Martin Mucha has uploaded a new change for review.
Change subject: <core | restapi | tools | history | engine | userportal |
webadmin>:
......................................................................
<core | restapi | tools | history | engine | userportal | webadmin>:
Change-Id: I1f5d080b6628f86ab2ff88f8e2dfaab21d367c7f
Signed-off-by: Martin Mucha <mmu...@redhat.com>
---
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddMacPoolCommand.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/PredefinedRoles.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RemoveMacPoolCommand.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/UpdateMacPoolCommand.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/AddEmptyStoragePoolCommand.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/StoragePoolManagementCommandBase.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/UpdateStoragePoolCommand.java
M
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java
M
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/ActionGroup.java
M
backend/manager/modules/restapi/interface/definition/src/main/java/org/ovirt/engine/api/model/PermitType.java
M
backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/PermitMapper.java
M
frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/configure/roles_ui/RoleTreeView.java
M
frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/LocalizedEnums.java
M
frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/UIConstants.java
M
frontend/webadmin/modules/uicompat/src/main/resources/org/ovirt/engine/ui/uicompat/LocalizedEnums.properties
A packaging/dbscripts/upgrade/03_05_0760_add_permissions_to_mac_pools.sql
16 files changed, 237 insertions(+), 31 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/46/29846/1
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddMacPoolCommand.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddMacPoolCommand.java
index 3c2e268..c1fd5c1 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddMacPoolCommand.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddMacPoolCommand.java
@@ -36,9 +36,9 @@
@Override
public List<PermissionSubject> getPermissionCheckSubjects() {
- return Collections.singletonList(new
PermissionSubject(MultiLevelAdministrationHandler.SYSTEM_OBJECT_ID,
+ return Collections.singletonList(new PermissionSubject(Guid.SYSTEM,
VdcObjectType.System,
- ActionGroup.CONFIGURE_ENGINE));
+ ActionGroup.CREATE_MAC_POOL));
}
@Override
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/PredefinedRoles.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/PredefinedRoles.java
index 41dcb5d..3403801 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/PredefinedRoles.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/PredefinedRoles.java
@@ -26,7 +26,11 @@
INSTANCE_OPERATOR(new Guid("DEF00012-0000-0000-0000-DEF000000012")),
TAG_ADMIN(new Guid("DEF00011-0000-0000-0000-DEF000000013")),
BOOKMARK_ADMIN(new Guid("DEF00011-0000-0000-0000-DEF000000014")),
- EVENT_NOTIFICATION_ADMIN(new Guid("DEF00011-0000-0000-0000-DEF000000015"));
+ EVENT_NOTIFICATION_ADMIN(new Guid("DEF00011-0000-0000-0000-DEF000000015")),
+
+ //TODO MM: there maybe is some rule how to for these GUIDs, verify.
