package org.ovirt.engine.core.bll;
import java.util.Collections;
import java.util.Map;
import org.ovirt.engine.core.common.VdcObjectType;
import org.ovirt.engine.core.common.action.PermissionsOperationsParametes;
import org.ovirt.engine.core.common.businessentities.DbUser;
import org.ovirt.engine.core.common.businessentities.ad_groups;
import org.ovirt.engine.core.common.businessentities.permissions;
import org.ovirt.engine.core.common.businessentities.roles;
import org.ovirt.engine.core.compat.Guid;
import org.ovirt.engine.core.dal.dbbroker.DbFacade;
import org.ovirt.engine.core.dal.dbbroker.auditloghandling.CustomLogField;
import org.ovirt.engine.core.dal.dbbroker.auditloghandling.CustomLogFields;
@CustomLogFields({ @CustomLogField("RoleName"), @CustomLogField("VdcObjectType"), @CustomLogField("VdcObjectName"), @CustomLogField("SubjectName")})
public abstract class PermissionsCommandBase<T extends PermissionsOperationsParametes> extends CommandBase<T> {
/**
* Constructor for command creation when compensation is applied on startup
*
* @param commandId
*/
protected PermissionsCommandBase(Guid commandId) {
super(commandId);
}
public PermissionsCommandBase(T parameters) {
super(parameters);
}
protected DbUser _dbUser;
protected ad_groups _adGroup;
/**
* Get the object translated type (e.g Host , VM), on which the MLA operation has been executed on.
*
* @see VdcObjectType
* @return Translated object type.
*/
public String getVdcObjectType() {
return getParameters().getPermission().getObjectType().getVdcObjectTranslation();
}
/**
* Get the object name, which the MLA operation occurs on. If no entity found, returns null.
*
* @return Object name.
*/
public String getVdcObjectName() {
permissions perms = getParameters().getPermission();
return DbFacade.getInstance().getEntityNameByIdAndType(perms.getObjectId(), perms.getObjectType());
}
public String getRoleName() {
roles role = DbFacade.getInstance().getRoleDAO().get(getParameters().getPermission().getrole_id());
return role == null ? null : role.getname();
}
public String getSubjectName() {
// we may have to load user/group from db first.
// it would be nice to handle this from command execution rather than
// audit log messages
initUserAndGroupData();
return _dbUser == null ? (_adGroup == null ? "" : _adGroup.getname()) : _dbUser.getusername();
}
public void initUserAndGroupData() {
if (_dbUser == null) {
_dbUser = DbFacade.getInstance().getDbUserDAO().get(getParameters().getPermission().getad_element_id());
}
if (_adGroup == null) {
_adGroup =
DbFacade.getInstance().getAdGroupDAO().get(getParameters().getPermission().getad_element_id());
}
}
protected boolean isSystemSuperUser() {
permissions superUserPermission = DbFacade
.getInstance()
.getPermissionDAO()
.getForRoleAndAdElementAndObjectWithGroupCheck(
PredefinedRoles.SUPER_USER.getId(),
getCurrentUser().getUserId(),
MultiLevelAdministrationHandler.SYSTEM_OBJECT_ID);
return superUserPermission != null;
}
// TODO - this code is shared with addPermissionCommand - check if
// addPermission can extend this command
@Override
public Map<Guid, VdcObjectType> getPermissionCheckSubjects() {
return Collections.singletonMap(getParameters().getPermission().getObjectId(), getParameters().getPermission()
.getObjectType());
}
}