1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * ===========================================================================
\r
7 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
8 * * you may not use this file except in compliance with the License.
\r
9 * * You may obtain a copy of the License at
\r
11 * * http://www.apache.org/licenses/LICENSE-2.0
\r
13 * * Unless required by applicable law or agreed to in writing, software
\r
14 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
16 * * See the License for the specific language governing permissions and
\r
17 * * limitations under the License.
\r
18 * * ============LICENSE_END====================================================
\r
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
22 ******************************************************************************/
\r
23 package com.att.dao.aaf.hl;
\r
25 import java.util.ArrayList;
\r
26 import java.util.Date;
\r
27 import java.util.HashMap;
\r
28 import java.util.List;
\r
29 import java.util.Map;
\r
30 import java.util.Set;
\r
31 import java.util.TreeSet;
\r
33 import com.att.authz.env.AuthzTrans;
\r
34 import com.att.authz.layer.Result;
\r
35 import com.att.dao.aaf.cass.PermDAO;
\r
36 import com.att.dao.aaf.cass.RoleDAO;
\r
37 import com.att.dao.aaf.cass.Status;
\r
38 import com.att.dao.aaf.cass.UserRoleDAO;
\r
41 * PermLookup is a Storage class for the various pieces of looking up Permission
\r
42 * during Transactions to avoid duplicate processing
\r
46 // Package on purpose
\r
48 private AuthzTrans trans;
\r
49 private String user;
\r
51 private Result<List<UserRoleDAO.Data>> userRoles = null;
\r
52 private Result<List<RoleDAO.Data>> roles = null;
\r
53 private Result<Set<String>> permNames = null;
\r
54 private Result<List<PermDAO.Data>> perms = null;
\r
56 private PermLookup() {}
\r
58 static PermLookup get(AuthzTrans trans, Question q, String user) {
\r
60 Map<String, PermLookup> permMap = trans.get(Question.PERMS, null);
\r
61 if (permMap == null) {
\r
62 trans.put(Question.PERMS, permMap = new HashMap<String, PermLookup>());
\r
64 lp = permMap.get(user);
\r
68 lp = new PermLookup();
\r
72 permMap.put(user, lp);
\r
77 public Result<List<UserRoleDAO.Data>> getUserRoles() {
\r
78 if(userRoles==null) {
\r
79 userRoles = q.userRoleDAO.readByUser(trans,user);
\r
80 if(userRoles.isOKhasData()) {
\r
81 List<UserRoleDAO.Data> lurdd = new ArrayList<UserRoleDAO.Data>();
\r
82 Date now = new Date();
\r
83 for(UserRoleDAO.Data urdd : userRoles.value) {
\r
84 if(urdd.expires.after(now)) { // Remove Expired
\r
88 if(lurdd.size()==0) {
\r
89 return userRoles = Result.err(Status.ERR_UserNotFound,
\r
90 "%s not found or not associated with any Roles: ",
\r
93 return userRoles = Result.ok(lurdd);
\r
103 public Result<List<RoleDAO.Data>> getRoles() {
\r
105 Result<List<UserRoleDAO.Data>> rur = getUserRoles();
\r
107 List<RoleDAO.Data> lrdd = new ArrayList<RoleDAO.Data>();
\r
108 for (UserRoleDAO.Data urdata : rur.value) {
\r
109 // Gather all permissions from all Roles
\r
110 if(urdata.ns==null || urdata.rname==null) {
\r
111 trans.error().printf("DB Content Error: nulls in User Role %s %s", urdata.user,urdata.role);
\r
113 Result<List<RoleDAO.Data>> rlrd = q.roleDAO.read(
\r
114 trans, urdata.ns, urdata.rname);
\r
116 lrdd.addAll(rlrd.value);
\r
120 return roles = Result.ok(lrdd);
\r
122 return roles = Result.err(rur);
\r
129 public Result<Set<String>> getPermNames() {
\r
130 if(permNames==null) {
\r
131 Result<List<RoleDAO.Data>> rlrd = getRoles();
\r
133 Set<String> pns = new TreeSet<String>();
\r
134 for (RoleDAO.Data rdata : rlrd.value) {
\r
135 pns.addAll(rdata.perms(false));
\r
137 return permNames = Result.ok(pns);
\r
139 return permNames = Result.err(rlrd);
\r
146 public Result<List<PermDAO.Data>> getPerms(boolean lookup) {
\r
148 // Note: It should be ok for a Valid user to have no permissions -
\r
150 Result<Set<String>> rss = getPermNames();
\r
152 List<PermDAO.Data> lpdd = new ArrayList<PermDAO.Data>();
\r
153 for (String perm : rss.value) {
\r
155 Result<String[]> ap = PermDAO.Data.decodeToArray(trans, q, perm);
\r
157 Result<List<PermDAO.Data>> rlpd = q.permDAO.read(perm,trans,ap);
\r
158 if (rlpd.isOKhasData()) {
\r
159 for (PermDAO.Data pData : rlpd.value) {
\r
164 trans.error().log("In getPermsByUser, for", user, perm);
\r
167 Result<PermDAO.Data> pr = PermDAO.Data.decode(trans, q, perm);
\r
169 trans.error().log("In getPermsByUser, for", user, pr.errorString());
\r
171 lpdd.add(pr.value);
\r
176 return perms = Result.ok(lpdd);
\r
178 return perms = Result.err(rss);
\r