modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/detail/inventory/ResourceResourceAgentView.java | 26 +++++++--- modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages.properties | 1 modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/inventory/resource/PingAgentUIBean.java | 5 + modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/navigation/resource/ResourceTreeModelUIBean.java | 2 modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/cloud/StatusManagerBean.java | 6 +- modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/AgentManagerBean.java | 15 +++-- modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/measurement/MeasurementScheduleManagerBean.java | 6 +- modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/ResourceManagerBean.java | 18 +++--- 8 files changed, 48 insertions(+), 31 deletions(-)
New commits: commit 12e0188663cf0f6956b94f0ce2e59d24359ca112 Author: Simeon Pinder spinder@redhat.com Date: Fri Jan 14 09:11:50 2011 -0500
BZ 669521: relaxing permissions requirement for AgentManagerBean.getAgentByResourceId() to require MANAGE_SETTINGS instead of MANAGE_INVENTORY and updated AgentView messages to better reflect insufficient permissions.
diff --git a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/detail/inventory/ResourceResourceAgentView.java b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/detail/inventory/ResourceResourceAgentView.java index 227eac9..e1c16de 100644 --- a/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/detail/inventory/ResourceResourceAgentView.java +++ b/modules/enterprise/gui/coregui/src/main/java/org/rhq/enterprise/gui/coregui/client/inventory/resource/detail/inventory/ResourceResourceAgentView.java @@ -23,6 +23,7 @@ import java.util.Date; import java.util.List;
import com.google.gwt.user.client.rpc.AsyncCallback; +import com.smartgwt.client.widgets.Canvas; import com.smartgwt.client.widgets.form.fields.FormItem; import com.smartgwt.client.widgets.form.fields.FormItemIcon; import com.smartgwt.client.widgets.form.fields.HeaderItem; @@ -102,16 +103,15 @@ public class ResourceResourceAgentView extends LocatableVLayout implements Refre // Agent Status agentStatusIcon = new FormItemIcon(); agentStatusIcon.setSrc(ImageManager.getAvailabilityLargeIcon(null)); - StaticTextItem agentStatus = - new StaticTextItem("agent-comm-status", MSG.view_inventory_summary_agent_status_title()); + StaticTextItem agentStatus = new StaticTextItem("agent-comm-status", MSG + .view_inventory_summary_agent_status_title()); agentStatus.setIcons(agentStatusIcon); agentStatus.setWrapTitle(false); formItems.add(agentStatus);
// Last Received Avail report String lastAvailReport = "last-avail-report"; - lastAvailReportValue = new StaticTextItem(lastAvailReport, MSG - .view_inventory_summary_agent_last_title()); + lastAvailReportValue = new StaticTextItem(lastAvailReport, MSG.view_inventory_summary_agent_last_title()); lastAvailReportValue.setWrapTitle(false); formItems.add(lastAvailReportValue);
@@ -127,7 +127,19 @@ public class ResourceResourceAgentView extends LocatableVLayout implements Refre GWTServiceLookup.getAgentService().getAgentForResource(this.resourceId, new AsyncCallback<Agent>() { @Override public void onFailure(Throwable caught) { - CoreGUI.getErrorHandler().handleError(MSG.view_inventory_summary_agent_error1() + resourceId + ".", caught); + //Permissions failure, generate message to that effect + for (Canvas child : form.getChildren()) { + child.destroy(); + } + + HeaderItem headerItem = new HeaderItem("header", MSG.view_inventory_summary_agent_title()); + headerItem.setValue(MSG.view_inventory_summary_agent_title()); + StaticTextItem permissionsMessage = new StaticTextItem("permissions", "permissionsFailure"); + permissionsMessage.setShowTitle(false); + permissionsMessage.setValue(MSG.view_inventory_summary_agent_error3()); + permissionsMessage.setWrap(false); + form.setFields(headerItem, new SpacerItem(), permissionsMessage); + form.markForRedraw(); }
