[rhq] 2 commits - modules/helpers
by Simeon Pinder
modules/helpers/ldap-tool/src/main/java/org/rhq/TestLdapSettings.java | 41 +++++-----
1 file changed, 24 insertions(+), 17 deletions(-)
New commits:
commit 35aec2e57a134860d16fcc80dfea8ca3f9db6c33
Author: Simeon Pinder <spinder(a)redhat.com>
Date: Mon Aug 5 16:52:11 2013 -0400
minor refactor.
diff --git a/modules/helpers/ldap-tool/src/main/java/org/rhq/TestLdapSettings.java b/modules/helpers/ldap-tool/src/main/java/org/rhq/TestLdapSettings.java
index 86d64ab..b13b289 100644
--- a/modules/helpers/ldap-tool/src/main/java/org/rhq/TestLdapSettings.java
+++ b/modules/helpers/ldap-tool/src/main/java/org/rhq/TestLdapSettings.java
@@ -23,6 +23,7 @@ import java.util.Set;
import javax.naming.CompositeName;
import javax.naming.Context;
+import javax.naming.InvalidNameException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
@@ -464,19 +465,7 @@ public class TestLdapSettings extends JFrame {
// Going with the first match
SearchResult si = (SearchResult) answer.next();
- // Construct the UserDN
- // userDN = si.getName() + "," + baseDNs[x];
- //BZ: 981015:
- userDN = null;
-
- try {
- userDN = si.getNameInNamespace();
- } catch (UnsupportedOperationException use) {
- userDN = new CompositeName(si.getName()).get(0);
- if (si.isRelative()) {
- userDN += "," + baseDNs[x];
- }
- }
+ constructUserDn(baseDNs, x, si);
msg = "STEP-2:PASS: The test user '"
+ testUserName
@@ -946,16 +935,7 @@ public class TestLdapSettings extends JFrame {
// We use the first match
SearchResult si = answer.next();
// Construct the UserDN
- userDN = null;
-
- try {
- userDN = si.getNameInNamespace();
- } catch (UnsupportedOperationException use) {
- userDN = new CompositeName(si.getName()).get(0);
- if (si.isRelative()) {
- userDN += "," + baseDNs[x];
- }
- }
+ constructUserDn(baseDNs, x, si);
userDetails.put("dn", userDN);
// Construct the UserDN
@@ -977,6 +957,22 @@ public class TestLdapSettings extends JFrame {
return userDetails;
}
+ /* Construct UserDn.
+ *
+ */
+ private void constructUserDn(String[] baseDNs, int x, SearchResult si) throws InvalidNameException {
+ userDN = null;
+
+ try {
+ userDN = si.getNameInNamespace();
+ } catch (UnsupportedOperationException use) {
+ userDN = new CompositeName(si.getName()).get(0);
+ if (si.isRelative()) {
+ userDN += "," + baseDNs[x];
+ }
+ }
+ }
+
public Set<String> findAvailableGroupsFor(String userName) {
// Load our LDAP specific properties
Properties options = env;
commit e6fb7a22c9cc1b7c3a5dab8cf48017d5da564087
Author: Simeon Pinder <spinder(a)redhat.com>
Date: Mon Aug 5 16:41:57 2013 -0400
Applying fixes for [BZ 707047] and [BZ 981015] to LDAP Test Tool, to correctly encode characters and
consistently construct UserDN.
diff --git a/modules/helpers/ldap-tool/src/main/java/org/rhq/TestLdapSettings.java b/modules/helpers/ldap-tool/src/main/java/org/rhq/TestLdapSettings.java
index bc322ab..86d64ab 100644
--- a/modules/helpers/ldap-tool/src/main/java/org/rhq/TestLdapSettings.java
+++ b/modules/helpers/ldap-tool/src/main/java/org/rhq/TestLdapSettings.java
@@ -21,6 +21,7 @@ import java.util.Map;
import java.util.Properties;
import java.util.Set;
+import javax.naming.CompositeName;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
@@ -464,7 +465,19 @@ public class TestLdapSettings extends JFrame {
SearchResult si = (SearchResult) answer.next();
// Construct the UserDN
- userDN = si.getName() + "," + baseDNs[x];
+ // userDN = si.getName() + "," + baseDNs[x];
+ //BZ: 981015:
+ userDN = null;
+
+ try {
+ userDN = si.getNameInNamespace();
+ } catch (UnsupportedOperationException use) {
+ userDN = new CompositeName(si.getName()).get(0);
+ if (si.isRelative()) {
+ userDN += "," + baseDNs[x];
+ }
+ }
+
msg = "STEP-2:PASS: The test user '"
+ testUserName
+ "' was succesfully located, and the following userDN will be used in authorization check:\n";
@@ -914,7 +927,8 @@ public class TestLdapSettings extends JFrame {
String filter = String.format("(&(%s)(%s=%s))",
groupSearchFilter, groupMemberFilter,
- testUserDN);
+ // testUserDN); BZ 707047
+ encodeForFilter(testUserDN));
generateUiLoggingForStep4LdapFilter(userName, filter);
@@ -931,19 +945,16 @@ public class TestLdapSettings extends JFrame {
// We use the first match
SearchResult si = answer.next();
- //generate the DN
- String userDN = null;
+ // Construct the UserDN
+ userDN = null;
+
try {
userDN = si.getNameInNamespace();
} catch (UnsupportedOperationException use) {
- userDN = si.getName();
- if (userDN.startsWith("\"")) {
- userDN = userDN.substring(1, userDN.length());
- }
- if (userDN.endsWith("\"")) {
- userDN = userDN.substring(0, userDN.length() - 1);
+ userDN = new CompositeName(si.getName()).get(0);
+ if (si.isRelative()) {
+ userDN += "," + baseDNs[x];
}
- userDN = userDN + "," + baseDNs[x];
}
userDetails.put("dn", userDN);
10 years, 10 months
[rhq] modules/enterprise
by mike thompson
modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/detail/monitoring/table/AddToDashboardComponent.java | 18 +++-------
1 file changed, 7 insertions(+), 11 deletions(-)
New commits:
commit 59eaa500eedaae0a7e687800c049dbfe7f5c01b1
Author: Mike Thompson <mithomps(a)redhat.com>
Date: Mon Aug 5 15:07:37 2013 -0700
[BZ 991257] Spurious Globally uncaught Exception: (TypeError): 'null' is not an object. Add EnhancedToolstrip instead of Toolstrip to fix proper destroying.
diff --git a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/detail/monitoring/table/AddToDashboardComponent.java b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/detail/monitoring/table/AddToDashboardComponent.java
index 52b0d86..f337202 100644
--- a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/detail/monitoring/table/AddToDashboardComponent.java
+++ b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/detail/monitoring/table/AddToDashboardComponent.java
@@ -23,12 +23,10 @@ import java.util.LinkedHashMap;
import com.google.gwt.user.client.rpc.AsyncCallback;
import com.smartgwt.client.widgets.IButton;
import com.smartgwt.client.widgets.events.ClickEvent;
-import com.smartgwt.client.widgets.form.DynamicForm;
import com.smartgwt.client.widgets.form.fields.SelectItem;
import com.smartgwt.client.widgets.form.fields.events.ChangeEvent;
import com.smartgwt.client.widgets.form.fields.events.ChangeHandler;
import com.smartgwt.client.widgets.grid.ListGridRecord;
-import com.smartgwt.client.widgets.toolbar.ToolStrip;
import org.rhq.core.domain.configuration.PropertySimple;
import org.rhq.core.domain.criteria.DashboardCriteria;
@@ -42,12 +40,13 @@ import org.rhq.enterprise.gui.coregui.client.dashboard.portlets.inventory.resour
import org.rhq.enterprise.gui.coregui.client.gwt.GWTServiceLookup;
import org.rhq.enterprise.gui.coregui.client.util.Log;
import org.rhq.enterprise.gui.coregui.client.util.enhanced.Enhanced;
+import org.rhq.enterprise.gui.coregui.client.util.enhanced.EnhancedToolStrip;
import org.rhq.enterprise.gui.coregui.client.util.message.Message;
/**
* @author Mike Thompson
*/
-public class AddToDashboardComponent extends ToolStrip implements Enhanced {
+public class AddToDashboardComponent extends EnhancedToolStrip implements Enhanced {
final private Resource resource;
private SelectItem dashboardSelectItem;
private Dashboard selectedDashboard;
@@ -75,7 +74,6 @@ public class AddToDashboardComponent extends ToolStrip implements Enhanced {
private void createToolstrip() {
addSpacer(15);
- dashboardSelectItem = new SelectItem();
addToDashboardButton = new IButton(MSG.view_metric_addToDashboard());
addToDashboardButton.disable();
@@ -103,8 +101,8 @@ public class AddToDashboardComponent extends ToolStrip implements Enhanced {
.getMetricDefinitions()) {
if (measurementDefinition.getId() == selectedRecord
.getAttributeAsInt(MetricsViewDataSource.FIELD_METRIC_DEF_ID)) {
- Log.info("Add to Dashboard -- Storing: " + measurementDefinition.getDisplayName()
- + " in " + selectedDashboard.getName());
+ Log.info("Add to Dashboard -- Storing: " + measurementDefinition.getDisplayName() + " in "
+ + selectedDashboard.getName());
storeDashboardMetric(selectedDashboard, resource, measurementDefinition);
break;
}
@@ -114,15 +112,14 @@ public class AddToDashboardComponent extends ToolStrip implements Enhanced {
});
}
- public void disableAddToDashboardButton(){
- addToDashboardButton.disable();
+ public void disableAddToDashboardButton() {
+ addToDashboardButton.disable();
}
- public void enableAddToDashboardButton(){
+ public void enableAddToDashboardButton() {
addToDashboardButton.enable();
}
-
public void populateDashboardMenu() {
dashboardMenuMap.clear();
dashboardMap.clear();
@@ -157,7 +154,6 @@ public class AddToDashboardComponent extends ToolStrip implements Enhanced {
this.metricsListGrid = metricsListGrid;
}
-
private void storeDashboardMetric(Dashboard dashboard, Resource resource, MeasurementDefinition definition) {
DashboardPortlet dashboardPortlet = new DashboardPortlet(MSG.view_tree_common_contextMenu_resourceGraph(),
ResourceD3GraphPortlet.KEY, 250);
10 years, 10 months
[rhq] Branch 'feature/bundle-group' - modules/core modules/enterprise
by Jay Shaughnessy
modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java | 16
modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java | 33 -
modules/core/domain/src/main/java/org/rhq/core/domain/bundle/Bundle.java | 32 -
modules/core/domain/src/main/java/org/rhq/core/domain/bundle/BundleGroup.java | 54 +-
modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/bundle/BundleManagerBeanTest.java | 265 +++++++++-
modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerBean.java | 26
modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerLocal.java | 26
modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java | 4
modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerBean.java | 83 ++-
modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerLocal.java | 9
10 files changed, 480 insertions(+), 68 deletions(-)
New commits:
commit 71fe832fda706228745df1bc9fe089b1b7095d8b
Author: Jay Shaughnessy <jshaughn(a)redhat.com>
Date: Mon Aug 5 17:42:45 2013 -0400
More fine-grained bundle testing and work
- add canView authz support for bundle stuff
- up the serial version uid for affected entities
- fix inverse relation handling on add/remove/sets
- add more testing around create and delete, fix cleanup of bundle groups
- fix some delete code when roles or bundles are associated with bundle groups
- add some more useful authz checking for local api
diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java
index 5f86d8e..c70d651 100644
--- a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java
+++ b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java
@@ -186,6 +186,20 @@ import org.rhq.core.domain.resource.group.ResourceGroup;
+ " JOIN r.subjects s " //
+ " WHERE s.id = :subjectId ) ) "),
+ @NamedQuery(name = Subject.QUERY_CAN_VIEW_BUNDLE, query = "SELECT COUNT(b) "
+ + "FROM Bundle b, IN (b.bundleGroups) bg, IN (bg.roles) r, IN (r.subjects) s "
+ + "WHERE s = :subject AND b.id = :bundleId"),
+
+ @NamedQuery(name = Subject.QUERY_CAN_VIEW_BUNDLE_GROUP, query = "" //
+ + "SELECT count(bg) " //
+ + " FROM BundleGroup bg " //
+ + " WHERE bg.id = :bundleGroupId " //
+ + " AND bg.id IN (SELECT innerbg.id " //
+ + " FROM BundleGroup innerbg " //
+ + " JOIN innerbg.roles r " //
+ + " JOIN r.subjects s " //
+ + " WHERE s = :subject) "),
+
/*
* No easy way to test whether ALL resources are in some group in some role in some subject where
* subject.id = <id> & role.permission = <perm>
@@ -246,6 +260,8 @@ public class Subject implements Serializable {
public static final String QUERY_CAN_VIEW_RESOURCES = "Subject.canViewResources";
public static final String QUERY_CAN_VIEW_GROUP = "Subject.canViewGroup";
public static final String QUERY_CAN_VIEW_AUTO_GROUP = "Subject.canViewAutoGroup";
+ public static final String QUERY_CAN_VIEW_BUNDLE = "Subject.canViewBundle";
+ public static final String QUERY_CAN_VIEW_BUNDLE_GROUP = "Subject.canViewBundleGroup";
public static final String QUERY_GET_RESOURCES_BY_PERMISSION = "Subject.getResourcesByPermission";
diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java b/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java
index af5af3b..3f4c136 100644
--- a/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java
+++ b/modules/core/domain/src/main/java/org/rhq/core/domain/authz/Role.java
@@ -38,6 +38,7 @@ import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
+import javax.persistence.JoinTable;
import javax.persistence.ManyToMany;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
@@ -94,7 +95,7 @@ public class Role implements Serializable {
public static final String QUERY_DYNAMIC_CONFIG_VALUES = "Role.dynamicConfigValues";
- private static final long serialVersionUID = 1L;
+ private static final long serialVersionUID = 2L;
@Column(name = "ID", nullable = false)
@GeneratedValue(strategy = GenerationType.AUTO, generator = "RHQ_ROLE_ID_SEQ")
@@ -129,7 +130,8 @@ public class Role implements Serializable {
@Cascade({ org.hibernate.annotations.CascadeType.ALL })
private Set<Permission> permissions = new HashSet<Permission>();
- @ManyToMany(mappedBy = "roles")
+ @JoinTable(name = "RHQ_ROLE_BUNDLE_GROUP_MAP", joinColumns = { @JoinColumn(name = "ROLE_ID") }, inverseJoinColumns = { @JoinColumn(name = "BUNDLE_GROUP_ID") })
+ @ManyToMany
private Set<BundleGroup> bundleGroups = new HashSet<BundleGroup>();
public Role() {
@@ -277,9 +279,16 @@ public class Role implements Serializable {
}
public Set<BundleGroup> getBundleGroups() {
+ if (this.bundleGroups == null) {
+ this.bundleGroups = new HashSet<BundleGroup>();
+ }
return bundleGroups;
}
+ /**
+ * This also updates the inverse relations (add this role to bundle groups)
+ * @param bundleGroups
+ */
public void setBundleGroups(Set<BundleGroup> bundleGroups) {
if (bundleGroups == null) {
this.bundleGroups = new HashSet<BundleGroup>();
@@ -292,22 +301,22 @@ public class Role implements Serializable {
}
}
+ /**
+ * This also updates the inverse relation (add this role to bundle group)
+ * @param bundleGroup
+ */
public void addBundleGroup(BundleGroup bundleGroup) {
- if (this.bundleGroups == null) {
- this.bundleGroups = new HashSet<BundleGroup>();
- }
-
+ getBundleGroups().add(bundleGroup);
bundleGroup.addRole(this);
- this.bundleGroups.add(bundleGroup);
}
+ /**
+ * This also updates the inverse relation (remove this role from bundle group)
+ * @param bundleGroup
+ */
public void removeBundleGroup(BundleGroup bundleGroup) {
- if (this.bundleGroups == null) {
- this.bundleGroups = new HashSet<BundleGroup>();
- }
-
+ getBundleGroups().remove(bundleGroup);
bundleGroup.removeRole(this);
- this.bundleGroups.remove(bundleGroup);
}
public Set<ResourceGroup> getResourceGroups() {
diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/bundle/Bundle.java b/modules/core/domain/src/main/java/org/rhq/core/domain/bundle/Bundle.java
index 5af51af..c2f2714 100644
--- a/modules/core/domain/src/main/java/org/rhq/core/domain/bundle/Bundle.java
+++ b/modules/core/domain/src/main/java/org/rhq/core/domain/bundle/Bundle.java
@@ -69,7 +69,7 @@ import org.rhq.core.domain.tagging.Tag;
@Table(name = "RHQ_BUNDLE")
@XmlAccessorType(XmlAccessType.FIELD)
public class Bundle implements Serializable {
- private static final long serialVersionUID = 1L;
+ private static final long serialVersionUID = 2L;
public static final String QUERY_FIND_ALL = "Bundle.findAll";
public static final String QUERY_FIND_BY_NAME = "Bundle.findByName";
@@ -104,8 +104,8 @@ public class Bundle implements Serializable {
@OneToMany(mappedBy = "bundle", fetch = FetchType.LAZY)
private List<BundleVersion> bundleVersions = new ArrayList<BundleVersion>();
- @ManyToMany(mappedBy = "bundles", fetch = FetchType.LAZY, cascade = CascadeType.REMOVE)
- private Set<BundleGroup> bundleGroups;
+ @ManyToMany(mappedBy = "bundles", fetch = FetchType.LAZY)
+ private Set<BundleGroup> bundleGroups = new HashSet<BundleGroup>();
@ManyToMany(mappedBy = "bundles", fetch = FetchType.LAZY, cascade = CascadeType.REMOVE)
private Set<Tag> tags;
@@ -183,26 +183,34 @@ public class Bundle implements Serializable {
}
public Set<BundleGroup> getBundleGroups() {
+ if (this.bundleGroups == null) {
+ this.bundleGroups = new HashSet<BundleGroup>();
+ }
return bundleGroups;
}
+ /**
+ * This does not set the inverse relationships.
+ * @param bundleGroups
+ */
public void setBundleGroups(Set<BundleGroup> bundleGroups) {
this.bundleGroups = bundleGroups;
}
+ /**
+ * This does not set the inverse relationship. You may want {@link BundleGroup#addBundle(Bundle)}.
+ * @param bundleGroups
+ */
public void addBundleGroup(BundleGroup bundleGroup) {
- if (this.bundleGroups == null) {
- this.bundleGroups = new HashSet<BundleGroup>();
- }
- this.bundleGroups.add(bundleGroup);
+ getBundleGroups().add(bundleGroup);
}
+ /**
+ * This does not set the inverse relationship. You may want {@link BundleGroup#removeBundle(Bundle)}.
