From: <rm...@hy...> - 2008-12-03 23:22:45
|
Author: rmorgan Date: 2008-12-03 15:22:40 -0800 (Wed, 03 Dec 2008) New Revision: 11958 URL: http://svn.hyperic.org/?view=rev&root=Hyperic+HQ&revision=11958 Modified: trunk/src/org/hyperic/hq/hqu/rendit_sys/metaclass/AppdefCategory.groovy trunk/src/org/hyperic/hq/hqu/rendit_sys/metaclass/ResourceCategory.groovy Log: Fix LazyInitializationException when finding resource children. Issue the perm check on each resource in a loop rather than using the grep() syntax. Change the checkPerm's to not attempt to create another session since it is not required. [HHQ-2679] [merge from 4.0] Modified: trunk/src/org/hyperic/hq/hqu/rendit_sys/metaclass/AppdefCategory.groovy =================================================================== --- trunk/src/org/hyperic/hq/hqu/rendit_sys/metaclass/AppdefCategory.groovy 2008-12-03 23:21:43 UTC (rev 11957) +++ trunk/src/org/hyperic/hq/hqu/rendit_sys/metaclass/AppdefCategory.groovy 2008-12-03 23:22:40 UTC (rev 11958) @@ -1,6 +1,5 @@ package org.hyperic.hq.hqu.rendit.metaclass -import org.hyperic.hq.hibernate.SessionManager import org.hyperic.hq.authz.server.session.Resource import org.hyperic.hq.authz.server.session.ResourceManagerEJBImpl as ResourceMan import org.hyperic.hq.appdef.server.session.AppdefResource @@ -40,27 +39,18 @@ if (p.permCheck == false) return r.resource - def result = [] - def runner = [ - getName:{'HQU Perm Check'}, - run:{ - PermissionManager permMan = PermManFactory.instance - - ['operation', 'user'].each {p.get(it, null)} - - def operation = r.getAuthzOp(p.operation) - def user = p.user - def resource = r.resource - def instanceId = resource.instanceId - assert instanceId == r.id - - permMan.check(user.id, resource.resourceType, instanceId, - operation) - result << r.resource - } - ] as SessionManager.SessionRunner - - SessionManager.runInSession(runner) - return result[0] + PermissionManager permMan = PermManFactory.instance + + ['operation', 'user'].each {p.get(it, null)} + + def operation = r.getAuthzOp(p.operation) + def user = p.user + def resource = r.resource + def instanceId = resource.instanceId + assert instanceId == r.id + + permMan.check(user.id, resource.resourceType, instanceId, + operation) + resource } } Modified: trunk/src/org/hyperic/hq/hqu/rendit_sys/metaclass/ResourceCategory.groovy =================================================================== --- trunk/src/org/hyperic/hq/hqu/rendit_sys/metaclass/ResourceCategory.groovy 2008-12-03 23:21:43 UTC (rev 11957) +++ trunk/src/org/hyperic/hq/hqu/rendit_sys/metaclass/ResourceCategory.groovy 2008-12-03 23:22:40 UTC (rev 11958) @@ -37,6 +37,7 @@ import org.hyperic.hq.hqu.rendit.helpers.ResourceHelper import org.hyperic.hq.auth.shared.SessionManager import org.hyperic.hq.events.AlertSeverity +import org.hyperic.hq.authz.shared.PermissionException /** * This class provides tonnes of abstractions over the Appdef layer. @@ -312,19 +313,24 @@ def res = [] if (isPlatform(r)) { def plat = toPlatform(r) - def servers = plat.servers.grep { - it.checkPerms(operation: 'view', user:user) + plat.servers.each { + try { + def resource = it.checkPerms(operation: 'view', user:user) + res.add(resource) + } catch (PermissionException e) { + // Ignore + } } - - res.addAll(servers*.resource) - res.addAll(svcMan.getPlatformServices(user, r.instanceId)*.resource) } else if (isServer(r)) { def svr = toServer(r) - def services = svr.services.grep { - it.checkPerms(operation: 'view', user:user) + svr.services.each { + try { + def resource = it.checkPerms(operation: 'view', user:user) + res.add(resource) + } catch (PermissionException e) { + // Ignore + } } - - res.addAll(services*.resource) } res } |