public static Long getRoleByAccountType(final Long roleId, final Short accountType) { if (roleId == null && accountType != null) { RoleType defaultRoleType = RoleType.getByAccountType(accountType); if (defaultRoleType != null && defaultRoleType != RoleType.Unknown) { return defaultRoleType.getId(); } } return roleId; }
private void migrateAccountsToDefaultRoles(final Connection conn) { try (final PreparedStatement selectStatement = conn.prepareStatement("SELECT `id`, `type` FROM `cloud`.`account`;"); final ResultSet selectResultSet = selectStatement.executeQuery()) { while (selectResultSet.next()) { final Long accountId = selectResultSet.getLong(1); final Short accountType = selectResultSet.getShort(2); final Long roleId = RoleType.getByAccountType(accountType).getId(); if (roleId < 1L || roleId > 4L) { s_logger.warn("Skipping role ID migration due to invalid role_id resolved for account id=" + accountId); continue; } try (final PreparedStatement updateStatement = conn.prepareStatement("UPDATE `cloud`.`account` SET account.role_id = ? WHERE account.id = ? ;")) { updateStatement.setLong(1, roleId); updateStatement.setLong(2, accountId); updateStatement.executeUpdate(); } catch (SQLException e) { s_logger.error("Failed to update cloud.account role_id for account id:" + accountId + " with exception: " + e.getMessage()); throw new CloudRuntimeException("Exception while updating cloud.account role_id", e); } } } catch (SQLException e) { throw new CloudRuntimeException("Exception while migrating existing account table's role_id column to a role based on account type", e); } s_logger.debug("Done migrating existing accounts to use one of default roles based on account type"); }
private void createCloudStackUserAccount(LdapUser user, long domainId, short accountType) { String username = user.getUsername(); _accountManager.createUserAccount(username, "", user.getFirstname(), user.getLastname(), user.getEmail(), null, username, accountType, RoleType.getByAccountType(accountType).getId(), domainId, null, null, UUID.randomUUID().toString(), UUID.randomUUID().toString(), User.Source.LDAP); }
pstmt.setLong(4, RoleType.User.getId()); }else{ pstmt.setLong(4, acct.getRoleId());
try { UserAccount userAccount = _accountService .createUserAccount(admin, "", ldapUser.getFirstname(), ldapUser.getLastname(), ldapUser.getEmail(), null, admin, Account.ACCOUNT_TYPE_DOMAIN_ADMIN, RoleType.DomainAdmin.getId(), domainId, null, null, UUID.randomUUID().toString(), UUID.randomUUID().toString(), User.Source.LDAP); response.setAdminId(String.valueOf(userAccount.getAccountId()));
try { UserAccount userAccount = _accountService.createUserAccount(admin, "", ldapUser.getFirstname(), ldapUser.getLastname(), ldapUser.getEmail(), null, admin, Account.ACCOUNT_TYPE_DOMAIN_ADMIN, RoleType.DomainAdmin.getId(), domainId, null, null, UUID.randomUUID().toString(), UUID.randomUUID().toString(), User.Source.LDAP); response.setAdminId(String.valueOf(userAccount.getAccountId())); s_logger.info("created an account with name " + admin + " in the given domain " + domainId);
@Test public void testGetRoleByAccountTypeForDefaultAccountTypes() { Assert.assertEquals(RoleType.getRoleByAccountType(null, Account.ACCOUNT_TYPE_ADMIN), (Long) RoleType.Admin.getId()); Assert.assertEquals(RoleType.getRoleByAccountType(null, Account.ACCOUNT_TYPE_NORMAL), (Long) RoleType.User.getId()); Assert.assertEquals(RoleType.getRoleByAccountType(null, Account.ACCOUNT_TYPE_DOMAIN_ADMIN), (Long) RoleType.DomainAdmin.getId()); Assert.assertEquals(RoleType.getRoleByAccountType(null, Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN), (Long) RoleType.ResourceAdmin.getId()); Assert.assertEquals(RoleType.getRoleByAccountType(null, Account.ACCOUNT_TYPE_PROJECT), null); }
String group = domain.getUuid(); if (caller.getAccountName().equals("admin") && caller.getRoleId() == RoleType.Admin.getId()) { user = CloudianCmcAdminUser.value(); group = "0";
@Override @ActionEvent(eventType = EventTypes.EVENT_ROLE_UPDATE, eventDescription = "updating Role") public Role updateRole(final Role role, final String name, final RoleType roleType, final String description) { checkCallerAccess(); if (roleType != null && roleType == RoleType.Unknown) { throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Unknown is not a valid role type"); } RoleVO roleVO = (RoleVO)role; if (!Strings.isNullOrEmpty(name)) { roleVO.setName(name); } if (roleType != null) { if (role.getId() <= RoleType.User.getId()) { throw new PermissionDeniedException("The role type of default roles cannot be changed"); } List<? extends Account> accounts = accountDao.findAccountsByRole(role.getId()); if (accounts == null || accounts.isEmpty()) { roleVO.setRoleType(roleType); } else { throw new PermissionDeniedException("Found accounts that have role in use, won't allow to change role type"); } } if (!Strings.isNullOrEmpty(description)) { roleVO.setDescription(description); } roleDao.update(role.getId(), roleVO); return role; }
return false; if (role.getId() <= RoleType.User.getId()) { throw new PermissionDeniedException("Default roles cannot be deleted");
acnt.setDomainId(1); acnt.setType(RoleType.User.getAccountType()); acnt.setRoleId(RoleType.User.getId()); acnt = acntDao.persist(acnt);
if (accountRole.getRoleType() == RoleType.Admin && accountRole.getId() == RoleType.Admin.getId()) { return true;