Yair Zaslavsky has uploaded a new change for review. Change subject: aaa: changes to attach_user_to_su_role ......................................................................
aaa: changes to attach_user_to_su_role 1. Introduced a function to attach role for user on system object 2. Used this function at attach_user_to_su_role 3. Moved generation of permission id to DB (changed manage domains code) Topic: AAA Change-Id: Iee8f6b1fac8f2281f9a5195918eeddc8788a4d17 Signed-off-by: Yair Zaslavsky <[email protected]> --- M backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ManageDomainsDAOImpl.java M packaging/dbscripts/common_sp.sql 2 files changed, 31 insertions(+), 22 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/32/25932/1 diff --git a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ManageDomainsDAOImpl.java b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ManageDomainsDAOImpl.java index 5c5039a..719ca9e 100644 --- a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ManageDomainsDAOImpl.java +++ b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/tools/ManageDomainsDAOImpl.java @@ -5,7 +5,6 @@ import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Types; -import java.util.UUID; import javax.sql.DataSource; @@ -16,7 +15,7 @@ public class ManageDomainsDAOImpl implements ManageDomainsDAO { private DataSource ds; - private String actionQuery = "select attach_user_to_su_role(?,?,?,?)"; + private String actionQuery = "select attach_user_to_su_role(?,?,?)"; private String selectQuery = "select get_user_permissions_for_domain(?,?)"; private final static Logger log = Logger.getLogger(ManageDomainsDAOImpl.class); @@ -33,11 +32,9 @@ log.info("uuid: " + userId + " username: " + userName + " domain: " + domain); connection = ds.getConnection(); prepareStatement = connection.prepareStatement(actionQuery); - String permissionId = UUID.randomUUID().toString(); - prepareStatement.setObject(1, permissionId, Types.OTHER); - prepareStatement.setString(2, userId); - prepareStatement.setString(3, userName); - prepareStatement.setString(4, domain); + prepareStatement.setString(1, userId); + prepareStatement.setString(2, userName); + prepareStatement.setString(3, domain); result = prepareStatement.execute(); } finally { DbUtils.closeQuietly(prepareStatement, connection); diff --git a/packaging/dbscripts/common_sp.sql b/packaging/dbscripts/common_sp.sql index 0e5a04c..0fbecd3 100644 --- a/packaging/dbscripts/common_sp.sql +++ b/packaging/dbscripts/common_sp.sql @@ -257,32 +257,44 @@ END; $procedure$ LANGUAGE plpgsql; +CREATE OR REPLACE FUNCTION attach_user_to_role ( + v_user_id VARCHAR(255), + v_user_name VARCHAR(255), + v_domain VARCHAR(255), + v_role_id VARCHAR(255) +) +RETURNS void AS +$BODY$ +DECLARE + input_uuid uuid; + input_role_id uuid; + v_external_id BYTEA; +BEGIN + input_uuid = CAST( v_user_id AS uuid ); + input_role_id = CAST (v_role_id as uuid ); + + -- The external identifier is the user identifier converted to an array of + -- bytes: + v_external_id := decode(replace(v_user_id::text, '-', ''), 'hex'); + + insert into users(user_id,external_id,name,domain,username,groups,active,last_admin_check_status) select input_uuid, v_external_id, v_user_name, v_domain, v_user_name,'',true,true where not exists (select user_id,name,domain,username,groups,active from users where user_id = input_uuid); + + insert into permissions(id,role_id,ad_element_id,object_id,object_type_id) select uuid_generate_v1() v_role_id, input_role_id, input_uuid, getGlobalIds('system'), 1 where not exists(select role_id,ad_element_id,object_id,object_type_id from permissions where role_id = '00000000-0000-0000-0000-000000000001' and ad_element_id = input_uuid and object_id= getGlobalIds('system') and object_type_id = 1); +END; $BODY$ +LANGUAGE plpgsql; + CREATE OR REPLACE FUNCTION attach_user_to_su_role( - v_permission_id uuid, v_user_id VARCHAR(255), v_name VARCHAR(255), v_domain VARCHAR(255) ) RETURNS void AS $BODY$ - DECLARE - v_document VARCHAR(64); - input_uuid uuid; - v_external_id BYTEA; BEGIN - input_uuid = CAST( v_user_id AS uuid ); - - -- The external identifier is the user identifier converted to an array of - -- bytes: - v_external_id := decode(replace(v_user_id::text, '-', ''), 'hex'); - -insert into users(user_id,external_id,name,domain,username,groups,active,last_admin_check_status) select input_uuid, v_external_id, v_name, v_domain, v_name,'',true,true where not exists (select user_id,name,domain,username,groups,active from users where user_id = input_uuid); - -insert into permissions(id,role_id,ad_element_id,object_id,object_type_id) select v_permission_id, '00000000-0000-0000-0000-000000000001', input_uuid, getGlobalIds('system'), 1 where not exists(select role_id,ad_element_id,object_id,object_type_id from permissions where role_id = '00000000-0000-0000-0000-000000000001' and ad_element_id = input_uuid and object_id= getGlobalIds('system') and object_type_id = 1); + PERFORM attach_user_to_role(v_user_id, v_name, v_domain, '00000000-0000-0000-0000-000000000001'); END; $BODY$ - LANGUAGE plpgsql; -- To view, visit http://gerrit.ovirt.org/25932 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Iee8f6b1fac8f2281f9a5195918eeddc8788a4d17 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yair Zaslavsky <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