+ MAC_POOL_ADMIN(new Guid("DEF00013-0000-0000-0000-DEF000000013")),
+ MAC_POOL_USER(new Guid("DEF00014-0000-0000-0000-DEF000000014"));
private Guid id;
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RemoveMacPoolCommand.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RemoveMacPoolCommand.java
index 06b1bc7..cbd90b6 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RemoveMacPoolCommand.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/RemoveMacPoolCommand.java
@@ -71,8 +71,9 @@
@Override
public List<PermissionSubject> getPermissionCheckSubjects() {
- return Collections.singletonList(new
PermissionSubject(MultiLevelAdministrationHandler.SYSTEM_OBJECT_ID,
- VdcObjectType.System, ActionGroup.CONFIGURE_ENGINE));
+ return Collections.singletonList(new PermissionSubject(Guid.SYSTEM,
+ VdcObjectType.System,
+ ActionGroup.DELETE_MAC_POOL));
}
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/UpdateMacPoolCommand.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/UpdateMacPoolCommand.java
index ec6fc07..817710a 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/UpdateMacPoolCommand.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/UpdateMacPoolCommand.java
@@ -74,8 +74,9 @@
@Override
public List<PermissionSubject> getPermissionCheckSubjects() {
- return Collections.singletonList(new
PermissionSubject(MultiLevelAdministrationHandler.SYSTEM_OBJECT_ID,
- VdcObjectType.System, ActionGroup.CONFIGURE_ENGINE));
+ return Collections.singletonList(new PermissionSubject(Guid.SYSTEM,
+ VdcObjectType.System,
+ ActionGroup.EDIT_MAC_POOL));
}
@Override
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/AddEmptyStoragePoolCommand.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/AddEmptyStoragePoolCommand.java
index c3d4867..80f38a3 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/AddEmptyStoragePoolCommand.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/AddEmptyStoragePoolCommand.java
@@ -1,16 +1,16 @@
package org.ovirt.engine.core.bll.storage;
-import java.util.Collections;
+import java.util.Arrays;
import java.util.List;
import org.ovirt.engine.core.bll.AddVdsGroupCommand;
-import org.ovirt.engine.core.bll.MultiLevelAdministrationHandler;
import org.ovirt.engine.core.bll.network.cluster.NetworkHelper;
import org.ovirt.engine.core.bll.utils.PermissionSubject;
import org.ovirt.engine.core.bll.utils.VersionSupport;
import org.ovirt.engine.core.common.AuditLogType;
import org.ovirt.engine.core.common.VdcObjectType;
import org.ovirt.engine.core.common.action.StoragePoolManagementParameter;
+import org.ovirt.engine.core.common.businessentities.ActionGroup;
import org.ovirt.engine.core.common.businessentities.StoragePool;
import org.ovirt.engine.core.common.businessentities.StoragePoolStatus;
import org.ovirt.engine.core.common.businessentities.network.Network;
@@ -100,9 +100,10 @@
@Override
public List<PermissionSubject> getPermissionCheckSubjects() {
- return Collections.singletonList(new
PermissionSubject(MultiLevelAdministrationHandler.SYSTEM_OBJECT_ID,
- VdcObjectType.System,
- getActionType().getActionGroup()));
+ return Arrays.asList(
+ new PermissionSubject(Guid.SYSTEM, VdcObjectType.System,
getActionType().getActionGroup()),
+ new PermissionSubject(getRequestedMacPoolId(),
VdcObjectType.MacPool, ActionGroup.CONFIGURE_MAC_POOL)
+ );
}
}
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/StoragePoolManagementCommandBase.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/StoragePoolManagementCommandBase.java
