@Override public boolean checkAccess(User user, String commandName) throws PermissionDeniedException { if (isDisabled()) { return true; } Account account = accountService.getAccount(user.getAccountId()); if (account == null) { throw new PermissionDeniedException("The account id=" + user.getAccountId() + "for user id=" + user.getId() + "is null"); } RoleType roleType = accountService.getRoleType(account); boolean isAllowed = commandsPropertiesOverrides.contains(commandName) ? commandsPropertiesRoleBasedApisMap.get(roleType).contains(commandName) : annotationRoleBasedApisMap.get( roleType).contains(commandName); if (isAllowed) { return true; } if (commandNames.contains(commandName)) { throw new PermissionDeniedException("The API is blacklisted. Role type=" + roleType.toString() + " is not allowed to request the api: " + commandName); } else { throw new UnavailableCommandException("The API " + commandName + " does not exist or is not available for this account."); } }
@Test public void testCreateSuccess() { AccountService accountService = Mockito.mock(AccountService.class); Account account = Mockito.mock(Account.class); Mockito.when(accountService.getAccount(Matchers.anyLong())).thenReturn(account); addVpnUserCmd._accountService = accountService; RemoteAccessVpnService ravService = Mockito.mock(RemoteAccessVpnService.class); VpnUser vpnUser = Mockito.mock(VpnUser.class); Mockito.when(ravService.addVpnUser(Matchers.anyLong(), Matchers.anyString(), Matchers.anyString())).thenReturn(vpnUser); addVpnUserCmd._ravService = ravService; addVpnUserCmd.create(); }
@Override public long getEntityOwnerId() { Vpc vpc = _entityMgr.findById(Vpc.class, getVpcId()); if (vpc == null) { throw new InvalidParameterValueException("Invalid vpcId is given"); } Account account = _accountService.getAccount(vpc.getAccountId()); return account.getId(); }
@Test public void testCreateFailure() { AccountService accountService = Mockito.mock(AccountService.class); Account account = Mockito.mock(Account.class); Mockito.when(accountService.getAccount(Matchers.anyLong())).thenReturn(account); addVpnUserCmd._accountService = accountService; RemoteAccessVpnService ravService = Mockito.mock(RemoteAccessVpnService.class); Mockito.when(ravService.addVpnUser(Matchers.anyLong(), Matchers.anyString(), Matchers.anyString())).thenReturn(null); addVpnUserCmd._ravService = ravService; try { addVpnUserCmd.create(); } catch (ServerApiException exception) { Assert.assertEquals("Failed to add vpn user", exception.getDescription()); } }
@Override public void execute() { SnapshotPolicy result = _snapshotService.createPolicy(this, _accountService.getAccount(getEntityOwnerId())); if (result != null) { SnapshotPolicyResponse response = _responseGenerator.createSnapshotPolicyResponse(result); response.setResponseName(getCommandName()); this.setResponseObject(response); } else { throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create snapshot policy"); } } }
@Override public void create() throws ResourceAllocationException { VirtualMachineTemplate template = null; //TemplateOwner should be the caller https://issues.citrite.net/browse/CS-17530 template = _templateService.createPrivateTemplateRecord(this, _accountService.getAccount(getEntityOwnerId())); if (template != null) { setEntityId(template.getId()); setEntityUuid(template.getUuid()); } else { throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create a template"); } }
@Override public void create() { Account owner = _accountService.getAccount(getEntityOwnerId()); VpnUser vpnUser = _ravService.addVpnUser(owner.getId(), userName, password); if (vpnUser == null) { throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to add vpn user"); } setEntityId(vpnUser.getId()); setEntityUuid(vpnUser.getUuid()); } }
@Test public void testCreateSuccess() { AccountService accountService = Mockito.mock(AccountService.class); Account account = Mockito.mock(Account.class); Mockito.when(accountService.getAccount(anyLong())).thenReturn(account); VolumeApiService volumeApiService = Mockito.mock(VolumeApiService.class); Snapshot snapshot = Mockito.mock(Snapshot.class); try { Mockito.when(volumeApiService.takeSnapshot(anyLong(), anyLong(), anyLong(), any(Account.class), anyBoolean(), isNull(Snapshot.LocationType.class), anyBoolean())).thenReturn(snapshot); } catch (Exception e) { Assert.fail("Received exception when success expected " + e.getMessage()); } responseGenerator = Mockito.mock(ResponseGenerator.class); SnapshotResponse snapshotResponse = Mockito.mock(SnapshotResponse.class); Mockito.when(responseGenerator.createSnapshotResponse(snapshot)).thenReturn(snapshotResponse); Mockito.doNothing().when(snapshotResponse).setAccountName(anyString()); createSnapshotCmd._accountService = accountService; createSnapshotCmd._responseGenerator = responseGenerator; createSnapshotCmd._volumeService = volumeApiService; try { createSnapshotCmd.execute(); } catch (Exception e) { Assert.fail("Received exception when success expected " + e.getMessage()); } }
