Versions Compared

Old Version 14

changes.mady.by.user Prachi Damle

Saved on

compared with

New Version Current

changes.mady.by.user Min Chen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

Code Block
        Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject = new Ternary<Long, Boolean, ListProjectResourcesCriteria>(cmd.getDomainId(), cmd.isRecursive(), null);
        _accountMgr.buildACLSearchParameters(caller, id, cmd.getAccountName(), cmd.getProjectId(), permittedDomains, permittedAccounts, permittedResources, domainIdRecursiveListProject, cmd.listAll(), false, "listFirewallRules");
		.......
        SearchBuilder<FirewallRuleVO> sb = _firewallDao.createSearchBuilder();
        _accountMgr.buildACLSearchBuilder(sb, isRecursive, permittedDomains, permittedAccounts, permittedResources, listProjectResourcesCriteria);
		......
        SearchCriteria<FirewallRuleVO> sc = sb.create();
        _accountMgr.buildACLSearchCriteria(sc, isRecursive, permittedDomains, permittedAccounts, permittedResources, listProjectResourcesCriteria);

 

 

Command and Response View Separation

For some commands that can be invoked by both admin and user, if you want to provide different response contents to root admin and non-root user, for example, some response fields are only visible to root admin. We have defined two enumeration types (ResponseView.Full and ResponseView.Restricted) for these two types of response views. You should split your API command to two classes: API for admin that will return Full response view and may take additional admin-only parameters and API for user that will return Restricted response view. For example, previous ListVMsCmd has been splitted into two classes: ListVMsCmdByAdmin and ListVMsCmd. The naming convention is that the API command class that returns Full response view should have a suffix "ByAdmin". We also introduced a new annotation (responseView) in @APICommand to specify which response view should be returned from this command. Normally, ***ByAdmin class can be extended from its restricted view class. Here is an example of this command split and response view annotation:

Code Block
@APICommand(name = "listVirtualMachines", description = "List the virtual machines owned by the account.", responseObject = UserVmResponse.class, responseView = ResponseView.Restricted, 
entityType = { VirtualMachine.class })
public class ListVMsCmd extends BaseListTaggedResourcesCmd {
......
}
 
@APICommand(name = "listVirtualMachines", description = "List the virtual machines owned by the account.", responseObject = UserVmResponse.class, responseView = ResponseView.Full)
public class ListVMsCmdByAdmin extends ListVMsCmd {
    /////////////////////////////////////////////////////
    //////////////// API parameters /////////////////////
    /////////////////////////////////////////////////////
 
    @Parameter(name=ApiConstants.HOST_ID, type=CommandType.UUID, entityType=HostResponse.class,
            description="the host ID")
    private Long hostId;
 
    @Parameter(name=ApiConstants.POD_ID, type=CommandType.UUID, entityType=PodResponse.class,
            description="the pod ID")
    private Long podId;
 
    @Parameter(name=ApiConstants.STORAGE_ID, type=CommandType.UUID, entityType=StoragePoolResponse.class,
            description="the storage ID where vm's volumes belong to")
    private Long storageId;
}

In execute() of these two command classes, we should make a distinction to create different response content based on responseView annotation.