+ * @param bundleGroups
+ */
public boolean removeBundleGroup(BundleGroup bundleGroup) {
- if (this.bundleGroups != null) {
- return this.bundleGroups.remove(bundleGroup);
- } else {
- return false;
- }
+ return getBundleGroups().remove(bundleGroup);
}
public List<BundleDestination> getDestinations() {
diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/bundle/BundleGroup.java b/modules/core/domain/src/main/java/org/rhq/core/domain/bundle/BundleGroup.java
index 16037f7..dd6a824 100644
--- a/modules/core/domain/src/main/java/org/rhq/core/domain/bundle/BundleGroup.java
+++ b/modules/core/domain/src/main/java/org/rhq/core/domain/bundle/BundleGroup.java
@@ -26,8 +26,10 @@ import java.io.Serializable;
import java.util.HashSet;
import java.util.Set;
+import javax.persistence.CascadeType;
import javax.persistence.Column;
import javax.persistence.Entity;
+import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
@@ -74,11 +76,10 @@ public class BundleGroup implements Serializable {
@JoinTable(name = "RHQ_BUNDLE_GROUP_BUNDLE_MAP", joinColumns = { @JoinColumn(name = "BUNDLE_GROUP_ID") }, inverseJoinColumns = { @JoinColumn(name = "BUNDLE_ID") })
@ManyToMany
- private Set<Bundle> bundles = new HashSet<Bundle>();
+ private Set<Bundle> bundles;
- @JoinTable(name = "RHQ_ROLE_BUNDLE_GROUP_MAP", joinColumns = { @JoinColumn(name = "BUNDLE_GROUP_ID") }, inverseJoinColumns = { @JoinColumn(name = "ROLE_ID") })
- @ManyToMany
- private Set<Role> roles = new HashSet<Role>();
+ @ManyToMany(mappedBy = "bundleGroups", fetch = FetchType.LAZY, cascade = CascadeType.REMOVE)
+ private Set<Role> roles;
public BundleGroup() {
// for JPA use
@@ -119,12 +120,41 @@ public class BundleGroup implements Serializable {
return bundles;
}
+ /**
+ * This also updates the inverse relation (add this bundle group to bundle)
+ * @param bundle
+ */
public void addBundle(Bundle bundle) {
getBundles().add(bundle);
+ bundle.addBundleGroup(this);
}
- public void removeBundle(Bundle bundle) {
- getBundles().remove(bundle);
+ /**
+ * This also updates the inverse relation (remove this bundle group from bundle)
+ * @param bundle
+ */
+ public boolean removeBundle(Bundle bundle) {
+ boolean result = getBundles().remove(bundle);
+ bundle.removeBundleGroup(this);
+ return result;
+ }
+
+ /**
+ * This also updates the inverse relations
+ * @param bundle
+ */
+ public void setBundles(Set<Bundle> bundles) {
+ for (Bundle bundle : getBundles()) {
+ bundle.removeBundleGroup(this);
+ }
+
+ this.bundles.clear();
+
+ if (null != bundles) {
+ for (Bundle bundle : bundles) {
+ addBundle(bundle);
+ }
+ }
}
public Set<Role> getRoles() {
@@ -134,12 +164,20 @@ public class BundleGroup implements Serializable {
return roles;
}
+ /**
+ * This *does not* update the inverse relation. You may want {@link Role#addBundleGroup(BundleGroup)}
+ * @param role
+ */
public void addRole(Role role) {
getRoles().add(role);
}
- public void removeRole(Role role) {
- getRoles().remove(role);
+ /**
+ * This *does not* update the inverse relation. You may want {@link Role#removeBundleGroup(BundleGroup)}
+ * @param role
+ */
+ public boolean removeRole(Role role) {
+ return getRoles().remove(role);
}
public Long getCtime() {
diff --git a/modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/bundle/BundleManagerBeanTest.java b/modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/bundle/BundleManagerBeanTest.java
index 117d2df..5e94ab1 100644
--- a/modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/bundle/BundleManagerBeanTest.java
+++ b/modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/bundle/BundleManagerBeanTest.java
@@ -215,6 +215,15 @@ public class BundleManagerBeanTest extends AbstractEJB3Test {
em.remove(em.getReference(BundleDeployment.class, ((BundleDeployment) removeMe).getId()));
}
+ // remove bundle groups to free up bundles
+ q = em.createQuery("SELECT bg FROM BundleGroup bg WHERE bg.name LIKE '" + TEST_PREFIX + "%'");
+ doomed = q.getResultList();
+ for (Object removeMe : doomed) {
+ BundleGroup doomedBundleGroup = em.find(BundleGroup.class, ((BundleGroup) removeMe).getId());
+ doomedBundleGroup.setBundles(new HashSet<Bundle>());
+ em.remove(doomedBundleGroup);
+ }
+
// remove bundles which cascade remove packageTypes and destinations
// packagetypes cascade remove packages
// package cascade remove packageversions
@@ -224,6 +233,7 @@ public class BundleManagerBeanTest extends AbstractEJB3Test {
em.remove(em.getReference(Bundle.class, ((Bundle) removeMe).getId()));
}
em.flush();
+
// remove any orphaned pvs
q = em.createQuery("SELECT pv FROM PackageVersion pv WHERE pv.generalPackage.name LIKE '" + TEST_PREFIX
+ "%'");
@@ -257,13 +267,6 @@ public class BundleManagerBeanTest extends AbstractEJB3Test {
em.remove(em.getReference(Repo.class, ((Repo) removeMe).getId()));
}
- // remove bundle groups no longer referenced by bundles
- q = em.createQuery("SELECT bg FROM BundleGroup bg WHERE bg.name LIKE '" + TEST_PREFIX + "%'");
- doomed = q.getResultList();
- for (Object removeMe : doomed) {
- em.remove(em.getReference(BundleGroup.class, ((BundleGroup) removeMe).getId()));
- }
-
// remove Resource Groups left over from test deployments freeing up test resources
q = em.createQuery("SELECT rg FROM ResourceGroup rg WHERE rg.name LIKE '" + TEST_PREFIX + "%'");
doomed = q.getResultList();
@@ -1318,12 +1321,9 @@ public class BundleManagerBeanTest extends AbstractEJB3Test {
}
@Test(enabled = TESTS_ENABLED)
- public void authzBundleGroupTest() throws Exception {
- Subject subject = null;
- Role role = null;
-
- subject = createNewSubject(TEST_USER_NAME);
- role = createNewRoleForSubject(subject, TEST_ROLE_NAME);
+ public void testAuthzBundleGroup() throws Exception {
+ Subject subject = createNewSubject(TEST_USER_NAME);
+ Role role = createNewRoleForSubject(subject, TEST_ROLE_NAME);
subject = createSession(subject); // start a session so we can use this subject in SLSB calls
@@ -1479,14 +1479,241 @@ public class BundleManagerBeanTest extends AbstractEJB3Test {
assertEquals("Should be able to see assigned bundle", 1, bundleGroups.size());
assertNotNull(bundleGroups.get(0).getBundles());
assertEquals("Should have fetched bundle in bundle group", 1, bundleGroups.get(0).getBundles().size());
- assertEquals("Should have fetched bundle in bundle group", bundle, bundleGroups.get(0).getBundles()
- .iterator().next());
+ assertEquals("Should have fetched bundle in bundle group", bundle, bundleGroups.get(0).getBundles().iterator()
+ .next());
assertNotNull(bundleGroups.get(0).getRoles());
assertEquals("Should have fetched role for bundle group", 1, bundleGroups.get(0).getRoles().size());
assertEquals("Should have fetched role for bundle group", role, bundleGroups.get(0).getRoles().iterator()
.next());
}
+ @Test(enabled = TESTS_ENABLED)
+ public void testAuthzCreateBundleVersion() throws Exception {
+ Subject subject = createNewSubject(TEST_USER_NAME);
+ Role role = createNewRoleForSubject(subject, TEST_ROLE_NAME);
+
+ subject = createSession(subject); // start a session so we can use this subject in SLSB calls
+
+ // create bundle group
+ addRolePermissions(role, Permission.MANAGE_BUNDLE_GROUPS);
+ BundleGroup bundleGroup1 = bundleManager.createBundleGroup(subject, TEST_BUNDLE_GROUP_NAME + "_1", "bg-1");
+
+ // add bg1 to the role, but no perms
+ addRoleBundleGroup(role, bundleGroup1);
+
+ // deny bundle create in bg1 (no create perm)
+ try {
+ createBundle(subject, TEST_PREFIX + ".bundle", bundleGroup1.getId());
+ fail("Should have thrown PermissionException");
+ } catch (PermissionException e) {
+ // expected
+ }
+
+ // allow bundle creation in bg1 (has create perm)
+ addRolePermissions(role, Permission.CREATE_BUNDLES_IN_GROUP);
+ Bundle bundle = createBundle(subject, TEST_PREFIX + ".bundle", bundleGroup1.getId());
+
+ // deny bundle version creation (perm taken away)
+ removeRolePermissions(role, Permission.CREATE_BUNDLES_IN_GROUP);
+ try {
+ BundleVersion bv1 = createBundleVersion(subject, bundle.getName() + "-1", null, bundle);
+ fail("Should have thrown PermissionException");
+ } catch (PermissionException e) {
+ // expected
+ }
+
+ // allow bundle version creation (perm granted)
+ addRolePermissions(role, Permission.CREATE_BUNDLES_IN_GROUP);
+ BundleVersion bv1 = createBundleVersion(subject, bundle.getName() + "-1", null, bundle);
+ assertNotNull(bv1);
+ assertEquals("1.0", bv1.getVersion());
+ assert 0 == bv1.getVersionOrder();
+
+ // create second role
+ Role role2 = createNewRoleForSubject(subject, TEST_ROLE_NAME + "_2");
+ addRolePermissions(role2, Permission.CREATE_BUNDLES_IN_GROUP);
+
+ // create second bundle group
+ BundleGroup bundleGroup2 = bundleManager.createBundleGroup(subject, TEST_BUNDLE_GROUP_NAME + "_2", "bg-2");
+
+ // deny bundle create in bg2 (not associated with role)
+ try {
+ createBundle(subject, TEST_PREFIX + ".bundle", bundleGroup2.getId());
+ fail("Should have thrown PermissionException");
+ } catch (PermissionException e) {
+ // expected
+ }
+
+ // deny bundle assign to bg2 (not associated with role)
+ try {
+ bundleManager.assignBundlesToBundleGroup(subject, bundleGroup2.getId(), new int[] { bundle.getId() });
+ fail("Should have thrown PermissionException");
+ } catch (PermissionException e) {
+ // expected
+ }
+
+ // add bg2 to the role
+ addRoleBundleGroup(role2, bundleGroup2);
+
+ // deny bundle assign to bg2 (no perm)
+ removeRolePermissions(role2, Permission.CREATE_BUNDLES_IN_GROUP);
+ try {
+ bundleManager.assignBundlesToBundleGroup(subject, bundleGroup2.getId(), new int[] { bundle.getId() });
+ fail("Should have thrown PermissionException");
+ } catch (PermissionException e) {
+ // expected
+ }
+
+ // allow bundle assign to bg2
+ addRolePermissions(role2, Permission.ASSIGN_BUNDLES_TO_GROUP);
+ bundleManager.assignBundlesToBundleGroup(subject, bundleGroup2.getId(), new int[] { bundle.getId() });
+
+ // should fetch the single bundle even though it is in two groups
+ BundleCriteria bundleCriteria = new BundleCriteria();
+ bundleCriteria.addFilterBundleGroupIds(bundleGroup1.getId(), bundleGroup2.getId());
+ List<Bundle> bundles = bundleManager.findBundlesByCriteria(subject, bundleCriteria);
+ assertNotNull(bundles);
+ assertEquals("Should be able to see assigned bundle", 1, bundles.size());
+ assertEquals("Should have fetched bundle", bundle, bundles.get(0));
+
+ BundleVersionCriteria bvCriteria = new BundleVersionCriteria();
+ bvCriteria.addFilterBundleId(bundle.getId());
+ List<BundleVersion> bundleVersions = bundleManager.findBundleVersionsByCriteria(subject, bvCriteria);
+ assertNotNull(bundleVersions);
+ assertEquals("Should be able to see assigned bundle bundleversion", 1, bundleVersions.size());
+ assertEquals("Should have fetched bundleversion", bv1, bundleVersions.get(0));
+
+ // deny unassign
+ try {
+ bundleManager.unassignBundlesFromBundleGroup(subject, bundleGroup2.getId(), new int[] { bundle.getId() });
+ fail("Should have thrown PermissionException");
+ } catch (PermissionException e) {
+ // expected
+ }
+
+ // allow unassigns
+ addRolePermissions(role, Permission.UNASSIGN_BUNDLES_FROM_GROUP);
+ addRolePermissions(role2, Permission.UNASSIGN_BUNDLES_FROM_GROUP);
+ bundleManager.unassignBundlesFromBundleGroup(subject, bundleGroup1.getId(), new int[] { bundle.getId() });
+ bundleManager.unassignBundlesFromBundleGroup(subject, bundleGroup2.getId(), new int[] { bundle.getId() });
+
+ // should not find the now unassigned bundle
+ bundles = bundleManager.findBundlesByCriteria(subject, bundleCriteria);
+ assertNotNull(bundles);
+ assertEquals("Should not be able to see unassigned bundle", 0, bundles.size());
+
+ bundleVersions = bundleManager.findBundleVersionsByCriteria(subject, bvCriteria);
+ assertNotNull(bundleVersions);
+ assertEquals("Should not be able to see unassigned bundle bundleversion", 0, bundleVersions.size());
+
+ // allow view
+ addRolePermissions(role, Permission.VIEW_BUNDLES);
+
+ // should fetch the single unassigned bundle due to global view in one of the assigned roles
+ bundleCriteria.addFilterBundleGroupIds(null);
+ bundles = bundleManager.findBundlesByCriteria(subject, bundleCriteria);
+ assertNotNull(bundles);
+ assertEquals("Should be able to see unassigned bundle", 1, bundles.size());
+ assertEquals("Should have fetched bundle", bundle, bundles.get(0));
+
+ bundleVersions = bundleManager.findBundleVersionsByCriteria(subject, bvCriteria);
+ assertNotNull(bundleVersions);
+ assertEquals("Should be able to see unassigned bundle bundleversion", 1, bundleVersions.size());
+ assertEquals("Should have fetched bundleversion", bv1, bundleVersions.get(0));
+ }
+
+ @Test(enabled = TESTS_ENABLED)
+ public void testAuthzDeleteBundleVersion() throws Exception {
+ Subject subject = createNewSubject(TEST_USER_NAME);
+ Role role = createNewRoleForSubject(subject, TEST_ROLE_NAME);
+
+ subject = createSession(subject); // start a session so we can use this subject in SLSB calls
+
+ // create bundle group
+ addRolePermissions(role, Permission.MANAGE_BUNDLE_GROUPS);
+ BundleGroup bundleGroup1 = bundleManager.createBundleGroup(subject, TEST_BUNDLE_GROUP_NAME + "_1", "bg-1");
+
+ // add bg1 to the role with group create
+ addRoleBundleGroup(role, bundleGroup1);
+ addRolePermissions(role, Permission.CREATE_BUNDLES_IN_GROUP);
+
+ // allow bundle creation in bg1 (has create perm)
+ Bundle bundle = createBundle(subject, TEST_PREFIX + ".bundle", bundleGroup1.getId());
+
+ // allow delete, global perm
+ addRolePermissions(role, Permission.DELETE_BUNDLES);
+ deleteBundleVersion(subject, bundle);
+
+ // allow bundle creation in bg1 (has create perm)
+ bundle = createBundle(subject, TEST_PREFIX + ".bundle", bundleGroup1.getId());
+
+ // allow delete, bundle group perm
+ removeRolePermissions(role, Permission.DELETE_BUNDLES);
+ addRolePermissions(role, Permission.DELETE_BUNDLES_FROM_GROUP);
+ deleteBundleVersion(subject, bundle);
+
+ // allow bundle creation in bg1 (has create perm)
+ bundle = createBundle(subject, TEST_PREFIX + ".bundle", bundleGroup1.getId());
+
+ // deny delete, no delete perms
+ removeRolePermissions(role, Permission.DELETE_BUNDLES_FROM_GROUP);
+ try {
+ deleteBundleVersion(subject, bundle);
+ fail("Should have thrown PermissionException");
+ } catch (PermissionException e) {
+ // expected
+ }
+ }
+
+ // subject must have create bundle version permission
+ private void deleteBundleVersion(Subject subject, Bundle b1) throws Exception {
+ assertNotNull(b1);
+
+ BundleVersion bv1 = createBundleVersion(subject, b1.getName() + "-1", null, b1);
+ assertNotNull(bv1);
+ assertEquals("1.0", bv1.getVersion());
+ BundleVersion bv2 = createBundleVersion(subject, b1.getName() + "-2", null, b1);
+ assertNotNull(bv2);
+ assertEquals("1.1", bv2.getVersion());
+
+ // let's add a bundle file so we can ensure our deletion will also delete the file too
+ bundleManager.addBundleFileViaByteArray(subject, bv2.getId(), "testDeleteBundleVersion", "1.0",
+ new Architecture("noarch"), "content".getBytes());
+ BundleFileCriteria bfCriteria = new BundleFileCriteria();
+ bfCriteria.addFilterBundleVersionId(bv2.getId());
+ bfCriteria.fetchPackageVersion(true);
+ PageList<BundleFile> files = bundleManager.findBundleFilesByCriteria(overlord, bfCriteria);
+ assert files.size() == 1 : files;
+ assert files.get(0).getPackageVersion().getGeneralPackage().getName().equals("testDeleteBundleVersion") : files;
+
+ BundleVersionCriteria bvCriteria = new BundleVersionCriteria();
+ BundleCriteria bCriteria = new BundleCriteria();
+
+ // delete the first one - this deletes the BV but the bundle should remain intact
+ bundleManager.deleteBundleVersion(subject, bv2.getId(), true);
+ bvCriteria.addFilterId(bv2.getId());
+ PageList<BundleVersion> bvResults = bundleManager.findBundleVersionsByCriteria(subject, bvCriteria);
+ assert bvResults.size() == 0;
+ bCriteria.addFilterId(b1.getId());
+ PageList<Bundle> bResults = bundleManager.findBundlesByCriteria(subject, bCriteria);
+ assert bResults.size() == 1 : "Should not have deleted bundle yet, 1 version still exists";
+
+ // delete the second one - this deletes last BV thus the bundle should also get deleted
+ bundleManager.deleteBundleVersion(subject, bv1.getId(), true);
+ bvCriteria.addFilterId(bv1.getId());
+ bvResults = bundleManager.findBundleVersionsByCriteria(subject, bvCriteria);
+ assert bvResults.size() == 0;
+ bCriteria.addFilterId(b1.getId());
+ bResults = bundleManager.findBundlesByCriteria(subject, bCriteria);
+ assert bResults.size() == 0 : "Should have deleted bundle since no versions exists anymore";
+
+ // make sure our composite query is OK and can show us 0 bundles, too
+ PageList<BundleWithLatestVersionComposite> composites;
+ bCriteria = new BundleCriteria();
+ composites = bundleManager.findBundlesWithLatestVersionCompositesByCriteria(subject, bCriteria);
+ assert composites.size() == 0;
+ }
+
private Subject createNewSubject(String subjectName) throws Exception {
Subject newSubject = new Subject();
@@ -1557,8 +1784,12 @@ public class BundleManagerBeanTest extends AbstractEJB3Test {
}
private Bundle createBundle(Subject subject, String name) throws Exception {
+ return createBundle(subject, name, 0);
+ }
+
+ private Bundle createBundle(Subject subject, String name, int bundleGroupId) throws Exception {
BundleType bt = createBundleType(name);
- return createBundle(subject, name, bt, 0);
+ return createBundle(subject, name, bt, bundleGroupId);
}
private Bundle createBundle(Subject subject, String name, BundleType bt, int bundleGroupId) throws Exception {
@@ -1578,7 +1809,7 @@ public class BundleManagerBeanTest extends AbstractEJB3Test {
throws Exception {
final String fullName = TEST_PREFIX + "-bundleversion-" + version + "-" + name;
final String recipe = "deploy -f " + TEST_PREFIX + ".zip -d @@ test.path @@";
- BundleVersion bv = bundleManager.createBundleVersion(overlord, bundle.getId(), fullName, fullName + "-desc",
+ BundleVersion bv = bundleManager.createBundleVersion(subject, bundle.getId(), fullName, fullName + "-desc",
version, recipe);
assert bv.getId() > 0;
diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerBean.java
index d71095f..d5746d3 100644
--- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerBean.java
+++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerBean.java
@@ -304,6 +304,32 @@ public class AuthorizationManagerBean implements AuthorizationManagerLocal {
}
@Override
+ public boolean canViewBundle(Subject subject, int bundleId) {
+ if (hasGlobalPermission(subject, Permission.VIEW_BUNDLES)) {
+ return true;
+ }
+
+ Query query = entityManager.createNamedQuery(Subject.QUERY_CAN_VIEW_BUNDLE);
+ query.setParameter("subject", subject);
+ query.setParameter("bundleId", bundleId);
+ long count = (Long) query.getSingleResult();
+ return (count != 0);
+ }
+
+ @Override
+ public boolean canViewBundleGroup(Subject subject, int bundleGroupId) {
+ if (hasGlobalPermission(subject, Permission.VIEW_BUNDLES)) {
+ return true;
+ }
+
+ Query query = entityManager.createNamedQuery(Subject.QUERY_CAN_VIEW_BUNDLE_GROUP);
+ query.setParameter("subject", subject);
+ query.setParameter("bundleGroupId", bundleGroupId);
+ long count = (Long) query.getSingleResult();
+ return (count != 0);
+ }
+
+ @Override
public boolean isInventoryManager(Subject subject) {
return hasGlobalPermission(subject, Permission.MANAGE_INVENTORY);
}
diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerLocal.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerLocal.java
index 8872d61..62d3c0c 100644
--- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerLocal.java
+++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerLocal.java
@@ -80,6 +80,28 @@ public interface AuthorizationManagerLocal {
boolean canViewAutoGroup(Subject subject, int parentResourceId, int resourceTypeId);
/**
+ * Returns true if the current user has explicit (Global.VIEW_BUNDLES) or implicit (via bundleGroup-Role
+ * association) view of the specified bundle .