@Override public void create() throws ResourceAllocationException { try { IpAddress ip = null; if (!isPortable()) { ip = _networkService.allocateIP(_accountService.getAccount(getEntityOwnerId()), getZoneId(), getNetworkId(), getDisplayIp()); } else { ip = _networkService.allocatePortableIP(_accountService.getAccount(getEntityOwnerId()), 1, getZoneId(), getNetworkId(), getVpcId()); } if (ip != null) { setEntityId(ip.getId()); setEntityUuid(ip.getUuid()); } else { throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to allocate IP address"); } } catch (ConcurrentOperationException ex) { s_logger.warn("Exception: ", ex); throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, ex.getMessage()); } catch (InsufficientAddressCapacityException ex) { s_logger.info(ex); s_logger.trace(ex); throw new ServerApiException(ApiErrorCode.INSUFFICIENT_CAPACITY_ERROR, ex.getMessage()); } }
@Test public void testCreateFailure() { AccountService accountService = Mockito.mock(AccountService.class); Account account = Mockito.mock(Account.class); Mockito.when(accountService.getAccount(anyLong())).thenReturn(account); VolumeApiService volumeApiService = Mockito.mock(VolumeApiService.class); try { Mockito.when(volumeApiService.takeSnapshot(anyLong(), anyLong(), anyLong(), any(Account.class), anyBoolean(), isNull(Snapshot.LocationType.class), anyBoolean())).thenReturn(null); } catch (Exception e) { Assert.fail("Received exception when success expected " + e.getMessage()); } createSnapshotCmd._accountService = accountService; createSnapshotCmd._volumeService = volumeApiService; try { createSnapshotCmd.execute(); } catch (ServerApiException exception) { Assert.assertEquals("Failed to create snapshot due to an internal error creating snapshot for volume 1", exception.getDescription()); } } }
@Override public void execute() throws ResourceUnavailableException, ResourceAllocationException, ConcurrentOperationException { AcquirePodIpCmdResponse podIp = null; podIp = _networkService.allocatePodIp(_accountService.getAccount(getEntityOwnerId()), getZoneId(), getPodId()); if (podIp != null) { podIp.setResponseName(getCommandName()); podIp.setObjectName(getCommandName()); setResponseObject(podIp); } else { throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to assign IP address"); } }
@Override public void execute() { List<UserVO> users = new ArrayList<UserVO>(); if (getUserId() != null) { UserVO user = _userDao.getUser(getUserId()); if (user != null) { Account account = _accountService.getAccount(user.getAccountId()); _accountService.checkAccess(CallContext.current().getCallingAccount(), SecurityChecker.AccessType.ListEntry, true, account); users.add(user); } } else if (CallContext.current().getCallingAccount().getType() == Account.ACCOUNT_TYPE_ADMIN) { users = _userDao.listAll(); } ListResponse<SamlAuthorizationResponse> response = new ListResponse<SamlAuthorizationResponse>(); List<SamlAuthorizationResponse> authorizationResponses = new ArrayList<SamlAuthorizationResponse>(); for (User user: users) { SamlAuthorizationResponse authorizationResponse = new SamlAuthorizationResponse(user.getUuid(), user.getSource().equals(User.Source.SAML2), user.getExternalEntity()); authorizationResponse.setObjectName("samlauthorization"); authorizationResponses.add(authorizationResponse); } response.setResponses(authorizationResponses); response.setResponseName(getCommandName()); setResponseObject(response); } }
@Override public ServiceInstanceResponse createServiceInstanceResponse(long instanceId) { s_logger.debug("ServiceInstance response for id: " + instanceId); UserVmVO vm = _vmDao.findById(instanceId); ServiceInstanceResponse response = new ServiceInstanceResponse(); response.setId(vm.getUuid()); Account owner = _accountService.getAccount(vm.getAccountId()); if (owner.getType() == Account.ACCOUNT_TYPE_PROJECT) { Project project = ApiDBUtils.findProjectByProjectAccountIdIncludingRemoved(owner.getAccountId()); response.setProjectId(project.getUuid()); response.setProjectName(project.getName()); } else { response.setAccountName(owner.getAccountName()); } return response; }
@Override public void execute() { Account owner = _accountService.getAccount(getEntityOwnerId()); boolean result = _ravService.removeVpnUser(owner.getId(), userName, CallContext.current().getCallingAccount()); if (!result) { throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove vpn user"); } try { if (!_ravService.applyVpnUsers(owner.getId(), userName)) { throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to apply vpn user removal"); } }catch (Exception ex) { throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to remove vpn user due to resource unavailable"); } SuccessResponse response = new SuccessResponse(getCommandName()); setResponseObject(response); } }
