private void updateAdminStatus(Permissions perm) {
// if the role of the permission is of type admin update the user
// lastAdminCheckStatus to true
Role role = getRoleDao().get(perm.getrole_id());
if (role.getType() == RoleType.ADMIN) {
MultiLevelAdministrationHandler.setIsAdminGUIFlag(perm.getad_element_id(), true);
}
}
@Before
@Override
public void setUp() throws Exception {
super.setUp();
objectID = Guid.newGuid();
Permissions permission = new Permissions();
permission.setObjectId(objectID);
mockedPermissions = Collections.singletonList(permission);
}
@Override
public List<PermissionSubject> getPermissionCheckSubjects() {
Permissions permission = getParameters().getPermission();
List<PermissionSubject> permissionsSubject = new ArrayList<>();
permissionsSubject.add(
new PermissionSubject(
permission.getObjectId(),
permission.getObjectType(),
getActionType().getActionGroup()));
initUserAndGroupData();
// if the user does not exist in the database we need to
// check if the logged in user has permissions to add another
// user from the directory service
if ((getParameters().getUser() != null && dbUser == null)
|| (getParameters().getGroup() != null && dbGroup == null)) {
permissionsSubject.add(
new PermissionSubject(
permission.getObjectId(),
permission.getObjectType(),
ActionGroup.ADD_USERS_AND_GROUPS_FROM_DIRECTORY));
}
return permissionsSubject;
}
@Override
protected boolean canDoAction() {
Permissions perm = getParameters().getPermission();
if (perm == null) {
addCanDoActionMessage(VdcBllMessages.PERMISSION_ADD_FAILED_PERMISSION_NOT_SENT);
return false;
}
Role role = getRoleDao().get(perm.getrole_id());
Guid adElementId = perm.getad_element_id();
if (role == null) {
addCanDoActionMessage(VdcBllMessages.PERMISSION_ADD_FAILED_INVALID_ROLE_ID);
return false;
}
if (perm.getObjectType() == null || getVdcObjectName() == null) {
addCanDoActionMessage(VdcBllMessages.PERMISSION_ADD_FAILED_INVALID_OBJECT_ID);
return false;
}
// if user and group not sent check user/group is in the db in order to
// give permission
if (getParameters().getUser() == null
&& getParameters().getGroup() == null
&& getDbUserDAO().get(adElementId) == null
&& getAdGroupDAO().get(adElementId) == null) {
getReturnValue()
.getCanDoActionMessages()
.add(VdcBllMessages.USER_MUST_EXIST_IN_DB.toString());
return false;
}
// only system super user can give permissions with admin roles
if (!isSystemSuperUser() && role.getType() == RoleType.ADMIN) {
addCanDoActionMessage(
VdcBllMessages.PERMISSION_ADD_FAILED_ONLY_SYSTEM_SUPER_USER_CAN_GIVE_ADMIN_ROLES);
return false;
}
// don't allow adding permissions to vms from pool externally
if (!isInternalExecution() && perm.getObjectType() == VdcObjectType.VM) {
VM vm = getVmDAO().get(perm.getObjectId());
if (vm != null && vm.getVmPoolId() != null) {
addCanDoActionMessage(VdcBllMessages.PERMISSION_ADD_FAILED_VM_IN_POOL);
return false;
}
}
return true;
}
@Override
protected void executeCommand() {
// Get the parameters:
T parameters = getParameters();
// The user or group given in the parameters may haven't been added to the database yet, if this
// is the case
// then they need to be added to the database now, before the permission:
DbUser user = parameters.getUser();
if (user != null) {
Guid id = user.getId();
String directory = user.getDomain();
String externalId = user.getExternalId();
DbUser existing = getDbUserDAO().getByIdOrExternalId(id, directory, externalId);
if (existing != null) {
user = existing;
} else {
user = addUser(user);
if (user == null) {
setSucceeded(false);
return;
}
}
}
DbGroup group = parameters.getGroup();
if (group != null) {
Guid id = group.getId();
String directory = group.getDomain();
String externalId = group.getExternalId();
DbGroup existing = getAdGroupDAO().getByIdOrExternalId(id, directory, externalId);
if (existing != null) {
group = existing;
} else {
group = addGroup(group);
if (group == null) {
setSucceeded(false);
return;
}
}
}
// The identifier of the principal of the permission can come from the parameters directly or
// from the
// user/group objects:
Guid principalId;
if (user != null) {
principalId = user.getId();
} else if (group != null) {
principalId = group.getId();
} else {
principalId = parameters.getPermission().getad_element_id();
}
final Permissions paramPermission = parameters.getPermission();
Permissions permission =
getPermissionDAO()
.getForRoleAndAdElementAndObject(
paramPermission.getrole_id(), principalId, paramPermission.getObjectId());
if (permission == null) {
paramPermission.setId(Guid.newGuid());
paramPermission.setad_element_id(principalId);
TransactionSupport.executeInNewTransaction(
new TransactionMethod<Void>() {
@Override
public Void runInTransaction() {
getPermissionDAO().save(paramPermission);
getCompensationContext().snapshotNewEntity(paramPermission);
getCompensationContext().stateChanged();
return null;
}
});
permission = paramPermission;
}
getReturnValue().setActionReturnValue(permission.getId());
if (user != null) {
updateAdminStatus(permission);
}
setSucceeded(true);
}
private void onAdd() {
AdElementListModel model = (AdElementListModel) getWindow();
if (model.getProgress() != null) {
return;
}
if (!model.getIsEveryoneSelected() && model.getSelectedItems() == null) {
cancel();
return;
}
ArrayList<DbUser> items = new ArrayList<DbUser>();
if (model.getIsEveryoneSelected()) {
DbUser tempVar = new DbUser();
tempVar.setId(ApplicationGuids.everyone.asGuid());
items.add(tempVar);
} else {
for (Object item : model.getItems()) {
EntityModel entityModel = (EntityModel) item;
if (entityModel.getIsSelected()) {
items.add((DbUser) entityModel.getEntity());
}
}
}
Role role = (Role) model.getRole().getSelectedItem();
// adGroup/user
ArrayList<VdcActionParametersBase> list = new ArrayList<VdcActionParametersBase>();
for (DbUser user : items) {
Permissions tempVar2 = new Permissions();
tempVar2.setad_element_id(user.getId());
tempVar2.setrole_id(role.getId());
Permissions perm = tempVar2;
perm.setObjectId(getEntityGuid());
perm.setObjectType(this.getObjectType());
if (user.isGroup()) {
DbGroup group = new DbGroup();
group.setId(user.getId());
group.setExternalId(user.getExternalId());
group.setName(user.getFirstName());
group.setDomain(user.getDomain());
group.setNamespace(user.getNamespace());
PermissionsOperationsParameters tempVar3 = new PermissionsOperationsParameters();
tempVar3.setPermission(perm);
tempVar3.setGroup(group);
list.add(tempVar3);
} else {
PermissionsOperationsParameters tempVar4 = new PermissionsOperationsParameters();
tempVar4.setPermission(perm);
tempVar4.setUser(user);
list.add(tempVar4);
}
}
model.startProgress(null);
Frontend.getInstance()
.runMultipleAction(
VdcActionType.AddPermission,
list,
new IFrontendMultipleActionAsyncCallback() {
@Override
public void executed(FrontendMultipleActionAsyncResult result) {
AdElementListModel localModel = (AdElementListModel) result.getState();
localModel.stopProgress();
cancel();
}
},
model);
}