+ *
+ * @param subject the current subject or caller
+ * @param bundleId the id of some Bundle to check permissions against
+ *
+ * @return true if the current user has some role attached to some bundle group that contains this bundle
+ */
+ boolean canViewBundle(Subject subject, int bundleId);
+
+ /**
+ * Returns true if the current user has explicit (Global.VIEW_BUNDLES) or implicit (via bundleGroup-Role
+ * association) view of the specified bundle group.
+ *
+ * @param subject the current subject or caller
+ * @param bundleGroupId the id of some Bundle to check permissions against
+ *
+ * @return true if the current user has some role attached to some bundle group that contains this bundle
+ */
+ boolean canViewBundleGroup(Subject subject, int bundleGroupId);
+
+ /**
* Returns true if the current user possesses either: 1) the specified resource permission for the specified
* resource, or 2) the global MANAGE_INVENTORY permission which, by definition, gives full access to the inventory
* (all resources and all groups)
@@ -244,7 +266,7 @@ public interface AuthorizationManagerLocal {
* @return <code>true</code> if the given subject is considered the overlord subject
*/
boolean isOverlord(Subject subject);
-
+
/**
* Returns true if given subject is able to view given repo.
* The subject is able to view a repo if it is public or if the subject is the owner of the repo
@@ -255,7 +277,7 @@ public interface AuthorizationManagerLocal {
* @return true if subject is able to view the repo, false otherwise
*/
boolean canViewRepo(Subject subject, int repoId);
-
+
/**
* Returns true if given subject is able to update given repo.
* The subject is able to update a repo if it is owned by the subject
diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java
index aeaf597..96d44de 100644
--- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java
+++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java
@@ -841,7 +841,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote {
throw new IllegalArgumentException("Tried to remove role[" + roleId + "] from BundleGroup["
+ bundleGroupId + "], but role was not found");
}
- bundleGroup.removeRole(doomedRole);
+ doomedRole.removeBundleGroup(bundleGroup);
}
}
@@ -893,7 +893,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote {
throw new IllegalArgumentException("Tried to add role[" + roleId + "] to bundleGroup["
+ bundleGroupId + "], but role was not found");
}
- bundleGroup.addRole(role);
+ role.addBundleGroup(bundleGroup);
}
}
diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerBean.java
index bc85e6d..33c119e 100644
--- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerBean.java
+++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerBean.java
@@ -259,13 +259,14 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot
Bundle bundle = new Bundle(name, bundleType, repo, packageType);
bundle.setDescription(description);
bundle.setPackageType(packageType);
- if (null != bundleGroup) {
- bundle.addBundleGroup(bundleGroup);
- }
log.info("Creating bundle: " + bundle);
entityManager.persist(bundle);
+ if (null != bundleGroup) {
+ bundleGroup.addBundle(bundle);
+ }
+
return bundle;
}
@@ -511,6 +512,8 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot
throw new IllegalArgumentException("Invalid bundleId: " + bundleId);
}
+ checkCreateBundleVersionAuthz(subject, bundleId);
+
// parse the recipe (validation occurs here) and get the config def and list of files
BundleType bundleType = bundle.getBundleType();
RecipeParseResults results;
@@ -1784,7 +1787,7 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot
if (!authorizationManager.hasGlobalPermission(subject, Permission.VIEW_BUNDLES)) {
generator.setAuthorizationBundleFragment(CriteriaQueryGenerator.AuthorizationTokenType.BUNDLE,
- subject.getId());
+ subject.getId(), null);
}
CriteriaQueryRunner<BundleWithLatestVersionComposite> queryRunner = new CriteriaQueryRunner<BundleWithLatestVersionComposite>(
@@ -1824,6 +1827,11 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot
entityManager.flush();
}
+ // remove bundle from relevant any assigned bundle groups
+ for (BundleGroup bg : bundle.getBundleGroups()) {
+ bg.removeBundle(bundle);
+ }
+
// we need to whack the Repo once the Bundle no longer refers to it
Repo bundleRepo = bundle.getRepo();
@@ -2004,7 +2012,7 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot
// remove from any roles
for (Role r : bundleGroup.getRoles()) {
- bundleGroup.removeRole(r);
+ r.removeBundleGroup(bundleGroup);
}
bundleGroup = entityManager.merge(bundleGroup);
@@ -2036,7 +2044,7 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot
throw new IllegalArgumentException("BundleGroup does not exist for bundleGroupId [" + bundleGroupId + "]");
}
- checkAssignBundleGroupAuthz(subject, bundleGroupId, bundleIds);
+ checkUnassignBundleGroupAuthz(subject, bundleGroupId, bundleIds);
for (int bundleId : bundleIds) {
Bundle bundle = entityManager.find(Bundle.class, bundleId);
@@ -2074,7 +2082,7 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot
}
if (hasGlobalCreateBundles) {
- if (authorizationManager.hasBundleGroupPermission(subject, Permission.VIEW_BUNDLES_IN_GROUP, bundleGroupId)) {
+ if (authorizationManager.canViewBundleGroup(subject, bundleGroupId)) {
return;
}
} else {
@@ -2116,7 +2124,7 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot
}
if (hasGlobalCreateBundles) {
- if (authorizationManager.hasBundlePermission(subject, Permission.VIEW_BUNDLES_IN_GROUP, bundleId)) {
+ if (authorizationManager.canViewBundle(subject, bundleId)) {
return;
}
} else {
@@ -2173,7 +2181,7 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot
throw new IllegalArgumentException("Invalid bundleId: [" + bundleId + "]");
}
- if (!authorizationManager.hasBundlePermission(subject, Permission.VIEW_BUNDLES_IN_GROUP, bundleId)) {
+ if (!authorizationManager.canViewBundle(subject, bundleId)) {
String msg = "Subject [" + subject.getName()
+ "] requires either Global.VIEW_BUNDLES or BundleGroup.VIEW_BUNDLES_IN_GROUP to assign bundle ["
+ bundleId + "] to bundle group [" + bundleGroupId + "]";
@@ -2185,6 +2193,58 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot
}
/**
+ * Requires VIEW permission for the relevant bundles and either:
+ * - Global.DELETE_BUNDLE
+ * - BundleGroup.DELETE_BUNDLES_FROM_GROUP or BundleGroup.UNASSIGN_BUNDLES_FROM_GROUP for the relevant bundle group
+ *
+ * @param subject
+ * @param bundleGroupId an existing bundle group
+ * @param bundleIds existing bundles
+ * @throws PermissionException
+ */
+ private void checkUnassignBundleGroupAuthz(Subject subject, int bundleGroupId, int[] bundleIds)
+ throws PermissionException {
+
+ Set<Permission> globalPerms = authorizationManager.getExplicitGlobalPermissions(subject);
+ boolean hasGlobalDeleteBundles = globalPerms.contains(Permission.DELETE_BUNDLES);
+ boolean hasGlobalViewBundles = globalPerms.contains(Permission.VIEW_BUNDLES);
+
+ if (hasGlobalDeleteBundles && hasGlobalViewBundles) {
+ return;
+ }
+
+ boolean hasBundleGroupDelete = hasGlobalDeleteBundles
+ || authorizationManager.hasBundleGroupPermission(subject, Permission.DELETE_BUNDLES_FROM_GROUP,
+ bundleGroupId);
+ boolean hasBundleGroupUnassign = hasBundleGroupDelete
+ || authorizationManager.hasBundleGroupPermission(subject, Permission.UNASSIGN_BUNDLES_FROM_GROUP,
+ bundleGroupId);
+
+ if (!hasBundleGroupUnassign) {
+ String msg = "Subject ["
+ + subject.getName()
+ + "] requires one of Global.DELETE_BUNDLES, BundleGroup.DELETE_BUNDLES_FROM_GROUP, or BundleGroup.UNASSIGN_BUNDLES_FROM_GROUP to unassign a bundle to undle group ["
+ + bundleGroupId + "].";
+ throw new PermissionException(msg);
+ }
+
+ for (int bundleId : bundleIds) {
+ if (bundleId <= 0) {
+ throw new IllegalArgumentException("Invalid bundleId: [" + bundleId + "]");
+ }
+
+ if (!authorizationManager.canViewBundle(subject, bundleId)) {
+ String msg = "Subject [" + subject.getName()
+ + "] requires either Global.VIEW_BUNDLES or BundleGroup.VIEW_BUNDLES_IN_GROUP to unassign bundle ["
+ + bundleId + "] to bundle group [" + bundleGroupId + "]";
+ throw new PermissionException(msg);
+ }
+ }
+
+ return;
+ }
+
+ /**
* Required Permissions: Either:
* - Global.DEPLOY_BUNDLES and a view of the relevant bundle and a view of the relevant resource group (may involve multiple roles)
* - Resource.DEPLOY_BUNDLES_TO_GROUP and a view of the relevant bundle and a view of the relevant resource group (may involve multiple roles)
@@ -2210,8 +2270,7 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot
boolean hasResourceGroupDeploy = hasGlobalDeployBundles
|| authorizationManager.hasGroupPermission(subject, Permission.DEPLOY_BUNDLES_TO_GROUP, resourceGroupId);
- boolean hasBundleView = hasGlobalViewBundles
- || authorizationManager.hasBundlePermission(subject, Permission.VIEW_BUNDLES_IN_GROUP, bundleId);
+ boolean hasBundleView = hasGlobalViewBundles || authorizationManager.canViewBundle(subject, bundleId);
if (!(hasResourceGroupDeploy && hasBundleView)) {
String msg = "Subject [" + subject.getName()
@@ -2248,7 +2307,7 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot
}
if (hasGlobalDeleteBundles) {
- if (authorizationManager.hasBundlePermission(subject, Permission.VIEW_BUNDLES_IN_GROUP, bundleId)) {
+ if (authorizationManager.canViewBundle(subject, bundleId)) {
return;
}
} else {
diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerLocal.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerLocal.java
index f96d356..6df2610 100644
--- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerLocal.java
+++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerLocal.java
@@ -112,9 +112,12 @@ public interface BundleManagerLocal extends BundleManagerRemote {
/**
* Internal use only, test entry point
- * </p>
- * This method performs NO AUTHZ!
- * </p>
+ * <pre>
+ * Required Permissions: Either:
+ * - Global.CREATE_BUNDLES and Global.VIEW_BUNDLES
+ * - Global.CREATE_BUNDLES and BundleGroup.VIEW_BUNDLES_IN_GROUP for bundle group BG and the relevant bundle is assigned to BG
+ * - BundleGroup.CREATE_BUNDLES_IN_GROUP for bundle group BG and the relevant bundle is assigned to BG
+ * </pre>
* @param subject user that must have proper permissions
* @param bundleId the bundle for which this will be the next version
* @param name not null or empty
10 years, 10 months
[rhq] Branch 'hotfix/jon3.1.2' - modules/enterprise
by Larry O'Leary
modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java | 16 +++-
modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManagerBean.java | 17 +---
modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/test/ldap/FakeLdapContext.java | 37 ++++------
3 files changed, 39 insertions(+), 31 deletions(-)
New commits:
commit bbe1c9b92ae47cda13927a3f541874ecb52c868d
Author: Larry O'Leary <loleary(a)redhat.com>
Date: Wed Jul 17 16:32:05 2013 +0200
BZ 981015 - Ldap auth failed if DN contained a backslash
(cherry-picked from commit 01cd91b130f563ba62cd96a46f2cb3a2ac567a48)
BZ 981015: Fix test failures introduced by commit 01cd91b
- findLdapUserDetails was appending baseDN twice during fallback code
- FakeLdapContext contained some lazy escaping on the mock group entries
(cherry picked from commit 567aee7f81c6aa0f7680d4f394cccb1974705320)
(cherry picked from commit cb7bdca5eb624e5064dc0e4191e63b01e4877829)
diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java
index 3de303c..38af750 100644
--- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java
+++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/jaas/LdapLoginModule.java
@@ -23,6 +23,7 @@ import java.util.Iterator;
import java.util.Properties;
import java.util.Map.Entry;
+import javax.naming.CompositeName;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.directory.SearchControls;
@@ -189,7 +190,18 @@ public class LdapLoginModule extends UsernamePasswordLoginModule {
SearchResult si = (SearchResult) answer.next();
// Construct the UserDN
- String userDN = si.getName() + "," + baseDNs[x];
+ String userDN = null;
+
+ try {
+ userDN = si.getNameInNamespace();
+ } catch (UnsupportedOperationException use) {
+ userDN = new CompositeName(si.getName()).get(0);
+ if (si.isRelative()) {
+ userDN += "," + baseDNs[x];
+ }
+ }
+
+ log.debug("Using LDAP userDN=" + userDN);
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN);
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, inputPassword);
@@ -204,7 +216,7 @@ public class LdapLoginModule extends UsernamePasswordLoginModule {
// If we try all the BaseDN's and have not found a match, return false
return false;
} catch (Exception e) {
- log.info("Failed to validate password: " + e.getMessage());
+ log.info("Failed to validate password for [" + userName + "]: " + e.getMessage());
return false;
}
}
diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManagerBean.java
index eeeb4fc..f828950 100644
--- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManagerBean.java
+++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/group/LdapGroupManagerBean.java
@@ -1,6 +1,6 @@
/*
* RHQ Management Platform
- * Copyright (C) 2005-2011 Red Hat, Inc.
+ * Copyright (C) 2005-2013 Red Hat, Inc.