@Override @@ -135,8 +147,8 @@ public class ResourceResourceAgentView extends LocatableVLayout implements Refre GWTServiceLookup.getAgentService().pingAgentForResource(resourceId, new AsyncCallback<Boolean>() { @Override public void onFailure(Throwable caught) { - CoreGUI.getErrorHandler().handleError(MSG.view_inventory_summary_agent_error2() + resourceId + ".", - caught); + CoreGUI.getErrorHandler().handleError( + MSG.view_inventory_summary_agent_error2() + " " + resourceId + ".", caught); agentStatusIcon.setSrc(ImageManager.getAvailabilityLargeIcon(null)); form.markForRedraw(); } diff --git a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages.properties b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages.properties index 4322960..a7de6fa 100644 --- a/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages.properties +++ b/modules/enterprise/gui/coregui/src/main/resources/org/rhq/enterprise/gui/coregui/client/Messages.properties @@ -1270,6 +1270,7 @@ view_inventory_servers = Servers view_inventory_services = Services view_inventory_summary_agent_error1 = Failed to locate agent managing resource id view_inventory_summary_agent_error2 = Failed to ping agent managing resource id +view_inventory_summary_agent_error3 = You do not have permission to view details for this Agent. view_inventory_summary_agent_fullEnpoint = Full Endpoint view_inventory_summary_agent_fullEnpoint_err1 = !No remote endpoint associated with this resource! view_inventory_summary_agent_last_title = Last Received Availability Report diff --git a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/inventory/resource/PingAgentUIBean.java b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/inventory/resource/PingAgentUIBean.java index 989d10d..941aed7 100644 --- a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/inventory/resource/PingAgentUIBean.java +++ b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/inventory/resource/PingAgentUIBean.java @@ -21,8 +21,8 @@ package org.rhq.enterprise.gui.inventory.resource; import org.rhq.core.domain.resource.Agent; import org.rhq.core.gui.util.FacesContextUtility; import org.rhq.enterprise.gui.legacy.ParamConstants; -import org.rhq.enterprise.gui.util.EnterpriseFacesContextUtility; import org.rhq.enterprise.server.agentclient.AgentClient; +import org.rhq.enterprise.server.auth.SubjectManagerLocal; import org.rhq.enterprise.server.core.AgentManagerLocal; import org.rhq.enterprise.server.util.LookupUtil;
@@ -37,6 +37,7 @@ public class PingAgentUIBean { private Boolean pingResults = null; private Agent agent = null; private AgentManagerLocal agentManager = LookupUtil.getAgentManager(); + private SubjectManagerLocal subjectManager = LookupUtil.getSubjectManager();
public PingAgentUIBean() { } @@ -76,7 +77,7 @@ public class PingAgentUIBean { try { int resourceId = FacesContextUtility.getRequiredRequestParameter(ParamConstants.RESOURCE_ID_PARAM, Integer.class); - agent = agentManager.getAgentByResourceId(EnterpriseFacesContextUtility.getSubject(), resourceId); + agent = agentManager.getAgentByResourceId(subjectManager.getOverlord(), resourceId); if (agent == null) { throw new IllegalStateException("No agent is associated with the resource with id " + resourceId + "."); } diff --git a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/navigation/resource/ResourceTreeModelUIBean.java b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/navigation/resource/ResourceTreeModelUIBean.java index 6b8af11..d7b6339 100644 --- a/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/navigation/resource/ResourceTreeModelUIBean.java +++ b/modules/enterprise/gui/portal-war/src/main/java/org/rhq/enterprise/gui/navigation/resource/ResourceTreeModelUIBean.java @@ -80,7 +80,7 @@ public class ResourceTreeModelUIBean { HibernatePerformanceMonitor.get().stop(monitorId, "ResourceTree root resource"); log.debug("Found root resource in " + (end - start));
- Agent agent = agentManager.getAgentByResourceId(EnterpriseFacesContextUtility.getSubject(), rootResource + Agent agent = agentManager.getAgentByResourceId(LookupUtil.getSubjectManager().getOverlord(), rootResource .getId());
