1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * Copyright © 2017 Amdocs
\r
7 * * ===========================================================================
\r
8 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
9 * * you may not use this file except in compliance with the License.
\r
10 * * You may obtain a copy of the License at
\r
12 * * http://www.apache.org/licenses/LICENSE-2.0
\r
14 * * Unless required by applicable law or agreed to in writing, software
\r
15 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
16 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
17 * * See the License for the specific language governing permissions and
\r
18 * * limitations under the License.
\r
19 * * ============LICENSE_END====================================================
\r
21 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
23 ******************************************************************************/
\r
24 package com.att.cmd.perm;
\r
26 import com.att.cadi.CadiException;
\r
27 import com.att.cadi.LocatorException;
\r
28 import com.att.cadi.client.Future;
\r
29 import com.att.cadi.client.Rcli;
\r
30 import com.att.cadi.client.Retryable;
\r
31 import com.att.cmd.AAFcli;
\r
32 import com.att.cmd.Cmd;
\r
33 import com.att.cmd.Param;
\r
34 import com.att.cssa.rserv.HttpMethods;
\r
35 import com.att.inno.env.APIException;
\r
37 import aaf.v2_0.Pkey;
\r
38 import aaf.v2_0.RolePermRequest;
\r
44 public class Grant extends Cmd {
\r
45 private final static String[] options = {"grant","ungrant","setTo"};
\r
47 public Grant(Perm parent) {
\r
49 new Param(optionsToString(options),true),
\r
50 new Param("type",true),
\r
51 new Param("instance",true),
\r
52 new Param("action",true),
\r
53 new Param("role[,role]* (!REQ S)",false)
\r
58 public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException {
\r
59 return same(new Retryable<Integer>() {
\r
61 public Integer code(Rcli<?> client) throws CadiException, APIException {
\r
63 String action = args[idx++];
\r
64 int option = whichOption(options, action);
\r
66 RolePermRequest rpr = new RolePermRequest();
\r
67 Pkey pk = new Pkey();
\r
68 pk.setType(args[idx++]);
\r
69 pk.setInstance(args[idx++]);
\r
70 pk.setAction(args[idx++]);
\r
74 Future<RolePermRequest> frpr = null;
\r
77 String[] roles = args[idx++].split(",");
\r
79 for(String role : roles) {
\r
82 // You can request to Grant Permission to a Role
\r
83 setQueryParamsOn(client);
\r
84 frpr = client.create(
\r
85 "/authz/role/perm",
\r
86 getDF(RolePermRequest.class),
\r
89 strA = "Granted Permission [";
\r
90 strB = "] to Role [";
\r
92 // You can request to UnGrant Permission to a Role
\r
93 setQueryParamsOn(client);
\r
94 frpr = client.delete(
\r
95 "/authz/role/" + role + "/perm",
\r
96 getDF(RolePermRequest.class),
\r
99 strA = "UnGranted Permission [";
\r
100 strB = "] from Role [";
\r
102 if(frpr.get(AAFcli.timeout())) {
\r
103 pw().println(strA + pk.getType() + '|' + pk.getInstance() + '|' + pk.getAction()
\r
104 + strB + role +']');
\r
106 if (frpr.code()==202) {
\r
107 pw().print("Permission Role ");
\r
108 pw().print(option==0?"Granted":"Ungranted");
\r
109 pw().println(" Accepted, but requires Approvals before actualizing");
\r
112 idx=Integer.MAX_VALUE;
\r
117 String allRoles = "";
\r
118 if (idx < args.length)
\r
119 allRoles = args[idx++];
\r
121 rpr.setRole(allRoles);
\r
122 frpr = client.update(
\r
123 "/authz/role/perm",
\r
124 getDF(RolePermRequest.class),
\r
126 if(frpr.get(AAFcli.timeout())) {
\r
127 pw().println("Set Permission's Roles to [" + allRoles + "]");
\r
132 return frpr==null?0:frpr.code();
\r
138 public void detailedHelp(int indent, StringBuilder sb) {
\r
139 detailLine(sb,indent,"Grant a Permission to a Role or Roles OR");
\r
140 detailLine(sb,indent,"Ungrant a Permission from a Role or Roles OR");
\r
141 detailLine(sb,indent,"Set a Permission's roles to roles supplied.");
\r
142 detailLine(sb,indent+4,"WARNING: Roles supplied with setTo will be the ONLY roles attached to this permission");
\r
143 detailLine(sb,indent+8,"If no roles are supplied, permission's roles are reset.");
\r
144 detailLine(sb,indent,"see Create for definitions of type,instance and action");
\r
145 api(sb,indent,HttpMethods.POST,"authz/role/perm",RolePermRequest.class,true);
\r
146 api(sb,indent,HttpMethods.DELETE,"authz/role/<role>/perm",RolePermRequest.class,false);
\r
147 api(sb,indent,HttpMethods.PUT,"authz/role/perm",RolePermRequest.class,false);
\r