index 900edd0..b434427 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/StoragePoolManagementCommandBase.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/StoragePoolManagementCommandBase.java
@@ -52,4 +52,8 @@
List<StoragePool> sps = spDao.getByName(storagePoolName, false);
return (sps == null || sps.isEmpty());
}
+
+ protected Guid getRequestedMacPoolId() {
+ return getParameters().getStoragePool().getMacPoolId();
+ }
}
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/UpdateStoragePoolCommand.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/UpdateStoragePoolCommand.java
index 7c56700..725c019 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/UpdateStoragePoolCommand.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/UpdateStoragePoolCommand.java
@@ -7,12 +7,14 @@
import org.ovirt.engine.core.bll.NonTransactiveCommandAttribute;
import org.ovirt.engine.core.bll.RenamedEntityInfoProvider;
import org.ovirt.engine.core.bll.context.CommandContext;
+import org.ovirt.engine.core.bll.utils.PermissionSubject;
import org.ovirt.engine.core.bll.utils.VersionSupport;
import org.ovirt.engine.core.bll.validator.NetworkValidator;
import org.ovirt.engine.core.common.AuditLogType;
import org.ovirt.engine.core.common.FeatureSupported;
import org.ovirt.engine.core.common.VdcObjectType;
import org.ovirt.engine.core.common.action.StoragePoolManagementParameter;
+import org.ovirt.engine.core.common.businessentities.ActionGroup;
import org.ovirt.engine.core.common.businessentities.StorageDomain;
import org.ovirt.engine.core.common.businessentities.StorageDomainStatic;
import org.ovirt.engine.core.common.businessentities.StorageDomainType;
@@ -66,8 +68,8 @@
@Override
protected void executeCommand() {
updateQuotaCache();
- if (_oldStoragePool.getStatus() == StoragePoolStatus.Up) {
- if (!StringUtils.equals(_oldStoragePool.getName(),
getStoragePool().getName())) {
+ if (get_oldStoragePool().getStatus() == StoragePoolStatus.Up) {
+ if (!StringUtils.equals(get_oldStoragePool().getName(),
getStoragePool().getName())) {
runVdsCommand(VDSCommandType.SetStoragePoolDescription,
new SetStoragePoolDescriptionVDSCommandParameters(
getStoragePool().getId(), getStoragePool().getName())
@@ -75,7 +77,7 @@
}
}
- copyUnchangedStoragePoolProperties(getStoragePool(), _oldStoragePool);
+ copyUnchangedStoragePoolProperties(getStoragePool(),
get_oldStoragePool());
getStoragePoolDAO().updatePartial(getStoragePool());
@@ -93,14 +95,14 @@
* Checks whether part of the update was disabling quota enforcement on
the Data Center
*/
private boolean wasQuotaEnforcementChanged() {
- return _oldStoragePool.getQuotaEnforcementType() !=
getStoragePool().getQuotaEnforcementType();
+ return get_oldStoragePool().getQuotaEnforcementType() !=
getStoragePool().getQuotaEnforcementType();
}
private void updateStoragePoolFormatType() {
final StoragePool storagePool = getStoragePool();
final Guid spId = storagePool.getId();
final Version spVersion = storagePool.getcompatibility_version();
- final Version oldSpVersion =
_oldStoragePool.getcompatibility_version();
+ final Version oldSpVersion =
get_oldStoragePool().getcompatibility_version();
if (oldSpVersion.equals(spVersion)) {
return;
@@ -126,7 +128,7 @@
}
});
- if (_oldStoragePool.getStatus() == StoragePoolStatus.Up) {
+ if (get_oldStoragePool().getStatus() == StoragePoolStatus.Up) {
try {
// No need to worry about "reupgrading" as VDSM will silently
