Ravi Nori has uploaded a new change for review. Change subject: tools : manage-domains messages should be more clear ......................................................................
tools : manage-domains messages should be more clear When user adds a domain with no "-addPermissions" the message should show the option of -action=edit with -addPermissions option. When the user edits a domain to change the password of a user who has been granted permissions with -addPermissions, the message to grant permissions should not be displayed. Change-Id: Ibf4428a2d59d7bda5f3fa70f4c7334a4a4624c42 Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=908246 Signed-off-by: Ravi Nori <[email protected]> --- M backend/manager/dbscripts/multi_level_administration_sp.sql M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/ManageDomains.java M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/ManageDomainsDAO.java M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/ManageDomainsDAOImpl.java 4 files changed, 87 insertions(+), 2 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/92/11992/1 diff --git a/backend/manager/dbscripts/multi_level_administration_sp.sql b/backend/manager/dbscripts/multi_level_administration_sp.sql index a80174a..3dd08e2 100644 --- a/backend/manager/dbscripts/multi_level_administration_sp.sql +++ b/backend/manager/dbscripts/multi_level_administration_sp.sql @@ -57,6 +57,37 @@ END; $procedure$ LANGUAGE plpgsql; + + + +CREATE OR REPLACE FUNCTION get_user_permissions_for_domain(v_name VARCHAR(255), v_domain VARCHAR(255)) +RETURNS SETOF permissions_view + AS $procedure$ + DECLARE + v_user_name VARCHAR(255); + v_index INTEGER; +BEGIN +-- find if name already includes domain (@) + v_index := POSITION('@' IN v_name); + + if (v_index > 0) then + v_user_name := substr(v_name, 0, v_index); + else + v_user_name := v_name; + end if; + RETURN QUERY SELECT * + FROM permissions_view + WHERE permissions_view.ad_element_id in ( + SELECT users.user_id + FROM users + WHERE users.domain = v_domain + AND users.name = v_user_name); + +END; $procedure$ +LANGUAGE plpgsql; + + + Create or replace FUNCTION GetConsumedPermissionsForQuotaId(v_quota_id UUID) RETURNS SETOF permissions_view AS $procedure$ diff --git a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/ManageDomains.java b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/ManageDomains.java index a417d4f..deeb421 100644 --- a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/ManageDomains.java +++ b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/ManageDomains.java @@ -36,7 +36,8 @@ private final String WARNING_ABOUT_TO_DELETE_LAST_DOMAIN = "WARNING: Domain %1$s is the last domain in the configuration. After deleting it you will have to either add another domain, or to use the internal admin user in order to login."; private final String INFO_ABOUT_NOT_ADDING_PERMISSIONS = - "The domain %1$s has been added to the engine as an authentication source but no users from that domain have been granted permissions within the oVirt Manager.\nUsers from this domain can be granted permissions from the Web administration interface."; + "The domain %1$s has been added to the engine as an authentication source but no users from that domain have been granted permissions within the oVirt Manager.\n"+ + "Users from this domain can be granted permissions from the Web administration interface or by editing the domain using -action=edit and specifying -addPermissions."; private final String SERVICE_RESTART_MESSAGE = "oVirt Engine restart is required in order for the changes to take place (service ovirt-engine restart)."; @@ -500,7 +501,8 @@ private void handleAddPermissions(String domainName,DomainsConfigurationEntry adUserNameEntry, DomainsConfigurationEntry adUserIdEntry) { if (addPermissions) { updatePermissionsTable(adUserNameEntry, adUserIdEntry); - } else { + } else + if (!userHasPermissions(adUserNameEntry, adUserIdEntry)) { System.out.println(String.format(INFO_ABOUT_NOT_ADDING_PERMISSIONS, domainName)); } } @@ -524,6 +526,24 @@ } } + private boolean userHasPermissions(DomainsConfigurationEntry adUserNameEntry, + DomainsConfigurationEntry adUseridEntry) { + try { + Set<Entry<String, String>> userNameValues = adUserNameEntry.getValues(); + + for (Entry<String, String> currUserEntry : userNameValues) { + String currDomain = currUserEntry.getKey(); + String currUser = currUserEntry.getValue(); + if (daoImpl.getUserHasPermissions(currUser, currDomain)) { + return true; + } + } + } catch (SQLException e) { + log.error(e); + } + return false; + } + public void editDomain(CLIParser parser) throws ManageDomainsResult { String authMode; String domainName = parser.getArg(Arguments.domain.toString()).toLowerCase(); diff --git a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/ManageDomainsDAO.java b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/ManageDomainsDAO.java index 117a550..90f246c 100644 --- a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/ManageDomainsDAO.java +++ b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/ManageDomainsDAO.java @@ -4,5 +4,6 @@ public interface ManageDomainsDAO { boolean updatePermissionsTable(String uuid, String username, String domain) throws SQLException; + boolean getUserHasPermissions(String userName, String domain) throws SQLException; } diff --git a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/ManageDomainsDAOImpl.java b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/ManageDomainsDAOImpl.java index eb18ef0..716c2c2 100644 --- a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/ManageDomainsDAOImpl.java +++ b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/kerberos/ManageDomainsDAOImpl.java @@ -2,6 +2,7 @@ import java.sql.Connection; import java.sql.PreparedStatement; +import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Types; import java.util.UUID; @@ -15,6 +16,7 @@ private DataSource ds; private String actionQuery = "select attach_user_to_su_role(?,?,?,?)"; + private String selectQuery = "select get_user_permissions_for_domain(?,?)"; private final static Logger log = Logger.getLogger(ManageDomainsDAOImpl.class); public ManageDomainsDAOImpl() throws SQLException { @@ -46,4 +48,35 @@ } return result; } + + @Override + public boolean getUserHasPermissions(String userName, String domain) throws SQLException { + Connection connection = null; + PreparedStatement prepareStatement = null; + ResultSet resultSet = null; + try { + log.info("getPermissionsForUser username: " + userName + " domain: " + domain); + connection = ds.getConnection(); + prepareStatement = connection.prepareStatement(selectQuery); + prepareStatement.setString(1, userName); + prepareStatement.setString(2, domain); + resultSet = prepareStatement.executeQuery(); + if (resultSet.next()) { + log.info("Result Set is not empty"); + return true; + } + log.info("Result Set is empty"); + } finally { + if (resultSet != null) { + resultSet.close(); + } + if (prepareStatement != null) { + prepareStatement.close(); + } + if (connection != null) { + connection.close(); + } + } + return false; + } } -- To view, visit http://gerrit.ovirt.org/11992 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ibf4428a2d59d7bda5f3fa70f4c7334a4a4624c42 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: engine_3.2 Gerrit-Owner: Ravi Nori <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
