Code Review / aaf / authz.git / blob
? search:


f2564fc0641f2c3e02d65cd878ea0c11b5be54a2
[aaf/authz.git] / authz-cass / src / main / java / com / att / dao / aaf / hl / PermLookup.java
1 /*******************************************************************************\r
2  * ============LICENSE_START====================================================\r
3  * * org.onap.aai\r
4  * * ===========================================================================\r
5  * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
6  * * Copyright © 2017 Amdocs\r
7  * * ===========================================================================\r
8  * * Licensed under the Apache License, Version 2.0 (the "License");\r
9  * * you may not use this file except in compliance with the License.\r
10  * * You may obtain a copy of the License at\r
11  * * \r
12  *  *      http://www.apache.org/licenses/LICENSE-2.0\r
13  * * \r
14  *  * Unless required by applicable law or agreed to in writing, software\r
15  * * distributed under the License is distributed on an "AS IS" BASIS,\r
16  * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
17  * * See the License for the specific language governing permissions and\r
18  * * limitations under the License.\r
19  * * ============LICENSE_END====================================================\r
20  * *\r
21  * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
22  * *\r
23  ******************************************************************************/\r
24 package com.att.dao.aaf.hl;\r
25 \r
26 import java.util.ArrayList;\r
27 import java.util.Date;\r
28 import java.util.HashMap;\r
29 import java.util.List;\r
30 import java.util.Map;\r
31 import java.util.Set;\r
32 import java.util.TreeSet;\r
33 \r
34 import com.att.authz.env.AuthzTrans;\r
35 import com.att.authz.layer.Result;\r
36 import com.att.dao.aaf.cass.PermDAO;\r
37 import com.att.dao.aaf.cass.RoleDAO;\r
38 import com.att.dao.aaf.cass.Status;\r
39 import com.att.dao.aaf.cass.UserRoleDAO;\r
40 \r
41 /**\r
42  * PermLookup is a Storage class for the various pieces of looking up Permission \r
43  * during Transactions to avoid duplicate processing\r
44  * \r
45  *\r
46  */\r
47 // Package on purpose\r
48 class PermLookup {\r
49         private AuthzTrans trans;\r
50         private String user;\r
51         private Question q;\r
52         private Result<List<UserRoleDAO.Data>> userRoles = null;\r
53         private Result<List<RoleDAO.Data>> roles = null;\r
54         private Result<Set<String>> permNames = null;\r
55         private Result<List<PermDAO.Data>> perms = null;\r
56         \r
57         private PermLookup() {}\r
58         \r
59         static PermLookup get(AuthzTrans trans, Question q, String user) {\r
60                 PermLookup lp=null;\r
61                 Map<String, PermLookup> permMap = trans.get(Question.PERMS, null);\r
62                 if (permMap == null) {\r
63                         trans.put(Question.PERMS, permMap = new HashMap<String, PermLookup>());\r
64                 } else {\r
65                         lp = permMap.get(user);\r
66                 }\r
67 \r
68                 if (lp == null) {\r
69                         lp = new PermLookup();\r
70                         lp.trans = trans;\r
71                         lp.user = user;\r
72                         lp.q = q;\r
73                         permMap.put(user, lp);\r
74                 }\r
75                 return lp;\r
76         }\r
77         \r
78         public Result<List<UserRoleDAO.Data>> getUserRoles() {\r
79                 if(userRoles==null) {\r
80                         userRoles = q.userRoleDAO.readByUser(trans,user);\r
81                         if(userRoles.isOKhasData()) {\r
82                                 List<UserRoleDAO.Data> lurdd = new ArrayList<UserRoleDAO.Data>();\r
83                                 Date now = new Date();\r
84                                 for(UserRoleDAO.Data urdd : userRoles.value) {\r
85                                         if(urdd.expires.after(now)) { // Remove Expired\r
86                                                 lurdd.add(urdd);\r
87                                         }\r
88                                 }\r
89                                 if(lurdd.size()==0) {\r
90                                         return userRoles = Result.err(Status.ERR_UserNotFound,\r
91                                                                 "%s not found or not associated with any Roles: ",\r
92                                                                 user);\r
93                                 } else {\r
94                                         return userRoles = Result.ok(lurdd);\r
95                                 }\r
96                         } else {\r
97                                 return userRoles;\r
98                         }\r
99                 } else {\r
100                         return userRoles;\r
101                 }\r
102         }\r
103 \r
104         public Result<List<RoleDAO.Data>> getRoles() {\r
105                 if(roles==null) {\r
