private void updateAdminStatus(Permissions perm) {
   // if the role of the permission is of type admin update the user
   // lastAdminCheckStatus to true
   Role role = getRoleDao().get(perm.getrole_id());
   if (role.getType() == RoleType.ADMIN) {
     MultiLevelAdministrationHandler.setIsAdminGUIFlag(perm.getad_element_id(), true);
   }
 }
  @Before
  @Override
  public void setUp() throws Exception {
    super.setUp();

    objectID = Guid.newGuid();

    Permissions permission = new Permissions();
    permission.setObjectId(objectID);
    mockedPermissions = Collections.singletonList(permission);
  }
 @Override
 public List<PermissionSubject> getPermissionCheckSubjects() {
   Permissions permission = getParameters().getPermission();
   List<PermissionSubject> permissionsSubject = new ArrayList<>();
   permissionsSubject.add(
       new PermissionSubject(
           permission.getObjectId(),
           permission.getObjectType(),
           getActionType().getActionGroup()));
   initUserAndGroupData();
   // if the user does not exist in the database we need to
   // check if the logged in user has permissions to add another
   // user from the directory service
   if ((getParameters().getUser() != null && dbUser == null)
       || (getParameters().getGroup() != null && dbGroup == null)) {
     permissionsSubject.add(
         new PermissionSubject(
             permission.getObjectId(),
             permission.getObjectType(),
             ActionGroup.ADD_USERS_AND_GROUPS_FROM_DIRECTORY));
   }
   return permissionsSubject;
 }
  @Override
  protected boolean canDoAction() {
    Permissions perm = getParameters().getPermission();
    if (perm == null) {
      addCanDoActionMessage(VdcBllMessages.PERMISSION_ADD_FAILED_PERMISSION_NOT_SENT);
      return false;
    }

    Role role = getRoleDao().get(perm.getrole_id());
    Guid adElementId = perm.getad_element_id();

    if (role == null) {
      addCanDoActionMessage(VdcBllMessages.PERMISSION_ADD_FAILED_INVALID_ROLE_ID);
      return false;
    }

    if (perm.getObjectType() == null || getVdcObjectName() == null) {
      addCanDoActionMessage(VdcBllMessages.PERMISSION_ADD_FAILED_INVALID_OBJECT_ID);
      return false;
    }

    // if user and group not sent check user/group is in the db in order to
    // give permission
    if (getParameters().getUser() == null
        && getParameters().getGroup() == null
        && getDbUserDAO().get(adElementId) == null
        && getAdGroupDAO().get(adElementId) == null) {
      getReturnValue()
          .getCanDoActionMessages()
          .add(VdcBllMessages.USER_MUST_EXIST_IN_DB.toString());
      return false;
    }

    // only system super user can give permissions with admin roles
    if (!isSystemSuperUser() && role.getType() == RoleType.ADMIN) {
      addCanDoActionMessage(
          VdcBllMessages.PERMISSION_ADD_FAILED_ONLY_SYSTEM_SUPER_USER_CAN_GIVE_ADMIN_ROLES);
      return false;
    }

    // don't allow adding permissions to vms from pool externally
    if (!isInternalExecution() && perm.getObjectType() == VdcObjectType.VM) {
      VM vm = getVmDAO().get(perm.getObjectId());
      if (vm != null && vm.getVmPoolId() != null) {
        addCanDoActionMessage(VdcBllMessages.PERMISSION_ADD_FAILED_VM_IN_POOL);
        return false;
      }
    }

    return true;
  }
  @Override
  protected void executeCommand() {
    // Get the parameters:
    T parameters = getParameters();

