Yair Zaslavsky has uploaded a new change for review. Change subject: aaa: present authz and namespace information ......................................................................
aaa: present authz and namespace information This patch presents authz and namespace info at users main tab, and in permissions sub tabs Topic: AAA Change-Id: I4b2bc84364b8ac7ee180848a66bd03489b03e4d3 Bug-Url: https://bugzilla.redhat.com/1120195 Signed-off-by: Yair Zaslavsky <yzasl...@redhat.com> --- M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/PermissionsCommandBase.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/Permissions.java M backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/PermissionDAODbFacadeImpl.java M backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties M frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/CommonApplicationConstants.java M frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/widget/uicommon/permissions/PermissionListModelTable.java M frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/main/view/popup/configure/SystemPermissionView.java M frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/main/view/tab/MainTabUserView.java M packaging/dbscripts/create_functions.sql M packaging/dbscripts/create_views.sql 10 files changed, 123 insertions(+), 4 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/14/30714/1 diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/PermissionsCommandBase.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/PermissionsCommandBase.java index f4698d9..9c8c7dc 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/PermissionsCommandBase.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/PermissionsCommandBase.java @@ -67,11 +67,23 @@ return dbUser == null ? (dbGroup == null ? "" : dbGroup.getName()) : dbUser.getLoginName(); } + public String getNamespace() { + initUserAndGroupData(); + return dbUser == null ? (dbGroup == null ? "" : dbGroup.getNamespace()) : dbUser.getNamespace(); + + } + + public String getAuthz() { + initUserAndGroupData(); + return dbUser == null ? (dbGroup == null ? "" : dbGroup.getDomain()) : dbUser.getDomain(); + + } + public void initUserAndGroupData() { if (dbUser == null) { dbUser = getDbUserDAO().get(getParameters().getPermission().getad_element_id()); } - if (dbGroup == null) { + if (dbUser == null && dbGroup == null) { dbGroup = getAdGroupDAO().get(getParameters().getPermission().getad_element_id()); } } diff --git a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/Permissions.java b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/Permissions.java index bb0251e..affb90a 100644 --- a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/Permissions.java +++ b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/Permissions.java @@ -16,6 +16,9 @@ private String roleName; private String ownerName; private RoleType roleType; + private String authz; + + private String namespace; public Permissions() { this (Guid.Empty, Guid.Empty, null, null); @@ -108,6 +111,22 @@ return roleType; } + public String getAuthz() { + return authz; + } + + public void setAuthz(String authz) { + this.authz = authz; + } + + public String getNamespace() { + return namespace; + } + + public void setNamespace(String namespace) { + this.namespace = namespace; + } + @Override public int hashCode() { final int prime = 31; @@ -121,6 +140,9 @@ result = prime * result + ((roleName == null) ? 0 : roleName.hashCode()); result = prime * result + ((roleType == null) ? 0 : roleType.hashCode()); result = prime * result + ((roleId == null) ? 0 : roleId.hashCode()); + result = prime * result + ((authz == null) ? 0 : authz.hashCode()); + result = prime * result + ((namespace == null) ? 0 : namespace.hashCode()); + return result; } diff --git a/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/PermissionDAODbFacadeImpl.java b/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/PermissionDAODbFacadeImpl.java index cd76441..f68d14e 100644 --- a/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/PermissionDAODbFacadeImpl.java +++ b/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/PermissionDAODbFacadeImpl.java @@ -266,6 +266,8 @@ entity.setRoleName(rs.getString("role_name")); entity.setObjectName(rs.getString("object_name")); entity.setOwnerName(rs.getString("owner_name")); + entity.setNamespace(rs.getString("namespace")); + entity.setAuthz(rs.getString("authz")); entity.setRoleType(RoleType.getById(rs.getInt("role_type"))); return