AdminOperationCommandBase.java example

Explorer
gluster-ovirt-poc-master
- backend
  - manager
- frontend
package org.ovirt.engine.core.bll;

import java.util.Collections;
import java.util.Map;

import org.ovirt.engine.core.common.VdcObjectType;
import org.ovirt.engine.core.common.action.VdcActionParametersBase;
import org.ovirt.engine.core.common.config.Config;
import org.ovirt.engine.core.common.config.ConfigValues;
import org.ovirt.engine.core.compat.Guid;
import org.ovirt.engine.core.compat.LogCompat;
import org.ovirt.engine.core.compat.LogFactoryCompat;
import org.ovirt.engine.core.dal.VdcBllMessages;

/**
 * This class implements IsUserAutorizedToRunAction() so only admin users can
 * execute it without explicit permissions given for users, Any command that can
 * be executed by administrators and there are no permission for should extend
 * this class for example - no permissions can be given on tags and only admin
 * users can manipulate tags
 *
 * 'admin user' logic is in MultiLevelAdministrationHandler.isAdminUser mathod
 *
 */
public abstract class AdminOperationCommandBase<T extends VdcActionParametersBase> extends CommandBase<T> {

    private static LogCompat log = LogFactoryCompat.getLog(AdminOperationCommandBase.class);

    protected AdminOperationCommandBase(T parameters) {
        super(parameters);
    }

    protected AdminOperationCommandBase() {
    }

    /**
     * Check if current user is admin according to
     * MultiLevelAdministrationHandler.isAdminUser
     *
     */
    @Override
    protected boolean IsUserAutorizedToRunAction() {
        if (isInternalExecution() || !Config.<Boolean> GetValue(ConfigValues.IsMultilevelAdministrationOn)) {
            if (log.isDebugEnabled()) {
                log.debugFormat(
                        "IsUserAutorizedToRunAction: Internal action or MLA is off - permission check skipped for action {0}",
                        getActionType());
            }
            return true;
        }

        if (getCurrentUser() != null) {
            if (MultiLevelAdministrationHandler.isAdminUser(getCurrentUser().getUserId())) {
                return true;
            }
            addCanDoActionMessage(VdcBllMessages.USER_NOT_AUTHORIZED_TO_PERFORM_ACTION);
            return false;
        } // user not logged in
        else {
            addCanDoActionMessage(VdcBllMessages.USER_IS_NOT_LOGGED_IN);
            return false;
        }
    }

    @Override
    public Map<Guid, VdcObjectType> getPermissionCheckSubjects() {
        // Not needed for admin operations.
        return Collections.emptyMap();
    }

}