Yair Zaslavsky has uploaded a new change for review.
Change subject: aaa: Introducing some changes to directory utils
......................................................................
aaa: Introducing some changes to directory utils
Topic: AAA
Change-Id: I7bb54ae17616a239879a168b7415fb96250ba50d
Signed-off-by: Yair Zaslavsky <yzasl...@redhat.com>
---
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/aaa/DirectoryUtils.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddGroupCommand.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddUserCommand.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/DbUserCacheManager.java
M
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/LoginBaseCommand.java
M
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/DbUser.java
6 files changed, 70 insertions(+), 50 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/14/29914/1
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/aaa/DirectoryUtils.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/aaa/DirectoryUtils.java
index a98c863..334e018 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/aaa/DirectoryUtils.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/aaa/DirectoryUtils.java
@@ -5,11 +5,13 @@
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
-import java.util.Set;
import org.ovirt.engine.api.extensions.ExtMap;
import org.ovirt.engine.api.extensions.aaa.Authz;
+import org.ovirt.engine.api.extensions.aaa.Authz.GroupRecord;
+import org.ovirt.engine.api.extensions.aaa.Authz.PrincipalRecord;
import org.ovirt.engine.core.common.businessentities.DbGroup;
+import org.ovirt.engine.core.common.businessentities.DbUser;
import org.ovirt.engine.core.compat.Guid;
import org.ovirt.engine.core.dal.dbbroker.DbFacade;
import org.ovirt.engine.core.dao.DbGroupDAO;
@@ -17,15 +19,13 @@
public class DirectoryUtils {
- public static HashSet<Guid> getGroupIdsFromUser(DirectoryUser
directoryUser) {
+ public static HashSet<Guid> getGroupIdsFromPrincipal(String authz, ExtMap
principal) {
HashSet<Guid> results = new HashSet<Guid>();
DbGroupDAO dao = DbFacade.getInstance().getDbGroupDao();
- if (directoryUser.getGroups() != null) {
- for (DirectoryGroup group : directoryUser.getGroups()) {
- DbGroup dbGroup =
dao.getByExternalId(group.getDirectoryName(), group.getId());
- if (dbGroup != null) {
- results.add(dbGroup.getId());
- }
+ for (ExtMap group : principal.get(PrincipalRecord.GROUPS,
Collections.<ExtMap> emptyList())) {
+ DbGroup dbGroup = dao.getByExternalId(authz, group.<String>
get(GroupRecord.ID));
+ if (dbGroup != null) {
+ results.add(dbGroup.getId());
}
}
return results;
@@ -67,7 +67,7 @@
final boolean groupsResolving,
final boolean groupsResolvingRecursive
) {
- return mapPrincipalRecords(
+ return mapPrincipalRecordsToDirectoryUsers(
AuthzUtils.getName(extension),
AuthzUtils.findPrincipalsByIds(
extension,
@@ -117,7 +117,7 @@
final List<String> ids,
final boolean resolveGroups,
final boolean resolveGroupsRecursive) {
- return mapGroupRecords(AuthzUtils.getName(extension),
+ return mapGroupRecordsToDirectoryGroups(AuthzUtils.getName(extension),
AuthzUtils.findGroupRecordsByIds(
extension,
namespace,
@@ -127,7 +127,11 @@
);
}
- public static DirectoryUser mapPrincipalRecord(final String authzName,
final ExtMap principalRecord) {
+ public static DbUser mapPrincipalRecordToDbUser(final String authzName,
final ExtMap principalRecord) {
+ return new DbUser(mapPrincipalRecordToDirectoryUser(authzName,
principalRecord));
+ }
+
+ public static DirectoryUser mapPrincipalRecordToDirectoryUser(final String
authzName, final ExtMap principalRecord) {
DirectoryUser directoryUser = null;
if (principalRecord != null) {
directoryUser = new DirectoryUser(
@@ -145,7 +149,7 @@
