private void updateAdminStatus(Permissions perm) {
// if the role of the permission is of type admin update the user
// lastAdminCheckStatus to true
Role role = getRoleDao().get(perm.getrole_id());
if (role.getType() == RoleType.ADMIN) {
MultiLevelAdministrationHandler.setIsAdminGUIFlag(perm.getad_element_id(), true);
}
}
@Override
protected boolean canDoAction() {
Permissions perm = getParameters().getPermission();
if (perm == null) {
addCanDoActionMessage(VdcBllMessages.PERMISSION_ADD_FAILED_PERMISSION_NOT_SENT);
return false;
}
Role role = getRoleDao().get(perm.getrole_id());
Guid adElementId = perm.getad_element_id();
if (role == null) {
addCanDoActionMessage(VdcBllMessages.PERMISSION_ADD_FAILED_INVALID_ROLE_ID);
return false;
}
if (perm.getObjectType() == null || getVdcObjectName() == null) {
addCanDoActionMessage(VdcBllMessages.PERMISSION_ADD_FAILED_INVALID_OBJECT_ID);
return false;
}
// if user and group not sent check user/group is in the db in order to
// give permission
if (getParameters().getUser() == null
&& getParameters().getGroup() == null
&& getDbUserDAO().get(adElementId) == null
&& getAdGroupDAO().get(adElementId) == null) {
getReturnValue()
.getCanDoActionMessages()
.add(VdcBllMessages.USER_MUST_EXIST_IN_DB.toString());
return false;
}
// only system super user can give permissions with admin roles
if (!isSystemSuperUser() && role.getType() == RoleType.ADMIN) {
addCanDoActionMessage(
VdcBllMessages.PERMISSION_ADD_FAILED_ONLY_SYSTEM_SUPER_USER_CAN_GIVE_ADMIN_ROLES);
return false;
}
// don't allow adding permissions to vms from pool externally
if (!isInternalExecution() && perm.getObjectType() == VdcObjectType.VM) {
VM vm = getVmDAO().get(perm.getObjectId());
if (vm != null && vm.getVmPoolId() != null) {
addCanDoActionMessage(VdcBllMessages.PERMISSION_ADD_FAILED_VM_IN_POOL);
return false;
}
}
return true;
}