[
https://issues.apache.org/jira/browse/CLOUDSTACK-8562?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15238909#comment-15238909
]
ASF GitHub Bot commented on CLOUDSTACK-8562:
--------------------------------------------
Github user DaanHoogland commented on a diff in the pull request:
https://github.com/apache/cloudstack/pull/1489#discussion_r59515911
--- Diff:
api/src/org/apache/cloudstack/api/command/admin/acl/CreateRolePermissionCmd.java
---
@@ -0,0 +1,121 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.cloudstack.api.command.admin.acl;
+
+import com.cloud.user.Account;
+import com.google.common.base.Strings;
+import org.apache.cloudstack.acl.Role;
+import org.apache.cloudstack.acl.RolePermission;
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.acl.Rule;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.RolePermissionResponse;
+import org.apache.cloudstack.api.response.RoleResponse;
+import org.apache.cloudstack.context.CallContext;
+
+@APICommand(name = CreateRolePermissionCmd.APINAME, description = "Adds a
API permission to a role", responseObject = RolePermissionResponse.class,
+ requestHasSensitiveInfo = false, responseHasSensitiveInfo = false,
+ since = "4.9.0",
+ authorized = {RoleType.Admin})
+public class CreateRolePermissionCmd extends BaseCmd {
+ public static final String APINAME = "createRolePermission";
+
+ /////////////////////////////////////////////////////
+ //////////////// API parameters /////////////////////
+ /////////////////////////////////////////////////////
+
+ @Parameter(name = ApiConstants.ROLE_ID, type = CommandType.UUID,
required = true, entityType = RoleResponse.class, description = "ID of the
role")
+ private Long roleId;
+
+ @Parameter(name = ApiConstants.RULE, type = CommandType.STRING,
required = true, description = "The API name or wildcard rule such as list*")
+ private String rule;
+
+ @Parameter(name = ApiConstants.PERMISSION, type = CommandType.STRING,
required = true, description = "The rule permission, allow or deny. Default:
deny.")
+ private String permission;
+
+ @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING,
description = "The description of the role permission")
+ private String description;
+
+ /////////////////////////////////////////////////////
+ /////////////////// Accessors ///////////////////////
+ /////////////////////////////////////////////////////
+
+ public Long getRoleId() {
+ return roleId;
+ }
+
+ public Rule getRule() {
+ return new Rule(rule);
+ }
+
+ public RolePermission.Permission getPermission() {
+ if (Strings.isNullOrEmpty(permission)) {
+ return null;
+ }
+ return RolePermission.Permission.valueOf(permission.toUpperCase());
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ /////////////////////////////////////////////////////
+ /////////////// API Implementation///////////////////
+ /////////////////////////////////////////////////////
+
+ @Override
+ public String getCommandName() {
+ return APINAME.toLowerCase() + BaseCmd.RESPONSE_SUFFIX;
+ }
+
+ @Override
+ public long getEntityOwnerId() {
+ return Account.ACCOUNT_ID_SYSTEM;
+ }
+
+ @Override
+ public void execute() {
+ if (getRule() == null) {
+ throw new ServerApiException(ApiErrorCode.PARAM_ERROR,
"Invalid role permission rule provided");
+ }
+ Role role = roleService.findRole(getRoleId());
+ if (role == null) {
+ throw new ServerApiException(ApiErrorCode.PARAM_ERROR,
"Invalid role id provided");
+ }
+ CallContext.current().setEventDetails("Role id: " + role.getId() +
", rule:" + getRule() + ", permission: " + getPermission() + ", description: "
+ getDescription());
+ RolePermission rolePermission =
roleService.createRolePermission(role, getRule(), getPermission(),
getDescription());
+ if (rolePermission == null) {
+ throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR,
"Failed to create role permission");
+ }
+
+ RolePermissionResponse response = new RolePermissionResponse();
+ response.setId(rolePermission.getUuid());
+ response.setRoleId(role.getUuid());
+ response.setRule(rolePermission.getRule());
+ response.setRulePermission(rolePermission.getPermission());
+ response.setDescription(rolePermission.getDescription());
+ response.setResponseName(getCommandName());
+ response.setObjectName("rolepermission");
+ setResponseObject(response);
+ }
--- End diff --
same as CreateRoleCmd; maybe factor this block out for readability?
> User Definable Roles
> --------------------
>
> Key: CLOUDSTACK-8562
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8562
> Project: CloudStack
> Issue Type: New Feature
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Management Server
> Reporter: Paul Angus
> Assignee: Rohit Yadav
>
> Static command.properties moved to database and made user definable
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