ignore
// the request.
@@ -172,14 +174,13 @@
@Override
protected boolean canDoAction() {
boolean returnValue = checkStoragePool();
- _oldStoragePool = getStoragePoolDAO().get(getStoragePool().getId());
- if (returnValue && !StringUtils.equals(_oldStoragePool.getName(),
getStoragePool().getName())
+ if (returnValue && !StringUtils.equals(get_oldStoragePool().getName(),
getStoragePool().getName())
&& !isStoragePoolUnique(getStoragePool().getName())) {
returnValue = false;
addCanDoActionMessage(VdcBllMessages.ACTION_TYPE_FAILED_STORAGE_POOL_NAME_ALREADY_EXIST);
}
if (returnValue
- && _oldStoragePool.isLocal() != getStoragePool().isLocal()
+ && get_oldStoragePool().isLocal() != getStoragePool().isLocal()
&&
getStorageDomainStaticDAO().getAllForStoragePool(getStoragePool().getId()).size()
> 0) {
returnValue = false;
getReturnValue()
@@ -189,14 +190,14 @@
}
returnValue = returnValue && checkStoragePoolNameLengthValid();
if (returnValue
- &&
!_oldStoragePool.getcompatibility_version().equals(getStoragePool()
+ &&
!get_oldStoragePool().getcompatibility_version().equals(getStoragePool()
.getcompatibility_version())) {
if (!isStoragePoolVersionSupported()) {
addCanDoActionMessage(VersionSupport.getUnsupportedVersionMessage());
returnValue = false;
}
// decreasing of compatibility version is allowed under conditions
- else if
(getStoragePool().getcompatibility_version().compareTo(_oldStoragePool.getcompatibility_version())
< 0) {
+ else if
(getStoragePool().getcompatibility_version().compareTo(get_oldStoragePool().getcompatibility_version())
< 0) {
List<Network> networks =
getNetworkDAO().getAllForDataCenter(getStoragePoolId());
if (networks.size() == 1) {
Network network = networks.get(0);
@@ -289,7 +290,7 @@
@Override
public String getEntityOldName() {
- return _oldStoragePool.getName();
+ return get_oldStoragePool().getName();
}
@Override
@@ -299,6 +300,34 @@
@Override
public void setEntityId(AuditLogableBase logable) {
- logable.setStoragePoolId(_oldStoragePool.getId());
+ logable.setStoragePoolId(get_oldStoragePool().getId());
+ }
+
+ private Guid getOldMacPoolId() {
+ return get_oldStoragePool().getMacPoolId();
+ }
+
+ private StoragePool get_oldStoragePool() {
+ if (_oldStoragePool == null) {
+ _oldStoragePool =
getStoragePoolDAO().get(getStoragePool().getId());
+ }
+ return _oldStoragePool;
+ }
+
+ @Override
+ public List<PermissionSubject> getPermissionCheckSubjects() {
+ final List<PermissionSubject> result = new
ArrayList<>(super.getPermissionCheckSubjects());
+
+ if (changingPoolDefinition()) {
+ result.add(new PermissionSubject(getRequestedMacPoolId(),
VdcObjectType.MacPool, ActionGroup.CONFIGURE_MAC_POOL));
+ }
+
+ return result;
+ }
+
+ private boolean changingPoolDefinition() {
+ return getRequestedMacPoolId() == null
+ ? getOldMacPoolId() != null
+ : getRequestedMacPoolId().equals(getOldMacPoolId());
}
}
diff --git
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java
index f45e2ff..2ed89dc 100644
---
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java
+++
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/VdcActionType.java
@@ -370,9 +370,9 @@
SetDataOnSession(3000, false, QuotaDependency.NONE),
// Mac Pool
- AddMacPool(3100, ActionGroup.CONFIGURE_ENGINE, false,
QuotaDependency.NONE),
- UpdateMacPool(3101, ActionGroup.CONFIGURE_ENGINE, false,
QuotaDependency.NONE),
- RemoveMacPool(3102, ActionGroup.CONFIGURE_ENGINE, false,
QuotaDependency.NONE);
