Yair Zaslavsky has uploaded a new change for review. Change subject: aaa: Add support to principal field in ui,rest-api, and built-in extension ......................................................................
aaa: Add support to principal field in ui,rest-api, and built-in extension Change-Id: I5ba5d75449afd1ecdf75e7b335b4ab5cb32d10ce Bug-Url: https://bugzilla.redhat.com/1120720 Toppic: AAA Signed-off-by: Yair Zaslavsky <yzasl...@redhat.com> --- M backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java A backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetDirectoryUserByPrincipalQuery.java M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/DirectoryUtils.java M backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/internal/InternalAuthz.java M backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/KerberosLdapAuthz.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/aaa/DirectoryUser.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/aaa/DbUser.java A backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/GetDirectoryUserByPrincipalParameters.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java M backend/manager/modules/restapi/interface/definition/src/main/resources/api.xsd M backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/aaa/BackendUsersResource.java M backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/UserMapper.java M frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/main/view/popup/configure/SystemPermissionView.java 13 files changed, 104 insertions(+), 12 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/40/32340/1 diff --git a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java index 14ccaa7..2b8cfbf 100644 --- a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java +++ b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/AuthzUtils.java @@ -35,15 +35,23 @@ } public static ExtMap fetchPrincipalRecord(final ExtensionProxy extension, ExtMap authRecord) { + return fetchPrincipalRecordImpl(extension, Authn.InvokeKeys.AUTH_RECORD, authRecord); + } + + public static ExtMap fetchPrincipalRecord(final ExtensionProxy extension, String principal) { + return fetchPrincipalRecordImpl(extension, Authz.InvokeKeys.PRINCIPAL, principal); + } + + private static ExtMap fetchPrincipalRecordImpl(final ExtensionProxy extension, ExtKey key, Object value) { ExtMap ret = null; ExtMap output = extension.invoke(new ExtMap().mput( Base.InvokeKeys.COMMAND, Authz.InvokeCommands.FETCH_PRINCIPAL_RECORD ).mput( - Authn.InvokeKeys.AUTH_RECORD, - authRecord + key, + value )); - if (output.<Integer>get(Authz.InvokeKeys.STATUS) == Authz.Status.SUCCESS) { + if (output.<Integer> get(Authz.InvokeKeys.STATUS) == Authz.Status.SUCCESS) { ret = output.<ExtMap> get(Authz.InvokeKeys.PRINCIPAL_RECORD); } return ret; diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetDirectoryUserByPrincipalQuery.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetDirectoryUserByPrincipalQuery.java new file mode 100644 index 0000000..1304754 --- /dev/null +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/GetDirectoryUserByPrincipalQuery.java @@ -0,0 +1,34 @@ +package org.ovirt.engine.core.bll; + +import org.ovirt.engine.core.aaa.AuthzUtils; +import org.ovirt.engine.core.bll.aaa.DirectoryUtils; +import org.ovirt.engine.core.bll.context.EngineContext; +import org.ovirt.engine.core.common.queries.GetDirectoryUserByPrincipalParameters; +import org.ovirt.engine.core.utils.extensionsmgr.EngineExtensionsManager; + +public class GetDirectoryUserByPrincipalQuery<P extends GetDirectoryUserByPrincipalParameters> extends QueriesCommandBase<P> { + + public GetDirectoryUserByPrincipalQuery(P parameters, EngineContext engineContext) { + super(parameters, engineContext); + } + + public GetDirectoryUserByPrincipalQuery(P parameters) { + this(parameters, null); + } + + @Override + protected void executeQueryCommand() { + getQueryReturnValue().setReturnValue( + DirectoryUtils.mapPrincipalRecordToDirectoryUser( + getParameters().getAuthz(), + AuthzUtils.fetchPrincipalRecord( + EngineExtensionsManager.getInstance().getExtensionByName( + getParameters().getAuthz() + ), + getParameters().getPrincnipal() + ) + ) + ); + } + +} diff --git a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/DirectoryUtils.java b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/DirectoryUtils.java index 08cf1a2..9c891de 100644 --- a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/DirectoryUtils.java +++ b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/DirectoryUtils.java @@ -157,6 +157,7 @@ directoryUser.setLastName(principalRecord.<String> get(Authz.PrincipalRecord.LAST_NAME)); directoryUser.setEmail(principalRecord.<String> get(Authz.PrincipalRecord.EMAIL)); directoryUser.setTitle(principalRecord.<String> get(Authz.PrincipalRecord.TITLE)); + directoryUser.setPrincipal(principalRecord.<String> get(Authz.PrincipalRecord.PRINCIPAL)); List<DirectoryGroup> directoryGroups = new ArrayList<DirectoryGroup>(); List<ExtMap> groups = principalRecord.