[Engine-patches] Change in ovirt-engine[master]: aaa: Don't update a user if the username has changed

Wed, 01 Oct 2014 06:35:46 -0700 

Yair Zaslavsky has uploaded a new change for review.

Change subject: aaa: Don't update a user if the username has changed
......................................................................

aaa: Don't update a user if the username has changed

Change-Id: I2ae66d23862ad5d4da2f2e2e6a903119e859fd39
Bug-Url: https:/bugzilla.redhat.com/1100321
Signed-off-by: Yair Zaslavsky <yzasl...@redhat.com>
---
M 
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/AddUserCommand.java
M 
backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/internal/InternalAuthz.java
2 files changed, 57 insertions(+), 12 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/38/33638/1

diff --git 
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/AddUserCommand.java
 
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/AddUserCommand.java
index eccfcf6..28632ad 100644
--- 
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/AddUserCommand.java
+++ 
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/aaa/AddUserCommand.java
@@ -11,6 +11,7 @@
 import org.ovirt.engine.core.common.VdcObjectType;
 import org.ovirt.engine.core.common.action.AddUserParameters;
 import org.ovirt.engine.core.common.businessentities.aaa.DbUser;
+import org.ovirt.engine.core.compat.Guid;
 import org.ovirt.engine.core.dal.dbbroker.DbFacade;
 
 public class AddUserCommand<T extends AddUserParameters> extends 
CommandBase<T> {
@@ -39,20 +40,35 @@
     @Override
     protected void executeCommand() {
         DbUser user = getParameters().getUserToAdd();
+        String loginNameFromParams = getParameters().getUserToAdd() != null ? 
getParameters().getUserToAdd().getLoginName() : null;
         DbUser syncResult = SyncUsers.sync(user);
         user = syncResult != null ? syncResult : user;
+        boolean success  = true;
         DbUser userFromDb =
-                
DbFacade.getInstance().getDbUserDao().getByExternalId(user.getDomain(), 
user.getExternalId());
+                DbFacade.getInstance()
+                        .getDbUserDao()
+                        .getByExternalId(user.getDomain(), 
user.getExternalId());
         if (userFromDb == null) {
             if (user.isActive()) {
                 DbFacade.getInstance().getDbUserDao().save(user);
+                success = true;
             }
         } else {
-            user.setId(userFromDb.getId());
-            DbFacade.getInstance().getDbUserDao().update(user);
+            if (loginNameFromParams.equals(user.getLoginName())) {
+                success = true;
+                user.setId(userFromDb.getId());
+                DbFacade.getInstance().getDbUserDao().update(user);
+            } else {
+                success = false;
+            }
         }
-        setActionReturnValue(user.getId());
-        setSucceeded(user.isActive());
+        if (success) {
+            setActionReturnValue(user.getId());
+            setSucceeded(user.isActive());
+        } else {
+            setActionReturnValue(Guid.Empty);
+            setSucceeded(false);
+        }
     }
 
     @Override
diff --git 
a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/internal/InternalAuthz.java
 
b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/internal/InternalAuthz.java
index f36cf14..75f11f6 100644
--- 
a/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/internal/InternalAuthz.java
+++ 
b/backend/manager/modules/builtin-extensions/src/main/java/org/ovirt/engine/extensions/aaa/builtin/internal/InternalAuthz.java
@@ -1,9 +1,11 @@
 package org.ovirt.engine.extensions.aaa.builtin.internal;
 
 import java.util.Arrays;
+import java.util.Collection;
 import java.util.Properties;
 
 import org.ovirt.engine.api.extensions.Base;
+import org.ovirt.engine.api.extensions.ExtKey;
 import org.ovirt.engine.api.extensions.ExtMap;
 import org.ovirt.engine.api.extensions.ExtUUID;
 import org.ovirt.engine.api.extensions.Extension;
@@ -21,14 +23,16 @@
 
     private ExtMap adminUser;
 
+    private String userName;
+
     private static class Opaque {
 
         private boolean firstCall;
-        private boolean isUser;
+        private boolean found;
 
-        public Opaque(boolean isUser) {
+        public Opaque(boolean found) {
             firstCall = true;
-            this.isUser = isUser;
+            this.found = found;
         }
     }
 
@@ -44,8 +48,7 @@
             } else if (command.equals(Authz.InvokeCommands.QUERY_CLOSE)) {
                 // Do nothing
             } else if (command.equals(Authz.InvokeCommands.QUERY_OPEN)) {
-                output.put(Authz.InvokeKeys.QUERY_OPAQUE, new 
Opaque(input.<ExtUUID> get(Authz.InvokeKeys.QUERY_ENTITY)
-                        .equals(Authz.QueryEntity.PRINCIPAL)));
+                doQueryOpen(input, output);
             } else if (command.equals(Authz.InvokeCommands.QUERY_EXECUTE)) {
                 doQueryExecute(input, output);
             } else {
@@ -67,10 +70,36 @@
         }
     }
 
+    private void doQueryOpen(ExtMap input, ExtMap output) {
+        if 
(input.get(Authz.InvokeKeys.QUERY_ENTITY).equals(Authz.QueryEntity.PRINCIPAL)) {
+            output.put(Authz.InvokeKeys.QUERY_OPAQUE, new 
Opaque(doQueryOpenImpl(input.<ExtMap> get(Authz.InvokeKeys.QUERY_FILTER))));
+        } else {
+            output.put(Authz.InvokeKeys.QUERY_OPAQUE, new Opaque(false));
+        }
+    }
+
+    private boolean doQueryOpenImpl(ExtMap filter) {
+        boolean found = false;
+        if (filter.<Integer> get(Authz.QueryFilterRecord.OPERATOR) == 
Authz.QueryFilterOperator.EQ) {
+            if (filter.<ExtKey> 
get(Authz.QueryFilterRecord.KEY).equals(Authz.PrincipalRecord.NAME)) {
+                String name = filter.<String> get(Authz.PrincipalRecord.NAME);
+                name = name.replace("*", "");
+                found = userName.contains(name);
+            } else {
+                found = false;
+            }
+        } else {
+            for (ExtMap currentFilter : filter.<Collection<ExtMap>> 
get(Authz.QueryFilterRecord.FILTER)) {
+                found = found || doQueryOpenImpl(currentFilter);
+            }
+        }
+        return found;
+    }
+
     private void doQueryExecute(ExtMap input, ExtMap output) {
         Opaque opaque = input.<Opaque> get(Authz.InvokeKeys.QUERY_OPAQUE);
         output.put(Authz.InvokeKeys.QUERY_RESULT,
-                opaque.firstCall && opaque.isUser ? Arrays.asList(adminUser)
+                opaque.firstCall && opaque.found ? Arrays.asList(adminUser)
                         : null);
         opaque.firstCall = false;
     }
@@ -113,7 +142,7 @@
                         Authz.ContextKeys.AVAILABLE_NAMESPACES,
                         Arrays.asList(NAMESPACE)
                         );
-        String userName = configuration.getProperty("config.authz.user.name");
+        userName = configuration.getProperty("config.authz.user.name");
         adminUser = new ExtMap().mput(
                 Authz.PrincipalRecord.NAMESPACE,
                 NAMESPACE


-- 
To view, visit http://gerrit.ovirt.org/33638
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I2ae66d23862ad5d4da2f2e2e6a903119e859fd39
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Yair Zaslavsky <yzasl...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to