+ AddMacPool(3100, ActionGroup.CREATE_MAC_POOL, false, QuotaDependency.NONE),
+ UpdateMacPool(3101, ActionGroup.EDIT_MAC_POOL, false,
QuotaDependency.NONE),
+ RemoveMacPool(3102, ActionGroup.DELETE_MAC_POOL, false,
QuotaDependency.NONE);
private int intValue;
private ActionGroup actionGroup;
diff --git
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/ActionGroup.java
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/ActionGroup.java
index 5aeec1e..35e587f 100644
---
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/ActionGroup.java
+++
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/ActionGroup.java
@@ -132,7 +132,13 @@
AUDIT_LOG_MANAGEMENT(1304, RoleType.ADMIN, false),
// affinity group CRUD commands
- MANIPULATE_AFFINITY_GROUPS(1550, RoleType.ADMIN, true,
ApplicationMode.VirtOnly);
+ MANIPULATE_AFFINITY_GROUPS(1550, RoleType.ADMIN, true,
ApplicationMode.VirtOnly),
+
+ // MAC pool actions groups
+ CREATE_MAC_POOL(1660, RoleType.ADMIN, true, ApplicationMode.VirtOnly),
+ EDIT_MAC_POOL(1661, RoleType.ADMIN, true, ApplicationMode.VirtOnly),
+ DELETE_MAC_POOL(1662, RoleType.ADMIN, true, ApplicationMode.VirtOnly),
+ CONFIGURE_MAC_POOL(1663, RoleType.ADMIN, true, ApplicationMode.VirtOnly);
private int id;
private RoleType roleType;
diff --git
a/backend/manager/modules/restapi/interface/definition/src/main/java/org/ovirt/engine/api/model/PermitType.java
b/backend/manager/modules/restapi/interface/definition/src/main/java/org/ovirt/engine/api/model/PermitType.java
index 439ae0f..0824dc3 100644
---
a/backend/manager/modules/restapi/interface/definition/src/main/java/org/ovirt/engine/api/model/PermitType.java
+++
b/backend/manager/modules/restapi/interface/definition/src/main/java/org/ovirt/engine/api/model/PermitType.java
@@ -115,7 +115,12 @@
EVENT_NOTIFICATION_MANAGEMENT,
AUDIT_LOG_MANAGEMENT,
// affinity groups CRUD commands
- MANIPULATE_AFFINITY_GROUPS;
+ MANIPULATE_AFFINITY_GROUPS,
+
+ // Mac Pool action groups
+ CREATE_MAC_POOL,
+ EDIT_MAC_POOL,
+ DELETE_MAC_POOL;
public String value() {
return name().toLowerCase();
diff --git
a/backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/PermitMapper.java
b/backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/PermitMapper.java
index ff9d19f..4bfea1c 100644
---
a/backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/PermitMapper.java
+++
b/backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/PermitMapper.java
@@ -192,6 +192,12 @@
return PermitType.MANIPULATE_AFFINITY_GROUPS;
case ADD_USERS_AND_GROUPS_FROM_DIRECTORY:
return PermitType.ADD_USERS_AND_GROUPS_FROM_DIRECTORY;
+ case CREATE_MAC_POOL:
+ return PermitType.CREATE_MAC_POOL;
+ case EDIT_MAC_POOL:
+ return PermitType.EDIT_MAC_POOL;
+ case DELETE_MAC_POOL:
+ return PermitType.DELETE_MAC_POOL;
default:
return null;
}
@@ -348,6 +354,12 @@
return ActionGroup.MANIPULATE_AFFINITY_GROUPS;
case ADD_USERS_AND_GROUPS_FROM_DIRECTORY:
return ActionGroup.ADD_USERS_AND_GROUPS_FROM_DIRECTORY;
+ case CREATE_MAC_POOL:
+ return ActionGroup.CREATE_MAC_POOL;
+ case EDIT_MAC_POOL:
+ return ActionGroup.EDIT_MAC_POOL;
+ case DELETE_MAC_POOL:
+ return ActionGroup.DELETE_MAC_POOL;
default:
return null;
}
diff --git
a/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/configure/roles_ui/RoleTreeView.java
b/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/configure/roles_ui/RoleTreeView.java
index 20121cf..96fbb5a 100644
---
a/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/configure/roles_ui/RoleTreeView.java
