protected Permits mapCollection(List<ActionGroup> entities) {
   Permits collection = new Permits();
   // VM_BASIC_OPERATIONS is deprecated, its now more detailed with the following:
   // REBOOT_VM, STOP_VM, SHUT_DOWN_VM, HIBERNATE_VM and RUN_VM
   // for backward compatibility we show the user VM_BASIC_OPERATIONS if all this
   // ActionGroup are present
   if (entities.contains(ActionGroup.REBOOT_VM)
       && entities.contains(ActionGroup.STOP_VM)
       && entities.contains(ActionGroup.SHUT_DOWN_VM)
       && entities.contains(ActionGroup.HIBERNATE_VM)
       && entities.contains(ActionGroup.RUN_VM)) {
     Permit p = new Permit();
     p.setName(PermitType.VM_BASIC_OPERATIONS.toString().toLowerCase());
     p.setId(PermitType.getVmBasicOperationsId());
     ActionGroup runVm = entities.get(entities.indexOf(ActionGroup.RUN_VM));
     p.setAdministrative(
         org.ovirt.engine.api.model.RoleType.ADMIN
             .toString()
             .equals(runVm.getRoleType().toString()));
     collection.getPermits().add(addLinks(p));
   }
   for (ActionGroup entity : entities) {
     Permit permit = map(entity);
     collection.getPermits().add(addLinks(map(entity)));
   }
   return collection;
 }
 @Override
 public List<VmTemplate> getTemplatesWithPermittedAction(Guid userId, ActionGroup actionGroup) {
   return getCallsHandler()
       .executeReadList(
           "fn_perms_get_templates_with_permitted_action",
           VMTemplateRowMapper.instance,
           getCustomMapSqlParameterSource()
               .addValue("user_id", userId)
               .addValue("action_group_id", actionGroup.getId()));
 }
Пример #3
0
  @Override
  public List<Cluster> getClustersWithPermittedAction(Guid userId, ActionGroup actionGroup) {
    MapSqlParameterSource parameterSource =
        getCustomMapSqlParameterSource()
            .addValue("user_id", userId)
            .addValue("action_group_id", actionGroup.getId());

    return getCallsHandler()
        .executeReadList(
            "fn_perms_get_clusters_with_permitted_action",
            ClusterRowMapper.instance,
            parameterSource);
  }
  @Override
  public List<storage_pool> getDataCentersWithPermittedActionOnClusters(
      Guid userId, ActionGroup actionGroup) {
    MapSqlParameterSource parameterSource =
        getCustomMapSqlParameterSource()
            .addValue("user_id", userId)
            .addValue("action_group_id", actionGroup.getId());

    StoragePoolRawMapper mapper = new StoragePoolRawMapper();

    return getCallsHandler()
        .executeReadList(
            "fn_perms_get_storage_pools_with_permitted_action_on_vds_groups",
            mapper,
            parameterSource);
  }
Пример #5
0
 @Override
 public ActionGroup mapRow(ResultSet rs, int rowNum) throws SQLException {
   return ActionGroup.forValue(rs.getInt("action_group_id"));
 }
Пример #6
0
public enum ActionGroup {
  // vm actions groups
  CREATE_VM(1, RoleType.USER, false, ApplicationMode.VirtOnly),
  DELETE_VM(2, RoleType.USER, true, ApplicationMode.VirtOnly),
  EDIT_VM_PROPERTIES(3, RoleType.USER, true, ApplicationMode.VirtOnly),
  REBOOT_VM(17, RoleType.USER, true, ApplicationMode.VirtOnly),
  STOP_VM(18, RoleType.USER, true, ApplicationMode.VirtOnly),
  SHUT_DOWN_VM(19, RoleType.USER, true, ApplicationMode.VirtOnly),
  HIBERNATE_VM(21, RoleType.USER, true, ApplicationMode.VirtOnly),
  RUN_VM(22, RoleType.USER, true, ApplicationMode.VirtOnly),
  CHANGE_VM_CD(5, RoleType.USER, true, ApplicationMode.VirtOnly),
  MIGRATE_VM(6, RoleType.USER, true, ApplicationMode.VirtOnly),
  CONNECT_TO_SERIAL_CONSOLE(1664, RoleType.USER, true, ApplicationMode.VirtOnly),
  /** Connect to the console of a virtual machine, but only if no user has connected before: */
  CONNECT_TO_VM(7, RoleType.USER, true, ApplicationMode.VirtOnly),

  IMPORT_EXPORT_VM(8, RoleType.ADMIN, true, ApplicationMode.VirtOnly),
  CONFIGURE_VM_NETWORK(9, RoleType.USER, true, ApplicationMode.VirtOnly),
  CONFIGURE_VM_STORAGE(10, RoleType.USER, true, ApplicationMode.VirtOnly),
  MOVE_VM(11, RoleType.USER, true, ApplicationMode.VirtOnly),
  MANIPULATE_VM_SNAPSHOTS(12, RoleType.USER, true, ApplicationMode.VirtOnly),