List<ExtMap> groups = principalRecord.<List<ExtMap>>
get(Authz.PrincipalRecord.GROUPS);
if (groups != null) {
for (ExtMap group : groups) {
- directoryGroups.add(mapGroupRecord(authzName, group));
+
directoryGroups.add(mapGroupRecordToDirectoryGroup(authzName, group));
}
}
directoryUser.setGroups(directoryGroups);
@@ -153,7 +157,7 @@
return directoryUser;
}
- public static DirectoryGroup mapGroupRecord(final String authzName, final
ExtMap group) {
+ public static DirectoryGroup mapGroupRecordToDirectoryGroup(final String
authzName, final ExtMap group) {
DirectoryGroup directoryGroup = null;
if (group != null) {
directoryGroup = new DirectoryGroup(
@@ -163,24 +167,35 @@
group.<String> get(Authz.GroupRecord.NAME)
);
for (ExtMap memberOf : group.<List<ExtMap>>
get(Authz.GroupRecord.GROUPS, Collections.<ExtMap> emptyList())) {
- directoryGroup.getGroups().add(mapGroupRecord(authzName,
memberOf));
+
directoryGroup.getGroups().add(mapGroupRecordToDirectoryGroup(authzName,
memberOf));
}
}
return directoryGroup;
}
- public static List<DirectoryGroup> mapGroupRecords(final String authzName,
final List<ExtMap> groups) {
+ public static DbGroup mapGroupRecordToDbGroup(String directory, ExtMap
groupRecord) {
+ return new DbGroup(mapGroupRecordToDirectoryGroup(directory,
groupRecord));
+ }
+
+
+ public static void flatGroups(ExtMap principal) {
+ List<ExtMap> accumulator = new ArrayList<>();
+ flatGroups(accumulator, principal.get(GroupRecord.GROUPS,
Collections.<ExtMap> emptyList()));
+ principal.put(GroupRecord.GROUPS, accumulator);
+ }
+
+ public static List<DirectoryGroup> mapGroupRecordsToDirectoryGroups(final
String authzName, final List<ExtMap> groups) {
List<DirectoryGroup> results = new ArrayList<>();
for (ExtMap group : groups) {
- results.add(mapGroupRecord(authzName, group));
+ results.add(mapGroupRecordToDirectoryGroup(authzName, group));
}
return results;
}
- public static List<DirectoryUser> mapPrincipalRecords(final String
authzName, final List<ExtMap> users) {
+ public static List<DirectoryUser>
mapPrincipalRecordsToDirectoryUsers(final String authzName, final List<ExtMap>
users) {
List<DirectoryUser> results = new ArrayList<>();
for (ExtMap user : users) {
- results.add(mapPrincipalRecord(authzName, user));
+ results.add(mapPrincipalRecordToDirectoryUser(authzName, user));
}
return results;
}
@@ -192,7 +207,7 @@
boolean groupsResolving,
boolean groupsResolvingRecursive
) {
- return mapPrincipalRecords(AuthzUtils.getName(extension),
AuthzUtils.queryPrincipalRecords(extension,
+ return
mapPrincipalRecordsToDirectoryUsers(AuthzUtils.getName(extension),
AuthzUtils.queryPrincipalRecords(extension,
namespace,
filter,
groupsResolving,
@@ -208,16 +223,17 @@
) {
List<DirectoryGroup> directoryGroups = new ArrayList<>();
for (ExtMap group :
AuthzUtils.queryPrincipalRecords(extension, namespace, filter, groupsResolving,
groupsResolvingRecursive)) {
-
directoryGroups.add(mapGroupRecord(AuthzUtils.getName(extension), group));
+
directoryGroups.add(mapGroupRecordToDirectoryGroup(AuthzUtils.getName(extension),
group));
}
return directoryGroups;
}
- private static void flatGroups(Set<DirectoryGroup> accumulator,
List<DirectoryGroup> groupsFrom) {
- for (DirectoryGroup group : groupsFrom) {
- flatGroups(accumulator, group.getGroups());
+ private static void flatGroups(List<ExtMap> accumulator, List<ExtMap>
groupsFrom) {
+ for (ExtMap group : groupsFrom) {
+ flatGroups(accumulator, group.get(GroupRecord.GROUPS,
Collections.<ExtMap> emptyList()));
accumulator.add(group);
}
}
+
}
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddGroupCommand.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddGroupCommand.java
