2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
21 package org.onap.aaf.auth.batch.approvalsets;
23 import java.io.IOException;
24 import java.util.Date;
25 import java.util.GregorianCalendar;
26 import java.util.List;
28 import org.onap.aaf.auth.batch.helpers.Approval;
29 import org.onap.aaf.auth.dao.cass.ApprovalDAO;
30 import org.onap.aaf.auth.dao.cass.NsDAO;
31 import org.onap.aaf.auth.dao.cass.RoleDAO;
32 import org.onap.aaf.auth.dao.cass.UserRoleDAO;
33 import org.onap.aaf.auth.dao.cass.UserRoleDAO.Data;
34 import org.onap.aaf.auth.dao.hl.Function.FUTURE_OP;
35 import org.onap.aaf.auth.env.AuthzTrans;
36 import org.onap.aaf.auth.layer.Result;
37 import org.onap.aaf.auth.org.Organization;
38 import org.onap.aaf.auth.org.Organization.Identity;
39 import org.onap.aaf.auth.org.OrganizationException;
40 import org.onap.aaf.cadi.CadiException;
41 import org.onap.aaf.misc.env.util.Chrono;
43 public class URApprovalSet extends ApprovalSet {
44 private static final String FMT_SUFFIX = "%s] - Expires %s";
45 private static final String EXTEND_ACCESS_FMT = Approval.RE_APPROVAL_IN_ROLE + "%s] to Role [" + FMT_SUFFIX;
46 private static final String REVALIDATE_AS_ADMIN_FMT = Approval.RE_VALIDATE_ADMIN + FMT_SUFFIX;
47 private static final String REVALIDATE_AS_OWNER_FMT = Approval.RE_VALIDATE_OWNER + FMT_SUFFIX;
49 public URApprovalSet(final AuthzTrans trans, final GregorianCalendar start, final DataView dv, final Loader<UserRoleDAO.Data> lurdd) throws IOException, CadiException {
50 super(start, "user_role", dv);
51 Organization org = trans.org();
52 UserRoleDAO.Data urdd = lurdd.load();
53 setConstruct(urdd.bytify());
54 setMemo(getMemo(urdd));
55 GregorianCalendar expires = org.expiration(null, Organization.Expiration.UserInRole);
56 if(urdd.expires.before(expires.getTime())) {
57 expires.setTime(urdd.expires);
60 setTargetKey(urdd.user+'|'+urdd.role);
61 setTargetDate(urdd.expires);
63 Result<RoleDAO.Data> r = dv.roleByName(trans, urdd.role);
64 if(r.notOKorIsEmpty()) {
65 throw new CadiException(r.errorString());
67 Result<NsDAO.Data> n = dv.ns(trans, urdd.ns);
68 if(n.notOKorIsEmpty()) {
69 throw new CadiException(n.errorString());
71 UserRoleDAO.Data found = null;
72 Result<List<Data>> lur = dv.ursByRole(trans, urdd.role);
74 for(UserRoleDAO.Data ur : lur.value) {
75 if(urdd.user.equals(ur.user)) {
82 throw new CadiException(String.format("User '%s' in Role '%s' does not exist", urdd.user,urdd.role));
85 // Primarily, Owners are responsible, unless it's owned by self
86 boolean isOwner = false;
87 Result<List<UserRoleDAO.Data>> owners = dv.ursByRole(trans, urdd.ns+".owner");
89 for(UserRoleDAO.Data owner : owners.value) {
90 if(urdd.user.equals(owner.user)) {
93 ApprovalDAO.Data add = newApproval(urdd);
94 add.approver = owner.user;
103 List<Identity> apprs = org.getApprovers(trans, urdd.user);
105 for(Identity i : apprs) {
106 ApprovalDAO.Data add = newApproval(urdd);
107 add.approver = i.fullID();
108 add.type = org.getApproverType();
112 } catch (OrganizationException e) {
113 throw new CadiException(e);
118 private void setTargetDate(Date expires) {
119 fdd.target_date = expires;
122 private void setTargetKey(String key) {
123 fdd.target_key = key;
126 private ApprovalDAO.Data newApproval(UserRoleDAO.Data urdd) {
127 ApprovalDAO.Data add = new ApprovalDAO.Data();
128 add.id = Chrono.dateToUUID(System.currentTimeMillis());
130 add.user = urdd.user;
131 add.operation = FUTURE_OP.A.name();
132 add.status = ApprovalDAO.PENDING;
133 add.memo = getMemo(urdd);
137 private String getMemo(Data urdd) {
140 return String.format(REVALIDATE_AS_OWNER_FMT,urdd.ns,Chrono.dateOnlyStamp(urdd.expires));
142 return String.format(REVALIDATE_AS_ADMIN_FMT,urdd.ns,Chrono.dateOnlyStamp(urdd.expires));
144 return String.format(EXTEND_ACCESS_FMT,
147 Chrono.dateOnlyStamp(urdd.expires));