+++
b/frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/configure/roles_ui/RoleTreeView.java
@@ -77,7 +77,8 @@
createTemplateRoleTree(),
createVmRoleTree(),
createVmPoolRoleTree(),
- createDiskRoleTree() });
+ createDiskRoleTree(),
+ createMacPoolRoleTree() });
// nothing to filter
if
(!ApplicationModeHelper.getUiMode().equals(ApplicationMode.AllModes)) {
@@ -86,6 +87,17 @@
return tree;
}
+ protected static RoleNode createMacPoolRoleTree() {
+ return new RoleNode(getConstants().macPoolTree(), new RoleNode[]{
+ new RoleNode(getConstants().basicOperationsRoleTree(), new
RoleNode[]{
+ new RoleNode(ActionGroup.CREATE_MAC_POOL,
getConstants().allowToCreateMacPoolTooltip()),
+ new RoleNode(ActionGroup.EDIT_MAC_POOL,
getConstants().allowToEditMacPoolTooltip()),
+ new RoleNode(ActionGroup.DELETE_MAC_POOL,
getConstants().allowToDeleteMacPoolTooltip()),
+ new RoleNode(ActionGroup.CONFIGURE_MAC_POOL,
getConstants().allowToUseMacPoolTooltip())
+ })
+ });
+ }
+
protected static RoleNode createDiskRoleTree() {
return new RoleNode(getConstants().diskRoleTree(),
new RoleNode[] { new
RoleNode(getConstants().provisioningOperationsRoleTree(),
diff --git
a/frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/LocalizedEnums.java
b/frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/LocalizedEnums.java
index 5ffecf7..40df5dc 100644
---
a/frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/LocalizedEnums.java
+++
b/frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/LocalizedEnums.java
@@ -946,4 +946,11 @@
String SELinuxMode___DISABLED();
+ String ActionGroup___CREATE_MAC_POOL();
+
+ String ActionGroup___EDIT_MAC_POOL();
+
+ String ActionGroup___DELETE_MAC_POOL();
+
+ String ActionGroup___CONFIGURE_MAC_POOL();
}
diff --git
a/frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/UIConstants.java
b/frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/UIConstants.java
index 7c52a3a..dfe9c9a 100644
---
a/frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/UIConstants.java
+++
b/frontend/webadmin/modules/uicompat/src/main/java/org/ovirt/engine/ui/uicompat/UIConstants.java
@@ -2319,5 +2319,29 @@
@DefaultStringValue("Login")
String loginButtonLabel();
+
+ //TODO MM: REVISIT
+ @DefaultStringValue("MAC Pools")
+ String macPoolTree();
+
+ //TODO MM: REVISIT
+ @DefaultStringValue("MAC Pool User")
+ String macPoolUser();
+
+ //TODO MM: REVISIT
+ @DefaultStringValue("Create")
+ String allowToCreateMacPoolTooltip();
+
+ //TODO MM: REVISIT
+ @DefaultStringValue("Edit")
+ String allowToEditMacPoolTooltip();
+
+ //TODO MM: REVISIT
+ @DefaultStringValue("Delete")
+ String allowToDeleteMacPoolTooltip();
+
+ //TODO MM: REVISIT
+ @DefaultStringValue("Configure")
+ String allowToUseMacPoolTooltip();
}
diff --git
a/frontend/webadmin/modules/uicompat/src/main/resources/org/ovirt/engine/ui/uicompat/LocalizedEnums.properties
b/frontend/webadmin/modules/uicompat/src/main/resources/org/ovirt/engine/ui/uicompat/LocalizedEnums.properties
index 5ce7131..4b2abcf 100644
---
a/frontend/webadmin/modules/uicompat/src/main/resources/org/ovirt/engine/ui/uicompat/LocalizedEnums.properties
+++
b/frontend/webadmin/modules/uicompat/src/main/resources/org/ovirt/engine/ui/uicompat/LocalizedEnums.properties
@@ -98,6 +98,10 @@
ActionGroup___MANIPULATE_GLUSTER_HOOK=Manipulate Gluster Hook
ActionGroup___MANIPULATE_GLUSTER_SERVICE=Manipulate Service
ActionGroup___MANIPULATE_AFFINITY_GROUPS=Manipulate Affinity Groups
+ActionGroup___CREATE_MAC_POOL=Create
