2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.auth.dao.hl;
24 import java.util.ArrayList;
25 import java.util.Date;
26 import java.util.HashMap;
27 import java.util.List;
30 import java.util.TreeMap;
31 import java.util.TreeSet;
33 import org.onap.aaf.auth.dao.cass.PermDAO;
34 import org.onap.aaf.auth.dao.cass.RoleDAO;
35 import org.onap.aaf.auth.dao.cass.Status;
36 import org.onap.aaf.auth.dao.cass.UserRoleDAO;
37 import org.onap.aaf.auth.env.AuthzTrans;
38 import org.onap.aaf.auth.layer.Result;
41 * PermLookup is a Storage class for the various pieces of looking up Permission
42 * during Transactions to avoid duplicate processing
48 public class PermLookup {
49 private AuthzTrans trans;
52 private Result<List<UserRoleDAO.Data>> userRoles = null;
53 private Result<List<RoleDAO.Data>> roles = null;
54 private Result<Set<String>> permNames = null;
55 private Result<List<PermDAO.Data>> perms = null;
57 private PermLookup() {}
59 public static PermLookup get(AuthzTrans trans, Question q, String user) {
61 Map<String, PermLookup> permMap = trans.get(Question.PERMS, null);
62 if (permMap == null) {
63 trans.put(Question.PERMS, permMap = new HashMap<>());
65 lp = permMap.get(user);
69 lp = new PermLookup();
73 permMap.put(user, lp);
78 public Result<List<UserRoleDAO.Data>> getUserRoles() {
79 if (userRoles==null) {
80 userRoles = q.userRoleDAO().readByUser(trans,user);
81 if (userRoles.isOKhasData()) {
82 List<UserRoleDAO.Data> lurdd = new ArrayList<>();
83 Date now = new Date();
84 for (UserRoleDAO.Data urdd : userRoles.value) {
85 if (urdd.expires.after(now)) { // Remove Expired
89 if (lurdd.size()==0) {
90 return userRoles = Result.err(Status.ERR_UserNotFound,
91 "%s not found or not associated with any Roles: ",
94 return userRoles = Result.ok(lurdd);
104 public Result<List<RoleDAO.Data>> getRoles() {
106 Result<List<UserRoleDAO.Data>> rur = getUserRoles();
108 List<RoleDAO.Data> lrdd = new ArrayList<>();
109 for (UserRoleDAO.Data urdata : rur.value) {
110 // Gather all permissions from all Roles
111 if (urdata.ns==null || urdata.rname==null) {
112 return Result.err(Status.ERR_BadData,"DB Content Error: nulls in User Role %s %s", urdata.user,urdata.role);
114 Result<List<RoleDAO.Data>> rlrd = q.roleDAO().read(
115 trans, urdata.ns, urdata.rname);
117 lrdd.addAll(rlrd.value);
121 return roles = Result.ok(lrdd);
123 return roles = Result.err(rur);
130 public Result<Set<String>> getPermNames() {
131 if (permNames==null) {
132 Result<List<RoleDAO.Data>> rlrd = getRoles();
134 Set<String> pns = new TreeSet<>();
135 for (RoleDAO.Data rdata : rlrd.value) {
136 pns.addAll(rdata.perms(false));
138 return permNames = Result.ok(pns);
140 return permNames = Result.err(rlrd);
147 public Result<List<PermDAO.Data>> getPerms(boolean lookup) {
149 // Note: It should be ok for a Valid user to have no permissions -
150 // Jonathan 8/12/2013
151 Result<Set<String>> rss = getPermNames();
153 List<PermDAO.Data> lpdd = new ArrayList<>();
154 for (String perm : rss.value) {
156 Map<String,PermDAO.Data> mspdd = new TreeMap<>();
157 Result<String[]> ap = PermDAO.Data.decodeToArray(trans, q, perm);
160 Result<List<PermDAO.Data>> rlpd = q.permDAO().read(perm,trans,ap.value);
161 if (rlpd.isOKhasData()) {
162 for (PermDAO.Data pData : rlpd.value) {
163 // ONLY add perms/roles which are related to this lookup
164 for(String pdr : pData.roles(false)) {
165 for(RoleDAO.Data r : roles.value) {
166 if(pdr.equals(r.encode())) {
167 PermDAO.Data pdd = mspdd.get(pData.fullPerm());
169 pdd = new PermDAO.Data();
171 pdd.type = pData.type;
172 pdd.instance = pData.instance;
173 pdd.action = pData.action;
174 pdd.description = pData.description;
177 pdd.roles(true).add(pdr);
185 trans.error().log("In getPermsByUser, for", user, perm);
188 Result<PermDAO.Data> pr = PermDAO.Data.decode(trans, q, perm);
190 trans.error().log("In getPermsByUser, for", user, pr.errorString());
197 return perms = Result.ok(lpdd);
199 return perms = Result.err(rss);