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
@@ -13,8 +13,8 @@
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ * along with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
package org.rhq.enterprise.server.resource.group;
@@ -31,6 +31,7 @@ import java.util.Set;
import javax.ejb.EJB;
import javax.ejb.Stateless;
+import javax.naming.CompositeName;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
@@ -322,14 +323,10 @@ public class LdapGroupManagerBean implements LdapGroupManagerLocal {
try {
userDN = si.getNameInNamespace();
} catch (UnsupportedOperationException use) {
- userDN = si.getName();
- if (userDN.startsWith("\"")) {
- userDN = userDN.substring(1, userDN.length());
+ userDN = new CompositeName(si.getName()).get(0);
+ if (si.isRelative()) {
+ userDN += "," + baseDNs[x];
}
- if (userDN.endsWith("\"")) {
- userDN = userDN.substring(0, userDN.length() - 1);
- }
- userDN = userDN + "," + baseDNs[x];
}
userDetails.put("dn", userDN);
diff --git a/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/test/ldap/FakeLdapContext.java b/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/test/ldap/FakeLdapContext.java
index dad31ce..2ae6265 100644
--- a/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/test/ldap/FakeLdapContext.java
+++ b/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/test/ldap/FakeLdapContext.java
@@ -99,7 +99,6 @@ public class FakeLdapContext implements LdapContext {
try {
return new FakeNamingEnumeration<SearchResult>(ldapTestData.getSearchResults(attributes));
} catch (Exception e) {
- // TODO Auto-generated catch block
e.printStackTrace();
return null;
}
@@ -516,12 +515,12 @@ public class FakeLdapContext implements LdapContext {
attr = new BasicAttribute("member");
attr.add("cn=Robert Smith,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
attr.add("cn=Cannon\\, Brett,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
- attr.add("cn=Charles H\\\\Samlin,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
+ attr.add("cn=Charles H\\Samlin,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
attr.add("cn=Craig \\#1 Sellers,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
attr.add("cn=Beverly \\+1 Balanger,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
attr.add("cn=Bethany \\<Stuart\\> Wallace,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
attr.add("cn=Zachory S\\; Balanger,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
- attr.add("cn=Allen \\\"The Hammer\\\" Callen,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
+ attr.add("cn=Allen \"The Hammer\" Callen,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
attr.add("cn=Sam Not \\= Smitherson,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
attr.add("cn=\\ Billy The Kiddough\\ ,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
attr.add("cn=System/Integration API,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
@@ -557,12 +556,12 @@ public class FakeLdapContext implements LdapContext {
attr = new BasicAttribute("member");
attr.add("cn=John Smith,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
attr.add("cn=Dr. Greg Hause\\, MD,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
- attr.add("cn=Cindy\\\\Cynthia Groober,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
+ attr.add("cn=Cindy\\Cynthia Groober,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
attr.add("cn=Biff \\# Rogers,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
attr.add("cn=Steven \\+2 Reed,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
attr.add("cn=Lisa \\<The Great\\> Toller,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
attr.add("cn=Homer J Simpsonite\\; III,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
- attr.add("cn=Jessica \\\"Crouching Tiger\\\" Mathers,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
+ attr.add("cn=Jessica \"Crouching Tiger\" Mathers,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
attr.add("cn=Hope \\= Rein,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
attr.add("cn=\\ Sue Ferguson\\ ,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
attr.add("cn=Phil/Susan Carlson,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
@@ -598,12 +597,12 @@ public class FakeLdapContext implements LdapContext {
attr = new BasicAttribute("member");
attr.add("cn=Sheri Smith,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
attr.add("cn=Walsh\\, Brad,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
- attr.add("cn=Jim\\\\James Kirk,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
+ attr.add("cn=Jim\\James Kirk,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
attr.add("cn=Sandra \\# Phillips,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
attr.add("cn=William Tell Overture \\+1,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
attr.add("cn=Craig \\<Bison\\> Allen,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
attr.add("cn=Walter T Fredrick\\; The Second,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
- attr.add("cn=Stanley \\\"Short\\\" Mein,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
+ attr.add("cn=Stanley \"Short\" Mein,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
attr.add("cn=Noah \\= Sadler,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
attr.add("cn=\\ Stuart Smiley\\ ,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
attr.add("cn=System/Integration API 2,ou=users,dc=test,dc=rhq,dc=redhat,dc=com");
@@ -984,7 +983,7 @@ public class FakeLdapContext implements LdapContext {
attr.add("User with backslash (\\) in 'cn' in the RHQ Admin Group");
attrs.put(attr);
- sr = new SearchResult("cn=Charles H\\\\Samlin,ou=users", null, null, attrs, true);
+ sr = new SearchResult("cn=Charles H\\Samlin,ou=users", null, null, attrs, true);
this.add(sr);
// dn: cn=Cindy\\Cynthia Groober,ou=users,dc=test,dc=rhq,dc=redhat,dc=com
@@ -1033,7 +1032,7 @@ public class FakeLdapContext implements LdapContext {
attr.add("User with backslash (\\) in 'cn' in the JBoss Admin Group");
attrs.put(attr);
- sr = new SearchResult("cn=Cindy\\\\Cynthia Groober,ou=users", null, null, attrs, true);
+ sr = new SearchResult("cn=Cindy\\Cynthia Groober,ou=users", null, null, attrs, true);
this.add(sr);
// dn: cn=Jim\\James Kirk,ou=users,dc=test,dc=rhq,dc=redhat,dc=com
@@ -1082,7 +1081,7 @@ public class FakeLdapContext implements LdapContext {
attr.add("User with backslash (\\) in 'cn' in the JBoss Monitor Group");
attrs.put(attr);
- sr = new SearchResult("cn=Jim\\\\James Kirk,ou=users", null, null, attrs, true);
+ sr = new SearchResult("cn=Jim\\James Kirk,ou=users", null, null, attrs, true);
this.add(sr);
// dn: cn=Craig \#1 Sellers,ou=users,dc=test,dc=rhq,dc=redhat,dc=com
@@ -1675,7 +1674,7 @@ public class FakeLdapContext implements LdapContext {
null, attrs, true);
this.add(sr);
- // dn: cn=Allen \"The Hammer\" Callen,ou=users,dc=test,dc=rhq,dc=redhat,dc=com
+ // dn: cn=Allen "The Hammer" Callen,ou=users,dc=test,dc=rhq,dc=redhat,dc=com
attrs = new BasicAttributes();
attr = new BasicAttribute("baseName");
@@ -1721,11 +1720,11 @@ public class FakeLdapContext implements LdapContext {
attr.add("User with quote (\") in 'cn' in the RHQ Admin Group");
attrs.put(attr);
- sr = new SearchResult("cn=Allen \\\"The Hammer\\\" Callen,ou=users", "javax.naming.directory.DirContext",
+ sr = new SearchResult("cn=Allen \"The Hammer\" Callen,ou=users", "javax.naming.directory.DirContext",
null, attrs, true);
this.add(sr);
- // dn: cn=Jessica \"Crouching Tiger\" Mathers,ou=users,dc=test,dc=rhq,dc=redhat,dc=com
+ // dn: cn=Jessica "Crouching Tiger" Mathers,ou=users,dc=test,dc=rhq,dc=redhat,dc=com
attrs = new BasicAttributes();
attr = new BasicAttribute("baseName");
@@ -1771,11 +1770,11 @@ public class FakeLdapContext implements LdapContext {
attr.add("User with quote (\") in 'cn' in the JBoss Admin Group");
attrs.put(attr);
- sr = new SearchResult("cn=Jessica \\\"Crouching Tiger\\\" Mathers,ou=users",
+ sr = new SearchResult("cn=Jessica \"Crouching Tiger\" Mathers,ou=users",
"javax.naming.directory.DirContext", null, attrs, true);
this.add(sr);
- // dn: cn=Stanley \"Short\" Mein,ou=users,dc=test,dc=rhq,dc=redhat,dc=com
+ // dn: cn=Stanley "Short" Mein,ou=users,dc=test,dc=rhq,dc=redhat,dc=com
attrs = new BasicAttributes();
attr = new BasicAttribute("baseName");
@@ -1821,7 +1820,7 @@ public class FakeLdapContext implements LdapContext {
attr.add("User with quote (\") in 'cn' in the JBoss Monitor Group");
attrs.put(attr);
- sr = new SearchResult("cn=Stanley \\\"Short\\\" Mein,ou=users", null, null, attrs, true);
+ sr = new SearchResult("cn=Stanley \"Short\" Mein,ou=users", null, null, attrs, true);
this.add(sr);
// dn: cn=Sam Not \= Smitherson,ou=users,dc=test,dc=rhq,dc=redhat,dc=com
@@ -2160,7 +2159,7 @@ public class FakeLdapContext implements LdapContext {
attr.add("User with slash (/) in 'cn' in the RHQ Admin Group");
attrs.put(attr);
- sr = new SearchResult("cn=System/Integration API,ou=users", null, null, attrs, true);
+ sr = new SearchResult("cn=System\\/Integration API,ou=users", null, null, attrs, true);
this.add(sr);
// dn: cn=Phil/Susan Carlson,ou=users,dc=test,dc=rhq,dc=redhat,dc=com
@@ -2209,7 +2208,7 @@ public class FakeLdapContext implements LdapContext {
attr.add("User with slash (/) in 'cn' in the JBoss Admin Group");
attrs.put(attr);
- sr = new SearchResult("cn=Phil/Susan Carlson,ou=users", null, null, attrs, true);
+ sr = new SearchResult("cn=Phil\\/Susan Carlson,ou=users", null, null, attrs, true);
this.add(sr);
// dn: cn=System/Integration API 2,ou=users,dc=test,dc=rhq,dc=redhat,dc=com
@@ -2254,7 +2253,7 @@ public class FakeLdapContext implements LdapContext {
attr.add("User with slash (/) in 'cn' in the JBoss Monitor Group");
attrs.put(attr);
- sr = new SearchResult("cn=System/Integration API 2,ou=users", null, null, attrs, true);
+ sr = new SearchResult("cn=System\\/Integration API 2,ou=users", null, null, attrs, true);
this.add(sr);
// dn: cn=Lee -Fast- Croutche,ou=users,dc=test,dc=rhq,dc=redhat,dc=com
10 years, 10 months
[rhq] modules/enterprise
by Thomas Segismont
modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/factory/ResourceFactoryInfoStep.java | 16 ++++++++--
modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages.properties | 1
modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_cs.properties | 1
modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_de.properties | 1
modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ja.properties | 1
modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ko.properties | 1
modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_pt.properties | 1
modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ru.properties | 1
modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_zh.properties | 3 +
modules/enterprise/gui/coregui/src/main/webapp/CoreGUI.css | 4 ++
10 files changed, 26 insertions(+), 4 deletions(-)
New commits:
commit 0d9fb46045b844ef4f2a4c921fbe461c37c09c4e
Author: Thomas Segismont <tsegismo(a)redhat.com>
Date: Fri Jul 26 14:50:07 2013 +0200
Bug 886119 - JON is using JNDI when referring to child Datasource resource instead of specified Resource name
Added message in the first step of the resource creation wizard to indicate that some plugin implementations might not be able to give the resource the supplied name when it gets discovered.
diff --git a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/factory/ResourceFactoryInfoStep.java b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/factory/ResourceFactoryInfoStep.java
index 31dc10d..89b6e30 100644
--- a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/factory/ResourceFactoryInfoStep.java
+++ b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/factory/ResourceFactoryInfoStep.java
@@ -1,6 +1,6 @@
/*
* RHQ Management Platform
- * Copyright (C) 2005-2010 Red Hat, Inc.
+ * Copyright (C) 2005-2013 Red Hat, Inc.
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
@@ -13,11 +13,13 @@
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ * along with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
package org.rhq.enterprise.gui.coregui.client.inventory.resource.factory;
+import static java.lang.Boolean.FALSE;
+
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
@@ -30,6 +32,7 @@ import com.smartgwt.client.widgets.Canvas;
import com.smartgwt.client.widgets.form.DynamicForm;
import com.smartgwt.client.widgets.form.fields.FormItem;
import com.smartgwt.client.widgets.form.fields.SelectItem;
+import com.smartgwt.client.widgets.form.fields.StaticTextItem;
import com.smartgwt.client.widgets.form.fields.TextItem;
import com.smartgwt.client.widgets.form.fields.events.ChangedEvent;
import com.smartgwt.client.widgets.form.fields.events.ChangedHandler;
@@ -99,6 +102,13 @@ public class ResourceFactoryInfoStep extends AbstractWizardStep {
}
});
formItems.add(nameItem);
+
+ StaticTextItem commentItem = new StaticTextItem("resourceNameComment");
+ commentItem.setWidth(300);
+ commentItem.setTextBoxStyle("InlineInfo");
+ commentItem.setShowTitle(FALSE);
+ commentItem.setValue(MSG.widget_resourceFactoryWizard_nameComment());
+ formItems.add(commentItem);
}
if (null != versionPrompt) {
diff --git a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages.properties b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages.properties
index 7f2e7d4..58d0f8e 100644
--- a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages.properties
+++ b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages.properties
@@ -2232,6 +2232,7 @@ widget_resourceFactoryWizard_importWizardWindowTitle = Resource Import Wizard
widget_resourceFactoryWizard_infoStepName = Resource Information
widget_resourceFactoryWizard_infoStep_loadFail = Failed to get available Architectures
widget_resourceFactoryWizard_namePrompt = New Resource Name
+widget_resourceFactoryWizard_nameComment = Not all management plug-ins or their managed resources allow the agent to set the name for a new resource. This value will only be used by agent plug-ins that support the capability. For plug-ins that do not support the capability, the resource may receive a generic or different name when it is discovered.
widget_resourceFactoryWizard_templatePrompt = Connection Settings Template
widget_resourceFactoryWizard_timeoutFailure = Timed out
widget_resourceFactoryWizard_timeoutHelp = A timeout duration that if specified will override the default timeout for child resource creation (on the {0} Agent). The default timeout is set to 60 seconds. A higher value may be useful for particularly long create actions, like deployment of a large application. Usually used if a previous attempt suffered a timeout failure. Note that if there is a timeout failure, it is still possible that the resource deployment succeeded. In the event of a timeout you may want to execute a discovery scan before attempting to redeploy the resource.
diff --git a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_cs.properties b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_cs.properties
index 941eb60..91b959e 100644
--- a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_cs.properties
+++ b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_cs.properties
@@ -2242,6 +2242,7 @@ widget_resourceFactoryWizard_importWizardWindowTitle = Průvodce importu zdroje
widget_resourceFactoryWizard_infoStepName = Informace o zdroji
widget_resourceFactoryWizard_infoStep_loadFail = Nepodařilo se získat dostupné architektury
widget_resourceFactoryWizard_namePrompt = Nové jméno zdroje
+#widget_resourceFactoryWizard_nameComment = Not all management plug-ins or their managed resources allow the agent to set the name for a new resource. This value will only be used by agent plug-ins that support the capability. For plug-ins that do not support the capability, the resource may receive a generic or different name when it is discovered.
widget_resourceFactoryWizard_templatePrompt = Šablona pro nastavení připojení
##widget_resourceFactoryWizard_timeoutFailure = Timed out
##widget_resourceFactoryWizard_timeoutHelp = A timeout duration that if specified will override the default timeout for child resource creation (on the {0} Agent). The default timeout is set to 60 seconds. A higher value may be useful for particularly long create actions, like deployment of a large application. Usually used if a previous attempt suffered a timeout failure. Note that if there is a timeout failure, it is still possible that the resource deployment succeeded. In the event of a timeout you may want to execute a discovery scan before attempting to redeploy the resource.
diff --git a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_de.properties b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_de.properties
index e30a19e..cf68680 100644
--- a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_de.properties
+++ b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_de.properties
@@ -2067,6 +2067,7 @@ widget_resourceFactoryWizard_importWizardWindowTitle = Wizard zum Import von Res
widget_resourceFactoryWizard_infoStepName = Information über die Ressource
widget_resourceFactoryWizard_infoStep_loadFail = Konnte die verfügbaren Architekturen nicht ermitteln
widget_resourceFactoryWizard_namePrompt = Name der neuen Ressource
+#widget_resourceFactoryWizard_nameComment = Not all management plug-ins or their managed resources allow the agent to set the name for a new resource. This value will only be used by agent plug-ins that support the capability. For plug-ins that do not support the capability, the resource may receive a generic or different name when it is discovered.
widget_resourceFactoryWizard_templatePrompt = Vorlage für die Verbindungseinstellungen
##widget_resourceFactoryWizard_timeoutHelp = A timeout duration that if specified will override the default timeout for child resource creation (on the {0} Agent). The default timeout is set to 60 seconds. A higher value may be useful for particularly long create actions, like deployment of a large application. Usually used if a previous attempt suffered a timeout failure. Note that if there is a timeout failure, it is still possible that the resource deployment succeeded. In the event of a timeout you may want to execute a discovery scan before attempting to redeploy the resource.
widget_resourceFactoryWizard_uploadFailure = Konnte die Datei nicht hochladen
diff --git a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ja.properties b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ja.properties
index bed024b..abe264e 100644
--- a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ja.properties
+++ b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ja.properties
@@ -2213,6 +2213,7 @@ widget_resourceFactoryWizard_importWizardWindowTitle = リソースインポー
widget_resourceFactoryWizard_infoStepName = リソース情報
widget_resourceFactoryWizard_infoStep_loadFail = アーキテクチャーを利用可能にするのに失敗しました
widget_resourceFactoryWizard_namePrompt = 新規リソース名
+#widget_resourceFactoryWizard_nameComment = Not all management plug-ins or their managed resources allow the agent to set the name for a new resource. This value will only be used by agent plug-ins that support the capability. For plug-ins that do not support the capability, the resource may receive a generic or different name when it is discovered.
widget_resourceFactoryWizard_templatePrompt = コネクション設定テンプレート
###widget_resourceFactoryWizard_timeoutFailure = Timed out
##widget_resourceFactoryWizard_timeoutHelp = A timeout duration that if specified will override the default timeout for child resource creation (on the {0} Agent). The default timeout is set to 60 seconds. A higher value may be useful for particularly long create actions, like deployment of a large application. Usually used if a previous attempt suffered a timeout failure. Note that if there is a timeout failure, it is still possible that the resource deployment succeeded. In the event of a timeout you may want to execute a discovery scan before attempting to redeploy the resource.
diff --git a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ko.properties b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ko.properties
index 416f4b4..c9081f8 100644
--- a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ko.properties
+++ b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ko.properties
@@ -1822,6 +1822,7 @@ widget_resourceFactoryWizard_importFailure2 = 수동으로 리소스를 가져
widget_resourceFactoryWizard_importWizardWindowTitle = 리소스 가져오기 마법사
widget_resourceFactoryWizard_infoStepName = 리소스 정보
widget_resourceFactoryWizard_namePrompt = 새 리소스 이름
+#widget_resourceFactoryWizard_nameComment = Not all management plug-ins or their managed resources allow the agent to set the name for a new resource. This value will only be used by agent plug-ins that support the capability. For plug-ins that do not support the capability, the resource may receive a generic or different name when it is discovered.
widget_resourceFactoryWizard_timeoutFailure = 타임 아웃
widget_resourceFactoryWizard_versionPrompt = 패키지 버전
widget_resourceSelector_pleaseSelectMultipleResource = 하나 이상의 리소스를 선택하십시오
diff --git a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_pt.properties b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_pt.properties
index 47cac36..566dcf9 100644
--- a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_pt.properties
+++ b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_pt.properties
@@ -2328,6 +2328,7 @@ widget_resourceFactoryWizard_importWizardWindowTitle = Assistente para Importa\u
widget_resourceFactoryWizard_infoStepName = Informa\u00E7\u00E3o do Recurso
widget_resourceFactoryWizard_infoStep_loadFail = Falha ao recuperar Arquiteturas dispon\u00EDveis.
widget_resourceFactoryWizard_namePrompt = Novo Nome do Recurso
+#widget_resourceFactoryWizard_nameComment = Not all management plug-ins or their managed resources allow the agent to set the name for a new resource. This value will only be used by agent plug-ins that support the capability. For plug-ins that do not support the capability, the resource may receive a generic or different name when it is discovered.
widget_resourceFactoryWizard_templatePrompt = Modelo de Propriedades para Conex\u00E3o
##widget_resourceFactoryWizard_timeoutFailure = Timed out
##widget_resourceFactoryWizard_timeoutHelp = A timeout duration that if specified will override the default timeout for child resource creation (on the {0} Agent). The default timeout is set to 60 seconds. A higher value may be useful for particularly long create actions, like deployment of a large application. Usually used if a previous attempt suffered a timeout failure. Note that if there is a timeout failure, it is still possible that the resource deployment succeeded. In the event of a timeout you may want to execute a discovery scan before attempting to redeploy the resource.
diff --git a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ru.properties b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ru.properties
index 99f34f9..b6f53b1 100644
--- a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ru.properties
+++ b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_ru.properties
@@ -2154,6 +2154,7 @@
#widget_resourceFactoryWizard_infoStepName = Resource Information
#widget_resourceFactoryWizard_infoStep_loadFail = Failed to get available Architectures
#widget_resourceFactoryWizard_namePrompt = New Resource Name
+#widget_resourceFactoryWizard_nameComment = Not all management plug-ins or their managed resources allow the agent to set the name for a new resource. This value will only be used by agent plug-ins that support the capability. For plug-ins that do not support the capability, the resource may receive a generic or different name when it is discovered.
#widget_resourceFactoryWizard_templatePrompt = Connection Settings Template
#widget_resourceFactoryWizard_timeoutHelp = A timeout duration. If specified will override the default timeout for child resource creation (on the {0} Agent). The default timeout is set to 60 seconds. Useful for particularly long create actions, like deployment of a large application. Usually used if a previous attempt suffered a timeout failure.
#widget_resourceFactoryWizard_timeoutFailure = Timed out. Note that it is possible that the deployment may still succeed.
diff --git a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_zh.properties b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_zh.properties
index 69ca0f6..2ea7f25 100644
--- a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_zh.properties
+++ b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages_zh.properties
@@ -2211,7 +2211,8 @@ widget_resourceFactoryWizard_importWizardWindowTitle = \u5bfc\u5165\u8d44\u6e90\
widget_resourceFactoryWizard_infoStepName = \u8d44\u6e90\u6d88\u606f
widget_resourceFactoryWizard_infoStep_loadFail = \u65e0\u6cd5\u53d6\u5f97\u67b6\u6784
widget_resourceFactoryWizard_namePrompt = \u65b0\u8d44\u6e90\u540d
-widget_resourceFactoryWizard_templatePrompt = \u8fde\u63a5\u8bbe\u7f6e\u6a21\u677f
+#widget_resourceFactoryWizard_nameComment = Not all management plug-ins or their managed resources allow the agent to set the name for a new resource. This value will only be used by agent plug-ins that support the capability. For plug-ins that do not support the capability, the resource may receive a generic or different name when it is discovered.
+#widget_resourceFactoryWizard_templatePrompt = \u8fde\u63a5\u8bbe\u7f6e\u6a21\u677f
#widget_resourceFactoryWizard_timeoutHelp = A timeout duration that if specified will override the default timeout for child resource creation (on the {0} Agent). The default timeout is set to 60 seconds. A higher value may be useful for particularly long create actions, like deployment of a large application. Usually used if a previous attempt suffered a timeout failure. Note that if there is a timeout failure, it is still possible that the resource deployment succeeded. In the event of a timeout you may want to execute a discovery scan before attempting to redeploy the resource.
