RemovePermissionCommand.java example

Explorer
gluster-ovirt-poc-master
- backend
  - manager
- frontend
package org.ovirt.engine.core.bll;

import org.ovirt.engine.core.common.AuditLogType;
import org.ovirt.engine.core.common.VdcObjectType;
import org.ovirt.engine.core.common.action.PermissionsOperationsParametes;
import org.ovirt.engine.core.common.action.VdcActionType;
import org.ovirt.engine.core.common.action.VmPoolSimpleUserParameters;
import org.ovirt.engine.core.common.businessentities.RoleType;
import org.ovirt.engine.core.common.businessentities.VM;
import org.ovirt.engine.core.common.businessentities.permissions;
import org.ovirt.engine.core.compat.Guid;
import org.ovirt.engine.core.dal.VdcBllMessages;
import org.ovirt.engine.core.dal.dbbroker.DbFacade;

public class RemovePermissionCommand<T extends PermissionsOperationsParametes> extends PermissionsCommandBase<T> {

    /**
     * Constructor for command creation when compensation is applied on startup
     *
     * @param commandId
     */
    protected RemovePermissionCommand(Guid commandId) {
        super(commandId);
    }

    public RemovePermissionCommand(T parameters) {
        super(parameters);
    }

    @Override
    protected boolean canDoAction() {
        boolean returnValue=true;
        permissions p = DbFacade.getInstance().getPermissionDAO().get(getParameters().getPermission().getId());
        if (p.getad_element_id().equals(PredefinedUsers.ADMIN_USER.getId()) &&
           (p.getrole_id().equals(PredefinedRoles.SUPER_USER.getId()))) {
            addCanDoActionMessage(VdcBllMessages.USER_CANNOT_REMOVE_ADMIN_USER);
            returnValue = false;
        }
        if(MultiLevelAdministrationHandler.isLastSuperUserPermission(p.getrole_id())) {
           getReturnValue().getCanDoActionMessages().add(VdcBllMessages.ERROR_CANNOT_REMOVE_LAST_SUPER_USER_ROLE.toString());;
           returnValue=false;
        }
        if (returnValue && p.getRoleType().equals(RoleType.ADMIN) && !isSystemSuperUser()) {
            addCanDoActionMessage(VdcBllMessages.PERMISSION_REMOVE_FAILED_ONLY_SYSTEM_SUPER_USER_CAN_REMOVE_ADMIN_ROLES);
            returnValue = false;
        }
        return returnValue;
    }

    @Override
    protected void executeCommand() {
        permissions perms = getParameters().getPermission();
        Guid userId = perms.getad_element_id();

        // if removing engine user permission from vm,
        // check if vm is from pool and detach it
        if (perms.getObjectType().equals(VdcObjectType.VM)
                && perms.getrole_id().equals(PredefinedRoles.ENGINE_USER.getId())) {
            VM vm = DbFacade.getInstance().getVmDAO().get(perms.getObjectId());
            if (vm != null && vm.getVmPoolId() != null) {
                Backend.getInstance().runInternalAction(VdcActionType.DetachUserFromVmFromPool,
                        new VmPoolSimpleUserParameters(vm.getVmPoolId(), userId));
            }
        }

        DbFacade.getInstance().getPermissionDAO().remove(perms.getId());
        DbFacade.getInstance().updateLastAdminCheckStatus(userId);
        setSucceeded(true);
    }

    @Override
    public AuditLogType getAuditLogTypeValue() {
        return getSucceeded() ? AuditLogType.USER_REMOVE_PERMISSION : AuditLogType.USER_REMOVE_PERMISSION_FAILED;
    }
}