+ActionGroup___EDIT_MAC_POOL=Edit Settings
+ActionGroup___DELETE_MAC_POOL=Delete
+ActionGroup___CONFIGURE_MAC_POOL=Use existing MAC Pool
EventNotificationEntity___Host=General Host Events:
EventNotificationEntity___VdsGroup=Cluster Events:
EventNotificationEntity___VirtHost=Virt Host Events:
diff --git
a/packaging/dbscripts/upgrade/03_05_0760_add_permissions_to_mac_pools.sql
b/packaging/dbscripts/upgrade/03_05_0760_add_permissions_to_mac_pools.sql
new file mode 100644
index 0000000..5b39aad
--- /dev/null
+++ b/packaging/dbscripts/upgrade/03_05_0760_add_permissions_to_mac_pools.sql
@@ -0,0 +1,96 @@
+
+Create or replace FUNCTION __temp_insert_mac_pool_roles_and_permissions()
+RETURNS VOID
+ AS $procedure$
+DECLARE
+ v_EVERYONE UUID;
+ v_MAC_POOL_ADMIN UUID;
+ v_LOCAL_ADMIN_ID UUID;
+ v_MAC_POOL_USER UUID;
+
+ v_CREATE_MAC_POOL INTEGER;
+ v_EDIT_MAC_POOL INTEGER;
+ v_DELETE_MAC_POOL INTEGER;
+ v_CONFIGURE_MAC_POOL INTEGER;
+ v_LOGIN INTEGER;
+
+ v_APP_MODE INTEGER;
+
+BEGIN
+ v_EVERYONE := 'EEE00000-0000-0000-0000-123456789EEE';
+ v_MAC_POOL_ADMIN := 'DEF00013-0000-0000-0000-DEF000000013';
+ v_LOCAL_ADMIN_ID := 'FDFC627C-D875-11E0-90F0-83DF133B58CC';
+ v_MAC_POOL_USER := 'DEF00014-0000-0000-0000-DEF000000014';
+
+ v_CREATE_MAC_POOL := 1660;
+ v_EDIT_MAC_POOL := 1661;
+ v_DELETE_MAC_POOL := 1662;
+ v_CONFIGURE_MAC_POOL := 1663;
+ v_LOGIN := 1300;
+
+ v_APP_MODE := 255;
+
+--TODO should be readonly true or false?
+ INSERT INTO roles (id, name, description, is_readonly, role_type,
allows_viewing_children, app_mode) SELECT
+
v_MAC_POOL_ADMIN,
+
'MacPoolAdmin',
+
'MAC Pool Administrator Role, permission for
manipulation with MAC pools',
+
true,
+
1,
+
true,
+
v_APP_MODE;
+
+ INSERT INTO roles (id, name, description, is_readonly, role_type,
allows_viewing_children, app_mode) SELECT
+
v_MAC_POOL_USER,
+
'MacPoolUser',
+
'MAC Pool User Role, permission allowing using MAC
pools',
+
true,
+
1,
+
true,
+
v_APP_MODE;
+
+ INSERT INTO roles_groups (role_id, action_group_id) VALUES
(v_MAC_POOL_ADMIN, v_CREATE_MAC_POOL);
+ INSERT INTO roles_groups (role_id, action_group_id) VALUES
(v_MAC_POOL_ADMIN, v_EDIT_MAC_POOL);
+ INSERT INTO roles_groups (role_id, action_group_id) VALUES
(v_MAC_POOL_ADMIN, v_DELETE_MAC_POOL);
+ INSERT INTO roles_groups (role_id, action_group_id) VALUES
(v_MAC_POOL_ADMIN, v_CONFIGURE_MAC_POOL);
+ INSERT INTO roles_groups (role_id, action_group_id) VALUES
(v_MAC_POOL_ADMIN, v_LOGIN);
+
+ INSERT INTO permissions (id,
+ role_id,
+ ad_element_id,
+ object_id,
+ object_type_id)
+ SELECT
+ uuid_generate_v1(),
+ v_MAC_POOL_ADMIN,
+ v_LOCAL_ADMIN_ID,
+
+ --system object
+ getGlobalIds('system'),
+
+ --org.ovirt.engine.core.common.VdcObjectType.System
+ 1;
+
+ INSERT INTO permissions (id,
+ role_id,
+ ad_element_id,
+ object_id,
+ object_type_id)
+ SELECT
+ uuid_generate_v1(),
+ v_MAC_POOL_USER,
+ v_EVERYONE,
+
+ --system object
+ (select mp.id from mac_pools mp where mp.default_pool is true),
+
+ --org.ovirt.engine.core.common.VdcObjectType.MacPool
+ 28;
+
+ RETURN;
+END; $procedure$
+LANGUAGE plpgsql;
+
+
+SELECT __temp_insert_mac_pool_roles_and_permissions();
+DROP FUNCTION __temp_insert_mac_pool_roles_and_permissions();
--
To view, visit http://gerrit.ovirt.org/29846
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I1f5d080b6628f86ab2ff88f8e2dfaab21d367c7f
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Martin Mucha <mmu...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