index 35efe86..2012841 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddGroupCommand.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddGroupCommand.java
@@ -4,8 +4,10 @@
import java.util.Collections;
import java.util.List;
+import org.ovirt.engine.api.extensions.ExtMap;
import org.ovirt.engine.api.extensions.aaa.Authz;
-import org.ovirt.engine.core.aaa.DirectoryGroup;
+import org.ovirt.engine.api.extensions.aaa.Authz.GroupRecord;
+import org.ovirt.engine.core.aaa.AuthzUtils;
import org.ovirt.engine.core.aaa.DirectoryUtils;
import org.ovirt.engine.core.bll.context.CommandContext;
import org.ovirt.engine.core.bll.utils.PermissionSubject;
@@ -24,7 +26,7 @@
// We save a reference to the directory group to avoid looking it up once
when checking the conditions and another
// time when actually adding the group to the database:
- private DirectoryGroup directoryGroup;
+ private ExtMap groupRecord;
public AddGroupCommand(T params) {
this(params, null);
@@ -53,8 +55,8 @@
boolean foundGroup = false;
for (String namespace : getParameters().getNamespace() != null ?
Arrays.asList(getParameters().getNamespace())
: authz.getContext().<List<String>>
get(Authz.ContextKeys.AVAILABLE_NAMESPACES)) {
- directoryGroup = DirectoryUtils.findDirectoryGroupById(authz,
namespace, id, true, true);
- if (directoryGroup != null) {
+ groupRecord = AuthzUtils.findGroupRecordsByIds(authz, namespace,
Arrays.asList(id), true, true).get(0);
+ if (groupRecord != null) {
foundGroup = true;
break;
}
@@ -65,7 +67,7 @@
return false;
}
- addCustomValue("NewUserName", directoryGroup.getName());
+ addCustomValue("NewUserName", groupRecord.<String>
get(GroupRecord.NAME));
return true;
}
@@ -75,15 +77,15 @@
// First check if the group is already in the database, if it is we
// need to update, if not we need to insert:
DbGroupDAO dao = getAdGroupDAO();
- DbGroup dbGroup =
dao.getByExternalId(directoryGroup.getDirectoryName(), directoryGroup.getId());
+ DbGroup dbGroup = dao.getByExternalId(getParameters().getDirectory(),
groupRecord.<String> get(GroupRecord.NAME));
if (dbGroup == null) {
- dbGroup = new DbGroup(directoryGroup);
+ dbGroup =
DirectoryUtils.mapGroupRecordToDbGroup(getParameters().getDirectory(),
groupRecord);
dbGroup.setId(Guid.newGuid());
dao.save(dbGroup);
}
else {
Guid id = dbGroup.getId();
- dbGroup = new DbGroup(directoryGroup);
+ dbGroup =
DirectoryUtils.mapGroupRecordToDbGroup(getParameters().getDirectory(),
groupRecord);
dbGroup.setId(id);
dao.update(dbGroup);
}
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddUserCommand.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddUserCommand.java
index 5e9fe93..182d5d2 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddUserCommand.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/AddUserCommand.java
@@ -5,8 +5,10 @@
import java.util.HashSet;
import java.util.List;
+import org.ovirt.engine.api.extensions.ExtMap;
import org.ovirt.engine.api.extensions.aaa.Authz;
-import org.ovirt.engine.core.aaa.DirectoryUser;
+import org.ovirt.engine.api.extensions.aaa.Authz.PrincipalRecord;
+import org.ovirt.engine.core.aaa.AuthzUtils;
import org.ovirt.engine.core.aaa.DirectoryUtils;
import org.ovirt.engine.core.bll.context.CommandContext;
import org.ovirt.engine.core.bll.utils.PermissionSubject;
@@ -23,7 +25,7 @@
public class AddUserCommand<T extends DirectoryIdParameters> extends
CommandBase<T> {
// We save a reference to the directory user to avoid looking it up once
when checking the conditions and another
// time when actually adding the user to the database:
- private DirectoryUser directoryUser;
+ private ExtMap principal;
public AddUserCommand(T params) {
this(params, null);
@@ -78,8 +80,8 @@
boolean foundUser = false;
for (String namespace : getParameters().getNamespace() != null ?