#widget_resourceFactoryWizard_timeoutFailure = Timed out
widget_resourceFactoryWizard_uploadFailure = \u4e0a\u4f20\u6587\u4ef6\u5931\u8d25
diff --git a/modules/enterprise/gui/coregui/src/main/webapp/CoreGUI.css b/modules/enterprise/gui/coregui/src/main/webapp/CoreGUI.css
index 6f4d6ca..393ffb4 100644
--- a/modules/enterprise/gui/coregui/src/main/webapp/CoreGUI.css
+++ b/modules/enterprise/gui/coregui/src/main/webapp/CoreGUI.css
@@ -372,6 +372,10 @@ a.menuBar, a.menuBar:link, a.menuBar:visited, a.menuBar:hover {
color: #C22;
}
+.InlineInfo {
+ color: #00AC3D; /* medium green */
+}
+
.log-panel {
z-index: 9999999 !important;
}
10 years, 10 months
[rhq] modules/plugins
by Thomas Segismont
modules/plugins/jboss-as-7/src/main/java/org/rhq/modules/plugins/jbossas7/BaseProcessDiscovery.java | 64 +++++++---
1 file changed, 50 insertions(+), 14 deletions(-)
New commits:
commit 917414abdf9bbe8e34844a3c92e491cd6f1711a4
Author: Thomas Segismont <tsegismo(a)redhat.com>
Date: Fri Jul 26 19:29:31 2013 +0200
Bug 913764 - [as7] Version identifier of EAP resource changes depending on run state of EAP
The version was determined with a call to the http management interface. Now it's all based on file inspection
diff --git a/modules/plugins/jboss-as-7/src/main/java/org/rhq/modules/plugins/jbossas7/BaseProcessDiscovery.java b/modules/plugins/jboss-as-7/src/main/java/org/rhq/modules/plugins/jbossas7/BaseProcessDiscovery.java
index cd9f276..876b1ac 100644
--- a/modules/plugins/jboss-as-7/src/main/java/org/rhq/modules/plugins/jbossas7/BaseProcessDiscovery.java
+++ b/modules/plugins/jboss-as-7/src/main/java/org/rhq/modules/plugins/jbossas7/BaseProcessDiscovery.java
@@ -18,6 +18,9 @@
*/
package org.rhq.modules.plugins.jbossas7;
+import static org.rhq.core.util.StringUtil.arrayToString;
+import static org.rhq.core.util.StringUtil.isNotBlank;
+
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
@@ -212,20 +215,7 @@ public abstract class BaseProcessDiscovery implements ResourceDiscoveryComponent
HostPort hostPort = hostConfig.getDomainControllerHostPort(commandLine);
String name = buildDefaultResourceName(hostPort, managementHostPort, productType);
String description = buildDefaultResourceDescription(hostPort, productType);
-
- String version;
- String versionFromHomeDir = determineServerVersionFromHomeDir(homeDir);
- if (productType == JBossProductType.AS) {
- version = versionFromHomeDir;
- } else {
- ProductInfo productInfo = new ProductInfo(managementHostPort.host, serverPluginConfig.getUser(),
- serverPluginConfig.getPassword(), managementHostPort.port);
- productInfo = productInfo.getFromRemote();
- String productVersion = (productInfo.fromRemote) ? productInfo.productVersion : versionFromHomeDir;
- // TODO: Grab the product version from the product info properties file, so we aren't relying on connecting
- // to the server to obtain it.
- version = productType.SHORT_NAME + " " + productVersion;
- }
+ String version = getVersion(homeDir, productType);
return new DiscoveredResourceDetails(discoveryContext.getResourceType(), key, name, version, description,
pluginConfig, process);
@@ -605,6 +595,52 @@ public abstract class BaseProcessDiscovery implements ResourceDiscoveryComponent
}
}
+ private String getVersion(File homeDir, JBossProductType productType) {
+ // Products should have a version.txt file at root dir
+ File versionFile = new File(homeDir, "version.txt");
+ String version = getProductVersionInFile(versionFile, " - Version ", productType);
+ if (version == null && productType != JBossProductType.AS && productType != JBossProductType.WILDFLY8) {
+ // No version.txt file. Try modules/system/layers/base/org/jboss/as/product/slot/dir/META-INF/MANIFEST.MF
+ String layeredProductManifestFilePath = arrayToString(
+ new String[] { "modules", "system", "layers", "base", "org", "jboss", "as", "product",
+ productType.SHORT_NAME.toLowerCase(), "dir", "META-INF", "MANIFEST.MF" }, File.separatorChar);
+ File productManifest = new File(homeDir, layeredProductManifestFilePath);
+ version = getProductVersionInFile(productManifest, "JBoss-Product-Release-Version: ", productType);
+ if (version == null) {
+ // Try modules/org/jboss/as/product/slot/dir/META-INF/MANIFEST.MF
+ String productManifestFilePath = arrayToString(new String[] { "modules", "org", "jboss", "as",
+ "product", productType.SHORT_NAME.toLowerCase(), "dir", "META-INF", "MANIFEST.MF" },
+ File.separatorChar);
+ productManifest = new File(homeDir, productManifestFilePath);
+ version = getProductVersionInFile(productManifest, "JBoss-Product-Release-Version: ", productType);
+ }
+ }
+ if (version == null) {
+ // Fallback
+ version = determineServerVersionFromHomeDir(homeDir);
+ }
+ return version;
+ }
+
+ private String getProductVersionInFile(File file, String versionPrefix, JBossProductType productType) {
+ if (!file.exists() || file.isDirectory()) {
+ return null;
+ }
+ try {
+ String versionLine = FileUtils.findString(file.getAbsolutePath(), versionPrefix);
+ if (isNotBlank(versionLine)) {
+ return new StringBuilder(productType.SHORT_NAME).append(" ")
+ .append(versionLine.substring(versionLine.lastIndexOf(versionPrefix) + versionPrefix.length()))
+ .toString();
+ }
+ } catch (IOException e) {
+ if (log.isDebugEnabled()) {
+ log.debug("Could not read file " + file.getAbsolutePath(), e);
+ }
+ }
+ return null;
+ }
+
protected String determineServerVersionFromHomeDir(File homeDir) {
String version;
String homeDirName = homeDir.getName();
10 years, 10 months
[rhq] modules/enterprise
by snegrea
modules/enterprise/server/plugins/alertdef-rhq/src/main/java/org/rhq/enterprise/server/plugins/alertdef/AlertDefinitionServerPluginComponent.java | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
New commits:
commit b93245a5c4087a12666baf394af64930d34acb99
Author: Stefan Negrea <snegrea(a)redhat.com>
Date: Fri Aug 2 18:15:28 2013 -0500
Remove dampening from the alert definition. Dampening not needed for discreet operation executions.
diff --git a/modules/enterprise/server/plugins/alertdef-rhq/src/main/java/org/rhq/enterprise/server/plugins/alertdef/AlertDefinitionServerPluginComponent.java b/modules/enterprise/server/plugins/alertdef-rhq/src/main/java/org/rhq/enterprise/server/plugins/alertdef/AlertDefinitionServerPluginComponent.java
index 2188020..840477c 100644
--- a/modules/enterprise/server/plugins/alertdef-rhq/src/main/java/org/rhq/enterprise/server/plugins/alertdef/AlertDefinitionServerPluginComponent.java
+++ b/modules/enterprise/server/plugins/alertdef-rhq/src/main/java/org/rhq/enterprise/server/plugins/alertdef/AlertDefinitionServerPluginComponent.java
@@ -386,10 +386,7 @@ public class AlertDefinitionServerPluginComponent implements ServerPluginCompone
snapshotFailureCondition.setOption(OperationRequestStatus.FAILURE.name());
newTemplate.addCondition(snapshotFailureCondition);
- AlertDampening dampener = new AlertDampening(AlertDampening.Category.PARTIAL_COUNT);
- dampener.setPeriod(15);
- dampener.setPeriodUnits(TimeUnits.MINUTES);
- dampener.setValue(10);
+ AlertDampening dampener = new AlertDampening(AlertDampening.Category.NONE);
newTemplate.setAlertDampening(dampener);
int newTemplateId = alertTemplateManager.createAlertTemplate(subjectManager.getOverlord(), newTemplate,
10 years, 10 months
[rhq] modules/enterprise
by snegrea
modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/cloud/StorageNodeManagerBean.java | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
New commits:
commit f0ed14645f583dfa58cc8581b4ea847a8e8c032d
Author: Stefan Negrea <snegrea(a)redhat.com>
Date: Fri Aug 2 16:59:09 2013 -0500
[BZ 990245] Add an extra null check for safety for the child resource set.
diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/cloud/StorageNodeManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/cloud/StorageNodeManagerBean.java
index c119df0..f17f006 100644
--- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/cloud/StorageNodeManagerBean.java
+++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/cloud/StorageNodeManagerBean.java
@@ -34,6 +34,7 @@ import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Queue;
+import java.util.Set;
import javax.ejb.EJB;
import javax.ejb.Stateless;
@@ -686,8 +687,11 @@ public class StorageNodeManagerBean implements StorageNodeManagerLocal, StorageN
resourceIdsWithAlertDefinitions.add(resource.getId());
}
- for (Resource child : resource.getChildResources()) {
- unvisitedResources.add(child);
+ Set<Resource> childResources = resource.getChildResources();
+ if (childResources != null) {
+ for (Resource child : childResources) {
+ unvisitedResources.add(child);
+ }
}
}
10 years, 10 months
[rhq] 2 commits - modules/enterprise
by snegrea
modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/cloud/StorageNodeManagerBean.java | 9 +-
modules/enterprise/server/plugins/alertdef-rhq/src/main/java/org/rhq/enterprise/server/plugins/alertdef/AlertDefinitionServerPluginComponent.java | 42 ++++++++++
2 files changed, 49 insertions(+), 2 deletions(-)
New commits:
commit 7c3460d3aa21ca871c3676a84b482230d7d298e8
Author: Stefan Negrea <snegrea(a)redhat.com>
Date: Fri Aug 2 16:54:15 2013 -0500
Add an alert template for take snapshot operation failure for the storage service.
diff --git a/modules/enterprise/server/plugins/alertdef-rhq/src/main/java/org/rhq/enterprise/server/plugins/alertdef/AlertDefinitionServerPluginComponent.java b/modules/enterprise/server/plugins/alertdef-rhq/src/main/java/org/rhq/enterprise/server/plugins/alertdef/AlertDefinitionServerPluginComponent.java
index 37d10a8..2188020 100644
--- a/modules/enterprise/server/plugins/alertdef-rhq/src/main/java/org/rhq/enterprise/server/plugins/alertdef/AlertDefinitionServerPluginComponent.java
+++ b/modules/enterprise/server/plugins/alertdef-rhq/src/main/java/org/rhq/enterprise/server/plugins/alertdef/AlertDefinitionServerPluginComponent.java
@@ -40,6 +40,7 @@ import org.rhq.core.domain.configuration.PropertySimple;
import org.rhq.core.domain.criteria.AlertDefinitionCriteria;
import org.rhq.core.domain.criteria.ResourceTypeCriteria;
import org.rhq.core.domain.measurement.MeasurementDefinition;
+import org.rhq.core.domain.operation.OperationRequestStatus;
import org.rhq.core.domain.resource.ResourceType;
import org.rhq.enterprise.server.alert.AlertDefinitionManagerLocal;
import org.rhq.enterprise.server.alert.AlertTemplateManagerLocal;
@@ -64,10 +65,12 @@ public class AlertDefinitionServerPluginComponent implements ServerPluginCompone
private static final String DATA_DISK_USED_PERCENTAGE_METRIC_NAME = "Calculated.DataDiskUsedPercentage";
private static final String TOTAL_DISK_USED_PERCENTAGE_METRIC_NAME = "Calculated.TotalDiskUsedPercentage";
private static final String FREE_DISK_TO_DATA_SIZE_RATIO_METRIC_NAME = "Calculated.FreeDiskToDataSizeRatio";
+ private static final String TAKE_SNAPSHOT_OPERATION_NAME = "takeSnapshot";
static private final List<InjectedTemplate> injectedTemplates;
static private final InjectedTemplate storageNodeHighHeapTemplate;
static private final InjectedTemplate storageNodeHighDiskUsageTemplate;
+ static private final InjectedTemplate storageNodeSnapshotFailureTemplate;
static {
storageNodeHighHeapTemplate = new InjectedTemplate(
@@ -82,9 +85,16 @@ public class AlertDefinitionServerPluginComponent implements ServerPluginCompone
"StorageNodeHighDiskUsageTemplate", //
"An alert template to notify users of excessive heap use by an RHQ Storage Node. When fired please see documentation for the proper corrective action.");
+ storageNodeSnapshotFailureTemplate = new InjectedTemplate(
+ "RHQStorage", //
+ "StorageService", //
+ "StorageNodeSnapshotFailureTemplate", //
+ "An alert template to notify users when a snapshot operations fails for an RHQ Storage Node. When fired please see documentation for the proper corrective action.");
+
injectedTemplates = new ArrayList<InjectedTemplate>();
injectedTemplates.add(storageNodeHighHeapTemplate);
injectedTemplates.add(storageNodeHighDiskUsageTemplate);
+ injectedTemplates.add(storageNodeSnapshotFailureTemplate);
}
private ServerPluginContext context;
@@ -227,6 +237,8 @@ public class AlertDefinitionServerPluginComponent implements ServerPluginCompone
newAlertDefId = injectStorageNodeHighHeapTemplate(resourceType);
} else if (storageNodeHighDiskUsageTemplate.equals(injectedAlertDef)) {
newAlertDefId = injectStorageNodeHighDiskUsageTemplate(resourceType);
+ } else if (storageNodeSnapshotFailureTemplate.equals(injectedAlertDef)) {
+ newAlertDefId = injectStorageNodeSnapshotFailureTemplate(resourceType);
}
adc.addFilterId(newAlertDefId);
@@ -356,6 +368,36 @@ public class AlertDefinitionServerPluginComponent implements ServerPluginCompone
return newTemplateId;
}
+ private int injectStorageNodeSnapshotFailureTemplate(ResourceType resourceType) {
+ AlertTemplateManagerLocal alertTemplateManager = LookupUtil.getAlertTemplateManager();
+ SubjectManagerLocal subjectManager = LookupUtil.getSubjectManager();
+
+ AlertDefinition newTemplate = new AlertDefinition();
+ newTemplate.setName(storageNodeSnapshotFailureTemplate.getName());
+ newTemplate.setResourceType(resourceType);
+ newTemplate.setPriority(AlertPriority.MEDIUM);
+ newTemplate.setConditionExpression(BooleanExpression.ANY);
+ newTemplate.setRecoveryId(0);
+ newTemplate.setEnabled(true);
+
+ AlertCondition snapshotFailureCondition = new AlertCondition();
+ snapshotFailureCondition.setCategory(AlertConditionCategory.CONTROL);
+ snapshotFailureCondition.setName(TAKE_SNAPSHOT_OPERATION_NAME);
+ snapshotFailureCondition.setOption(OperationRequestStatus.FAILURE.name());
+ newTemplate.addCondition(snapshotFailureCondition);
+
+ AlertDampening dampener = new AlertDampening(AlertDampening.Category.PARTIAL_COUNT);
+ dampener.setPeriod(15);
+ dampener.setPeriodUnits(TimeUnits.MINUTES);
+ dampener.setValue(10);
+ newTemplate.setAlertDampening(dampener);
+
+ int newTemplateId = alertTemplateManager.createAlertTemplate(subjectManager.getOverlord(), newTemplate,
+ resourceType.getId());
+
+ return newTemplateId;
+ }
+
private static class InjectedTemplate {
static public final String FIELD_PLUGIN_NAME = "plugin";
static public final String FIELD_RESOURCE_TYPE_NAME = "type";
commit 431f35d8ed804bc4e6ffce8fb2612985087d1958
Author: Stefan Negrea <snegrea(a)redhat.com>
Date: Thu Aug 1 17:28:44 2013 -0500
[BZ 990245] Use an attached storage node entity rather than the detached one recieved from the remote interface.
diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/cloud/StorageNodeManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/cloud/StorageNodeManagerBean.java
index 34e5ebd..c119df0 100644
--- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/cloud/StorageNodeManagerBean.java
+++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/cloud/StorageNodeManagerBean.java
@@ -660,11 +660,16 @@ public class StorageNodeManagerBean implements StorageNodeManagerLocal, StorageN
@Override
public Integer[] findResourcesWithAlertDefinitions(StorageNode storageNode) {
- List<StorageNode> initialStorageNodes;
+ List<StorageNode> initialStorageNodes = getStorageNodes();
if (storageNode == null) {
initialStorageNodes = getStorageNodes();
} else {
- initialStorageNodes = Arrays.asList(storageNode);
+ int index = initialStorageNodes.indexOf(storageNode);
+ if (index >= 0) {
+ initialStorageNodes = Arrays.asList(initialStorageNodes.get(index));
+ } else {
+ initialStorageNodes = new ArrayList<StorageNode>();
+ }
}
Queue<Resource> unvisitedResources = new LinkedList<Resource>();
10 years, 10 months
[rhq] Branch 'feature/bundle-group' - modules/core modules/enterprise
by Jay Shaughnessy
modules/core/dbutils/pom.xml | 9
modules/core/domain/src/main/java/org/rhq/core/domain/criteria/BundleCriteria.java | 17
modules/core/domain/src/main/java/org/rhq/core/domain/criteria/BundleGroupCriteria.java | 21
modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/bundle/BundleManagerBeanTest.java | 292 +++++++++-
modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/util/SessionTestHelper.java | 13
modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java | 149 +++++
modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerLocal.java | 98 ---
modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerRemote.java | 24
modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerBean.java | 28
modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerLocal.java | 18
modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/util/CriteriaQueryGenerator.java | 37 -
11 files changed, 538 insertions(+), 168 deletions(-)
New commits:
commit 4d624b061398b84782c970bf5da587ea81ef0f7d
Author: Jay Shaughnessy <jshaughn(a)redhat.com>
Date: Fri Aug 2 15:25:52 2013 -0400
First authz test passing
- fixed testing approach to use all slsbs and proper non-super-subject
- fixed criteria bundle/bundleGroup auth token issues
- fixed criteria filter override issues
- fixed various bugs and added more supporting slsb methods
- added some authz to bundle manager local methods where it seemed needed/useful
- cleaned up RoleManagerLocal to extend the remote
diff --git a/modules/core/dbutils/pom.xml b/modules/core/dbutils/pom.xml
index d7e2d65..360fdbc 100644
--- a/modules/core/dbutils/pom.xml
+++ b/modules/core/dbutils/pom.xml
@@ -17,7 +17,7 @@
<description>Database schema setup, upgrade and other utilities</description>
<properties>
- <db.schema.version>2.134</db.schema.version>
+ <db.schema.version>2.135</db.schema.version>
<rhq.ds.type-mapping>${rhq.test.ds.type-mapping}</rhq.ds.type-mapping>
<rhq.ds.server-name>${rhq.test.ds.server-name}</rhq.ds.server-name>
<rhq.ds.db-name>${rhq.test.ds.db-name}</rhq.ds.db-name>
@@ -276,7 +276,7 @@
<script language="groovy">
import org.rhq.cassandra.schema.SchemaManager
- if (project.getProperty('dbsetup-upgrade') || project.getProperty('dbreset')) {
+ if (project.getProperty('dbsetup-upgrade') || project.getProperty('dbsetup')) {
if (project.getProperty('storage-schema')) {
if (project.getProperty('db') == 'dev') {
self.log('PERFORMING STORAGE NODE SETUP TO LATEST SCHEMA')
@@ -286,11 +286,6 @@
schemaManager = new SchemaManager(username, password, seeds)
- if (project.getProperty('dbreset') == 'true') {
- self.log('Dropping schema')
- schemaManager.drop()
- }
-
self.log('Install schema')
schemaManager.install()
} else {
diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/criteria/BundleCriteria.java b/modules/core/domain/src/main/java/org/rhq/core/domain/criteria/BundleCriteria.java
index 32f2f9d..2e34174 100644
--- a/modules/core/domain/src/main/java/org/rhq/core/domain/criteria/BundleCriteria.java
+++ b/modules/core/domain/src/main/java/org/rhq/core/domain/criteria/BundleCriteria.java
@@ -26,6 +26,7 @@ import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlRootElement;
import org.rhq.core.domain.bundle.Bundle;
+import org.rhq.core.domain.util.CriteriaUtils;
import org.rhq.core.domain.util.PageOrdering;
/**
@@ -64,8 +65,9 @@ public class BundleCriteria extends TaggedCriteria {
filterOverrides.put("bundleTypeId", "bundleType.id = ?");
filterOverrides.put("bundleTypeName", "bundleType.name like ?");
filterOverrides.put("bundleGroupIds", "" //
- + "id IN ( SELECT bg.bundle.id " //
- + " FROM BundleGroup bg " //
+ + "id IN ( SELECT innerbundle.id " //
+ + " FROM Bundle innerbundle " //
+ + " JOIN innerbundle.bundleGroups bg"
+ " WHERE bg.id IN ( ? ) )");
filterOverrides.put("destinationIds", "" //
+ "id IN ( SELECT bd.bundle.id " //
@@ -103,15 +105,8 @@ public class BundleCriteria extends TaggedCriteria {
this.filterDescription = filterDescription;
}
- /** Convenience routine calls addFilterBundleGroupIds */
- public void addFilterBundleGroupId(Integer filterBundleGroupId) {
- List<Integer> ids = new ArrayList<Integer>(1);
- ids.add(filterBundleGroupId);
- this.addFilterBundleGroupIds(ids);
- }
-
- public void addFilterBundleGroupIds(List<Integer> filterBundleGroupIds) {
- this.filterBundleGroupIds = filterBundleGroupIds;
+ public void addFilterBundleGroupIds(Integer... filterBundleGroupIds) {
+ this.filterBundleGroupIds = CriteriaUtils.getListIgnoringNulls(filterBundleGroupIds);
}
/** Convenience routine calls addFilterDestinationIds */
diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/criteria/BundleGroupCriteria.java b/modules/core/domain/src/main/java/org/rhq/core/domain/criteria/BundleGroupCriteria.java
index 88886d7..69ceea4 100644
--- a/modules/core/domain/src/main/java/org/rhq/core/domain/criteria/BundleGroupCriteria.java
+++ b/modules/core/domain/src/main/java/org/rhq/core/domain/criteria/BundleGroupCriteria.java
@@ -18,7 +18,6 @@
*/
package org.rhq.core.domain.criteria;
-import java.util.ArrayList;
import java.util.List;
import javax.xml.bind.annotation.XmlAccessType;
@@ -26,6 +25,7 @@ import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlRootElement;
import org.rhq.core.domain.bundle.BundleGroup;
+import org.rhq.core.domain.util.CriteriaUtils;
import org.rhq.core.domain.util.PageOrdering;
/**
@@ -39,9 +39,7 @@ public class BundleGroupCriteria extends Criteria {
private String filterName;
private String filterDescription;
- private Integer filterBundleId;
private List<Integer> filterBundleIds; // requires overrides
- private Integer filterRoleId;
private List<Integer> filterRoleIds; // requires overrides
private boolean fetchBundles;
@@ -52,12 +50,14 @@ public class BundleGroupCriteria extends Criteria {
public BundleGroupCriteria() {
filterOverrides.put("bundleIds", "" //
- + "id IN ( SELECT b.id " //
+ + "id IN ( SELECT bg.id " //
+ " FROM Bundle b " //
+ + " JOIN b.bundleGroups bg"
+ " WHERE b.id IN ( ? ) )");
filterOverrides.put("roleIds", "" //
- + "id IN ( SELECT r.id " //
+ + "id IN ( SELECT bg.id " //
+ " FROM Role r " //
+ + " JOIN r.bundleGroups bg"
+ " WHERE r.id IN ( ? ) )");
}
@@ -74,15 +74,12 @@ public class BundleGroupCriteria extends Criteria {
this.filterDescription = filterDescription;
}
- /** Convenience routine calls addFilterBundleVersionIds */
- public void addFilterBundleId(Integer filterBundleId) {
- List<Integer> ids = new ArrayList<Integer>(1);
- ids.add(filterBundleId);
- this.addFilterBundleIds(ids);
+ public void addFilterBundleIds(Integer... filterBundleIds) {
+ this.filterBundleIds = CriteriaUtils.getListIgnoringNulls(filterBundleIds);
}
- public void addFilterBundleIds(List<Integer> filterBundleIds) {
- this.filterBundleIds = filterBundleIds;
+ public void addFilterRoleIds(Integer... filterRoleIds) {
+ this.filterRoleIds = CriteriaUtils.getListIgnoringNulls(filterRoleIds);
}
public void fetchBundles(boolean fetchBundles) {
diff --git a/modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/bundle/BundleManagerBeanTest.java b/modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/bundle/BundleManagerBeanTest.java
index c4d9a79..117d2df 100644
--- a/modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/bundle/BundleManagerBeanTest.java
+++ b/modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/bundle/BundleManagerBeanTest.java
@@ -39,11 +39,14 @@ import org.hibernate.LazyInitializationException;
import org.testng.annotations.Test;
import org.rhq.core.domain.auth.Subject;
+import org.rhq.core.domain.authz.Permission;
+import org.rhq.core.domain.authz.Role;
import org.rhq.core.domain.bundle.Bundle;
import org.rhq.core.domain.bundle.BundleDeployment;
import org.rhq.core.domain.bundle.BundleDeploymentStatus;
import org.rhq.core.domain.bundle.BundleDestination;
import org.rhq.core.domain.bundle.BundleFile;
+import org.rhq.core.domain.bundle.BundleGroup;
import org.rhq.core.domain.bundle.BundleResourceDeployment;
import org.rhq.core.domain.bundle.BundleResourceDeploymentHistory;
import org.rhq.core.domain.bundle.BundleType;
@@ -65,8 +68,11 @@ import org.rhq.core.domain.content.Repo;
import org.rhq.core.domain.criteria.BundleCriteria;
import org.rhq.core.domain.criteria.BundleDeploymentCriteria;
import org.rhq.core.domain.criteria.BundleFileCriteria;
+import org.rhq.core.domain.criteria.BundleGroupCriteria;
import org.rhq.core.domain.criteria.BundleResourceDeploymentCriteria;
import org.rhq.core.domain.criteria.BundleVersionCriteria;
+import org.rhq.core.domain.criteria.RoleCriteria;
+import org.rhq.core.domain.criteria.SubjectCriteria;
import org.rhq.core.domain.resource.Agent;
import org.rhq.core.domain.resource.InventoryStatus;
import org.rhq.core.domain.resource.Resource;
@@ -78,6 +84,7 @@ import org.rhq.core.domain.util.PageOrdering;
import org.rhq.core.util.file.FileUtil;
import org.rhq.core.util.stream.StreamUtil;
import org.rhq.core.util.updater.DeploymentProperties;
+import org.rhq.enterprise.server.authz.PermissionException;
import org.rhq.enterprise.server.plugin.pc.MasterServerPluginContainer;
import org.rhq.enterprise.server.resource.ResourceManagerLocal;
import org.rhq.enterprise.server.test.AbstractEJB3Test;
@@ -98,10 +105,13 @@ public class BundleManagerBeanTest extends AbstractEJB3Test {
private static final boolean TESTS_ENABLED = true;
- private static final String TEST_PREFIX = "bundletest";
+ private static final String TEST_PREFIX = BundleManagerBeanTest.class.getSimpleName();
private static final String TEST_BUNDLE_DESTBASEDIR_PROP = TEST_PREFIX + ".destBaseDirProp";
private static final String TEST_BUNDLE_DESTBASEDIR_PROP_VALUE = TEST_PREFIX + "/destBaseDir";
+ private static final String TEST_BUNDLE_GROUP_NAME = TEST_PREFIX + ".bundleGroup";
private static final String TEST_DESTBASEDIR_NAME = TEST_PREFIX + ".destBaseDirName";
+ private static final String TEST_ROLE_NAME = TEST_PREFIX + ".role";
+ private static final String TEST_USER_NAME = TEST_PREFIX + ".user";
private BundleManagerLocal bundleManager;
private ResourceManagerLocal resourceManager;
@@ -143,6 +153,21 @@ public class BundleManagerBeanTest extends AbstractEJB3Test {
private void cleanupDatabase() {
try {
+ RoleCriteria roleCriteria = new RoleCriteria();
+ roleCriteria.addFilterName(TEST_ROLE_NAME);
+ List<Role> testRoles = LookupUtil.getRoleManager().findRolesByCriteria(overlord, roleCriteria);
+ for (Role testRole : testRoles) {
+ LookupUtil.getRoleManager().deleteRoles(overlord, new int[] { testRole.getId() });
+ }
+
+ SubjectCriteria subjectCriteria = new SubjectCriteria();
+ subjectCriteria.addFilterName(TEST_USER_NAME);
+ List<Subject> testSubjects = LookupUtil.getSubjectManager().findSubjectsByCriteria(overlord,
+ subjectCriteria);
+ for (Subject testSubject : testSubjects) {
+ LookupUtil.getSubjectManager().deleteSubjects(overlord, new int[] { testSubject.getId() });
+ }
+
getTransactionManager().begin();
Query q;
@@ -232,6 +257,13 @@ public class BundleManagerBeanTest extends AbstractEJB3Test {
em.remove(em.getReference(Repo.class, ((Repo) removeMe).getId()));
}
+ // remove bundle groups no longer referenced by bundles
+ q = em.createQuery("SELECT bg FROM BundleGroup bg WHERE bg.name LIKE '" + TEST_PREFIX + "%'");
+ doomed = q.getResultList();
+ for (Object removeMe : doomed) {
+ em.remove(em.getReference(BundleGroup.class, ((BundleGroup) removeMe).getId()));
+ }
+
// remove Resource Groups left over from test deployments freeing up test resources
q = em.createQuery("SELECT rg FROM ResourceGroup rg WHERE rg.name LIKE '" + TEST_PREFIX + "%'");
doomed = q.getResultList();
@@ -755,7 +787,7 @@ public class BundleManagerBeanTest extends AbstractEJB3Test {
public void testAddBundleFilesToDifferentBundles() throws Exception {
// create a bundle type to use for both bundles.
BundleType bt = createBundleType("one");
- Bundle b1 = createBundle("one", bt);
+ Bundle b1 = createBundle(overlord, "one", bt, 0);
assertNotNull(b1);
BundleVersion bv1 = createBundleVersion(b1.getName(), "1.0", b1);
assertNotNull(bv1);
@@ -763,7 +795,7 @@ public class BundleManagerBeanTest extends AbstractEJB3Test {
null, "Bundle #1 File # 1".getBytes());
// create a second bundle but create file of the same name as above
- Bundle b2 = createBundle("two", bt);
+ Bundle b2 = createBundle(overlord, "two", bt, 0);
assertNotNull(b2);
BundleVersion bv2 = createBundleVersion(b2.getName(), "1.0", b2);
assertNotNull(bv2);
@@ -860,9 +892,10 @@ public class BundleManagerBeanTest extends AbstractEJB3Test {
int size = brd.getBundleResourceDeploymentHistories().size();
assertTrue(size > 0);
String auditMessage = "BundleTest-Message";
- bundleManager.addBundleResourceDeploymentHistoryInNewTrans(overlord, brd.getId(), new BundleResourceDeploymentHistory(
- overlord.getName(), auditMessage, auditMessage, BundleResourceDeploymentHistory.Category.DEPLOY_STEP,
- BundleResourceDeploymentHistory.Status.SUCCESS, auditMessage, auditMessage));
+ bundleManager.addBundleResourceDeploymentHistoryInNewTrans(overlord, brd.getId(),
+ new BundleResourceDeploymentHistory(overlord.getName(), auditMessage, auditMessage,
+ BundleResourceDeploymentHistory.Category.DEPLOY_STEP, BundleResourceDeploymentHistory.Status.SUCCESS,
+ auditMessage, auditMessage));
brds = bundleManager.findBundleResourceDeploymentsByCriteria(overlord, c);
assertEquals(1, brds.size());
@@ -1284,31 +1317,253 @@ public class BundleManagerBeanTest extends AbstractEJB3Test {
assertEquals(1, bundles.size());
}
- @Test(enabled = false)
- public void testNoAuthz() throws Exception {
- // create
+ @Test(enabled = TESTS_ENABLED)
+ public void authzBundleGroupTest() throws Exception {
+ Subject subject = null;
+ Role role = null;
+
+ subject = createNewSubject(TEST_USER_NAME);
+ role = createNewRoleForSubject(subject, TEST_ROLE_NAME);
+
+ subject = createSession(subject); // start a session so we can use this subject in SLSB calls
+
+ // deny bundle group create
+ try {
+ bundleManager.createBundleGroup(subject, TEST_BUNDLE_GROUP_NAME, "test");
+ fail("Should have thrown PermissionException");
+ } catch (PermissionException e) {
+ // expected
+ }
+
+ // allow bundle group create
+ addRolePermissions(role, Permission.MANAGE_BUNDLE_GROUPS);
+ BundleGroup bundleGroup = bundleManager.createBundleGroup(subject, TEST_BUNDLE_GROUP_NAME, "test");
+
+ // deny bundle group delete
+ removeRolePermissions(role, Permission.MANAGE_BUNDLE_GROUPS);
+ try {
+ bundleManager.deleteBundleGroups(subject, new int[] { bundleGroup.getId() });
+ fail("Should have thrown PermissionException");
+ } catch (PermissionException e) {
+ // expected
+ }
+
+ // deny global perm bundleGroup view
+ BundleGroupCriteria bgCriteria = new BundleGroupCriteria();
+ List<BundleGroup> bundleGroups = bundleManager.findBundleGroupsByCriteria(subject, bgCriteria);
+ assertNotNull(bundleGroups);
+ assert bundleGroups.isEmpty() : "Should not be able to see unassociated bundle group";
+
+ // allow global perm bundleGroup view
+ addRolePermissions(role, Permission.MANAGE_BUNDLE_GROUPS);
+ bundleGroups = bundleManager.findBundleGroupsByCriteria(subject, bgCriteria);
+ assertNotNull(bundleGroups);
+ assertEquals("Should be able to see unassociated bundle group", 1, bundleGroups.size());
+
+ // allow bundle group delete
+ bundleManager.deleteBundleGroups(subject, new int[] { bundleGroup.getId() });
+
+ // deny unassigned bundle create (no global create or view)
+ try {
+ createBundle(subject, TEST_PREFIX + ".bundle");
+ fail("Should have thrown PermissionException");
+ } catch (PermissionException e) {
+ // expected
+ }
+
+ // deny unassigned bundle create (no global view)
+ addRolePermissions(role, Permission.CREATE_BUNDLES);
+ try {
+ createBundle(subject, TEST_PREFIX + ".bundle");
+ fail("Should have thrown PermissionException");
+ } catch (PermissionException e) {
+ // expected
+ }
+
+ // deny unassigned bundle create (no global create)
+ removeRolePermissions(role, Permission.CREATE_BUNDLES);
+ addRolePermissions(role, Permission.VIEW_BUNDLES);
+ try {
+ createBundle(subject, TEST_PREFIX + ".bundle");
+ fail("Should have thrown PermissionException");
+ } catch (PermissionException e) {
+ // expected
+ }
+
+ // allow unassigned bundle create
+ addRolePermissions(role, Permission.CREATE_BUNDLES);
+ Bundle bundle = createBundle(subject, TEST_PREFIX + ".bundle");
+
+ // deny unassigned bundle view
+ removeRolePermissions(role, Permission.CREATE_BUNDLES, Permission.VIEW_BUNDLES);
+ BundleCriteria bCriteria = new BundleCriteria();
+ List<Bundle> bundles = bundleManager.findBundlesByCriteria(subject, bCriteria);
+ assertNotNull(bundles);
+ assert bundles.isEmpty() : "Should not be able to see unassigned bundle";
+
+ // allow unassigned bundle view
+ addRolePermissions(role, Permission.VIEW_BUNDLES);
+ bundles = bundleManager.findBundlesByCriteria(subject, bCriteria);
+ assertNotNull(bundles);
+ assertEquals("Should be able to see unassigned bundle", 1, bundles.size());
+
+ // deny global perm bundle assign
+ bundleGroup = bundleManager.createBundleGroup(subject, TEST_BUNDLE_GROUP_NAME, "test");
+ try {
+ bundleManager.assignBundlesToBundleGroup(subject, bundleGroup.getId(), new int[] { bundle.getId() });
+ fail("Should have thrown PermissionException");
+ } catch (PermissionException e) {
+ // expected
+ }
+
+ // allow global perm bundle assign
+ addRolePermissions(role, Permission.CREATE_BUNDLES);
+ bundleManager.assignBundlesToBundleGroup(subject, bundleGroup.getId(), new int[] { bundle.getId() });
+
+ // deny assigned, unassociated-bundle-group bundle view
+ removeRolePermissions(role, Permission.CREATE_BUNDLES, Permission.VIEW_BUNDLES);
+ bundles = bundleManager.findBundlesByCriteria(subject, bCriteria);
+ assertNotNull(bundles);
+ assert bundles.isEmpty() : "Should not be able to see assigned bundle";
+
+ // allow assigned, associated-bundle-group bundle view
+ addRoleBundleGroup(role, bundleGroup);
+ bundles = bundleManager.findBundlesByCriteria(subject, bCriteria);
+ assertNotNull(bundles);
+ assertEquals("Should be able to see assigned bundle", 1, bundles.size());
+
+ // check new bundle criteria options (no match)
+ bCriteria.addFilterBundleGroupIds(87678);
+ bCriteria.fetchBundleGroups(true);
+ bundles = bundleManager.findBundlesByCriteria(subject, bCriteria);
+ assertNotNull(bundles);
+ assert bundles.isEmpty() : "Should not have found anything";
+
+ // check new bundle criteria options (match)
+ bCriteria.addFilterBundleGroupIds(bundleGroup.getId());
+ bCriteria.fetchBundleGroups(true);
+ bundles = bundleManager.findBundlesByCriteria(subject, bCriteria);
+ assertNotNull(bundles);
+ assertEquals("Should be able to see assigned bundle", 1, bundles.size());
+ assertNotNull(bundles.get(0).getBundleGroups());
+ assertEquals("Should have fetched bundlegroup", 1, bundles.get(0).getBundleGroups().size());
+ assertEquals("Should have fetched expected bundlegroup", bundleGroup, bundles.get(0).getBundleGroups()
+ .iterator().next());
+
+ // check new bundle group criteria options (no match)
+ bgCriteria.addFilterId(87678);
+ bgCriteria.addFilterBundleIds(87678);
+ bgCriteria.addFilterRoleIds(87678);
+ bgCriteria.fetchBundles(true);
+ bgCriteria.fetchRoles(true);
+ bundleGroups = bundleManager.findBundleGroupsByCriteria(subject, bgCriteria);
+ assertNotNull(bundleGroups);
+ assert bundleGroups.isEmpty() : "Should not have found anything";
+
+ // check new bundle group criteria options (no match)
+ bgCriteria.addFilterId(bundleGroup.getId());
+ bundleGroups = bundleManager.findBundleGroupsByCriteria(subject, bgCriteria);
+ assertNotNull(bundleGroups);
+ assert bundleGroups.isEmpty() : "Should not have found anything";
+
+ // check new bundle group criteria options (no match)
+ bgCriteria.addFilterBundleIds(bundle.getId());