entity; } diff --git a/backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties b/backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties index 3ddcca3..aebe4b9 100644 --- a/backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties +++ b/backend/manager/modules/dal/src/main/resources/bundles/AuditLogMessages.properties @@ -379,7 +379,7 @@ VDS_ARCHITECTURE_NOT_SUPPORTED_FOR_CLUSTER=Host ${VdsName} has architecture ${VdsArchitecture} and cannot join Cluster ${VdsGroupName} which has architecture ${VdsGroupArchitecture}. CPU_TYPE_UNSUPPORTED_IN_THIS_CLUSTER_VERSION=Host ${VdsName} moved to Non-Operational state as host CPU type is not supported in this cluster compatibility version or is not supported at all RUN_VM_FAILED=Cannot run VM ${VmName} on Host ${VdsName}. Error: ${ErrMsg} -USER_ADD_PERMISSION=User/Group ${SubjectName} was granted permission for Role ${RoleName} on ${VdcObjectType} ${VdcObjectName}, by ${UserName}. +USER_ADD_PERMISSION=User/Group ${SubjectName}, Namespace ${Namespace}, Authorization provider: ${Authz} was granted permission for Role ${RoleName} on ${VdcObjectType} ${VdcObjectName}, by ${UserName}. USER_ADD_PERMISSION_FAILED=User ${UserName} failed to grant permission for Role ${RoleName} on ${VdcObjectType} ${VdcObjectName} to User/Group ${SubjectName}. USER_REMOVE_PERMISSION=User/Group ${SubjectName} Role ${RoleName} permission was removed from ${VdcObjectType} ${VdcObjectName} by ${UserName} USER_REMOVE_PERMISSION_FAILED=User ${UserName} failed to remove permission for Role ${RoleName} from ${VdcObjectType} ${VdcObjectName} to User/Group ${SubjectName} diff --git a/frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/CommonApplicationConstants.java b/frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/CommonApplicationConstants.java index e0ae04a..a603f44 100644 --- a/frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/CommonApplicationConstants.java +++ b/frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/CommonApplicationConstants.java @@ -1868,4 +1868,10 @@ @DefaultStringValue("Required Random Number Generator sources:") String requiredRngSources(); + + @DefaultStringValue("Namespace") + String namespace(); + + @DefaultStringValue("Authorization provider") + String authz(); } diff --git a/frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/widget/uicommon/permissions/PermissionListModelTable.java b/frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/widget/uicommon/permissions/PermissionListModelTable.java index 58cfac7..4e2d92b 100644 --- a/frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/widget/uicommon/permissions/PermissionListModelTable.java +++ b/frontend/webadmin/modules/gwt-common/src/main/java/org/ovirt/engine/ui/common/widget/uicommon/permissions/PermissionListModelTable.java @@ -36,6 +36,26 @@ userColumn.makeSortable(); getTable().addColumn(userColumn, constants.userPermission(), "300px"); //$NON-NLS-1$ + TextColumnWithTooltip<Permissions> namespaceColumn = new TextColumnWithTooltip<Permissions>() { + @Override + public String getValue(Permissions object) { + return object.getNamespace(); + } + }; + namespaceColumn.makeSortable(); + getTable().addColumn(namespaceColumn, constants.namespace(), "300px"); //$NON-NLS-1$ + + TextColumnWithTooltip<Permissions> authzColumn = new TextColumnWithTooltip<Permissions>() { + @Override + public String getValue(Permissions object) { + return object.getAuthz(); + } + }; + authzColumn.makeSortable(); + getTable().addColumn(authzColumn, constants.authz(), "300px"); //$NON-NLS-1$ + + + TextColumnWithTooltip<Permissions> roleColumn = new TextColumnWithTooltip<Permissions>() { @Override public String getValue(Permissions object) { diff --git a/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/main/view/popup/configure/SystemPermissionView.java b/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/main/view/popup/configure/SystemPermissionView.java index 9936a7f..df054b1 100644 --- a/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/main/view/popup/configure/SystemPermissionView.java +++ b/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/main/view/popup/configure/SystemPermissionView.java @@ -78,7 +78,23 @@ return object.getOwnerName(); } }; - table.addColumn(userColumn, constants.userPermission()); + table.addColumn(userColumn, constants.userPermission(), "300px"); //$NON-NLS-1$ + + TextColumnWithTooltip<Permissions> namespaceColumn = new TextColumnWithTooltip<Permissions>() { + @Override + public