start = System.currentTimeMillis(); diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/cloud/StatusManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/cloud/StatusManagerBean.java index 737e378..dfd1990 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/cloud/StatusManagerBean.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/cloud/StatusManagerBean.java @@ -43,6 +43,7 @@ import org.rhq.enterprise.server.alert.AlertDefinitionManagerLocal; import org.rhq.enterprise.server.cloud.instance.CacheConsistencyManagerBean; import org.rhq.enterprise.server.cloud.instance.ServerManagerLocal; import org.rhq.enterprise.server.core.AgentManagerLocal; +import org.rhq.enterprise.server.util.LookupUtil;
/** * There are various changes that can occur in the system that make the alertscondition cache stale. @@ -126,7 +127,7 @@ public class StatusManagerBean implements StatusManagerLocal { * this is informational debugging only - do NOT change the status bits here */ if (log.isDebugEnabled()) { - Agent agent = agentManager.getAgentByResourceId(subject, resourceId); + Agent agent = agentManager.getAgentByResourceId(LookupUtil.getSubjectManager().getOverlord(), resourceId); log.debug("Marking status, agent[id=" + agent.getId() + ", status=" + agent.getStatus() + "] for resource[id=" + resourceId + "]");
@@ -160,7 +161,8 @@ public class StatusManagerBean implements StatusManagerLocal { */ if (log.isDebugEnabled()) { AlertDefinition definition = entityManager.find(AlertDefinition.class, alertDefinitionId); - Agent agent = agentManager.getAgentByResourceId(subject, definition.getResource().getId()); + Agent agent = agentManager.getAgentByResourceId(LookupUtil.getSubjectManager().getOverlord(), definition + .getResource().getId()); log.debug("Marking status, agent[id=" + agent.getId() + ", status=" + agent.getStatus() + "] for alertDefinition[id=" + alertDefinitionId + "]");
diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/AgentManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/AgentManagerBean.java index f47fba6..25db8ff 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/AgentManagerBean.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/core/AgentManagerBean.java @@ -157,7 +157,9 @@ public class AgentManagerBean implements AgentManagerLocal { return client; }
- @ExcludeDefaultInterceptors + /* + * Removed ExcludeDefaultInterceptors annotation to enable permission and session check by the container. + */ public AgentClient getAgentClient(Subject subject, int resourceId) { Agent agent = getAgentByResourceId(subject, resourceId);
@@ -355,16 +357,17 @@ public class AgentManagerBean implements AgentManagerLocal { return agent; }
- @ExcludeDefaultInterceptors + /* + * Removed ExcludeDefaultInterceptors annotation to enable permission and session check by the container. + */ public Agent getAgentByResourceId(Subject subject, int resourceId) { Agent agent;
try { - //insert logged in check and view resources perm check as method calld from GWT*Service - if ((subject != null) - && (!authorizationManager.hasResourcePermission(subject, Permission.MANAGE_INVENTORY, resourceId))) { + //insert logged in check and view resources perm check as method called from GWT*Service + if ((subject != null) && (!authorizationManager.hasGlobalPermission(subject, Permission.MANAGE_SETTINGS))) { throw new PermissionException("Can not get agent details - " + subject + " lacks " - + Permission.MANAGE_INVENTORY + " for resource[id=" + resourceId + "]"); + + Permission.MANAGE_SETTINGS + " for resource[id=" + resourceId + "]"); }
Query query = entityManager.createNamedQuery(Agent.QUERY_FIND_BY_RESOURCE_ID); diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/measurement/MeasurementScheduleManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/measurement/MeasurementScheduleManagerBean.java index 602d2c3..98110ac 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/measurement/MeasurementScheduleManagerBean.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/measurement/MeasurementScheduleManagerBean.java @@ -307,13 +307,13 @@ public class MeasurementScheduleManagerBean implements MeasurementScheduleManage return; }