Arrays.asList(getParameters().getNamespace())
: authz.getContext().<List<String>>
get(Authz.ContextKeys.AVAILABLE_NAMESPACES)) {
- directoryUser = DirectoryUtils.findDirectoryUserById(authz,
namespace, id, true, true);
- if (directoryUser != null) {
+ principal = AuthzUtils.fetchPrincipalsByIdsRecursively(authz,
namespace, Arrays.asList(id)).get(0);
+ if (principal != null) {
foundUser = true;
break;
}
@@ -95,7 +97,7 @@
// Populate information for the audit log:
- addCustomValue("NewUserName", directoryUser.getName());
+ addCustomValue("NewUserName", principal.<String>
get(PrincipalRecord.NAME));
return true;
@@ -106,17 +108,18 @@
DbUserDAO dao = getDbUserDAO();
// First check if the user is already in the database, if it is we
need to update, if not we need to insert:
- HashSet<Guid> groupIds =
DirectoryUtils.getGroupIdsFromUser(directoryUser);
- DbUser dbUser = dao.getByExternalId(directoryUser.getDirectoryName(),
directoryUser.getId());
+ DirectoryUtils.flatGroups(principal);
+ HashSet<Guid> groupIds =
DirectoryUtils.getGroupIdsFromPrincipal(getParameters().getDirectory(),
principal);
+ DbUser dbUser = dao.getByExternalId(getParameters().getDirectory(),
principal.<String> get(PrincipalRecord.ID));
if (dbUser == null) {
- dbUser = new DbUser(directoryUser);
+ dbUser =
DirectoryUtils.mapPrincipalRecordToDbUser(getParameters().getDirectory(),
principal);
dbUser.setId(Guid.newGuid());
dbUser.setGroupIds(groupIds);
dao.save(dbUser);
}
else {
Guid id = dbUser.getId();
- dbUser = new DbUser(directoryUser);
+ dbUser =
DirectoryUtils.mapPrincipalRecordToDbUser(getParameters().getDirectory(),
principal);
dbUser.setId(id);
dbUser.setGroupIds(groupIds);
dao.update(dbUser);
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/DbUserCacheManager.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/DbUserCacheManager.java
index b873251..b348104 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/DbUserCacheManager.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/DbUserCacheManager.java
@@ -154,7 +154,8 @@
DirectoryUser directoryUser =
index.get(dbUser.getExternalId());
if (directoryUser != null) {
dbUser.setActive(false);
-
dbUser.setGroupIds(DirectoryUtils.getGroupIdsFromUser(directoryUser));
+ // TODO: will be fixed in next patch in series
+ //
dbUser.setGroupIds(DirectoryUtils.getGroupIdsFromUser(directoryUser));
dbUser = refreshUser(dbUser, directoryUser);
if (dbUser != null) {
refreshed.add(dbUser);
diff --git
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/LoginBaseCommand.java
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/LoginBaseCommand.java
index 94fdb64..3d145f2 100644
---
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/LoginBaseCommand.java
+++
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/LoginBaseCommand.java
@@ -17,13 +17,13 @@
import org.ovirt.engine.api.extensions.aaa.Authn;
import org.ovirt.engine.api.extensions.aaa.Authn.AuthRecord;
import org.ovirt.engine.api.extensions.aaa.Authz;
+import org.ovirt.engine.api.extensions.aaa.Authz.PrincipalRecord;
import org.ovirt.engine.api.extensions.aaa.Mapping;
