modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java | 5 + modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerBean.java | 13 +++ modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerLocal.java | 3 modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/measurement/MeasurementChartsManagerBean.java | 5 + modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/measurement/MeasurementScheduleManagerBean.java | 3 modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/authz/test/AuthorizationManagerBeanTest.java | 37 ++++++++++ 6 files changed, 66 insertions(+)
New commits: commit b24055ad8389fa4fa5bcf7d1468ec77b246dd3cb Merge: 5a56c76... f2cc28d... Author: John Sanda jsanda@redhat.com Date: Mon Mar 29 15:16:26 2010 -0400
Merge branch 'bugfixes' of ssh://git.fedorahosted.org/git/rhq/rhq into bugfixes
commit 5a56c76e6d073c31a1818167d6cab87496f8c461 Author: John Sanda jsanda@redhat.com Date: Mon Mar 29 15:14:22 2010 -0400
[BZ 573982] Adding performance monitoring interceptor temporarily for this bug
Adding the hibernate performance momnitoring interceptor only for these EJBs to reduce noise in the logs
diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/measurement/MeasurementChartsManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/measurement/MeasurementChartsManagerBean.java index 11d86a4..5ecc627 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/measurement/MeasurementChartsManagerBean.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/measurement/MeasurementChartsManagerBean.java @@ -27,6 +27,7 @@ import java.util.Map;
import javax.ejb.EJB; import javax.ejb.Stateless; +import javax.interceptor.Interceptors; import javax.persistence.EntityManager; import javax.persistence.PersistenceContext; import javax.sql.DataSource; @@ -52,6 +53,7 @@ import org.rhq.core.util.collection.ArrayUtils; import org.rhq.enterprise.server.RHQConstants; import org.rhq.enterprise.server.alert.AlertManagerLocal; import org.rhq.enterprise.server.common.EntityContext; +import org.rhq.enterprise.server.common.PerformanceMonitorInterceptor; import org.rhq.enterprise.server.measurement.MeasurementPreferences.MetricRangePreferences; import org.rhq.enterprise.server.measurement.uibean.MetricDisplayConstants; import org.rhq.enterprise.server.measurement.uibean.MetricDisplaySummary; @@ -66,6 +68,7 @@ import org.rhq.enterprise.server.resource.group.ResourceGroupManagerLocal; */ @Stateless @javax.annotation.Resource(name = "RHQ_DS", mappedName = RHQConstants.DATASOURCE_JNDI_NAME) +@Interceptors(PerformanceMonitorInterceptor.class) public class MeasurementChartsManagerBean implements MeasurementChartsManagerLocal {
private final Log log = LogFactory.getLog(MeasurementChartsManagerBean.class); @@ -446,6 +449,8 @@ public class MeasurementChartsManagerBean implements MeasurementChartsManagerLoc return data; }
+ // TODO if cannot view resources throw permission exception + MeasurementDataManagerUtility dataUtil = MeasurementDataManagerUtility.getInstance(rhqDs);
// Loop over the definitions, find matching schedules and create a MetricDisplaySummary for each definition diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/measurement/MeasurementScheduleManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/measurement/MeasurementScheduleManagerBean.java index 6080f7b..4a95ac1 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/measurement/MeasurementScheduleManagerBean.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/measurement/MeasurementScheduleManagerBean.java @@ -34,6 +34,7 @@ import javax.ejb.EJB; import javax.ejb.Stateless; import javax.ejb.TransactionAttribute; import javax.ejb.TransactionAttributeType; +import javax.interceptor.Interceptors; import javax.persistence.EntityManager; import javax.persistence.NoResultException; import javax.persistence.PersistenceContext; @@ -84,6 +85,7 @@ import org.rhq.enterprise.server.authz.AuthorizationManagerLocal; import org.rhq.enterprise.server.authz.PermissionException; import org.rhq.enterprise.server.authz.RequiredPermission; import org.rhq.enterprise.server.authz.RequiredPermissions; +import org.rhq.enterprise.server.common.PerformanceMonitorInterceptor; import org.rhq.enterprise.server.core.AgentManagerLocal; import org.rhq.enterprise.server.resource.ResourceManagerLocal; import org.rhq.enterprise.server.resource.ResourceTypeManagerLocal; @@ -103,6 +105,7 @@ import org.rhq.enterprise.server.util.LookupUtil; */ @Stateless @javax.annotation.Resource(name = "RHQ_DS", mappedName = RHQConstants.DATASOURCE_JNDI_NAME) +@Interceptors(PerformanceMonitorInterceptor.class) public class MeasurementScheduleManagerBean implements MeasurementScheduleManagerLocal, MeasurementScheduleManagerRemote { @PersistenceContext(unitName = RHQConstants.PERSISTENCE_UNIT_NAME)
commit d584b84602f1e5a660540f744ae0458688b24fc8 Author: John Sanda jsanda@redhat.com Date: Mon Mar 29 15:11:27 2010 -0400
[BZ 573982] Adding JPA query for canViewResources
