Ravi Nori has uploaded a new change for review. Change subject: tools : manage-domains messages should be more clear ......................................................................
tools : manage-domains messages should be more clear When user adds a domain with no "-addPermissions" the message should show the option of -action=edit with -addPermissions option. When the user edits a domain to change the password of a user who has been granted permissions with -addPermissions, the message to grant permissions should not be displayed. Change-Id: I04bd16bebfcd9e5390444c525fc45363acff835c Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=908246 Signed-off-by: Ravi Nori <rn...@redhat.com> --- M backend/manager/dbscripts/multi_level_administration_sp.sql M backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java M backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomainsDAO.java M backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomainsDAOImpl.java 4 files changed, 78 insertions(+), 8 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/35/12035/1 diff --git a/backend/manager/dbscripts/multi_level_administration_sp.sql b/backend/manager/dbscripts/multi_level_administration_sp.sql index a80174a..3dd08e2 100644 --- a/backend/manager/dbscripts/multi_level_administration_sp.sql +++ b/backend/manager/dbscripts/multi_level_administration_sp.sql @@ -57,6 +57,37 @@ END; $procedure$ LANGUAGE plpgsql; + + + +CREATE OR REPLACE FUNCTION get_user_permissions_for_domain(v_name VARCHAR(255), v_domain VARCHAR(255)) +RETURNS SETOF permissions_view + AS $procedure$ + DECLARE + v_user_name VARCHAR(255); + v_index INTEGER; +BEGIN +-- find if name already includes domain (@) + v_index := POSITION('@' IN v_name); + + if (v_index > 0) then + v_user_name := substr(v_name, 0, v_index); + else + v_user_name := v_name; + end if; + RETURN QUERY SELECT * + FROM permissions_view + WHERE permissions_view.ad_element_id in ( + SELECT users.user_id + FROM users + WHERE users.domain = v_domain + AND users.name = v_user_name); + +END; $procedure$ +LANGUAGE plpgsql; + + + Create or replace FUNCTION GetConsumedPermissionsForQuotaId(v_quota_id UUID) RETURNS SETOF permissions_view AS $procedure$ diff --git a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java index 2fe3b7a..14c1b40 100644 --- a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java +++ b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java @@ -44,7 +44,8 @@ private final String WARNING_ABOUT_TO_DELETE_LAST_DOMAIN = "WARNING: Domain %1$s is the last domain in the configuration. After deleting it you will have to either add another domain, or to use the internal admin user in order to login."; private final String INFO_ABOUT_NOT_ADDING_PERMISSIONS = - "The domain %1$s has been added to the engine as an authentication source but no users from that domain have been granted permissions within the oVirt Manager.\nUsers from this domain can be granted permissions from the Web administration interface."; + "The domain %1$s has been added to the engine as an authentication source but no users from that domain have been granted permissions within the oVirt Manager.\n"+ + "Users from this domain can be granted permissions from the Web administration interface or by editing the domain using -action=edit and specifying -addPermissions."; private final String SERVICE_RESTART_MESSAGE = "oVirt Engine restart is required in order for the changes to take place (service ovirt-engine restart)."; @@ -542,7 +543,8 @@ private void handleAddPermissions(String domainName,DomainsConfigurationEntry adUserNameEntry, DomainsConfigurationEntry adUserIdEntry) { if (addPermissions) { updatePermissionsTable(adUserNameEntry, adUserIdEntry); - } else { + } else + if (!userHasPermissions(adUserNameEntry, adUserIdEntry)) { System.out.println(String.format(INFO_ABOUT_NOT_ADDING_PERMISSIONS, domainName)); } } @@ -566,6 +568,23 @@ } } + private boolean userHasPermissions(DomainsConfigurationEntry adUserNameEntry, + DomainsConfigurationEntry adUseridEntry) { + try { + Set<Entry<String, String>> userNameValues = adUserNameEntry.getValues(); + for (Entry<String, String> currUserEntry : userNameValues) { + String currDomain = currUserEntry.getKey(); + String currUser = currUserEntry.getValue(); + if (daoImpl.getUserHasPermissions(currUser, currDomain)) { + return true; + } + } + } catch (SQLException e) { + log.error(e); + } + return false; + } + public void editDomain(CLIParser parser) throws ManageDomainsResult { String authMode; String domainName = parser.getArg(Arguments.domain.toString()).toLowerCase(); diff --git a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomainsDAO.java b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomainsDAO.java index 69663d2..9b6a9f6 100644 --- a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomainsDAO.java +++ b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomainsDAO.java @@ -4,5 +4,6 @@ public interface ManageDomainsDAO { boolean updatePermissionsTable(String uuid, String username, String domain) throws SQLException; + boolean getUserHasPermissions(String userName, String domain) throws SQLException; } diff --git a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomainsDAOImpl.java b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomainsDAOImpl.java index d5a1969..404bad1 100644 --- a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomainsDAOImpl.java +++ b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomainsDAOImpl.java @@ -2,6 +2,7 @@ import java.sql.Connection; import java.sql.PreparedStatement; +import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Types; import java.util.UUID; @@ -10,11 +11,13 @@ import org.apache.log4j.Logger; import org.ovirt.engine.core.tools.common.db.StandaloneDataSource; +import org.ovirt.engine.core.utils.db.DbUtils; public class ManageDomainsDAOImpl implements ManageDomainsDAO { private DataSource ds; private String actionQuery = "select attach_user_to_su_role(?,?,?,?)"; + private String selectQuery = "select get_user_permissions_for_domain(?,?)"; private final static Logger log = Logger.getLogger(ManageDomainsDAOImpl.class); public ManageDomainsDAOImpl() throws SQLException { @@ -37,13 +40,29 @@ prepareStatement.setString(4, domain); result = prepareStatement.execute(); } finally { - if (prepareStatement != null) { - prepareStatement.close(); - } - if (connection != null) { - connection.close(); - } + DbUtils.closeQuietly(prepareStatement, connection); } return result; } + + @Override + public boolean getUserHasPermissions(String userName, String domain) throws SQLException { + Connection connection = null; + PreparedStatement prepareStatement = null; + ResultSet resultSet = null; + try { + log.info("getPermissionsForUser username: " + userName + " domain: " + domain); + connection = ds.getConnection(); + prepareStatement = connection.prepareStatement(selectQuery); + prepareStatement.setString(1, userName); + prepareStatement.setString(2, domain); + resultSet = prepareStatement.executeQuery(); + if (resultSet.next()) { + return true; + } + } finally { + DbUtils.closeQuietly(resultSet, prepareStatement, connection); + } + return false; + } } -- To view, visit http://gerrit.ovirt.org/12035 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I04bd16bebfcd9e5390444c525fc45363acff835c Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Ravi Nori <rn...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