String getValue(Permissions object) { + return object.getNamespace(); + } + }; + table.addColumn(namespaceColumn, constants.namespace(), "200px"); //$NON-NLS-1$ + + TextColumnWithTooltip<Permissions> authzColumn = new TextColumnWithTooltip<Permissions>() { + @Override + public String getValue(Permissions object) { + return object.getAuthz(); + } + }; + table.addColumn(authzColumn, constants.authz(), "200px"); //$NON-NLS-1$ TextColumnWithTooltip<Permissions> roleColumn = new TextColumnWithTooltip<Permissions>() { @Override diff --git a/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/main/view/tab/MainTabUserView.java b/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/main/view/tab/MainTabUserView.java index c5996d2..239ea70 100644 --- a/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/main/view/tab/MainTabUserView.java +++ b/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/main/view/tab/MainTabUserView.java @@ -63,6 +63,24 @@ userNameColumn.makeSortable(VdcUserConditionFieldAutoCompleter.USER_NAME); getTable().addColumn(userNameColumn, constants.userNameUser(), "150px"); //$NON-NLS-1$ + TextColumnWithTooltip<DbUser> namespaceColumn = new TextColumnWithTooltip<DbUser>() { + @Override + public String getValue(DbUser object) { + return object.getNamespace(); + } + }; + namespaceColumn.makeSortable(); + getTable().addColumn(namespaceColumn, constants.namespace(), "150px"); //$NON-NLS-1$ + + TextColumnWithTooltip<DbUser> authzColumn = new TextColumnWithTooltip<DbUser>() { + @Override + public String getValue(DbUser object) { + return object.getDomain(); + } + }; + authzColumn.makeSortable(); + getTable().addColumn(authzColumn, constants.authz(), "150px"); //$NON-NLS-1$ + TextColumnWithTooltip<DbUser> groupColumn = new TextColumnWithTooltip<DbUser>() { @Override public String getValue(DbUser object) { diff --git a/packaging/dbscripts/create_functions.sql b/packaging/dbscripts/create_functions.sql index 9d92dae..7205d79 100644 --- a/packaging/dbscripts/create_functions.sql +++ b/packaging/dbscripts/create_functions.sql @@ -10,6 +10,8 @@ CREATE TYPE idTextType AS(id text); CREATE TYPE idUuidType AS(id UUID); CREATE TYPE booleanResultType AS(result BOOLEAN); +DROP TYPE IF EXISTS authzEntryInfoType CASCADE; +CREATE TYPE authzEntryInfoType AS(name text, namespace VARCHAR(2048), authz VARCHAR(255)); CREATE OR REPLACE FUNCTION getGlobalIds(v_name VARCHAR(4000)) @@ -465,6 +467,27 @@ END; $function$ LANGUAGE plpgsql; + +CREATE OR REPLACE FUNCTION public.fn_authz_entry_info(v_ad_element_id IN uuid) RETURNS AuthzEntryInfoType STABLE AS +$function$ +DECLARE + result authzEntryInfoType; + +BEGIN + if (v_ad_element_id = getGlobalIds('everyone')) then + select 'Everyone','*','' into result; + else + select(COALESCE(name,'') || ' ' || COALESCE(surname,'') || ' (' || COALESCE(username,'') || '@' || COALESCE(domain,'') || ')'), namespace, domain INTO result from users where user_id = v_ad_element_id; + if (result is null) then + select name, namespace, domain INTO result from ad_groups where ID = v_ad_element_id; + end if; + end if; + return result; +END; $function$ +LANGUAGE plpgsql; + + + CREATE OR REPLACE FUNCTION public.fn_get_ad_element_name(v_ad_element_id IN uuid) RETURNS text STABLE AS $function$ DECLARE diff --git a/packaging/dbscripts/create_views.sql b/packaging/dbscripts/create_views.sql index 5de1ed7..aa1f630 100644 --- a/packaging/dbscripts/create_views.sql +++ b/packaging/dbscripts/create_views.sql @@ -908,7 +908,7 @@ SELECT permissions.id as id, permissions.role_id as role_id, permissions.ad_element_id as ad_element_id, permissions.object_id as object_id, permissions.object_type_id as object_type_id, roles.name as role_name, roles.role_type as role_type, roles.allows_viewing_children as allows_viewing_children, roles.app_mode as app_mode, fn_get_entity_name(permissions.object_id,permissions.object_type_id) as object_name, - fn_get_ad_element_name(permissions.ad_element_id) as owner_name + (fn_authz_entry_info(permissions.ad_element_id)).name as owner_name, (fn_authz_entry_info(permissions.ad_element_id)).namespace as namespace, (fn_authz_entry_info(permissions.ad_element_id)).authz as authz FROM permissions INNER JOIN roles ON permissions.role_id = roles.id; -- To view, visit http://gerrit.ovirt.org/30714 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I4b2bc84364b8ac7ee180848a66bd03489b03e4d3 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-3.5 Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
