Author: dcrutchf Date: 2010-02-09 17:02:28 -0800 (Tue, 09 Feb 2010) New Revision: 14270 URL: http://svn.hyperic.org/?view=rev&root=Hyperic+HQ&revision=14270 Modified: trunk/src/org/hyperic/hq/events/server/session/AlertDefinitionManagerEJBImpl.java trunk/src/org/hyperic/hq/events/server/session/AlertManagerEJBImpl.java trunk/src/org/hyperic/hq/events/server/session/SessionBase.java trunk/src/org/hyperic/hq/ui/AttrConstants.java trunk/src/org/hyperic/hq/ui/action/resource/common/monitor/alerts/config/ViewDefinitionAction.java trunk/web/css/HQ_40.css trunk/web/resource/common/monitor/alerts/config/ViewDefinitionProperties.jsp Log: Fixed an issue found by running the hqapi integration tests Also refactored a bit to make things a bit clearer Modified: trunk/src/org/hyperic/hq/events/server/session/AlertDefinitionManagerEJBImpl.java =================================================================== --- trunk/src/org/hyperic/hq/events/server/session/AlertDefinitionManagerEJBImpl.java 2010-02-09 17:56:00 UTC (rev 14269) +++ trunk/src/org/hyperic/hq/events/server/session/AlertDefinitionManagerEJBImpl.java 2010-02-10 01:02:28 UTC (rev 14270) @@ -216,14 +216,13 @@ PermissionException { if (EventConstants.TYPE_ALERT_DEF_ID.equals(a.getParentId())) { - // ...check that user has modify permission on alert definition's resource... - canModifyAlertDefinition(subj, new AppdefEntityTypeID(a.getAppdefType(), - a.getAppdefId())); + // ...check that user has access to resource type alert definitions alert definition's resource... + canCreateResourceTypeAlertDefinitionTemplate(subj); // Subject permissions should have already been checked when creating // the parent (resource type) alert definition. } else if (!a.parentIdHasBeenSet()) { - // ...check that user has modify permission on alert definition's resource... - canModifyAlertDefinition(subj, new AppdefEntityID(a.getAppdefType(), + // ...check that user has create permission on alert definition's resource... + canCreateAlertDefinition(subj, new AppdefEntityID(a.getAppdefType(), a.getAppdefId())); } @@ -765,8 +764,8 @@ continue; } - // ...check that user has modify permission on alert definitions... - canModifyAlertDefinition(subj, alertDefinition.getAppdefEntityId()); + // ...check that user has delete permission on alert definitions... + canDeleteAlertDefinition(subj, alertDefinition.getAppdefEntityId()); AlertAudit.deleteAlert(alertDefinition, subj); Modified: trunk/src/org/hyperic/hq/events/server/session/AlertManagerEJBImpl.java =================================================================== --- trunk/src/org/hyperic/hq/events/server/session/AlertManagerEJBImpl.java 2010-02-09 17:56:00 UTC (rev 14269) +++ trunk/src/org/hyperic/hq/events/server/session/AlertManagerEJBImpl.java 2010-02-10 01:02:28 UTC (rev 14270) @@ -183,8 +183,8 @@ */ public int deleteAlerts(AuthzSubject subj, AppdefEntityID id) throws PermissionException { - // ...check that user has modify permission on alert definition's resource... - canModifyAlertDefinition(subj, id); + // ...check that user has delete permission on alert definition's resource... + canDeleteAlertDefinition(subj, id); return getAlertDAO().deleteByResource(findResource(id)); } @@ -196,8 +196,8 @@ */ public int deleteAlerts(AuthzSubject subj, AlertDefinition ad) throws RemoveException, PermissionException { - // ...check that user has modify permission on alert definition's resource... - canModifyAlertDefinition(subj, ad.getAppdefEntityId()); + // ...check that user has delete permission on alert definition's resource... + canDeleteAlertDefinition(subj, ad.getAppdefEntityId()); return getAlertDAO().deleteByAlertDefinition(ad); } Modified: trunk/src/org/hyperic/hq/events/server/session/SessionBase.java =================================================================== --- trunk/src/org/hyperic/hq/events/server/session/SessionBase.java 2010-02-09 17:56:00 UTC (rev 14269) +++ trunk/src/org/hyperic/hq/events/server/session/SessionBase.java 2010-02-10 01:02:28 UTC (rev 14270) @@ -138,23 +138,26 @@ String rtName, Integer instId, String opName) throws PermissionException { - PermissionManager permMgr = PermissionManagerFactory.getInstance(); - - if (!resourceTypes.containsKey(rtName)) { - resourceTypes.put(rtName, - new ResourceTypeDAO(DAOFactory.getDAOFactory()).findByName(rtName)); + // ...check permission if user is NOT a super user... + if (!PermissionManagerFactory.getInstance().hasAdminPermission(subjectId)) { + PermissionManager permMgr = PermissionManagerFactory.getInstance(); + + if (!resourceTypes.containsKey(rtName)) { + resourceTypes.put(rtName, + new