Updated Branches: refs/heads/rbac ad6af49f0 -> 3333a04c4
During Upgrade to 4.3, Populate the API Permissions per Out-Of-Box Role from commands.properties file Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/3333a04c Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/3333a04c Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/3333a04c Branch: refs/heads/rbac Commit: 3333a04c4007d21ab66d53b2f1159b7c9ef858f7 Parents: ad6af49 Author: Prachi Damle <[email protected]> Authored: Thu Sep 19 12:32:54 2013 -0700 Committer: Prachi Damle <[email protected]> Committed: Thu Sep 19 12:32:54 2013 -0700 ---------------------------------------------------------------------- api/src/org/apache/cloudstack/acl/RoleType.java | 5 ++- .../com/cloud/upgrade/dao/Upgrade420to430.java | 45 ++++++++++++++++++++ 2 files changed, 48 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/3333a04c/api/src/org/apache/cloudstack/acl/RoleType.java ---------------------------------------------------------------------- diff --git a/api/src/org/apache/cloudstack/acl/RoleType.java b/api/src/org/apache/cloudstack/acl/RoleType.java index 0d1c446..7306bc1 100644 --- a/api/src/org/apache/cloudstack/acl/RoleType.java +++ b/api/src/org/apache/cloudstack/acl/RoleType.java @@ -19,10 +19,10 @@ package org.apache.cloudstack.acl; // Enum for default roles in CloudStack public enum RoleType { + User(8), Admin(1), - ResourceAdmin(2), DomainAdmin(4), - User(8), + ResourceAdmin(2), Unknown(0); private int mask; @@ -35,3 +35,4 @@ public enum RoleType { return mask; } } + http://git-wip-us.apache.org/repos/asf/cloudstack/blob/3333a04c/engine/schema/src/com/cloud/upgrade/dao/Upgrade420to430.java ---------------------------------------------------------------------- diff --git a/engine/schema/src/com/cloud/upgrade/dao/Upgrade420to430.java b/engine/schema/src/com/cloud/upgrade/dao/Upgrade420to430.java index 0ea88b6..9575fb1 100644 --- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade420to430.java +++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade420to430.java @@ -22,9 +22,12 @@ import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; +import java.util.Map; +import org.apache.cloudstack.acl.RoleType; import org.apache.log4j.Logger; +import com.cloud.utils.PropertiesUtil; import com.cloud.utils.exception.CloudRuntimeException; import com.cloud.utils.script.Script; @@ -59,6 +62,7 @@ public class Upgrade420to430 implements DbUpgrade { @Override public void performDataMigration(Connection conn) { populateACLGroupAccountMap(conn); + populateACLRoleBasedAPIPermission(conn); } // populate acl_group_account_map table for existing accounts @@ -106,6 +110,47 @@ public class Upgrade420to430 implements DbUpgrade { s_logger.debug("Completed populate acl_group_account_map for existing accounts."); } + private void populateACLRoleBasedAPIPermission(Connection conn) { + // read the commands.properties.in and populate the table + PreparedStatement apiInsert = null; + + s_logger.debug("Populating acl_api_permission table for existing commands..."); + try { + apiInsert = conn.prepareStatement("INSERT INTO `cloud`.`acl_api_permission` (role_id, api) values(?, ?)"); + + Map<String, String> commandMap = PropertiesUtil.processConfigFile(new String[] { "commands.properties" }); + for (Map.Entry<String, String> entry : commandMap.entrySet()) { + String apiName = entry.getKey(); + String roleMask = entry.getValue(); + try { + short cmdPermissions = Short.parseShort(roleMask); + for (RoleType roleType : RoleType.values()) { + if ((cmdPermissions & roleType.getValue()) != 0) { + // insert entry into api_permission for this role + apiInsert.setLong(1, roleType.ordinal() + 1); + apiInsert.setString(2, apiName); + apiInsert.executeUpdate(); + } + } + } catch (NumberFormatException nfe) { + s_logger.info("Malformed key=value pair for entry: " + entry.toString()); + } + } + } catch (SQLException e) { + String msg = "Unable to populate acl_api_permission for existing commands." + e.getMessage(); + s_logger.error(msg); + throw new CloudRuntimeException(msg, e); + } finally { + try { + if (apiInsert != null) { + apiInsert.close(); + } + } catch (SQLException e) { + } + } + s_logger.debug("Completed populate acl_api_permission for existing commands."); + } + @Override public File[] getCleanupScripts() { String script = Script.findScript("", "db/schema-420to430-cleanup.sql");
