modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/alert/AlertDefinitionManagerBean.java
| 18 +--------
modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/alert/AlertDefinitionManagerLocal.java
| 19 ----------
modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/alert/AlertTemplateManagerBean.java
| 5 +-
modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/alert/GroupAlertDefinitionManagerBean.java
| 4 +-
4 files changed, 7 insertions(+), 39 deletions(-)
New commits:
commit e23f9cea52ff4576546db93c546942ea95043ec6
Author: Lukas Krejci <lkrejci(a)redhat.com>
Date: Fri Aug 31 14:34:38 2012 +0200
Revert "[BZ 846623] - When creating the "child" alert definitions of
group or template alert definitions, pass the real user that creates the alert def and
circumvent authz."
This reverts commit 97f5db48e4570c3cf8ee516de5bda7aff31c59a9.
diff --git
a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/alert/AlertDefinitionManagerBean.java
b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/alert/AlertDefinitionManagerBean.java
index 1bcd585..79fca41 100644
---
a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/alert/AlertDefinitionManagerBean.java
+++
b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/alert/AlertDefinitionManagerBean.java
@@ -196,23 +196,9 @@ public class AlertDefinitionManagerBean implements
AlertDefinitionManagerLocal,
return results;
}
- @Override
- @TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
- public int createDependentAlertDefinition(Subject subject, AlertDefinition
alertDefinition, int resourceId)
- throws InvalidAlertDefinitionException {
-
- return createAlertDefinitionInternal(subject, alertDefinition, resourceId,
false);
- }
-
- @Override
@TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
public int createAlertDefinition(Subject subject, AlertDefinition alertDefinition,
Integer resourceId)
throws InvalidAlertDefinitionException {
-
- return createAlertDefinitionInternal(subject, alertDefinition, resourceId,
true);
- }
-
- private int createAlertDefinitionInternal(Subject subject, AlertDefinition
alertDefinition, Integer resourceId, boolean checkPerms) throws
InvalidAlertDefinitionException {
checkAlertDefinition(subject, alertDefinition, resourceId);
// if this is an alert definition, set up the link to a resource
@@ -226,7 +212,7 @@ public class AlertDefinitionManagerBean implements
AlertDefinitionManagerLocal,
}
// after the resource is set up (in the case of non-templates), we can use the
checkPermission on it
- if (checkPerms && checkPermission(subject, alertDefinition) == false) {
+ if (checkPermission(subject, alertDefinition) == false) {
if (alertDefinition.getResourceType() != null) {
throw new PermissionException("User [" + subject.getName()
+ "] does not have permission to create alert templates for type
["
@@ -279,7 +265,7 @@ public class AlertDefinitionManagerBean implements
AlertDefinitionManagerLocal,
return alertDefinition.getId();
}
-
+
private void fixRecoveryId(AlertDefinition definition) {
try {
if (definition.getParentId() != 0 && definition.getRecoveryId() != 0)
{
diff --git
a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/alert/AlertDefinitionManagerLocal.java
b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/alert/AlertDefinitionManagerLocal.java
index 45b7252..03c8945 100644
---
a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/alert/AlertDefinitionManagerLocal.java
+++
b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/alert/AlertDefinitionManagerLocal.java
@@ -48,25 +48,6 @@ public interface AlertDefinitionManagerLocal {
int createAlertDefinition(Subject subject, AlertDefinition alertDefinition, Integer
resourceId)
throws InvalidAlertDefinitionException;
- /**
- * This is exactly the same as {@link #createAlertDefinition(Subject,
AlertDefinition, Integer)} but
- * assumes the resource is part of a group (or has given resource type for templates)
for which
- * a group or template alert definition is being created.
- * <p>
- * This method assumes the caller already checked the subject has permissions to
create a group or template alert
- * definition on a group / resource type the resource is member of.
- * <p>
- * In another words this method is a helper to
- * {@link GroupAlertDefinitionManagerLocal#createGroupAlertDefinitions(Subject,
AlertDefinition, Integer)} and
- * {@link AlertTemplateManagerLocal#createAlertTemplate(Subject, AlertDefinition,
Integer)}.
- *
- * @param subject the user that is creating the group or template alert definition
- * @param alertDefinition the alert definition on the resource
- * @param resourceId the resource
- * @return the id of the newly created alert definition
- */
- int createDependentAlertDefinition(Subject subject, AlertDefinition alertDefinition,
int resourceId);
-
boolean isEnabled(Integer definitionId);
boolean isTemplate(Integer definitionId);
diff --git
a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/alert/AlertTemplateManagerBean.java
b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/alert/AlertTemplateManagerBean.java
index ff00dd6..94f1d35 100644
---
a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/alert/AlertTemplateManagerBean.java
+++
b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/alert/AlertTemplateManagerBean.java
@@ -128,6 +128,7 @@ public class AlertTemplateManagerBean implements
AlertTemplateManagerLocal {
+ alertTemplate.toSimpleString(), t);
}
+ Subject overlord = subjectManager.getOverlord();
Throwable firstThrowable = null;
List<Integer> resourceIdsForType =
getCommittedResourceIdsNeedingTemplateApplication(user, alertTemplateId,
@@ -139,8 +140,8 @@ public class AlertTemplateManagerBean implements
AlertTemplateManagerLocal {
AlertDefinition childAlertDefinition = new
AlertDefinition(alertTemplate);
childAlertDefinition.setParentId(alertTemplate.getId());
- // persist the child as a dependent alert definition
- alertDefinitionManager.createDependentAlertDefinition(user,
childAlertDefinition, resourceId);
+ // persist the child using overlord
+ alertDefinitionManager.createAlertDefinition(overlord,
childAlertDefinition, resourceId);
} catch (Throwable t) {
// continue on error, create as many as possible
if (firstThrowable == null) {
diff --git
a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/alert/GroupAlertDefinitionManagerBean.java
b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/alert/GroupAlertDefinitionManagerBean.java
index 7df0c67..8974c30 100644
---
a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/alert/GroupAlertDefinitionManagerBean.java
+++
b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/alert/GroupAlertDefinitionManagerBean.java
@@ -137,7 +137,6 @@ public class GroupAlertDefinitionManagerBean implements
GroupAlertDefinitionMana
return list;
}
- @Override
@TransactionAttribute(TransactionAttributeType.NOT_SUPPORTED)
public int createGroupAlertDefinitions(Subject subject, AlertDefinition
groupAlertDefinition,
Integer resourceGroupId) throws InvalidAlertDefinitionException,
AlertDefinitionCreationException {
@@ -152,6 +151,7 @@ public class GroupAlertDefinitionManagerBean implements
GroupAlertDefinitionMana
+ " with data " + groupAlertDefinition.toSimpleString(), t);
}
+ Subject overlord = subjectManager.getOverlord();
Throwable firstThrowable = null;
List<Integer> resourceIdsForGroup =
getCommittedResourceIdsNeedingGroupAlertDefinitionApplication(subject,
@@ -164,7 +164,7 @@ public class GroupAlertDefinitionManagerBean implements
GroupAlertDefinitionMana
childAlertDefinition.setGroupAlertDefinition(groupAlertDefinition);
// persist the child
- alertDefinitionManager.createDependentAlertDefinition(subject,
childAlertDefinition, resourceId);
+ alertDefinitionManager.createAlertDefinition(overlord,
childAlertDefinition, resourceId);
} catch (Throwable t) {
// continue on error, create as many as possible
if (firstThrowable == null) {