@Override public long getEntityOwnerId() { Volume volume = _entityMgr.findById(Volume.class, getVolumeId()); if (volume == null) { throw new InvalidParameterValueException("Unable to find volume by id=" + volumeId); } Account account = _accountService.getAccount(volume.getAccountId()); //Can create templates for enabled projects/accounts only if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) { Project project = _projectService.findByProjectAccountId(volume.getAccountId()); if (project.getState() != Project.State.Active) { throw new PermissionDeniedException("Can't add resources to the project id=" + project.getId() + " in state=" + project.getState() + " as it's no longer active"); } } else if (account.getState() == Account.State.disabled) { throw new PermissionDeniedException("The owner of template is disabled: " + account); } return volume.getAccountId(); }
@Override public long getEntityOwnerId() { Volume volume = _entityMgr.findById(Volume.class, getEntityId()); if (volume == null) { throw new InvalidParameterValueException("Unable to find volume by id=" + id); } Account account = _accountService.getAccount(volume.getAccountId()); //Can resize volumes for enabled projects/accounts only if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) { Project project = _projectService.findByProjectAccountId(volume.getAccountId()); if (project.getState() != Project.State.Active) { throw new PermissionDeniedException("Can't add resources to project id=" + project.getId() + " in state=" + project.getState() + " as it's no longer active"); } } else if (account.getState() == Account.State.disabled) { throw new PermissionDeniedException("The owner of volume " + id + " is disabled: " + account); } return volume.getAccountId(); }
@Override public void execute() { Snapshot snapshot; try { snapshot = _volumeService.takeSnapshot(getVolumeId(), getPolicyId(), getEntityId(), _accountService.getAccount(getEntityOwnerId()), getQuiescevm(), getLocationType(), getAsyncBackup()); if (snapshot != null) { SnapshotResponse response = _responseGenerator.createSnapshotResponse(snapshot); response.setResponseName(getCommandName()); setResponseObject(response); } else { throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create snapshot due to an internal error creating snapshot for volume " + getVolumeId()); } } catch (Exception e) { throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create snapshot due to an internal error creating snapshot for volume " + getVolumeId()); } }
@Override public long getEntityOwnerId() { Volume volume = _entityMgr.findById(Volume.class, getVolumeId()); if (volume == null) { throw new InvalidParameterValueException("Unable to find volume by id=" + volumeId); } Account account = _accountService.getAccount(volume.getAccountId()); //Can create templates for enabled projects/accounts only if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) { Project project = _projectService.findByProjectAccountId(volume.getAccountId()); if (project.getState() != Project.State.Active) { PermissionDeniedException ex = new PermissionDeniedException("Can't add resources to the specified project id in state=" + project.getState() + " as it's no longer active"); ex.addProxyObject(project.getUuid(), "projectId"); throw ex; } } else if (account.getState() == Account.State.disabled) { throw new PermissionDeniedException("The owner of template is disabled: " + account); } return volume.getAccountId(); }
@Override public long getEntityOwnerId() { VMSnapshot vmsnapshot = _entityMgr.findById(VMSnapshot.class, getVMSnapshotId()); if (vmsnapshot == null) { throw new InvalidParameterValueException("Unable to find vmsnapshot by id=" + getVMSnapshotId()); } Account account = _accountService.getAccount(vmsnapshot.getAccountId()); //Can create templates for enabled projects/accounts only if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) { Project project = _projectService.findByProjectAccountId(vmsnapshot.getAccountId()); if (project == null) { throw new InvalidParameterValueException("Unable to find project by account id=" + account.getUuid()); } if (project.getState() != Project.State.Active) { throw new PermissionDeniedException("Can't add resources to the project id=" + project.getUuid() + " in state=" + project.getState() + " as it's no longer active"); } } else if (account.getState() == Account.State.disabled) { throw new PermissionDeniedException("The owner of template is disabled: " + account); } return vmsnapshot.getAccountId(); }
@Override public void execute() { // Check permissions UserAccount userAccount = _accountService.getUserAccountById(getId()); if (userAccount == null) { throw new ServerApiException(ApiErrorCode.ACCOUNT_ERROR , "Unable to find a user account with the given ID"); } Domain domain = _domainService.getDomain(userAccount.getDomainId()); Account account = _accountService.getAccount(userAccount.getAccountId()); _accountService.checkAccess(CallContext.current().getCallingAccount(), domain); _accountService.checkAccess(CallContext.current().getCallingAccount(), SecurityChecker.AccessType.OperateEntry, true, account); CallContext.current().setEventDetails("UserId: " + getId()); SuccessResponse response = new SuccessResponse(); Boolean status = false; if (_samlAuthManager.authorizeUser(getId(), getEntityId(), getEnable())) { status = true; } response.setResponseName(getCommandName()); response.setSuccess(status); setResponseObject(response); } }