diff --git a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java index beb1703..9d91174 100644 --- a/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java +++ b/modules/core/domain/src/main/java/org/rhq/core/domain/auth/Subject.java @@ -119,6 +119,10 @@ import org.rhq.core.domain.util.serial.ExternalizableStrategy; + "FROM Resource res, IN (res.implicitGroups) g, IN (g.roles) r, IN (r.subjects) s " + "WHERE s = :subject AND res.id = :resourceId"),
+ @NamedQuery(name = Subject.QUERY_CAN_VIEW_RESOURCES, query = "SELECT COUNT(res) " + + "FROM Resource res, IN (res.implicitGroups) g, IN (g.roles) r, IN (r.subjects) s " + + "WHERE s = :subject AND res.id IN (:resourceIds)"), + @NamedQuery(name = Subject.QUERY_CAN_VIEW_GROUP, query = "SELECT count(g) " + "FROM ResourceGroup g " + "WHERE (g.id IN (SELECT rg.id " + " FROM ResourceGroup rg " + " JOIN rg.roles r " + " JOIN r.subjects s " @@ -180,6 +184,7 @@ public class Subject implements Externalizable { public static final String QUERY_HAS_RESOURCE_PERMISSION = "Subject.hasResourcePermission";
public static final String QUERY_CAN_VIEW_RESOURCE = "Subject.canViewResource"; + public static final String QUERY_CAN_VIEW_RESOURCES = "Subject.canViewResources"; public static final String QUERY_CAN_VIEW_GROUP = "Subject.canViewGroup";
public static final String QUERY_GET_RESOURCES_BY_PERMISSION = "Subject.getResourcesByPermission";
commit c7212aecbb5e81fbe227164b9030f8782941a7fb Author: John Sanda jsanda@redhat.com Date: Mon Mar 29 15:08:52 2010 -0400
[BZ 573982] Adding inital impl and test for AuthorizationManagerBean.canViewResources
diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerBean.java index ad8ae65..a6b3e99 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerBean.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerBean.java @@ -151,6 +151,19 @@ public class AuthorizationManagerBean implements AuthorizationManagerLocal { return (count != 0); }
+ public boolean canViewResources(Subject subject, List<Integer> resourceIds) { + if (isInventoryManager(subject)) { + return true; + } + + Query query = entityManager.createNamedQuery(Subject.QUERY_CAN_VIEW_RESOURCES); + query.setParameter("subject", subject); + query.setParameter("resourceIds", resourceIds); + long count = (Long) query.getSingleResult(); + + return count == resourceIds.size(); + } + public boolean canViewGroup(Subject subject, int groupId) { if (isInventoryManager(subject)) { return true; diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerLocal.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerLocal.java index 9cdab76..ce8ad68 100644 --- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerLocal.java +++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/authz/AuthorizationManagerLocal.java @@ -19,6 +19,7 @@ package org.rhq.enterprise.server.authz;
import java.util.Collection; +import java.util.List; import java.util.Set; import javax.ejb.Local; import org.rhq.core.domain.auth.Subject; @@ -44,6 +45,8 @@ public interface AuthorizationManagerLocal { */ boolean canViewResource(Subject subject, int resourceId);
+ boolean canViewResources(Subject subject, List<Integer> resourceIds); + /** * Returns true if the current user has some role attached to this group. * diff --git a/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/authz/test/AuthorizationManagerBeanTest.java b/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/authz/test/AuthorizationManagerBeanTest.java index 49b5bca..9d31668 100644 --- a/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/authz/test/AuthorizationManagerBeanTest.java +++ b/modules/enterprise/server/jar/src/test/java/org/rhq/enterprise/server/authz/test/AuthorizationManagerBeanTest.java @@ -18,8 +18,10 @@ */ package org.rhq.enterprise.server.authz.test;
+import java.util.Arrays; import java.util.Collection; import java.util.EnumSet; +import java.util.List; import java.util.Set;
import javax.persistence.EntityManager; @@ -371,6 +373,41 @@ public class AuthorizationManagerBeanTest extends AbstractEJB3Test { } }
+ @Test + public void testCanViewResources() throws Exception { + getTransactionManager().begin(); + EntityManager entityMgr = getEntityManager(); + + try { + Subject subject = SessionTestHelper.createNewSubject(entityMgr, "testSubject"); + Subject anotherSubject = SessionTestHelper.createNewSubject(entityMgr, "anotherTestSubject"); + + Role roleWithSubject = SessionTestHelper.createNewRoleForSubject(entityMgr, subject, "role with subject"); + roleWithSubject.addPermission(Permission.VIEW_RESOURCE); + + Role roleWithoutSubject = SessionTestHelper.createNewRoleForSubject(entityMgr, anotherSubject, + "role without subject"); + + ResourceGroup group = SessionTestHelper.createNewCompatibleGroupForRole(entityMgr, roleWithSubject, + "accessible group"); + + Resource r1 = SessionTestHelper.createNewResourceForGroup(entityMgr, group, "r1"); + + entityMgr.flush(); + + List<Integer> resourceIds = Arrays.asList(r1.getId()); + + assertTrue( + "The subject should have permission to view the resources", + authorizationManager.canViewResources(subject, resourceIds) + ); + + } + finally { + getTransactionManager().rollback(); + } + } + /* * Test methods: getResourcePermissions(Subject, Resource) hasResourcePermission(Subject, Permission, Resource) * hasResourcePermission(Subject, Permission, Collection<Resource>)
rhq-commits@lists.fedorahosted.org