+ bundleGroups = bundleManager.findBundleGroupsByCriteria(subject, bgCriteria);
+ assertNotNull(bundleGroups);
+ assert bundleGroups.isEmpty() : "Should not have found anything";
+
+ // check new bundle group criteria options (match)
+ bgCriteria.addFilterRoleIds(role.getId());
+ bundleGroups = bundleManager.findBundleGroupsByCriteria(subject, bgCriteria);
+ assertNotNull(bundleGroups);
+ assertEquals("Should be able to see assigned bundle", 1, bundleGroups.size());
+ assertNotNull(bundleGroups.get(0).getBundles());
+ assertEquals("Should have fetched bundle in bundle group", 1, bundleGroups.get(0).getBundles().size());
+ assertEquals("Should have fetched bundle in bundle group", bundle, bundleGroups.get(0).getBundles()
+ .iterator().next());
+ assertNotNull(bundleGroups.get(0).getRoles());
+ assertEquals("Should have fetched role for bundle group", 1, bundleGroups.get(0).getRoles().size());
+ assertEquals("Should have fetched role for bundle group", role, bundleGroups.get(0).getRoles().iterator()
+ .next());
+ }
+
+ private Subject createNewSubject(String subjectName) throws Exception {
+
+ Subject newSubject = new Subject();
+ newSubject.setName(subjectName);
+ newSubject.setFactive(true);
+ newSubject.setFsystem(false);
+
+ return LookupUtil.getSubjectManager().createSubject(overlord, newSubject);
+ }
+
+ private Role createNewRoleForSubject(Subject subject, String roleName) throws Exception {
+ Role newRole = new Role(roleName);
+ newRole.setFsystem(false);
+ newRole.addSubject(subject);
+ return LookupUtil.getRoleManager().createRole(overlord, newRole);
+ }
+
+ private void addRolePermissions(Role role, Permission... permissions) throws Exception {
+
+ for (Permission p : permissions) {
+ role.getPermissions().add(p);
+ }
+ LookupUtil.getRoleManager().setPermissions(overlord, role.getId(), role.getPermissions());
+ }
+
+ private void removeRolePermissions(Role role, Permission... permissions) throws Exception {
+
+ for (Permission p : permissions) {
+ role.getPermissions().remove(p);
+ }
+ LookupUtil.getRoleManager().setPermissions(overlord, role.getId(), role.getPermissions());
+ }
+
+ private void addRoleBundleGroup(Role role, BundleGroup bundleGroup) throws Exception {
+
+ int[] ids = new int[1];
+ ids[0] = bundleGroup.getId();
+ LookupUtil.getRoleManager().addBundleGroupsToRole(overlord, role.getId(), ids);
+ }
+
+ private void removeRoleBundleGroup(Role role, BundleGroup bundleGroup) throws Exception {
+
+ int[] ids = new int[1];
+ ids[0] = bundleGroup.getId();
+ LookupUtil.getRoleManager().removeBundleGroupsFromRole(overlord, role.getId(), ids);
}
// helper methods
private BundleType createBundleType(String name) throws Exception {
final String fullName = TEST_PREFIX + "-type-" + name;
- ResourceType rt = createResourceTypeForBundleType(name);
- BundleType bt = bundleManager.createBundleType(overlord, fullName, rt.getId());
+ BundleType bt = null;
+ try {
+ bt = bundleManager.getBundleType(overlord, fullName);
+ } catch (Throwable t) {
+ ResourceType rt = createResourceTypeForBundleType(name);
+ bt = bundleManager.createBundleType(overlord, fullName, rt.getId());
+
+ assert bt.getId() > 0;
+ assert bt.getName().endsWith(fullName);
+ }
- assert bt.getId() > 0;
- assert bt.getName().endsWith(fullName);
return bt;
}
private Bundle createBundle(String name) throws Exception {
+ return createBundle(overlord, name);
+ }
+
+ private Bundle createBundle(Subject subject, String name) throws Exception {
BundleType bt = createBundleType(name);
- return createBundle(name, bt);
+ return createBundle(subject, name, bt, 0);
}
- private Bundle createBundle(String name, BundleType bt) throws Exception {
+ private Bundle createBundle(Subject subject, String name, BundleType bt, int bundleGroupId) throws Exception {
final String fullName = TEST_PREFIX + "-bundle-" + name;
- Bundle b = bundleManager.createBundle(overlord, fullName, fullName + "-desc", bt.getId(), 0);
+ Bundle b = bundleManager.createBundle(subject, fullName, fullName + "-desc", bt.getId(), bundleGroupId);
assert b.getId() > 0;
assert b.getName().endsWith(fullName);
@@ -1316,6 +1571,11 @@ public class BundleManagerBeanTest extends AbstractEJB3Test {
}
private BundleVersion createBundleVersion(String name, String version, Bundle bundle) throws Exception {
+ return createBundleVersion(overlord, name, version, bundle);
+ }
+
+ private BundleVersion createBundleVersion(Subject subject, String name, String version, Bundle bundle)
+ throws Exception {
final String fullName = TEST_PREFIX + "-bundleversion-" + version + "-" + name;
final String recipe = "deploy -f " + TEST_PREFIX + ".zip -d @@ test.path @@";
BundleVersion bv = bundleManager.createBundleVersion(overlord, bundle.getId(), fullName, fullName + "-desc",
diff --git a/modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/util/SessionTestHelper.java b/modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/util/SessionTestHelper.java
index 10b5dbc..b85408d 100644
--- a/modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/util/SessionTestHelper.java
+++ b/modules/enterprise/server/itests-2/src/test/java/org/rhq/enterprise/server/util/SessionTestHelper.java
@@ -19,6 +19,7 @@
package org.rhq.enterprise.server.util;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Collection;
import java.util.EnumSet;
import java.util.Random;
@@ -137,6 +138,18 @@ public class SessionTestHelper {
return newRole;
}
+ public static void addRolePermissions(EntityManager em, Role role, Permission... permissions) {
+ role.getPermissions().addAll(Arrays.asList(permissions));
+ em.merge(role);
+ em.flush();
+ }
+
+ public static void removeRolePermissions(EntityManager em, Role role, Permission... permissions) {
+ role.getPermissions().removeAll(Arrays.asList(permissions));
+ em.merge(role);
+ em.flush();
+ }
+
public static ResourceType createNewResourceType(EntityManager em) {
ResourceType type = new ResourceType(preprocess("testType"), "testPlugin", ResourceCategory.PLATFORM, null);
ConfigurationDefinition resourceConfigDef = new ConfigurationDefinition("Fake def",
diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java
index af4c81f..aeaf597 100644
--- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java
+++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerBean.java
@@ -39,6 +39,7 @@ import org.apache.commons.logging.LogFactory;
import org.rhq.core.domain.auth.Subject;
import org.rhq.core.domain.authz.Permission;
import org.rhq.core.domain.authz.Role;
+import org.rhq.core.domain.bundle.BundleGroup;
import org.rhq.core.domain.criteria.RoleCriteria;
import org.rhq.core.domain.resource.group.LdapGroup;
import org.rhq.core.domain.resource.group.ResourceGroup;
@@ -88,6 +89,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote {
/**
* @see org.rhq.enterprise.server.authz.RoleManagerLocal#findRolesBySubject(int subjectId,PageControl pageControl)
*/
+ @Override
@SuppressWarnings("unchecked")
// the first param, subject, is not the subject making the request, its the subject whose roles are to be returned.
// therefore, we won't want our security interceptor to check this method since the subject won't have a session associated with it
@@ -109,6 +111,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote {
/**
* @see org.rhq.enterprise.server.authz.RoleManagerLocal#findRoles(PageControl)
*/
+ @Override
@SuppressWarnings("unchecked")
public PageList<Role> findRoles(PageControl pc) {
pc.initDefaultOrderingField("r.name");
@@ -135,6 +138,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote {
/**
* @see org.rhq.enterprise.server.authz.RoleManagerLocal#createRole(Subject, Role)
*/
+ @Override
@RequiredPermission(Permission.MANAGE_SECURITY)
public Role createRole(Subject whoami, Role newRole) {
// Make sure there's not an existing role with the same name.
@@ -182,6 +186,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote {
/**
* @see org.rhq.enterprise.server.authz.RoleManagerLocal#deleteRoles(Subject, int[])
*/
+ @Override
@RequiredPermission(Permission.MANAGE_SECURITY)
public void deleteRoles(Subject subject, int[] doomedRoleIds) {
if (doomedRoleIds != null) {
@@ -202,6 +207,13 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote {
entityManager.merge(doomedResourceGroupRelationship);
}
+ //remove attached Bundle Groups
+ Set<BundleGroup> bundleGroupsToUnhook = new HashSet<BundleGroup>(doomedRole.getBundleGroups()); // avoid concurrent mod exception
+ for (BundleGroup doomedBundleGroupRelationship : bundleGroupsToUnhook) {
+ doomedRole.removeBundleGroup(doomedBundleGroupRelationship);
+ entityManager.merge(doomedBundleGroupRelationship);
+ }
+
//remove attached LDAP Subjects
Set<Subject> ldapSubjectsToUnhook = new HashSet<Subject>(doomedRole.getLdapSubjects()); // avoid concurrent mod exception
for (Subject doomedLdapSubjectRelationship : ldapSubjectsToUnhook) {
@@ -232,6 +244,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote {
/**
* @see org.rhq.enterprise.server.authz.RoleManagerLocal#addRolesToSubject(Subject, int, int[])
*/
+ @Override
@RequiredPermission(Permission.MANAGE_SECURITY)
public void addRolesToSubject(Subject subject, int subjectId, int[] roleIds) {
addRolesToSubject(subject, subjectId, roleIds, false);
@@ -272,6 +285,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote {
/**
* @see org.rhq.enterprise.server.authz.RoleManagerLocal#addSubjectsToRole(Subject, int, int[])
*/
+ @Override
@RequiredPermission(Permission.MANAGE_SECURITY)
public void addSubjectsToRole(Subject subject, int roleId, int[] subjectIds) {
if (subjectIds != null) {
@@ -303,6 +317,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote {
/**
* @see org.rhq.enterprise.server.authz.RoleManagerLocal#removeRolesFromSubject(Subject, int, int[])
*/
+ @Override
@RequiredPermission(Permission.MANAGE_SECURITY)
public void removeRolesFromSubject(Subject subject, int subjectId, int[] roleIds) {
if (roleIds != null) {
@@ -324,6 +339,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote {
return;
}
+ @Override
@RequiredPermission(Permission.MANAGE_SECURITY)
public void setAssignedSubjectRoles(Subject subject, int subjectId, int[] roleIds) {
@@ -359,6 +375,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote {
/**
* @see org.rhq.enterprise.server.authz.RoleManagerLocal#getRoleById(Integer)
*/
+ @Override
public Role getRoleById(Integer roleId) {
Role role = entityManager.find(Role.class, roleId);
return role;
@@ -367,6 +384,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote {
/**
* @see org.rhq.enterprise.server.authz.RoleManagerLocal#setPermissions(Subject, Integer, Set)
*/
+ @Override
@RequiredPermission(Permission.MANAGE_SECURITY)
public void setPermissions(Subject subject, Integer roleId, Set<Permission> permissions) {
Role role = entityManager.find(Role.class, roleId);
@@ -381,6 +399,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote {
/**
* @see org.rhq.enterprise.server.authz.RoleManagerLocal#getPermissions(Integer)
*/
+ @Override
public Set<Permission> getPermissions(Integer roleId) {
Role role = entityManager.find(Role.class, roleId);
Set<Permission> rolePermissions = role.getPermissions();
@@ -390,6 +409,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote {
/**
* @see org.rhq.enterprise.server.authz.RoleManagerLocal#updateRole(Subject, Role)
*/
+ @Override
@RequiredPermission(Permission.MANAGE_SECURITY)
public Role updateRole(Subject whoami, Role role) {
Role attachedRole = entityManager.find(Role.class, role.getId());
@@ -481,6 +501,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote {
/**
* @see org.rhq.enterprise.server.authz.RoleManagerLocal#findSubjectsByRole(Integer,PageControl)
*/
+ @Override
@SuppressWarnings("unchecked")
public PageList<Subject> findSubjectsByRole(Integer roleId, PageControl pc) {
pc.initDefaultOrderingField("s.name");
@@ -501,6 +522,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote {
/**
* @see org.rhq.enterprise.server.authz.RoleManagerLocal#findRolesByIds(Integer[],PageControl)
*/
+ @Override
@SuppressWarnings("unchecked")
public PageList<Role> findRolesByIds(Integer[] roleIds, PageControl pc) {
if ((roleIds == null) || (roleIds.length == 0)) {
@@ -528,6 +550,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote {
return new PageList<Role>(roles, (int) count, pc);
}
+ @Override
@RequiredPermission(Permission.MANAGE_SECURITY)
@SuppressWarnings("unchecked")
public PageList<Role> findAvailableRolesForSubject(Subject subject, Integer subjectId, Integer[] pendingRoleIds,
@@ -565,14 +588,39 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote {
return new PageList<Role>(roles, (int) count, pc);
}
+ @Override
@RequiredPermission(Permission.MANAGE_SECURITY)
public PageList<Role> findSubjectUnassignedRoles(Subject subject, int subjectId, PageControl pc) {
return findAvailableRolesForSubject(subject, subjectId, null, pc);
}
+ @Override
+ @RequiredPermission(Permission.MANAGE_SECURITY)
+ public void addBundleGroupsToRole(Subject subject, int roleId, int[] bundleGroupIds) {
+ if ((bundleGroupIds != null) && (bundleGroupIds.length > 0)) {
+ Role role = entityManager.find(Role.class, roleId);
+ if (role == null) {
+ throw new IllegalArgumentException("Could not find role[" + roleId + "] in order to add resourceGroups");
+ }
+ role.getBundleGroups().size(); // load them in
+
+ for (Integer bundleGroupId : bundleGroupIds) {
+ BundleGroup bundleGroup = entityManager.find(BundleGroup.class, bundleGroupId);
+ if (bundleGroup == null) {
+ throw new IllegalArgumentException("Tried to add BundleGroup[" + bundleGroupId + "] to role["
+ + roleId + "], but bundleGroup was not found.");
+ }
+ role.addBundleGroup(bundleGroup);
+ }
+ }
+
+ return;
+ }
+
/**
* @see org.rhq.enterprise.server.authz.RoleManagerLocal#addResourceGroupsToRole(Subject, int, int[])
*/
+ @Override
@RequiredPermission(Permission.MANAGE_SECURITY)
public void addResourceGroupsToRole(Subject subject, int roleId, int[] groupIds) {
if ((groupIds != null) && (groupIds.length > 0)) {
@@ -595,9 +643,32 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote {
return;
}
+ @Override
+ @RequiredPermission(Permission.MANAGE_SECURITY)
+ public void removeBundleGroupsFromRole(Subject subject, int roleId, int[] bundleGroupIds) {
+ if ((bundleGroupIds != null) && (bundleGroupIds.length > 0)) {
+ Role role = entityManager.find(Role.class, roleId);
+ if (role == null) {
+ throw new IllegalArgumentException("Could not find role[" + roleId
+ + "] in order to remove BundleGroups");
+ }
+ role.getBundleGroups().size(); // load them in
+
+ for (Integer bundleGroupId : bundleGroupIds) {
+ BundleGroup bundleGroup = entityManager.find(BundleGroup.class, bundleGroupId);
+ if (bundleGroup == null) {
+ throw new IllegalArgumentException("Tried to remove BundleGroup[" + bundleGroupId + "] from role["
+ + roleId + "], but BundleGroup was not found");
+ }
+ role.removeBundleGroup(bundleGroup);
+ }
+ }
+ }
+
/**
* @see org.rhq.enterprise.server.authz.RoleManagerLocal#removeResourceGroupsFromRole(Subject, int, int[])
*/
+ @Override
@RequiredPermission(Permission.MANAGE_SECURITY)
public void removeResourceGroupsFromRole(Subject subject, int roleId, int[] groupIds) {
if ((groupIds != null) && (groupIds.length > 0)) {
@@ -618,6 +689,27 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote {
}
}
+ @Override
+ @RequiredPermission(Permission.MANAGE_SECURITY)
+ public void setAssignedBundleGroups(Subject subject, int roleId, int[] bundleGroupIds) {
+ Role role = getRole(subject, roleId);
+ List<Integer> currentBundleGroups = new ArrayList<Integer>();
+ for (BundleGroup group : role.getBundleGroups()) {
+ currentBundleGroups.add(group.getId());
+ }
+
+ List<Integer> newBundleGroups = ArrayUtils.wrapInList(bundleGroupIds); // members needing addition
+ newBundleGroups.removeAll(currentBundleGroups);
+ int[] newBundleGroupIds = ArrayUtils.unwrapCollection(newBundleGroups);
+ roleManager.addBundleGroupsToRole(subject, roleId, newBundleGroupIds);
+
+ List<Integer> removedBundleGroups = new ArrayList<Integer>(currentBundleGroups); // members needing removal
+ removedBundleGroups.removeAll(ArrayUtils.wrapInList(bundleGroupIds));
+ int[] removedGroupIds = ArrayUtils.unwrapCollection(removedBundleGroups);
+ roleManager.removeBundleGroupsFromRole(subject, roleId, removedGroupIds);
+ }
+
+ @Override
@RequiredPermission(Permission.MANAGE_SECURITY)
public void setAssignedResourceGroups(Subject subject, int roleId, int[] groupIds) {
Role role = getRole(subject, roleId);
@@ -668,11 +760,13 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote {
}
}
+ @Override
public PageList<Role> findSubjectAssignedRoles(Subject subject, int subjectId, PageControl pc) {
PageList<Role> assignedRoles = findRolesBySubject(subjectId, pc);
return assignedRoles;
}
+ @Override
@RequiredPermission(Permission.MANAGE_SECURITY)
public void removeSubjectsFromRole(Subject subject, int roleId, int[] subjectIds) {
if ((subjectIds != null) && (subjectIds.length > 0)) {
@@ -697,6 +791,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote {
}
}
+ @Override
@RequiredPermission(Permission.MANAGE_SECURITY)
public void setAssignedSubjects(Subject subject, int roleId, int[] subjectIds) {
@@ -729,6 +824,31 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote {
}
}
+ @Override
+ @RequiredPermission(Permission.MANAGE_SECURITY)
+ public void removeRolesFromBundleGroup(Subject subject, int bundleGroupId, int[] roleIds) {
+ if ((roleIds != null) && (roleIds.length > 0)) {
+ BundleGroup bundleGroup = entityManager.find(BundleGroup.class, bundleGroupId);
+ if (bundleGroup == null) {
+ throw new IllegalArgumentException("Could not find BundleGroup[" + bundleGroupId
+ + "] in order to remove roles");
+ }
+ bundleGroup.getRoles().size(); // load them in
+
+ for (Integer roleId : roleIds) {
+ Role doomedRole = entityManager.find(Role.class, roleId);
+ if (doomedRole == null) {
+ throw new IllegalArgumentException("Tried to remove role[" + roleId + "] from BundleGroup["
+ + bundleGroupId + "], but role was not found");
+ }
+ bundleGroup.removeRole(doomedRole);
+ }
+ }
+
+ return;
+ }
+
+ @Override
@RequiredPermission(Permission.MANAGE_SECURITY)
public void removeRolesFromResourceGroup(Subject subject, int groupId, int[] roleIds) {
if ((roleIds != null) && (roleIds.length > 0)) {
@@ -751,10 +871,36 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote {
return;
}
+ @Override
public Role getRole(Subject subject, int roleId) {
return entityManager.find(Role.class, roleId);
}
+ @Override
+ @RequiredPermission(Permission.MANAGE_SECURITY)
+ public void addRolesToBundleGroup(Subject subject, int bundleGroupId, int[] roleIds) {
+ if ((roleIds != null) && (roleIds.length > 0)) {
+ BundleGroup bundleGroup = entityManager.find(BundleGroup.class, bundleGroupId);
+ if (bundleGroup == null) {
+ throw new IllegalArgumentException("Could not find bundleGroup[" + bundleGroupId
+ + "] in order to add roles");
+ }
+ bundleGroup.getRoles().size(); // load them in
+
+ for (Integer roleId : roleIds) {
+ Role role = entityManager.find(Role.class, roleId);
+ if (role == null) {
+ throw new IllegalArgumentException("Tried to add role[" + roleId + "] to bundleGroup["
+ + bundleGroupId + "], but role was not found");
+ }
+ bundleGroup.addRole(role);
+ }
+ }
+
+ return;
+ }
+
+ @Override
@RequiredPermission(Permission.MANAGE_SECURITY)
public void addRolesToResourceGroup(Subject subject, int groupId, int[] roleIds) {
if ((roleIds != null) && (roleIds.length > 0)) {
@@ -777,6 +923,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote {
return;
}
+ @Override
@SuppressWarnings("unchecked")
public PageList<Role> findRolesByCriteria(Subject subject, RoleCriteria criteria) {
@@ -788,7 +935,7 @@ public class RoleManagerBean implements RoleManagerLocal, RoleManagerRemote {
CriteriaQueryGenerator generator = new CriteriaQueryGenerator(subject, criteria);
CriteriaQueryRunner<Role> queryRunner = new CriteriaQueryRunner<Role>(criteria, generator, entityManager);
- @SuppressWarnings({ "UnnecessaryLocalVariable" })
+
PageList<Role> roles = queryRunner.execute();
return roles;
diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerLocal.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerLocal.java
index 5c2e1cb..d099f7c 100644
--- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerLocal.java
+++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerLocal.java
@@ -25,7 +25,6 @@ import javax.ejb.Local;
import org.rhq.core.domain.auth.Subject;
import org.rhq.core.domain.authz.Permission;
import org.rhq.core.domain.authz.Role;
-import org.rhq.core.domain.criteria.RoleCriteria;
import org.rhq.core.domain.util.PageControl;
import org.rhq.core.domain.util.PageList;
@@ -36,7 +35,7 @@ import org.rhq.core.domain.util.PageList;
* @author John Mazzitelli
*/
@Local
-public interface RoleManagerLocal {
+public interface RoleManagerLocal extends RoleManagerRemote {
/**
* This returns a page list of all the roles that a subject is authorized to access.
