ApiDBUtils.findProjectByProjectAccountId(account.getId()); if (project != null) { response.setProjectId(project.getUuid()); response.setProjectName(project.getName()); response.setAccountName(account.getAccountName()); } else { s_logger.debug("Unable to find project with id: " + account.getId()); } } else { response.setAccountName(account.getAccountName()); } }
@Override public ServiceInstanceResponse createServiceInstanceResponse(long instanceId) { s_logger.debug("ServiceInstance response for id: " + instanceId); UserVmVO vm = _vmDao.findById(instanceId); ServiceInstanceResponse response = new ServiceInstanceResponse(); response.setId(vm.getUuid()); Account owner = _accountService.getAccount(vm.getAccountId()); if (owner.getType() == Account.ACCOUNT_TYPE_PROJECT) { Project project = ApiDBUtils.findProjectByProjectAccountIdIncludingRemoved(owner.getAccountId()); response.setProjectId(project.getUuid()); response.setProjectName(project.getName()); } else { response.setAccountName(owner.getAccountName()); } return response; }
protected FirewallRule updateFirewallRule(long ruleId, String customId, Account caller, Boolean forDisplay) { FirewallRuleVO rule = _firewallDao.findById(ruleId); if (rule == null || rule.getPurpose() != Purpose.Firewall) { throw new InvalidParameterValueException("Unable to find " + ruleId + " having purpose " + Purpose.Firewall); } if (rule.getType() == FirewallRuleType.System && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) { throw new InvalidParameterValueException("Only root admin can update the system wide firewall rule"); } _accountMgr.checkAccess(caller, null, true, rule); if (customId != null) { rule.setUuid(customId); } if (forDisplay != null) { rule.setDisplay(forDisplay); } _firewallDao.update(ruleId, rule); return _firewallDao.findById(ruleId); }
/** * Searches an account for the given users. Then, we validate it as follows: * <ul> * <li>If no account is found for the given user, we throw a {@link CloudRuntimeException}. There must be something wrong in the database for this case. * <li>If the account is of {@link Account#ACCOUNT_TYPE_PROJECT}, we throw an {@link InvalidParameterValueException}. * <li>If the account is of {@link Account#ACCOUNT_ID_SYSTEM}, we throw an {@link InvalidParameterValueException}. * </ul> * * Afterwards, we check if the logged user has access to the user being updated via {@link #checkAccess(Account, AccessType, boolean, ControlledEntity...)} */ protected Account retrieveAndValidateAccount(UserVO user) { Account account = _accountDao.findById(user.getAccountId()); if (account == null) { throw new CloudRuntimeException("Unable to find user account with ID: " + user.getAccountId()); } if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) { throw new InvalidParameterValueException("Unable to find user with ID: " + user.getUuid()); } if (account.getId() == Account.ACCOUNT_ID_SYSTEM) { throw new PermissionDeniedException("user UUID : " + user.getUuid() + " is a system account; update is not allowed."); } checkAccess(getCurrentCallingAccount(), AccessType.OperateEntry, true, account); return account; }
@Override public long getEntityOwnerId() { Volume volume = _entityMgr.findById(Volume.class, getVolumeId()); if (volume == null) { throw new InvalidParameterValueException("Unable to find volume by id=" + volumeId); } Account account = _accountService.getAccount(volume.getAccountId()); //Can create templates for enabled projects/accounts only if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) { Project project = _projectService.findByProjectAccountId(volume.getAccountId()); if (project.getState() != Project.State.Active) { throw new PermissionDeniedException("Can't add resources to the project id=" + project.getId() + " in state=" + project.getState() + " as it's no longer active"); } } else if (account.getState() == Account.State.disabled) { throw new PermissionDeniedException("The owner of template is disabled: " + account); } return volume.getAccountId(); }
@Override public long getEntityOwnerId() { Volume volume = _entityMgr.findById(Volume.class, getEntityId()); if (volume == null) { throw new InvalidParameterValueException("Unable to find volume by id=" + id); } Account account = _accountService.getAccount(volume.getAccountId()); //Can resize volumes for enabled projects/accounts only if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) { Project project = _projectService.findByProjectAccountId(volume.getAccountId()); if (project.getState() != Project.State.Active) { throw new PermissionDeniedException("Can't add resources to project id=" + project.getId() + " in state=" + project.getState() + " as it's no longer active"); } } else if (account.getState() == Account.State.disabled) { throw new PermissionDeniedException("The owner of volume " + id + " is disabled: " + account); } return volume.getAccountId(); }
private void populateOwner(ControlledEntityResponse response, ControlledEntity object) { Account account = ApiDBUtils.findAccountById(object.getAccountId()); if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) { // find the project Project project = ApiDBUtils.findProjectByProjectAccountId(account.getId()); response.setProjectId(project.getUuid()); response.setProjectName(project.getName()); } else { response.setAccountName(account.getAccountName()); } Domain domain = ApiDBUtils.findDomainById(object.getDomainId()); response.setDomainId(domain.getUuid()); response.setDomainName(domain.getName()); }
@Override public long getEntityOwnerId() { Volume volume = _entityMgr.findById(Volume.class, getVolumeId()); if (volume == null) { throw new InvalidParameterValueException("Unable to find volume by id=" + volumeId); } Account account = _accountService.getAccount(volume.getAccountId()); //Can create templates for enabled projects/accounts only if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) { Project project = _projectService.findByProjectAccountId(volume.getAccountId()); if (project.getState() != Project.State.Active) { PermissionDeniedException ex = new PermissionDeniedException("Can't add resources to the specified project id in state=" + project.getState() + " as it's no longer active"); ex.addProxyObject(project.getUuid(), "projectId"); throw ex; } } else if (account.getState() == Account.State.disabled) { throw new PermissionDeniedException("The owner of template is disabled: " + account); } return volume.getAccountId(); }
@Override public void execute() { Account caller = CallContext.current().getCallingAccount(); List<QuotaSummaryResponse> responses; if (caller.getType() == Account.ACCOUNT_TYPE_ADMIN) { //admin account if (getAccountName() != null && getDomainId() != null) responses = _responseBuilder.createQuotaSummaryResponse(caller.getAccountName(), caller.getDomainId()); else responses = _responseBuilder.createQuotaSummaryResponse(isListAll()); } else { responses = _responseBuilder.createQuotaSummaryResponse(caller.getAccountName(), caller.getDomainId()); } final ListResponse<QuotaSummaryResponse> response = new ListResponse<QuotaSummaryResponse>(); response.setResponses(responses); response.setResponseName(getCommandName()); setResponseObject(response); }
@Override public long getEntityOwnerId() { VMSnapshot vmsnapshot = _entityMgr.findById(VMSnapshot.class, getVMSnapshotId()); if (vmsnapshot == null) { throw new InvalidParameterValueException("Unable to find vmsnapshot by id=" + getVMSnapshotId()); } Account account = _accountService.getAccount(vmsnapshot.getAccountId()); //Can create templates for enabled projects/accounts only if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) { Project project = _projectService.findByProjectAccountId(vmsnapshot.getAccountId()); if (project == null) { throw new InvalidParameterValueException("Unable to find project by account id=" + account.getUuid()); } if (project.getState() != Project.State.Active) { throw new PermissionDeniedException("Can't add resources to the project id=" + project.getUuid() + " in state=" + project.getState() + " as it's no longer active"); } } else if (account.getState() == Account.State.disabled) { throw new PermissionDeniedException("The owner of template is disabled: " + account); } return vmsnapshot.getAccountId(); }