@DB @Override public IAMPolicy addIAMPermissionToIAMPolicy( long iamPolicyId, String entityType, String scope, Long scopeId, String action, String accessType, Permission perm, Boolean recursive) { // get the Acl Policy entity IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId); if (policy == null) { throw new InvalidParameterValueException( "Unable to find acl policy: " + iamPolicyId + "; failed to add permission to policy."); } // add entry in acl_policy_permission table IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity( iamPolicyId, entityType, scope, scopeId, action, perm); if (permit == null) { // not there already permit = new IAMPolicyPermissionVO( iamPolicyId, action, entityType, accessType, scope, scopeId, perm, recursive); _policyPermissionDao.persist(permit); } return policy; }
@Override public void attachIAMPolicyToAccounts(final Long policyId, final List<Long> acctIds) { IAMPolicy policy = _aclPolicyDao.findById(policyId); if (policy == null) { throw new InvalidParameterValueException( "Unable to find acl policy: " + policyId + "; failed to add policy to account."); } Transaction.execute( new TransactionCallbackNoReturn() { @Override public void doInTransactionWithoutResult(TransactionStatus status) { // add entries in acl_group_policy_map table for (Long acctId : acctIds) { IAMAccountPolicyMapVO acctMap = _aclAccountPolicyMapDao.findByAccountAndPolicy(acctId, policyId); if (acctMap == null) { // not there already acctMap = new IAMAccountPolicyMapVO(acctId, policyId); _aclAccountPolicyMapDao.persist(acctMap); } } } }); }
@DB @Override public boolean deleteIAMPolicy(final long iamPolicyId) { // get the Acl Policy entity final IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId); if (policy == null) { throw new InvalidParameterValueException( "Unable to find acl policy: " + iamPolicyId + "; failed to delete acl policy."); } Transaction.execute( new TransactionCallbackNoReturn() { @Override public void doInTransactionWithoutResult(TransactionStatus status) { // remove this role related entry in acl_group_role_map List<IAMGroupPolicyMapVO> groupPolicyMap = _aclGroupPolicyMapDao.listByPolicyId(policy.getId()); if (groupPolicyMap != null) { for (IAMGroupPolicyMapVO gr : groupPolicyMap) { _aclGroupPolicyMapDao.remove(gr.getId()); } } // remove this policy related entry in acl_account_policy_map table List<IAMAccountPolicyMapVO> policyAcctMap = _aclAccountPolicyMapDao.listByPolicyId(policy.getId()); if (policyAcctMap != null) { for (IAMAccountPolicyMapVO policyAcct : policyAcctMap) { _aclAccountPolicyMapDao.remove(policyAcct.getId()); } } // remove this policy related entry in acl_policy_permission table List<IAMPolicyPermissionVO> policyPermMap = _policyPermissionDao.listByPolicy(policy.getId()); if (policyPermMap != null) { for (IAMPolicyPermissionVO policyPerm : policyPermMap) { _policyPermissionDao.remove(policyPerm.getId()); } } // remove this role from acl_role table _aclPolicyDao.remove(iamPolicyId); } }); return true; }
@DB @Override public IAMPolicy resetIAMPolicy(long iamPolicyId) { // get the Acl Policy entity IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId); if (policy == null) { throw new InvalidParameterValueException( "Unable to find acl policy: " + iamPolicyId + "; failed to reset the policy."); } SearchBuilder<IAMPolicyPermissionVO> sb = _policyPermissionDao.createSearchBuilder(); sb.and("policyId", sb.entity().getAclPolicyId(), SearchCriteria.Op.EQ); sb.and("scope", sb.entity().getScope(), SearchCriteria.Op.EQ); sb.done(); SearchCriteria<IAMPolicyPermissionVO> permissionSC = sb.create(); permissionSC.setParameters("policyId", iamPolicyId); _policyPermissionDao.expunge(permissionSC); return policy; }
@DB @Override public IAMPolicy removeIAMPermissionFromIAMPolicy( long iamPolicyId, String entityType, String scope, Long scopeId, String action) { // get the Acl Policy entity IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId); if (policy == null) { throw new InvalidParameterValueException( "Unable to find acl policy: " + iamPolicyId + "; failed to revoke permission from policy."); } // remove entry from acl_entity_permission table IAMPolicyPermissionVO permit = _policyPermissionDao.findByPolicyAndEntity( iamPolicyId, entityType, scope, scopeId, action, Permission.Allow); if (permit != null) { // not removed yet _policyPermissionDao.remove(permit.getId()); } return policy; }
@SuppressWarnings("unchecked") @Override public Pair<List<IAMPolicy>, Integer> listIAMPolicies( Long iamPolicyId, String iamPolicyName, String path, Long startIndex, Long pageSize) { if (iamPolicyId != null) { IAMPolicy policy = _aclPolicyDao.findById(iamPolicyId); if (policy == null) { throw new InvalidParameterValueException("Unable to find acl policy by id " + iamPolicyId); } } Filter searchFilter = new Filter(IAMPolicyVO.class, "id", true, startIndex, pageSize); SearchBuilder<IAMPolicyVO> sb = _aclPolicyDao.createSearchBuilder(); sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ); sb.and("path", sb.entity().getPath(), SearchCriteria.Op.LIKE); sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ); SearchCriteria<IAMPolicyVO> sc = sb.create(); if (iamPolicyName != null) { sc.setParameters("name", iamPolicyName); } if (iamPolicyId != null) { sc.setParameters("id", iamPolicyId); } sc.setParameters("path", path + "%"); Pair<List<IAMPolicyVO>, Integer> policies = _aclPolicyDao.searchAndCount(sc, searchFilter); @SuppressWarnings("rawtypes") List policyList = policies.first(); return new Pair<List<IAMPolicy>, Integer>(policyList, policies.second()); }