1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * Copyright © 2017 Amdocs
\r
7 * * ===========================================================================
\r
8 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
9 * * you may not use this file except in compliance with the License.
\r
10 * * You may obtain a copy of the License at
\r
12 * * http://www.apache.org/licenses/LICENSE-2.0
\r
14 * * Unless required by applicable law or agreed to in writing, software
\r
15 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
16 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
17 * * See the License for the specific language governing permissions and
\r
18 * * limitations under the License.
\r
19 * * ============LICENSE_END====================================================
\r
21 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
23 ******************************************************************************/
\r
24 package com.att.dao.aaf.hl;
\r
26 import java.util.ArrayList;
\r
27 import java.util.Date;
\r
28 import java.util.HashMap;
\r
29 import java.util.List;
\r
30 import java.util.Map;
\r
31 import java.util.Set;
\r
32 import java.util.TreeSet;
\r
34 import com.att.authz.env.AuthzTrans;
\r
35 import com.att.authz.layer.Result;
\r
36 import com.att.dao.aaf.cass.PermDAO;
\r
37 import com.att.dao.aaf.cass.RoleDAO;
\r
38 import com.att.dao.aaf.cass.Status;
\r
39 import com.att.dao.aaf.cass.UserRoleDAO;
\r
42 * PermLookup is a Storage class for the various pieces of looking up Permission
\r
43 * during Transactions to avoid duplicate processing
\r
47 // Package on purpose
\r
49 private AuthzTrans trans;
\r
50 private String user;
\r
52 private Result<List<UserRoleDAO.Data>> userRoles = null;
\r
53 private Result<List<RoleDAO.Data>> roles = null;
\r
54 private Result<Set<String>> permNames = null;
\r
55 private Result<List<PermDAO.Data>> perms = null;
\r
57 private PermLookup() {}
\r
59 static PermLookup get(AuthzTrans trans, Question q, String user) {
\r
61 Map<String, PermLookup> permMap = trans.get(Question.PERMS, null);
\r
62 if (permMap == null) {
\r
63 trans.put(Question.PERMS, permMap = new HashMap<String, PermLookup>());
\r
65 lp = permMap.get(user);
\r
69 lp = new PermLookup();
\r
73 permMap.put(user, lp);
\r
78 public Result<List<UserRoleDAO.Data>> getUserRoles() {
\r
79 if(userRoles==null) {
\r
80 userRoles = q.userRoleDAO.readByUser(trans,user);
\r
81 if(userRoles.isOKhasData()) {
\r
82 List<UserRoleDAO.Data> lurdd = new ArrayList<UserRoleDAO.Data>();
\r
83 Date now = new Date();
\r
84 for(UserRoleDAO.Data urdd : userRoles.value) {
\r
85 if(urdd.expires.after(now)) { // Remove Expired
\r
89 if(lurdd.size()==0) {
\r
90 return userRoles = Result.err(Status.ERR_UserNotFound,
\r
91 "%s not found or not associated with any Roles: ",
\r
94 return userRoles = Result.ok(lurdd);
\r
104 public Result<List<RoleDAO.Data>> getRoles() {
\r
106 Result<List<UserRoleDAO.Data>> rur = getUserRoles();
\r
108 List<RoleDAO.Data> lrdd = new ArrayList<RoleDAO.Data>();
\r
109 for (UserRoleDAO.Data urdata : rur.value) {
\r
110 // Gather all permissions from all Roles
\r
111 if(urdata.ns==null || urdata.rname==null) {
\r
112 trans.error().printf("DB Content Error: nulls in User Role %s %s", urdata.user,urdata.role);
\r
114 Result<List<RoleDAO.Data>> rlrd = q.roleDAO.read(
\r
115 trans, urdata.ns, urdata.rname);
\r
117 lrdd.addAll(rlrd.value);
\r
121 return roles = Result.ok(lrdd);
\r
123 return roles = Result.err(rur);
\r
130 public Result<Set<String>> getPermNames() {
\r
131 if(permNames==null) {
\r
132 Result<List<RoleDAO.Data>> rlrd = getRoles();
\r
134 Set<String> pns = new TreeSet<String>();
\r
135 for (RoleDAO.Data rdata : rlrd.value) {
\r
136 pns.addAll(rdata.perms(false));
\r
138 return permNames = Result.ok(pns);
\r
140 return permNames = Result.err(rlrd);
\r
147 public Result<List<PermDAO.Data>> getPerms(boolean lookup) {
\r
149 // Note: It should be ok for a Valid user to have no permissions -
\r
151 Result<Set<String>> rss = getPermNames();
\r
153 List<PermDAO.Data> lpdd = new ArrayList<PermDAO.Data>();
\r
154 for (String perm : rss.value) {
\r
156 Result<String[]> ap = PermDAO.Data.decodeToArray(trans, q, perm);
\r
158 Result<List<PermDAO.Data>> rlpd = q.permDAO.read(perm,trans,ap);
\r
159 if (rlpd.isOKhasData()) {
\r
160 for (PermDAO.Data pData : rlpd.value) {
\r
165 trans.error().log("In getPermsByUser, for", user, perm);
\r
168 Result<PermDAO.Data> pr = PermDAO.Data.decode(trans, q, perm);
\r
170 trans.error().log("In getPermsByUser, for", user, pr.errorString());
\r
172 lpdd.add(pr.value);
\r
177 return perms = Result.ok(lpdd);
\r
179 return perms = Result.err(rss);
\r