ResourceTypeDAO(DAOFactory.getDAOFactory()).findByName(rtName)); + } + ResourceType resType = (ResourceType) resourceTypes.get(rtName); + + if (!operations.containsKey(opName)) { + operations.put(opName, + new OperationDAO(DAOFactory.getDAOFactory()) + .findByTypeAndName(resType, opName)); + } + Operation operation = (Operation) operations.get(opName); + + permMgr.check(subjectId, resType.getId(), instId, operation.getId()); + // Permission Check Succesful } - ResourceType resType = (ResourceType) resourceTypes.get(rtName); - - if (!operations.containsKey(opName)) { - operations.put(opName, - new OperationDAO(DAOFactory.getDAOFactory()) - .findByTypeAndName(resType, opName)); - } - Operation operation = (Operation) operations.get(opName); - - permMgr.check(subjectId, resType.getId(), instId, operation.getId()); - // Permission Check Succesful } protected Resource findResource(AppdefEntityID id) { @@ -163,27 +166,78 @@ private static ResourceOperationsHelper resourceOperationsHelper = new ResourceOperationsHelper(); - public static void canViewResourceTypeAlertDefinition(AuthzSubject user, AppdefEntityTypeID entityTypeId) + public static void canViewResourceTypeAlertDefinitionTemplate(AuthzSubject user) throws PermissionException { + // ...right now, you have to be a member of the super user's role to do anything with + // resource type alert templates... + // TODO ...if this changes in the future, we can make the change here and the rest should just work... if (!PermissionManagerFactory.getInstance().hasAdminPermission(user.getId())) { throw new PermissionException("User must be in Super User role to manage resource type alert definitions"); } } + public static void canModifyResourceTypeAlertDefinitionTemplate(AuthzSubject user) + throws PermissionException { + // ...right now, you have to be a member of the super user's role to do anything with + // resource type alert templates... + // TODO ...if this changes in the future, we can make the change here and the rest should just work... + if (!PermissionManagerFactory.getInstance().hasAdminPermission(user.getId())) { + throw new PermissionException("User must be in Super User role to manage resource type alert definitions"); + } + } + + public static void canCreateResourceTypeAlertDefinitionTemplate(AuthzSubject user) + throws PermissionException { + // ...right now, you have to be a member of the super user's role to do anything with + // resource type alert templates... + // TODO ...if this changes in the future, we can make the change here and the rest should just work... + if (!PermissionManagerFactory.getInstance().hasAdminPermission(user.getId())) { + throw new PermissionException("User must be in Super User role to manage resource type alert definitions"); + } + } + + public static void canDeleteResourceTypeAlertDefinitionTemplate(AuthzSubject user) + throws PermissionException { + // ...right now, you have to be a member of the super user's role to do anything with + // resource type alert templates... + // TODO ...if this changes in the future, we can make the change here and the rest should just work... + if (!PermissionManagerFactory.getInstance().hasAdminPermission(user.getId())) { + throw new PermissionException("User must be in Super User role to manage resource type alert definitions"); + } + } + public static void canViewAlertDefinition(AuthzSubject user, AppdefEntityID entityId) throws PermissionException { // ...we need to check the resource associated with the alert definition to determine - // if the user can view the alert definition, must have read permission on resource... + // if the user can view the alert definition. Must have read permission on resource... checkAlertDefinitionPermission(user, entityId, resourceOperationsHelper.getReadOperation(entityId.getType())); } public static void canModifyAlertDefinition(AuthzSubject user, AppdefEntityID entityId) throws PermissionException { // ...we need to check the resource associated with the alert definition to determine - // if the user can modify the alert definition... + // if the user can modify the alert definition. Must have modify permission on resource... checkAlertDefinitionPermission(user, entityId, resourceOperationsHelper.getUpdateOperation(entityId.getType())); } + public static void canCreateAlertDefinition(AuthzSubject user, AppdefEntityID entityId) + throws PermissionException { + // ...we need to check the resource associated with the alert definition to determine + // if the user can modify the alert definition. Must have modify permission on resource... + // TODO ...If we introduce finer grained permission for Alert definition, we can make the change here + // and