fix db migration logic, list permissions with keys

klaus.freitas.scclouds · klaus.freitas.scclouds · commit 61e09400fde7 · 2024-10-23T09:21:08.000-03:00
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/admin/user/DeleteUserKeysCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/admin/user/DeleteUserKeysCmd.java
@@ -33,7 +33,7 @@
 public class DeleteUserKeysCmd extends BaseAsyncCmd {
 
     @ACL
-    @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = ApiKeyPairResponse.class, required = true, description = "ID of the keypair to be deleted.")
+    @Parameter(name = ApiConstants.KEYPAIR_ID, type = CommandType.UUID, entityType = ApiKeyPairResponse.class, required = true, description = "ID of the keypair to be deleted.")
     private Long id;
 
     @Override
diff --git a/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41910to42000.java b/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41910to42000.java
@@ -64,7 +64,7 @@ public InputStream[] getPrepareScripts() {
     private void performKeyPairMigration(Connection conn) throws SQLException {
         try {
             logger.debug("Performing keypair migration from user table to api_keypair table.");
-            PreparedStatement pstmt = conn.prepareStatement("SELECT u.id, u.api_key, u.secret_key, a.domain_id, u.id FROM `cloud`.`user` AS u JOIN `cloud`.`account` AS a " +
+            PreparedStatement pstmt = conn.prepareStatement("SELECT u.id, u.api_key, u.secret_key, a.domain_id, u.account_id FROM `cloud`.`user` AS u JOIN `cloud`.`account` AS a " +
                     "ON u.account_id = a.id WHERE u.api_key IS NOT NULL AND u.secret_key IS NOT NULL");
             ResultSet resultSet = pstmt.executeQuery();
 
diff --git a/server/src/main/java/com/cloud/user/AccountManagerImpl.java b/server/src/main/java/com/cloud/user/AccountManagerImpl.java
@@ -80,6 +80,7 @@
 import org.apache.cloudstack.api.command.admin.user.RegisterUserKeysCmd;
 import org.apache.cloudstack.api.command.admin.user.UpdateUserCmd;
 import org.apache.cloudstack.api.response.ApiKeyPairResponse;
+import org.apache.cloudstack.api.response.BaseRolePermissionResponse;
 import org.apache.cloudstack.api.response.ListResponse;
 import org.apache.cloudstack.api.response.UserTwoFactorAuthenticationSetupResponse;
 import org.apache.cloudstack.auth.UserAuthenticator;
@@ -2987,20 +2988,6 @@ private Boolean isApiKeySupersetOfPermission(List<RolePermissionEntity> baseKeyP
         return roleService.roleHasPermission(apiNameToBaseKeyPermissions, comparedPermissions);
     }
 
-    private Boolean validatePermission(List<RolePermissionEntity> supersetPermissions, RolePermissionEntity comparedPermission) {
-        for (RolePermissionEntity supersetPermission : supersetPermissions) {
-            if (!supersetPermission.getRule().matches(comparedPermission.getRule().getRuleString())) {
-                continue;
-            }
-
-            if (!supersetPermission.getPermission().equals(RolePermissionEntity.Permission.ALLOW) && (comparedPermission.getPermission() == RolePermissionEntity.Permission.ALLOW)) {
-                return false;
-            }
-            return true;
-        }
-        return false;
-    }
-
     private void markExpiredKeysWithStateExpired(ApiKeyPair apiKeyPair) {
         if (apiKeyPair.hasEndDatePassed()) {
             internalDeleteApiKey(apiKeyPair);
@@ -3073,6 +3060,18 @@ private void addKeypairResponse(ApiKeyPair keyPair, List<ApiKeyPairResponse> res
             return;
         }
         ApiKeyPairResponse response = cmd._responseGenerator.createKeyPairResponse(keyPair);
+        if (Boolean.TRUE.equals(cmd.getShowPermissions())) {
+            Account account = _accountDao.findById(keyPair.getAccountId());
+            List<ApiKeyPairPermission> apiKeyPairPermissions = apiKeyPairService.findAllPermissionsByKeyPairId(keyPair.getId(), account.getRoleId());
+            response.setPermissions(apiKeyPairPermissions.stream().map(apiKeyPairPermission -> {
+                BaseRolePermissionResponse rolePermissionResponse = new BaseRolePermissionResponse();
+                rolePermissionResponse.setRule(apiKeyPairPermission.getRule());
+                rolePermissionResponse.setDescription(apiKeyPairPermission.getDescription());
+                rolePermissionResponse.setRulePermission(apiKeyPairPermission.getPermission());
+
+                return rolePermissionResponse;
+            }).collect(Collectors.toList()));
+        }
         response.setObjectName(ApiConstants.USER_API_KEY);
         responses.add(response);
     }