- @RequiredPermissions({ @RequiredPermission(Permission.MANAGE_INVENTORY), + @RequiredPermissions( { @RequiredPermission(Permission.MANAGE_INVENTORY), @RequiredPermission(Permission.MANAGE_SETTINGS) }) public void disableAllDefaultCollections(Subject subject) { entityManager.createNamedQuery(MeasurementDefinition.DISABLE_ALL).executeUpdate(); }
- @RequiredPermissions({ @RequiredPermission(Permission.MANAGE_INVENTORY), + @RequiredPermissions( { @RequiredPermission(Permission.MANAGE_INVENTORY), @RequiredPermission(Permission.MANAGE_SETTINGS) }) public void disableAllSchedules(Subject subject) { entityManager.createNamedQuery(MeasurementSchedule.DISABLE_ALL).executeUpdate(); @@ -496,7 +496,7 @@ public class MeasurementScheduleManagerBean implements MeasurementScheduleManage
// The number of Agents is manageable, so we can work with entities here for (Integer resourceId : reqMap.keySet()) { - Agent agent = agentManager.getAgentByResourceId(subject, resourceId); + Agent agent = agentManager.getAgentByResourceId(subjectManager.getOverlord(), resourceId);
Set<ResourceMeasurementScheduleRequest> agentUpdate = agentUpdates.get(agent); if (agentUpdate == null) { diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/ResourceManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/ResourceManagerBean.java index f4c0a94..5f62fa9 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/ResourceManagerBean.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/resource/ResourceManagerBean.java @@ -269,7 +269,7 @@ public class ResourceManagerBean implements ResourceManagerLocal, ResourceManage if (resource.getParentResource() == null) { try { // note, this needs to be done before the marking because the agent reference is going to be set to null - doomedAgent = agentManager.getAgentByResourceId(user, resourceId); + doomedAgent = agentManager.getAgentByResourceId(subjectManager.getOverlord(), resourceId); } catch (Exception e) { doomedAgent = null; log.warn("This warning should occur in TEST code only! " + e); @@ -403,7 +403,7 @@ public class ResourceManagerBean implements ResourceManagerLocal, ResourceManage }
// one more thing, delete any autogroup backing groups - if (attachedResource!=null) { + if (attachedResource != null) { List<ResourceGroup> backingGroups = attachedResource.getAutoGroupBackingGroups(); if (null != backingGroups && !backingGroups.isEmpty()) { int size = backingGroups.size(); @@ -417,8 +417,8 @@ public class ResourceManagerBean implements ResourceManagerLocal, ResourceManage if (log.isDebugEnabled()) { log.error("Bulk delete error for autogroup backing group deletion for " + backingGroupIds, t); } else { - log.error("Bulk delete error for autogroup backing group deletion for " + backingGroupIds + ": " - + t.getMessage()); + log.error("Bulk delete error for autogroup backing group deletion for " + backingGroupIds + + ": " + t.getMessage()); } } } @@ -2332,15 +2332,13 @@ public class ResourceManagerBean implements ResourceManagerLocal, ResourceManage
@SuppressWarnings("unchecked") public List<Integer> findIdsByTypeIds(List<Integer> resourceTypeIds) { - return entityManager.createNamedQuery(Resource.QUERY_FIND_IDS_BY_TYPE_IDS) - .setParameter("resourceTypeIds", resourceTypeIds) - .getResultList(); + return entityManager.createNamedQuery(Resource.QUERY_FIND_IDS_BY_TYPE_IDS).setParameter("resourceTypeIds", + resourceTypeIds).getResultList(); }
@Override public Integer getResourceCount(List<Integer> resourceTypeIds) { - return (Integer) entityManager.createNamedQuery(Resource.QUERY_FIND_COUNT_BY_TYPES) - .setParameter("resourceTypeIds", resourceTypeIds) - .getSingleResult(); + return (Integer) entityManager.createNamedQuery(Resource.QUERY_FIND_COUNT_BY_TYPES).setParameter( + "resourceTypeIds", resourceTypeIds).getSingleResult(); } }
rhq-commits@lists.fedorahosted.org