    // The user or group given in the parameters may haven't been added to the database yet, if this
    // is the case
    // then they need to be added to the database now, before the permission:
    DbUser user = parameters.getUser();
    if (user != null) {
      Guid id = user.getId();
      String directory = user.getDomain();
      String externalId = user.getExternalId();
      DbUser existing = getDbUserDAO().getByIdOrExternalId(id, directory, externalId);
      if (existing != null) {
        user = existing;
      } else {
        user = addUser(user);
        if (user == null) {
          setSucceeded(false);
          return;
        }
      }
    }
    DbGroup group = parameters.getGroup();
    if (group != null) {
      Guid id = group.getId();
      String directory = group.getDomain();
      String externalId = group.getExternalId();
      DbGroup existing = getAdGroupDAO().getByIdOrExternalId(id, directory, externalId);
      if (existing != null) {
        group = existing;
      } else {
        group = addGroup(group);
        if (group == null) {
          setSucceeded(false);
          return;
        }
      }
    }

    // The identifier of the principal of the permission can come from the parameters directly or
    // from the
    // user/group objects:
    Guid principalId;
    if (user != null) {
      principalId = user.getId();
    } else if (group != null) {
      principalId = group.getId();
    } else {
      principalId = parameters.getPermission().getad_element_id();
    }

    final Permissions paramPermission = parameters.getPermission();

    Permissions permission =
        getPermissionDAO()
            .getForRoleAndAdElementAndObject(
                paramPermission.getrole_id(), principalId, paramPermission.getObjectId());

    if (permission == null) {
      paramPermission.setId(Guid.newGuid());
      paramPermission.setad_element_id(principalId);

      TransactionSupport.executeInNewTransaction(
          new TransactionMethod<Void>() {
            @Override
            public Void runInTransaction() {
              getPermissionDAO().save(paramPermission);
              getCompensationContext().snapshotNewEntity(paramPermission);
              getCompensationContext().stateChanged();
              return null;
            }
          });
      permission = paramPermission;
    }

    getReturnValue().setActionReturnValue(permission.getId());

    if (user != null) {
      updateAdminStatus(permission);
    }
    setSucceeded(true);
  }
Exemplo n.º 6
0
  private void onAdd() {
    AdElementListModel model = (AdElementListModel) getWindow();

    if (model.getProgress() != null) {
      return;
    }

    if (!model.getIsEveryoneSelected() && model.getSelectedItems() == null) {
      cancel();
      return;
    }

    ArrayList<DbUser> items = new ArrayList<DbUser>();
    if (model.getIsEveryoneSelected()) {
      DbUser tempVar = new DbUser();
      tempVar.setId(ApplicationGuids.everyone.asGuid());
      items.add(tempVar);
    } else {
      for (Object item : model.getItems()) {
        EntityModel entityModel = (EntityModel) item;
        if (entityModel.getIsSelected()) {
          items.add((DbUser) entityModel.getEntity());
        }
      }
    }

    Role role = (Role) model.getRole().getSelectedItem();
    // adGroup/user

    ArrayList<VdcActionParametersBase> list = new ArrayList<VdcActionParametersBase>();
    for (DbUser user : items) {
      Permissions tempVar2 = new Permissions();
      tempVar2.setad_element_id(user.getId());
      tempVar2.setrole_id(role.getId());
      Permissions perm = tempVar2;
      perm.setObjectId(getEntityGuid());
      perm.setObjectType(this.getObjectType());

      if (user.isGroup()) {
        DbGroup group = new DbGroup();
        group.setId(user.getId());
        group.setExternalId(user.getExternalId());
        group.setName(user.getFirstName());
        group.setDomain(user.getDomain());
        group.setNamespace(user.getNamespace());
        PermissionsOperationsParameters tempVar3 = new PermissionsOperationsParameters();
        tempVar3.setPermission(perm);
        tempVar3.setGroup(group);
        list.add(tempVar3);
      } else {
        PermissionsOperationsParameters tempVar4 = new PermissionsOperationsParameters();
        tempVar4.setPermission(perm);
        tempVar4.setUser(user);
        list.add(tempVar4);
      }
    }

    model.startProgress(null);

    Frontend.getInstance()
        .runMultipleAction(
            VdcActionType.AddPermission,
            list,
            new IFrontendMultipleActionAsyncCallback() {
              @Override
              public void executed(FrontendMultipleActionAsyncResult result) {

                AdElementListModel localModel = (AdElementListModel) result.getState();
                localModel.stopProgress();
                cancel();
              }
            },
            model);
  }