import org.ovirt.engine.core.aaa.AcctUtils;
import org.ovirt.engine.core.aaa.AuthType;
import org.ovirt.engine.core.aaa.AuthenticationProfile;
import org.ovirt.engine.core.aaa.AuthenticationProfileRepository;
import org.ovirt.engine.core.aaa.AuthzUtils;
-import org.ovirt.engine.core.aaa.DirectoryUser;
import org.ovirt.engine.core.aaa.DirectoryUtils;
import org.ovirt.engine.core.bll.session.SessionDataContainer;
import org.ovirt.engine.core.bll.utils.PermissionSubject;
@@ -254,18 +254,18 @@
return false;
}
- DirectoryUser directoryUser =
DirectoryUtils.mapPrincipalRecord(AuthzUtils.getName(profile.getAuthz()),
principalRecord);
// Check that the user exists in the database, if it doesn't exist
then we need to add it now:
DbUser dbUser =
getDbUserDAO().getByExternalId(
AuthzUtils.getName(profile.getAuthz()),
- directoryUser.getId());
+ principalRecord.<String> get(PrincipalRecord.ID));
if (dbUser == null) {
- dbUser = new DbUser(directoryUser);
+ dbUser =
DirectoryUtils.mapPrincipalRecordToDbUser(AuthzUtils.getName(profile.getAuthz()),
principalRecord);
dbUser.setId(Guid.newGuid());
}
- dbUser.setGroupIds(DirectoryUtils.getGroupIdsFromUser(directoryUser));
+ DirectoryUtils.flatGroups(principalRecord);
+
dbUser.setGroupIds(DirectoryUtils.getGroupIdsFromPrincipal(AuthzUtils.getName(profile.getAuthz()),
principalRecord));
getDbUserDAO().saveOrUpdate(dbUser);
// Check login permissions. We do it here and not via the
diff --git
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/DbUser.java
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/DbUser.java
index 170374b..5c701db 100644
---
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/DbUser.java
+++
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/DbUser.java
@@ -251,7 +251,6 @@
public int hashCode() {
final int prime = 31;
int result = 1;
- result = prime * result + ((id == null) ? 0 : id.hashCode());
result = prime * result + ((externalId == null) ? 0 :
externalId.hashCode());
result = prime * result + ((department == null) ? 0 :
department.hashCode());
result = prime * result + ((domain == null) ? 0 : domain.hashCode());
@@ -280,8 +279,7 @@
return false;
}
DbUser other = (DbUser) obj;
- return (ObjectUtils.objectsEqual(id, other.id)
- && ObjectUtils.objectsEqual(externalId, other.externalId)
+ return ObjectUtils.objectsEqual(externalId, other.externalId)
&& ObjectUtils.objectsEqual(department, other.department)
&& ObjectUtils.objectsEqual(domain, other.domain)
&& ObjectUtils.objectsEqual(namespace, other.namespace)
@@ -293,7 +291,7 @@
&& ObjectUtils.objectsEqual(role, other.role)
&& active == other.active
&& ObjectUtils.objectsEqual(lastName, other.lastName)
- && ObjectUtils.objectsEqual(loginName, other.loginName));
+ && ObjectUtils.objectsEqual(loginName, other.loginName);
}
--
To view, visit http://gerrit.ovirt.org/29914
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I7bb54ae17616a239879a168b7415fb96250ba50d
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: ovirt-engine-3.5
Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