  /** Connect to the console of a virtual machine even if a different user was connected before: */
  RECONNECT_TO_VM(13, RoleType.USER, true, ApplicationMode.VirtOnly),

  CHANGE_VM_CUSTOM_PROPERTIES(14, RoleType.ADMIN, true, ApplicationMode.VirtOnly),
  /** Admin role can specify destinationVdsId to override default target host. */
  EDIT_ADMIN_VM_PROPERTIES(15, RoleType.ADMIN, true, ApplicationMode.VirtOnly),

  CREATE_INSTANCE(16, RoleType.USER, false, ApplicationMode.VirtOnly),

  // host (vds) actions groups
  CREATE_HOST(100, RoleType.ADMIN, true),
  EDIT_HOST_CONFIGURATION(101, RoleType.ADMIN, true),
  DELETE_HOST(102, RoleType.ADMIN, true),
  MANIPULATE_HOST(103, RoleType.ADMIN, true),
  CONFIGURE_HOST_NETWORK(104, RoleType.ADMIN, true),
  // templates actions groups
  CREATE_TEMPLATE(200, RoleType.USER, false, ApplicationMode.VirtOnly),
  EDIT_TEMPLATE_PROPERTIES(201, RoleType.USER, true, ApplicationMode.VirtOnly),
  DELETE_TEMPLATE(202, RoleType.USER, true, ApplicationMode.VirtOnly),
  COPY_TEMPLATE(203, RoleType.USER, true, ApplicationMode.VirtOnly),
  CONFIGURE_TEMPLATE_NETWORK(204, RoleType.USER, true, ApplicationMode.VirtOnly),
  EDIT_ADMIN_TEMPLATE_PROPERTIES(205, RoleType.ADMIN, true, ApplicationMode.VirtOnly),
  // vm pools actions groups
  CREATE_VM_POOL(300, RoleType.USER, false, ApplicationMode.VirtOnly),
  EDIT_VM_POOL_CONFIGURATION(301, RoleType.USER, true, ApplicationMode.VirtOnly),
  DELETE_VM_POOL(302, RoleType.USER, true, ApplicationMode.VirtOnly),
  VM_POOL_BASIC_OPERATIONS(303, RoleType.USER, true, ApplicationMode.VirtOnly),
  // clusters actions groups
  CREATE_CLUSTER(400, RoleType.ADMIN, true),
  EDIT_CLUSTER_CONFIGURATION(401, RoleType.ADMIN, true),
  DELETE_CLUSTER(402, RoleType.ADMIN, true),
  CONFIGURE_CLUSTER_NETWORK(403, RoleType.ADMIN, true),
  ASSIGN_CLUSTER_NETWORK(404, RoleType.ADMIN, true),

  // users and MLA actions groups
  MANIPULATE_USERS(500, RoleType.ADMIN, true),
  MANIPULATE_ROLES(501, RoleType.ADMIN, true),
  MANIPULATE_PERMISSIONS(502, RoleType.USER, true),
  ADD_USERS_AND_GROUPS_FROM_DIRECTORY(503, RoleType.USER, true),
  EDIT_PROFILE(504, RoleType.USER, true),

  // storage domains actions groups
  CREATE_STORAGE_DOMAIN(600, RoleType.ADMIN, true, ApplicationMode.VirtOnly),
  EDIT_STORAGE_DOMAIN_CONFIGURATION(601, RoleType.ADMIN, true, ApplicationMode.VirtOnly),
  DELETE_STORAGE_DOMAIN(602, RoleType.ADMIN, true, ApplicationMode.VirtOnly),
  MANIPULATE_STORAGE_DOMAIN(603, RoleType.ADMIN, true, ApplicationMode.VirtOnly),
  // storage pool actions groups
  CREATE_STORAGE_POOL(700, RoleType.ADMIN, true, ApplicationMode.VirtOnly),
  DELETE_STORAGE_POOL(701, RoleType.ADMIN, true, ApplicationMode.VirtOnly),
  EDIT_STORAGE_POOL_CONFIGURATION(702, RoleType.ADMIN, true, ApplicationMode.VirtOnly),
  CONFIGURE_STORAGE_POOL_NETWORK(703, RoleType.ADMIN, true),
  CREATE_STORAGE_POOL_NETWORK(704, RoleType.ADMIN, true),
  DELETE_STORAGE_POOL_NETWORK(705, RoleType.ADMIN, true),

  // engine generic
  CONFIGURE_ENGINE(800, RoleType.ADMIN, true),

  // Quota
  CONFIGURE_QUOTA(900, RoleType.ADMIN, true, ApplicationMode.VirtOnly),
  CONSUME_QUOTA(901, RoleType.USER, true, ApplicationMode.VirtOnly),