*
@@ -57,26 +56,6 @@ public interface RoleManagerLocal {
PageList<Role> findRoles(PageControl pc);
/**
- * Persists the new role to the database. The subjects assigned to the role are ignored - this only creates the role
- * entity with 0 subjects initially assigned to it.
- *
- * @param subject the user attempting to create the role
- * @param newRole the new role to persist
- *
- * @return the persisted role with the primary key populated
- */
- Role createRole(Subject subject, Role newRole);
-
- /**
- * Removes a set of roles from the database. The subjects assigned to the roles are no longer authorized with the
- * deleted roles. Groups attached to the deleted roles are left alone.
- *
- * @param subject the user attempting to delete the role
- * @param doomedRoleIds the IDs of the roles to delete
- */
- void deleteRoles(Subject subject, int[] doomedRoleIds);
-
- /**
* Sets the permissions for the specified role. Any currently existing role permissions are overwritten - that is,
* <code>permissions</code> will be the complete set of permissions the role will now be authorized with.
*
@@ -96,16 +75,6 @@ public interface RoleManagerLocal {
Set<Permission> getPermissions(Integer roleId);
/**
- * Updates the given role, excluding the subjects and groups. This updates permissions, name, description, etc.
- *
- * @param subject user asking to update the role
- * @param role
- *
- * @return the updated role
- */
- Role updateRole(Subject subject, Role role);
-
- /**
* Given a set of role Ids, this returns a list of all the roles.
*
* @param roleIds
@@ -140,12 +109,6 @@ public interface RoleManagerLocal {
PageList<Role> findAvailableRolesForSubject(Subject subject, Integer subjectId, Integer[] pendingRoleIds,
PageControl pc);
- // !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- //
- // The following are shared with the Remote Interface
- //
- // !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-
/**
* Returns the role with the given ID
*
@@ -157,64 +120,5 @@ public interface RoleManagerLocal {
// Use getRole instead
Role getRoleById(Integer roleId);
- Role getRole(Subject subject, int roleId);
-
- PageList<Role> findSubjectAssignedRoles(Subject subject, int subjectId, PageControl pc);
-
- //This is a proxy of getAvailableRolesForSubject but without pendingRoleIds as required by remote spec
- PageList<Role> findSubjectUnassignedRoles(Subject subject, int subjectId, PageControl pc);
-
- /**
- * Assigns a set of roles to a subject which authorizes the subject to do anything the roles permit.
- *
- * @param subject the user attempting to assign the roles to the subject
- * @param subjectId the subject who is to be authorized with the given roles
- * @param roleIds the roles to assign
- */
- void addRolesToSubject(Subject subject, int subjectId, int[] roleIds);
-
- /**
- * Disassociates particular roles from a subject. Once complete, the subject will no longer be authorized with the
- * given roles.
- *
- * @param subject the user that is attempting to perform the remove
- * @param subjectId the user that is to have the roles unassigned from it
- * @param roleIds list of role IDs that are to be removed from user
- */
- void removeRolesFromSubject(Subject subject, int subjectId, int[] roleIds);
-
- void setAssignedSubjectRoles(Subject subject, int subjectId, int[] roleIds);
-
- void addSubjectsToRole(Subject subject, int roleId, int[] subjectIds);
-
- void removeSubjectsFromRole(Subject subject, int roleId, int[] subjectIds);
-
void setAssignedSubjects(Subject sessionSubject, int roleId, int[] subjectIds);
-
- /**
- * Adds the given resource groups to the given role.
- *
- * @param subject user attempting to add the groups to the role
- * @param roleId
- * @param pendingGroupIds
- */
- void addResourceGroupsToRole(Subject subject, int roleId, int[] pendingGroupIds);
-
- void addRolesToResourceGroup(Subject subject, int groupId, int[] roleIds);
-
- void setAssignedResourceGroups(Subject subject, int roleId, int[] groupIds);
-
- /**
- * Removes the given resource groups from the given role.
- *
- * @param subject user attempting to remove the groups from the role
- * @param roleId
- * @param groupIds
- */
- void removeResourceGroupsFromRole(Subject subject, int roleId, int[] groupIds);
-
- void removeRolesFromResourceGroup(Subject subject, int groupId, int[] roleIds);
-
- PageList<Role> findRolesByCriteria(Subject subject, RoleCriteria criteria);
-
}
\ No newline at end of file
diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerRemote.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerRemote.java
index 0586998..83194da 100644
--- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerRemote.java
+++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/RoleManagerRemote.java
@@ -130,6 +130,15 @@ public interface RoleManagerRemote {
void setAssignedSubjectRoles(Subject subject, int subjectId, int[] roleIds);
/**
+ * Adds the given bundle groups to the given role.
+ *
+ * @param subject The logged in user's subject.
+ * @param roleId
+ * @param bundleGroupIds
+ */
+ void addBundleGroupsToRole(Subject subject, int roleId, int[] bundleGroupIds);
+
+ /**
* Adds the given resource groups to the given role.
*
* @param subject The logged in user's subject.
@@ -138,11 +147,24 @@ public interface RoleManagerRemote {
*/
void addResourceGroupsToRole(Subject subject, int roleId, int[] pendingGroupIds);
+ void addRolesToBundleGroup(Subject subject, int bundleGroupId, int[] roleIds);
+
void addRolesToResourceGroup(Subject subject, int groupId, int[] roleIds);
+ void setAssignedBundleGroups(Subject subject, int roleId, int[] bundleGroupIds);
+
void setAssignedResourceGroups(Subject subject, int roleId, int[] groupIds);
/**
+ * Removes the given bundle groups from the given role.
+ *
+ * @param subject user attempting to remove the groups from the role
+ * @param roleId
+ * @param bundleGroupIds
+ */
+ void removeBundleGroupsFromRole(Subject subject, int roleId, int[] bundleGroupIds);
+
+ /**
* Removes the given resource groups from the given role.
*
* @param subject user attempting to remove the groups from the role
@@ -151,6 +173,8 @@ public interface RoleManagerRemote {
*/
void removeResourceGroupsFromRole(Subject subject, int roleId, int[] groupIds);
+ void removeRolesFromBundleGroup(Subject subject, int bundleGroupId, int[] roleIds);
+
void removeRolesFromResourceGroup(Subject subject, int groupId, int[] roleIds);
PageList<Role> findRolesByCriteria(Subject subject, RoleCriteria criteria);
diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerBean.java
index a9882c4..bc85e6d 100644
--- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerBean.java
+++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerBean.java
@@ -66,6 +66,7 @@ import org.rhq.core.clientapi.agent.bundle.BundleScheduleResponse;
import org.rhq.core.clientapi.agent.configuration.ConfigurationUtility;
import org.rhq.core.domain.auth.Subject;
import org.rhq.core.domain.authz.Permission;
+import org.rhq.core.domain.authz.Role;
import org.rhq.core.domain.bundle.Bundle;
import org.rhq.core.domain.bundle.BundleDeployment;
import org.rhq.core.domain.bundle.BundleDeploymentStatus;
@@ -233,6 +234,8 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot
}
}
+ checkCreateInitialBundleVersionAuthz(subject, bundleGroupId);
+
// create and add the required Repo. the Repo is a detached object which helps in its eventual removal.
Repo repo = new Repo(name);
repo.setCandidate(false);
@@ -761,7 +764,6 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot
}
if (isInitialVersion) {
- checkCreateInitialBundleVersionAuthz(subject, initialBundleGroupId);
bundle = bundleManager.createBundle(subject, bundleName, bundleDescription, bundleType.getId(),
initialBundleGroupId);
createdBundle = true;
@@ -1619,7 +1621,7 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot
// filter by bundles that are viewable
if (!authorizationManager.hasGlobalPermission(subject, Permission.VIEW_BUNDLES)) {
- generator.setAuthorizationResourceFragment(CriteriaQueryGenerator.AuthorizationTokenType.BUNDLE, null,
+ generator.setAuthorizationBundleFragment(CriteriaQueryGenerator.AuthorizationTokenType.BUNDLE,
subject.getId());
}
@@ -1660,7 +1662,7 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot
CriteriaQueryGenerator generator = new CriteriaQueryGenerator(subject, criteria);
if (!authorizationManager.hasGlobalPermission(subject, Permission.VIEW_BUNDLES)) {
- generator.setAuthorizationResourceFragment(CriteriaQueryGenerator.AuthorizationTokenType.BUNDLE, null,
+ generator.setAuthorizationBundleFragment(CriteriaQueryGenerator.AuthorizationTokenType.BUNDLE,
subject.getId());
}
@@ -1720,7 +1722,7 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot
// filter by bundles that are viewable
if (!authorizationManager.hasGlobalPermission(subject, Permission.VIEW_BUNDLES)) {
- generator.setAuthorizationResourceFragment(CriteriaQueryGenerator.AuthorizationTokenType.BUNDLE, null,
+ generator.setAuthorizationBundleFragment(CriteriaQueryGenerator.AuthorizationTokenType.BUNDLE,
subject.getId());
}
@@ -1735,8 +1737,8 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot
CriteriaQueryGenerator generator = new CriteriaQueryGenerator(subject, criteria);
if (!authorizationManager.hasGlobalPermission(subject, Permission.VIEW_BUNDLES)) {
- generator.setAuthorizationResourceFragment(CriteriaQueryGenerator.AuthorizationTokenType.BUNDLE, null,
- subject.getId());
+ generator.setAuthorizationBundleFragment(CriteriaQueryGenerator.AuthorizationTokenType.BUNDLE,
+ subject.getId(), null);
}
CriteriaQueryRunner<Bundle> queryRunner = new CriteriaQueryRunner<Bundle>(criteria, generator, entityManager);
@@ -1781,7 +1783,7 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot
generator.alterProjection(replacementSelectList);
if (!authorizationManager.hasGlobalPermission(subject, Permission.VIEW_BUNDLES)) {
- generator.setAuthorizationResourceFragment(CriteriaQueryGenerator.AuthorizationTokenType.BUNDLE, null,
+ generator.setAuthorizationBundleFragment(CriteriaQueryGenerator.AuthorizationTokenType.BUNDLE,
subject.getId());
}
@@ -1990,7 +1992,7 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot
public void deleteBundleGroups(Subject subject, int[] bundleGroupIds) throws Exception {
for (int bundleGroupId : bundleGroupIds) {
- BundleGroup bundleGroup = this.entityManager.find(BundleGroup.class, bundleGroupIds);
+ BundleGroup bundleGroup = this.entityManager.find(BundleGroup.class, bundleGroupId);
if (null == bundleGroup) {
return;
}
@@ -1999,6 +2001,12 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot
for (Bundle b : bundleGroup.getBundles()) {
bundleGroup.removeBundle(b);
}
+
+ // remove from any roles
+ for (Role r : bundleGroup.getRoles()) {
+ bundleGroup.removeRole(r);
+ }
+
bundleGroup = entityManager.merge(bundleGroup);
// now remove the bundle group
@@ -2012,8 +2020,8 @@ public class BundleManagerBean implements BundleManagerLocal, BundleManagerRemot
// filter by bundle groups that are viewable
if (!authorizationManager.hasGlobalPermission(subject, Permission.MANAGE_BUNDLE_GROUPS)) {
- generator.setAuthorizationResourceFragment(CriteriaQueryGenerator.AuthorizationTokenType.BUNDLE_GROUP,
- null, subject.getId());
+ generator.setAuthorizationBundleFragment(CriteriaQueryGenerator.AuthorizationTokenType.BUNDLE_GROUP,
+ subject.getId(), null);
}
CriteriaQueryRunner<BundleGroup> queryRunner = new CriteriaQueryRunner<BundleGroup>(criteria, generator,
diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerLocal.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerLocal.java
index 01ca620..f96d356 100644
--- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerLocal.java
+++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/bundle/BundleManagerLocal.java
@@ -68,9 +68,12 @@ public interface BundleManagerLocal extends BundleManagerRemote {
/**
* Internal use only, and test entry point.
- * </p>
- * This method performs NO AUTHZ!
- * </p>
+ * <pre>
+ * Required Permissions (same as createInitialBundleVersionXxx): Either:
+ * - Global.CREATE_BUNDLES and Global.VIEW_BUNDLES
+ * - Global.CREATE_BUNDLES and BundleGroup.VIEW_BUNDLES_IN_GROUP for bundle group BG
+ * - BundleGroup.CREATE_BUNDLES_IN_GROUP for bundle group BG
+ * </pre>
* @param subject user that must have proper permissions
* @param name not null or empty
* @param description optional long description of the bundle
@@ -87,9 +90,12 @@ public interface BundleManagerLocal extends BundleManagerRemote {
* Convenience method that combines {@link #createBundle(Subject, String, int)} and {@link #createBundleVersion(Subject, int, String, String, String)}.
* This will first check to see if a bundle with the given type/name exists - if it doesn't, it will be created. If it does, it will be reused.
* This will then create the bundle version that will be associated with the bundle that was created or found.
- * </p>
- * This method performs NO AUTHZ!
- * </p>
+ * <pre>
+ * Required Permissions (same as createInitialBundleVersionXxx): Either:
+ * - Global.CREATE_BUNDLES and Global.VIEW_BUNDLES
+ * - Global.CREATE_BUNDLES and BundleGroup.VIEW_BUNDLES_IN_GROUP for bundle group BG
+ * - BundleGroup.CREATE_BUNDLES_IN_GROUP for bundle group BG
+ * </pre>
* @param subject user that must have proper permissions
* @param bundleName name of the bundle to use (if not found, it will be created)
* @param bundleDescription optional long description of the bundle
diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/util/CriteriaQueryGenerator.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/util/CriteriaQueryGenerator.java
index 0a1060d..3692b78 100644
--- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/util/CriteriaQueryGenerator.java
+++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/util/CriteriaQueryGenerator.java
@@ -124,10 +124,9 @@ public final class CriteriaQueryGenerator {
} else if (type == AuthorizationTokenType.GROUP) {
defaultFragment = "group";
setAuthorizationResourceFragment(type, defaultFragment, subjectId);
- } else if (type == AuthorizationTokenType.BUNDLE) {
- setAuthorizationBundleFragment(subjectId);
- } else if (type == AuthorizationTokenType.BUNDLE_GROUP) {
- setAuthorizationBundleGroupFragment(subjectId);
+ } else {
+ throw new IllegalArgumentException(this.getClass().getSimpleName()
+ + " does not yet support generating resource queries for '" + type + "' token types");
}
}
@@ -237,10 +236,31 @@ public final class CriteriaQueryGenerator {
return customAuthzFragment;
}
- public void setAuthorizationBundleFragment(int subjectId) {
+ public void setAuthorizationBundleFragment(AuthorizationTokenType type, int subjectId) {
+ if (type == AuthorizationTokenType.BUNDLE) {
+ setAuthorizationBundleFragment(type, subjectId, "bundle");
+ } else if (type == AuthorizationTokenType.BUNDLE_GROUP) {
+ setAuthorizationBundleFragment(type, subjectId, "bundleGroup");
+ } else {
+ throw new IllegalArgumentException(this.getClass().getSimpleName()
+ + " does not yet support generating bundle queries for '" + type + "' token types");
+ }
+ }
+
+ public void setAuthorizationBundleFragment(AuthorizationTokenType type, int subjectId, String fragment) {
+ if (type == AuthorizationTokenType.BUNDLE) {
+ setAuthorizationBundleFragment(subjectId, fragment);
+ } else if (type == AuthorizationTokenType.BUNDLE_GROUP) {
+ setAuthorizationBundleGroupFragment(subjectId, fragment);
+ } else {
+ throw new IllegalArgumentException(this.getClass().getSimpleName()
+ + " does not yet support generating bundle queries for '" + type + "' token types");
+ }
+ }
+
+ private void setAuthorizationBundleFragment(int subjectId, String fragment) {
this.authorizationSubjectId = subjectId;
- String fragment = "bundle";
String customAuthzFragment = "" //
+ "( %aliasWithFragment%.id IN ( SELECT %innerAlias%.id " + NL //
+ " FROM %alias% innerAlias " + NL //
@@ -271,8 +291,9 @@ public final class CriteriaQueryGenerator {
}
}
- public void setAuthorizationBundleGroupFragment(int subjectId) {
- String fragment = "bundleGroup";
+ private void setAuthorizationBundleGroupFragment(int subjectId, String fragment) {
+ this.authorizationSubjectId = subjectId;
+
String customAuthzFragment = "" //
+ "( %aliasWithFragment%.id IN ( SELECT %innerAlias%.id " + NL //
+ " FROM %alias% innerAlias " + NL //
10 years, 10 months