<List<ExtMap>> get(Authz.PrincipalRecord.GROUPS); if (groups != null) { diff --git a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/internal/InternalAuthz.java b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/internal/InternalAuthz.java index 44f33d1..f36cf14 100644 --- a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/internal/InternalAuthz.java +++ b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/internal/InternalAuthz.java @@ -76,7 +76,8 @@ } private void doFetchPrincipalRecord(ExtMap input, ExtMap output) { - String principal = input.<ExtMap> get(Authn.InvokeKeys.AUTH_RECORD).get(Authn.AuthRecord.PRINCIPAL); + ExtMap authRecord = input.<ExtMap> get(Authn.InvokeKeys.AUTH_RECORD); + String principal = authRecord != null ? authRecord.<String>get(Authn.AuthRecord.PRINCIPAL) : input.<String> get(Authz.InvokeKeys.PRINCIPAL); if (principal.equals(adminUser.<String> get(Authz.PrincipalRecord.NAME))) { output.put(Authz.InvokeKeys.PRINCIPAL_RECORD, adminUser); } @@ -125,6 +126,8 @@ ).mput( Authz.PrincipalRecord.ID, configuration.getProperty("config.authz.user.id") + ).mput(Authz.PrincipalRecord.PRINCIPAL, + userName ); } diff --git a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/KerberosLdapAuthz.java b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/KerberosLdapAuthz.java index 6b0929a..01a5758 100644 --- a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/KerberosLdapAuthz.java +++ b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/kerberosldap/KerberosLdapAuthz.java @@ -177,11 +177,12 @@ } private void doFetchPrincipalRecord(ExtMap input, ExtMap output) { + ExtMap authRecord = input.<ExtMap> get(Authn.InvokeKeys.AUTH_RECORD); LdapReturnValueBase ldapResult = broker.runAdAction(AdActionType.GetAdUserByUserName, new LdapSearchByUserNameParameters(configuration, null, - getDirectoryName(), - input.<ExtMap> get(Authn.InvokeKeys.AUTH_RECORD).<String> get(Authn.AuthRecord.PRINCIPAL))); + getDirectoryName(), authRecord != null ? authRecord.<String> get(Authn.AuthRecord.PRINCIPAL) + : input.<String> get(Authz.InvokeKeys.PRINCIPAL))); output.mput( Authz.InvokeKeys.PRINCIPAL_RECORD, mapLdapUser(((LdapUser) ldapResult.getReturnValue())) @@ -275,6 +276,9 @@ ).mput( Authz.PrincipalRecord.TITLE, user.getTitle() + ).mput( + Authz.PrincipalRecord.PRINCIPAL, + user.getUserName() ); if (user.getGroups() != null) { List<ExtMap> groups = new ArrayList<>(); diff --git a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/aaa/DirectoryUser.java b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/aaa/DirectoryUser.java index 9f5961d..8b14f16 100644 --- a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/aaa/DirectoryUser.java +++ b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/aaa/DirectoryUser.java @@ -11,6 +11,7 @@ private String title; private String email; private String department; + private String principal; // Flag indicating if this user has the administrator role: private boolean isAdmin; @@ -68,6 +69,14 @@ this.title = title; } + public String getPrincipal() { + return principal; + } + + public void setPrincipal(String principal) { + this.principal = principal; + } + @Override public int hashCode() { final int prime = 31; diff --git a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/aaa/DbUser.java b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/aaa/DbUser.java index 7e8beec..d62a68d 100644 --- a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/aaa/DbUser.java +++ b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/aaa/DbUser.java @@ -87,7 +87,7 @@ externalId = directoryUser.getId(); domain = directoryUser.getDirectoryName(); namespace = directoryUser.getNamespace(); - loginName = directoryUser.getName(); + loginName = directoryUser.getPrincipal() != null ? directoryUser.getPrincipal() : directoryUser.getName(); firstName = directoryUser.getFirstName(); lastName = directoryUser.getLastName(); department = directoryUser.getDepartment(); diff --git a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/GetDirectoryUserByPrincipalParameters.java b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/GetDirectoryUserByPrincipalParameters.java new file mode 100644 index 0000000..1a84c7f --- /dev/null +++ b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/GetDirectoryUserByPrincipalParameters.java @@ -0,0 +1,26 @@ +package org.ovirt.engine.core.common.queries; + +public class GetDirectoryUserByPrincipalParameters extends VdcQueryParametersBase { + + private static final long serialVersionUID = 4178594464331010016L; + + private String principal; + private String authz; + + public GetDirectoryUserByPrincipalParameters() { + } + + public GetDirectoryUserByPrincipalParameters(String authz, String principal) { + this.principal = principal; + this.authz = authz; + } + + public String getPrincnipal() { + return principal; + } + + public String getAuthz() { + return authz; + } + +} diff --git a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java index 132859e..1778391 100644 --- a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java +++ b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/queries/VdcQueryType.java @@ -157,6 +157,7 @@ GetDirectoryUserById(VdcQueryAuthType.User), GetDirectoryGroupById(VdcQueryAuthType.User), GetAvailableNamespaces(VdcQueryAuthType.User), + GetDirectoryUserByPrincipal(VdcQueryAuthType.User), // Groups queries: GetAllDbGroups(VdcQueryAuthType.User), diff --git a/backend/manager/modules/restapi/interface/definition/src/main/resources/api.xsd b/backend/manager/modules/restapi/interface/definition/src/main/resources/api.xsd index fd019a7..4162b2d 100644 --- a/backend/manager/modules/restapi/interface/definition/src/main/resources/api.xsd +++ b/backend/manager/modules/restapi/interface/definition/src/main/resources/api.xsd @@ -1912,6 +1912,7 @@ <xs:element name="last_name" type="xs:string" minOccurs="0" maxOccurs="1"/> <!-- generally name@domain --> <xs:element name="user_name" type="xs:string" minOccurs="0" maxOccurs="1"/> + <xs:element name="principal" type="xs:string" minOccurs="0" maxOccurs="1"/> <xs:element name="password" type="xs:string" minOccurs="0" maxOccurs="1"/> <xs:element name="email" type="xs:string" minOccurs="0" maxOccurs="1"/> <!-- used only to represent the initial role assignments for a diff --git a/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/aaa/BackendUsersResource.java b/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/aaa/BackendUsersResource.java index a5fcb8b..fe0a8dd 100644 --- a/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/aaa/BackendUsersResource.java +++ b/backend/manager/modules/restapi/jaxrs/src/main/java/org/ovirt/engine/api/restapi/resource/aaa/BackendUsersResource.java @@ -27,6 +27,7 @@ import org.ovirt.engine.core.common.businessentities.aaa.DbUser; import org.ovirt.engine.core.common.interfaces.SearchType; import org.ovirt.engine.core.common.queries.DirectoryIdQueryParameters; +import org.ovirt.engine.core.common.queries.GetDirectoryUserByPrincipalParameters; import org.ovirt.engine.core.common.queries.IdQueryParameters; import org.ovirt.engine.core.common.queries.VdcQueryParametersBase; import org.ovirt.engine.core.common.queries.VdcQueryType; @@ -209,8 +210,9 @@ result = getUserById(directoryName, namespace, user.getDomainEntryId()); } else if (user.isSetId()) { result = getUserById(directoryName, namespace, user.getId()); - } else { - if (user.isSetUserName()) { + } else if (user.isSetPrincipal()) { + result = getEntity(DirectoryUser.class, VdcQueryType.GetDirectoryUserByPrincipal, new GetDirectoryUserByPrincipalParameters(directoryName, user.getPrincipal()), user.getPrincipal()); + } else if (user.isSetUserName()) { result = getEntity( DirectoryUser.class, SearchType.DirectoryUser, @@ -220,8 +222,6 @@ directoryName) ); } - - } return result; } diff --git a/backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/UserMapper.java b/backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/UserMapper.java index 76d7a15..172f83a 100644 --- a/backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/UserMapper.java +++ b/backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/UserMapper.java @@ -21,6 +21,7 @@ User model = template != null ? template : new User(); model.setName(entity.getFirstName()); model.setUserName(entity.getLoginName() + "@" + entity.getDomain()); + model.setPrincipal(entity.getLoginName()); model.setId(entity.getId().toString()); model.setLastName(entity.getLastName()); model.setEmail(entity.getEmail()); @@ -52,6 +53,7 @@ model.setLastName(entity.getLastName()); model.setEmail(entity.getEmail()); model.setDepartment(entity.getDepartment()); + model.setPrincipal(entity.getPrincipal()); model.setNamespace(entity.getNamespace()); if (entity.getGroups() != null) { model.setGroups(new Groups()); @@ -72,7 +74,9 @@ @Mapping(from = User.class, to = DbUser.class) public static DbUser map(User model, DbUser template) { DbUser entity = template != null? template: new DbUser(); - if (model.isSetName()) { + if (model.isSetPrincipal()) { + entity.setLoginName(model.getPrincipal()); + } else if (model.isSetName()) { entity.setLoginName(model.getName()); } if (model.isSetId()) { diff --git a/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/main/view/popup/configure/SystemPermissionView.java b/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/main/view/popup/configure/SystemPermissionView.java index 37d7002..f74793b 100644 --- a/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/main/view/popup/configure/SystemPermissionView.java +++ b/frontend/webadmin/modules/webadmin/src/main/java/org/ovirt/engine/ui/webadmin/section/main/view/popup/configure/SystemPermissionView.java @@ -69,6 +69,7 @@ getTableHeaderlessResources(), getTableResources(), eventBus, clientStorage); content.add(table); + table.enableColumnResizing(); table.addColumn(new PermissionTypeColumn(), constants.empty(), "30px"); //$NON-NLS-1$ -- To view, visit http://gerrit.ovirt.org/32340 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I5ba5d75449afd1ecdf75e7b335b4ab5cb32d10ce Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-3.5 Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