the rest should just work... + checkAlertDefinitionPermission(user, entityId, resourceOperationsHelper.getUpdateOperation(entityId.getType())); + } + + public static void canDeleteAlertDefinition(AuthzSubject user, AppdefEntityID entityId) + throws PermissionException { + // ...we need to check the resource associated with the alert definition to determine + // if the user can modify the alert definition. Must have modify permission on resource... + // TODO ...If we introduce finer grained permission for Alert definition, we can make the change here + // and the rest should just work... + checkAlertDefinitionPermission(user, entityId, resourceOperationsHelper.getUpdateOperation(entityId.getType())); + } + private static void checkAlertDefinitionPermission(AuthzSubject user, AppdefEntityID id, String operationName) throws PermissionException { int resourceType = id.getType(); Modified: trunk/src/org/hyperic/hq/ui/AttrConstants.java =================================================================== --- trunk/src/org/hyperic/hq/ui/AttrConstants.java 2010-02-09 17:56:00 UTC (rev 14269) +++ trunk/src/org/hyperic/hq/ui/AttrConstants.java 2010-02-10 01:02:28 UTC (rev 14270) @@ -463,7 +463,7 @@ public static final String CAN_TAKE_ACTION_ON_ALERT_ATTR = "canTakeAction"; public static final String CAN_MODIFY_ALERT_ATTR = "canModify"; - public static final String IS_SUPER_USER = "isSuperUser"; + public static final String CAN_VIEW_RESOURCE_TYPE_ALERT_TEMPLATE_ATTR = "canViewResourceTypeAlertTemplate"; /** * The request or session scope attribute under which actions Modified: trunk/src/org/hyperic/hq/ui/action/resource/common/monitor/alerts/config/ViewDefinitionAction.java =================================================================== --- trunk/src/org/hyperic/hq/ui/action/resource/common/monitor/alerts/config/ViewDefinitionAction.java 2010-02-09 17:56:00 UTC (rev 14269) +++ trunk/src/org/hyperic/hq/ui/action/resource/common/monitor/alerts/config/ViewDefinitionAction.java 2010-02-10 01:02:28 UTC (rev 14270) @@ -38,6 +38,7 @@ import org.apache.struts.action.ActionMapping; import org.apache.struts.tiles.actions.TilesAction; import org.hyperic.hq.appdef.shared.AppdefEntityID; +import org.hyperic.hq.appdef.shared.AppdefEntityTypeID; import org.hyperic.hq.authz.server.session.AuthzSubject; import org.hyperic.hq.authz.server.session.RoleManagerEJBImpl; import org.hyperic.hq.authz.shared.PermissionException; @@ -143,10 +144,18 @@ AuthzBoss authzBoss = ContextUtils.getAuthzBoss(ctx); AuthzSubject subject = authzBoss.getCurrentSubject(sessionID); - if (PermissionManagerFactory.getInstance().hasAdminPermission(subject.getId())) { - request.setAttribute(Constants.IS_SUPER_USER, true); - } else { - request.setAttribute(Constants.IS_SUPER_USER, false); + try { + request.setAttribute(Constants.CAN_VIEW_RESOURCE_TYPE_ALERT_TEMPLATE_ATTR, false); + + // ...is this alert definition spawned from a resource alert template?.. + if (adv.getParentId() > 0) { + // ...if so, check to see if we have permission to view it... + SessionBase.canViewResourceTypeAlertDefinitionTemplate(subject); + + request.setAttribute(Constants.CAN_VIEW_RESOURCE_TYPE_ALERT_TEMPLATE_ATTR, true); + } + } catch(PermissionException pe) { + // ...no permission, keep it moving... } SessionBase.canModifyAlertDefinition(subject, new AppdefEntityID(adv.getAppdefType(), adv.getAppdefId())); Modified: trunk/web/css/HQ_40.css =================================================================== --- trunk/web/css/HQ_40.css 2010-02-09 17:56:00 UTC (rev 14269) +++ trunk/web/css/HQ_40.css 2010-02-10 01:02:28 UTC (rev 14270) @@ -2388,7 +2388,7 @@ -moz-border-radius: 4px; -webkit-border-radius: 4px; border-radius: 3px; - padding: 3px 5px; + padding: 3px 15px; cursor:pointer; } Modified: trunk/web/resource/common/monitor/alerts/config/ViewDefinitionProperties.jsp =================================================================== --- trunk/web/resource/common/monitor/alerts/config/ViewDefinitionProperties.jsp 2010-02-09 17:56:00 UTC (rev 14269) +++ trunk/web/resource/common/monitor/alerts/config/ViewDefinitionProperties.jsp 2010-02-10 01:02:28 UTC (rev 14270) @@ -56,7 +56,7 @@ <tr valign="top"> <td width="20%" class="BlockLabel"><fmt:message key="common.label.Name"/></td> <td width="30%" class="BlockContent"><c:out value="${alertDef.name}"/> - <c:if test="${alertDef.parentId > 0 && isSuperUser}"> + <c:if test="${canViewResourceTypeAlertTemplate}"> <br/> <html:link page="/alerts/Config.do?mode=viewDefinition&aetid=${Resource.appdefResourceTypeValue.appdefTypeKey}&ad=${alertDef.parentId}"> <fmt:message key="alert.config.props.PB.ViewTypeDef"/> |