@Override
public List<Long> getGrantedEntities(long accountId, String action, String scope) {
// Get the static Policies of the Caller
List<IAMPolicy> policies = listIAMPolicies(accountId);
// for each policy, find granted permission within the given scope
List<Long> entityIds = new ArrayList<Long>();
for (IAMPolicy policy : policies) {
List<IAMPolicyPermissionVO> pp =
_policyPermissionDao.listGrantedByActionAndScope(policy.getId(), action, scope);
if (pp != null) {
for (IAMPolicyPermissionVO p : pp) {
if (p.getScopeId() != null) {
entityIds.add(p.getScopeId());
}
}
}
}
return entityIds;
}
@DB
@Override
public IAMPolicy removeIAMPermissionFromIAMPolicy(
long iamPolicyId, String entityType, String scope, Long scopeId, String action) {
// get the Acl Policy entity
IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId);
if (policy == null) {
throw new InvalidParameterValueException(
"Unable to find acl policy: "
+ iamPolicyId
+ "; failed to revoke permission from policy.");
}
// remove entry from acl_entity_permission table
IAMPolicyPermissionVO permit =
_policyPermissionDao.findByPolicyAndEntity(
iamPolicyId, entityType, scope, scopeId, action, Permission.Allow);
if (permit != null) {
// not removed yet
_policyPermissionDao.remove(permit.getId());
}
return policy;
}
