2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.aai.introspection.sideeffect;
23 import org.apache.commons.lang3.ObjectUtils;
24 import org.apache.tinkerpop.gremlin.structure.Vertex;
25 import org.onap.aai.exceptions.AAIException;
26 import org.onap.aai.introspection.Introspector;
27 import org.onap.aai.schema.enums.PropertyMetadata;
28 import org.onap.aai.serialization.db.DBSerializer;
29 import org.onap.aai.serialization.engines.TransactionalGraphEngine;
30 import org.springframework.util.CollectionUtils;
32 import java.util.Map.Entry;
33 import java.util.Optional;
35 public class OwnerCheck extends SideEffect {
37 public static final String READ_ONLY_SUFFIX = "_readOnly";
38 private static final String DATA_OWNER = "data-owner";
40 public OwnerCheck(Introspector obj, Vertex self, TransactionalGraphEngine dbEngine, DBSerializer serializer) {
41 super(obj, self, dbEngine, serializer);
45 protected void processURI(Optional<String> completeUri, Entry<String, String> entry)
47 if (!isAuthorized(serializer.getGroups(), self)) {
49 throw new AAIException("AAI_3304",
50 "Group(s) :" + serializer.getGroups() + " not authorized to perform function");
52 } //else skip processing because no required properties were specified
56 public static boolean isAuthorized(java.util.Set<String> groups, Vertex vertex) {
57 if (!CollectionUtils.isEmpty(groups)) {
58 Object dataOwnerProperty = vertex.property(DATA_OWNER).orElse(null);
59 if (ObjectUtils.isNotEmpty(dataOwnerProperty)) {
60 String dataOwner = dataOwnerProperty.toString();
61 String dataOwnerWithReadAccess = dataOwner + READ_ONLY_SUFFIX;
62 return groups.stream()
63 .anyMatch(group -> group.equals(dataOwner) || group.equals(dataOwnerWithReadAccess));
70 protected PropertyMetadata getPropertyMetadata() {
71 return PropertyMetadata.OWNER_CHECK;
75 protected boolean replaceWithWildcard() {