106                         Result<List<UserRoleDAO.Data>> rur = getUserRoles();\r
107                         if(rur.isOK()) {\r
108                                 List<RoleDAO.Data> lrdd = new ArrayList<RoleDAO.Data>();\r
109                                 for (UserRoleDAO.Data urdata : rur.value) {\r
110                                         // Gather all permissions from all Roles\r
111                                             if(urdata.ns==null || urdata.rname==null) {\r
112                                                 trans.error().printf("DB Content Error: nulls in User Role %s %s", urdata.user,urdata.role);\r
113                                             } else {\r
114                                                         Result<List<RoleDAO.Data>> rlrd = q.roleDAO.read(\r
115                                                                         trans, urdata.ns, urdata.rname);\r
116                                                         if(rlrd.isOK()) {\r
117                                                                 lrdd.addAll(rlrd.value);\r
118                                                         }\r
119                                             }\r
120                                         }\r
121                                 return roles = Result.ok(lrdd);\r
122                         } else {\r
123                                 return roles = Result.err(rur);\r
124                         }\r
125                 } else {\r
126                         return roles;\r
127                 }\r
128         }\r
129 \r
130         public Result<Set<String>> getPermNames() {\r
131                 if(permNames==null) {\r
132                         Result<List<RoleDAO.Data>> rlrd = getRoles();\r
133                         if (rlrd.isOK()) {\r
134                                 Set<String> pns = new TreeSet<String>();\r
135                                 for (RoleDAO.Data rdata : rlrd.value) {\r
136                                         pns.addAll(rdata.perms(false));\r
137                                 }\r
138                                 return permNames = Result.ok(pns);\r
139                         } else {\r
140                                 return permNames = Result.err(rlrd);\r
141                         }\r
142                 } else {\r
143                         return permNames;\r
144                 }\r
145         }\r
146         \r
147         public Result<List<PermDAO.Data>> getPerms(boolean lookup) {\r
148                 if(perms==null) {\r
149                         // Note: It should be ok for a Valid user to have no permissions -\r
150                         // 8/12/2013\r
151                         Result<Set<String>> rss = getPermNames();\r
152                         if(rss.isOK()) {\r
153                                 List<PermDAO.Data> lpdd = new ArrayList<PermDAO.Data>();\r
154                                 for (String perm : rss.value) {\r
155                                         if(lookup) {\r
156                                                 Result<String[]> ap = PermDAO.Data.decodeToArray(trans, q, perm);\r
157                                                 if(ap.isOK()) {\r
158                                                         Result<List<PermDAO.Data>> rlpd = q.permDAO.read(perm,trans,ap);\r
159                                                         if (rlpd.isOKhasData()) {\r
160                                                                 for (PermDAO.Data pData : rlpd.value) {\r
161                                                                         lpdd.add(pData);\r
162                                                                 }\r
163                                                         }\r
164                                                 } else {\r
165                                                         trans.error().log("In getPermsByUser, for", user, perm);\r
166                                                 }\r
167                                         } else {\r
168                                                 Result<PermDAO.Data> pr = PermDAO.Data.decode(trans, q, perm);\r
169                                                 if (pr.notOK()) {\r
170                                                         trans.error().log("In getPermsByUser, for", user, pr.errorString());\r
171                                                 } else {\r
172                                                         lpdd.add(pr.value);\r
173                                                 }\r
174                                         }\r
175 \r
176                                 }\r
177                                 return perms = Result.ok(lpdd);\r
178                         } else {\r
179                                 return perms = Result.err(rss);\r
180                         }\r
181                 } else {\r
182                         return perms;\r
183                 }\r
184         }\r
185 }\r
ARCHIVED- 2022-02-15 at the request of the project