Yair Zaslavsky has posted comments on this change. Change subject: aaa: Adding resolve groups ......................................................................
Patch Set 6: (4 comments) http://gerrit.ovirt.org/#/c/28368/6/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java File backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java: Line 136: Authz.InvokeKeys.QUERY_ENTITY, Line 137: Authz.QueryEntity.PRINCIPAL Line 138: ).mput( Line 139: Authz.InvokeKeys.QUERY_FLAGS, Line 140: groupsResolving ? Authz.QueryFlags.RESOLVE_GROUPS : Authz.QueryFlags.RESOLVE_GROUPS_NONE > why don't you use the neat queryFlagValue(groupsResolving, false) ? Done Line 141: ).mput( Line 142: Authz.InvokeKeys.QUERY_FILTER, Line 143: filter Line 144: ).mput( http://gerrit.ovirt.org/#/c/28368/6/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/aaa/DirectoryUtils.java File backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/aaa/DirectoryUtils.java: Line 29: Line 30: DbGroupDAO dao = DbFacade.getInstance().getDbGroupDao(); Line 31: if (groupsSet != null) { Line 32: boolean first = true; Line 33: for (DirectoryGroup group : groupsList) { > so why don't you use the set directly? The set is unordered, I would like to keep the order of the groups , as I need to store that info in db - both the group names (with ",") and the group ids (with ",") . i with to have the groupIds field and groupNames field of db user keep the same order so when at sync it will not cause the mechanism to think the user has changed when it didnt. Line 34: DbGroup dbGroup = dao.getByExternalId(group.getDirectoryName(), group.getId()); Line 35: if (!first) { Line 36: sb.append(","); Line 37: } else { http://gerrit.ovirt.org/#/c/28368/6/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/KerberosLdapAuthz.java File backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/KerberosLdapAuthz.java: Line 116: new LdapSearchByQueryParameters(configuration, Line 117: null, Line 118: getDirectoryName(), Line 119: queryData, Line 120: (input.<Integer> get(Authz.InvokeKeys.QUERY_FLAGS, Authz.QueryFlags.RESOLVE_GROUPS_NONE) & Authz.QueryFlags.RESOLVE_GROUPS) !=0 > replace the Authz.QueryFlags.RESOLVE_GROUPS_NONE with 0 Done Line 121: ) Line 122: ); Line 123: List<LdapUser> ldapUsers = (List<LdapUser>) ldapResult.getReturnValue(); Line 124: List<ExtMap> results = new ArrayList<>(); http://gerrit.ovirt.org/#/c/28368/6/backend/manager/modules/extensions-api-root/extensions-api/src/main/java/org/ovirt/engine/api/extensions/aaa/Authz.java File backend/manager/modules/extensions-api-root/extensions-api/src/main/java/org/ovirt/engine/api/extensions/aaa/Authz.java: Line 126: * <ul> Line 127: * <li>{@link InvokeKeys#NAMESPACE}[M]</li> Line 128: * <li>{@link InvokeKeys#QUERY_ENTITY}[M]</li> Line 129: * <li>{@link InvokeKeys#QUERY_FILTER}[M]</li> Line 130: * <li>{@link InvokeKeys#QUERY_FLAGS}[M] - query flags.</li> > it is not mandatory as missing == none Done Line 131: * </ul> Line 132: * </p> Line 133: * Line 134: * <p> -- To view, visit http://gerrit.ovirt.org/28368 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I3249b7f18c8bf609c9577e60aafa948a0aa55101 Gerrit-PatchSet: 6 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yair Zaslavsky <[email protected]> Gerrit-Reviewer: Alon Bar-Lev <[email protected]> Gerrit-Reviewer: Yair Zaslavsky <[email protected]> Gerrit-Reviewer: [email protected] Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