  // Gluster
  CREATE_GLUSTER_VOLUME(1000, RoleType.ADMIN, true, ApplicationMode.GlusterOnly),
  MANIPULATE_GLUSTER_VOLUME(1001, RoleType.ADMIN, true, ApplicationMode.GlusterOnly),
  DELETE_GLUSTER_VOLUME(1002, RoleType.ADMIN, true, ApplicationMode.GlusterOnly),
  MANIPULATE_GLUSTER_HOOK(1003, RoleType.ADMIN, true, ApplicationMode.GlusterOnly),
  MANIPULATE_GLUSTER_SERVICE(1004, RoleType.ADMIN, true, ApplicationMode.GlusterOnly),

  // Disks action groups
  CREATE_DISK(1100, RoleType.USER, false, ApplicationMode.VirtOnly),
  ATTACH_DISK(1101, RoleType.USER, true, ApplicationMode.VirtOnly),
  EDIT_DISK_PROPERTIES(1102, RoleType.USER, true, ApplicationMode.VirtOnly),
  CONFIGURE_DISK_STORAGE(1103, RoleType.USER, true, ApplicationMode.VirtOnly),
  DELETE_DISK(1104, RoleType.USER, true, ApplicationMode.VirtOnly),
  CONFIGURE_SCSI_GENERIC_IO(1105, RoleType.ADMIN, true, ApplicationMode.VirtOnly),
  ACCESS_IMAGE_STORAGE(1106, RoleType.USER, false, ApplicationMode.VirtOnly),
  DISK_LIVE_STORAGE_MIGRATION(1107, RoleType.USER, true, ApplicationMode.VirtOnly),

  // VNIC Profiles
  CONFIGURE_NETWORK_VNIC_PROFILE(1203, RoleType.ADMIN, true, ApplicationMode.VirtOnly),
  CREATE_NETWORK_VNIC_PROFILE(1204, RoleType.ADMIN, true, ApplicationMode.VirtOnly),
  DELETE_NETWORK_VNIC_PROFILE(1205, RoleType.ADMIN, true, ApplicationMode.VirtOnly),

  // Login action group
  LOGIN(1300, RoleType.USER, false),

  // Inject external events action group
  INJECT_EXTERNAL_EVENTS(1400, RoleType.ADMIN, false),

  // Inject external tasks action group
  INJECT_EXTERNAL_TASKS(1500, RoleType.ADMIN, false),

  // Tag management action group
  TAG_MANAGEMENT(1301, RoleType.ADMIN, false),

  // Bookmark management action group
  BOOKMARK_MANAGEMENT(1302, RoleType.ADMIN, false),

  // Event notification management action group
  EVENT_NOTIFICATION_MANAGEMENT(1303, RoleType.ADMIN, false),

  // audit log management action group
  AUDIT_LOG_MANAGEMENT(1304, RoleType.ADMIN, false),

  // affinity group CRUD commands
  MANIPULATE_AFFINITY_GROUPS(1550, RoleType.ADMIN, true, ApplicationMode.VirtOnly),

  // disk profiles
  CONFIGURE_STORAGE_DISK_PROFILE(1560, RoleType.ADMIN, true, ApplicationMode.VirtOnly),
  CREATE_STORAGE_DISK_PROFILE(1561, RoleType.ADMIN, true, ApplicationMode.VirtOnly),
  DELETE_STORAGE_DISK_PROFILE(1562, RoleType.ADMIN, true, ApplicationMode.VirtOnly),
  ATTACH_DISK_PROFILE(1563, RoleType.USER, true, ApplicationMode.VirtOnly),

  // MAC pool actions groups
  CREATE_MAC_POOL(1660, RoleType.ADMIN, true, ApplicationMode.VirtOnly),
  EDIT_MAC_POOL(1661, RoleType.ADMIN, true, ApplicationMode.VirtOnly),
  DELETE_MAC_POOL(1662, RoleType.ADMIN, true, ApplicationMode.VirtOnly),
  CONFIGURE_MAC_POOL(1663, RoleType.ADMIN, true, ApplicationMode.VirtOnly);

  private int id;
  private RoleType roleType;
  private boolean allowsViewingChildren;
  private int applicationMode;
  private static final HashMap<Integer, ActionGroup> map =
      new HashMap<>(ActionGroup.values().length);

  static {
    for (ActionGroup t : ActionGroup.values()) {
      map.put(t.id, t);
    }
  }

  private ActionGroup(int value, RoleType type, boolean allowsViewingChildren) {
    this(value, type, allowsViewingChildren, ApplicationMode.AllModes);
  }

  private ActionGroup(
      int value, RoleType type, boolean allowsViewingChildren, ApplicationMode applicationMode) {
    id = value;
    roleType = type;
    this.allowsViewingChildren = allowsViewingChildren;
    this.applicationMode = applicationMode.getValue();
  }

  public int getId() {
    return id;
  }

  public RoleType getRoleType() {
    return roleType;
  }

  public boolean allowsViewingChildren() {
    return allowsViewingChildren;
  }

  public static ActionGroup forValue(int value) {
    return map.get(value);
  }

  public int getAvailableInModes() {
    return applicationMode;
  }
}
Пример #7
0
 static {
   for (ActionGroup t : ActionGroup.values()) {
     map.put(t.id, t);
   }
 }