AddPermissionCommand.java example

Explorer
gluster-ovirt-poc-master
- backend
  - manager
- frontend
package org.ovirt.engine.core.bll;

import java.util.Collections;
import java.util.Map;

import org.ovirt.engine.core.common.AuditLogType;
import org.ovirt.engine.core.common.VdcObjectType;
import org.ovirt.engine.core.common.action.PermissionsOperationsParametes;
import org.ovirt.engine.core.common.businessentities.RoleType;
import org.ovirt.engine.core.common.businessentities.VM;
import org.ovirt.engine.core.common.businessentities.permissions;
import org.ovirt.engine.core.common.businessentities.roles;
import org.ovirt.engine.core.compat.Guid;
import org.ovirt.engine.core.dal.VdcBllMessages;
import org.ovirt.engine.core.dal.dbbroker.DbFacade;
import org.ovirt.engine.core.utils.transaction.TransactionMethod;
import org.ovirt.engine.core.utils.transaction.TransactionSupport;

public class AddPermissionCommand<T extends PermissionsOperationsParametes> extends PermissionsCommandBase<T> {
    public AddPermissionCommand(T parameters) {
        super(parameters);
    }

    @Override
    protected boolean canDoAction() {
        permissions perm = getParameters().getPermission();
        if (perm == null) {
            addCanDoActionMessage(VdcBllMessages.PERMISSION_ADD_FAILED_PERMISSION_NOT_SENT);
            return false;
        }

        roles role = DbFacade.getInstance().getRoleDAO().get(perm.getrole_id());
        Guid adElementId = perm.getad_element_id();

        if (role == null) {
            addCanDoActionMessage(VdcBllMessages.PERMISSION_ADD_FAILED_INVALID_ROLE_ID);
            return false;
        }

        if (perm.getObjectType() == null
                || getVdcObjectName() == null) {
            addCanDoActionMessage(VdcBllMessages.PERMISSION_ADD_FAILED_INVALID_OBJECT_ID);
            return false;
        }
        // check if no ad_element_id in permission or id doesn't equal to sent
        // user or group
        if ((adElementId == null)
                || (getParameters().getVdcUser() != null && !getParameters().getVdcUser().getUserId()
                        .equals(adElementId))
                        || (getParameters().getAdGroup() != null && !getParameters().getAdGroup().getid().equals(adElementId))) {
            addCanDoActionMessage(VdcBllMessages.PERMISSION_ADD_FAILED_USER_ID_MISMATCH);
            return false;
        }
        // if user and group not sent check user/group is in the db in order to
        // give permission
        if (adElementId != null
                && getParameters().getVdcUser() == null
                && getParameters().getAdGroup() == null
                && (DbFacade.getInstance().getDbUserDAO().get(adElementId) == null && DbFacade
                        .getInstance().getAdGroupDAO().get(adElementId) == null)) {
            getReturnValue().getCanDoActionMessages().add(
                                                          VdcBllMessages.USER_MUST_EXIST_IN_DB.toString());
            return false;
        }

        // we check that we don't insert duplicate permissions
        if (DbFacade
                .getInstance()
                .getPermissionDAO()
                .getForRoleAndAdElementAndObject(perm.getrole_id(), adElementId,
                                                 perm.getObjectId()) != null) {
            addCanDoActionMessage(VdcBllMessages.ERROR_PERMISSION_ALREADY_EXIST);
            return false;
        }

        // only system super user can give permissions with admin roles
        if (!isSystemSuperUser() && role.getType() == RoleType.ADMIN) {
            addCanDoActionMessage(VdcBllMessages.PERMISSION_ADD_FAILED_ONLY_SYSTEM_SUPER_USER_CAN_GIVE_ADMIN_ROLES);
            return false;
        }

        // don't allow adding permissions to vms from pool externally
        if (!isInternalExecution() && perm.getObjectType() == VdcObjectType.VM) {
            VM vm = DbFacade.getInstance().getVmDAO().getById(perm.getObjectId());
            if (vm != null && vm.getVmPoolId() != null) {
                addCanDoActionMessage(VdcBllMessages.PERMISSION_ADD_FAILED_VM_IN_POOL);
                return false;
            }
        }

        return true;
    }

    @Override
    protected void executeCommand() {
        final permissions perm = getParameters().getPermission();

        // try to add user to db if vdcUser sent
        if (getParameters().getVdcUser() != null && _dbUser == null) {
            _dbUser = UserCommandBase.initUser(getParameters().getVdcUser(), getParameters().getSessionId());
            if (_dbUser == null) {
                return;
            }
        }
        // try to add group to db if adGroup sent
        else if (getParameters().getAdGroup() != null) {
            _adGroup = AdGroupsHandlingCommandBase.initAdGroup(getParameters().getAdGroup());
        }

        perm.setId(Guid.NewGuid());

        TransactionSupport.executeInNewTransaction(new TransactionMethod<Void>() {
            @Override
            public Void runInTransaction() {
                DbFacade.getInstance().getPermissionDAO().save(perm);
                getCompensationContext().snapshotNewEntity(perm);
                getCompensationContext().stateChanged();
                return null;
            }
        });
        getReturnValue().setActionReturnValue(perm.getId());

        if (_dbUser != null) {
            updateAdminStatus(perm);
        }
        setSucceeded(true);
    }

    private void updateAdminStatus(permissions perm) {
        // if the role of the permission is of type admin update the user
        // lastAdminCheckStatus to true
        roles role = DbFacade.getInstance().getRoleDAO().get(perm.getrole_id());
        if (role.getType() == RoleType.ADMIN) {
            MultiLevelAdministrationHandler.setIsAdminGUIFlag(perm.getad_element_id(), true);
        }
    }

    @Override
    public AuditLogType getAuditLogTypeValue() {
        return getSucceeded() ? AuditLogType.USER_ADD_PERMISSION : AuditLogType.USER_ADD_PERMISSION_FAILED;
    }

    @Override
    public Map<Guid, VdcObjectType> getPermissionCheckSubjects() {
        permissions permission = getParameters().getPermission();
        return Collections.singletonMap(permission.getObjectId(), permission.getObjectType());
    }
}