Code Review / aaf / authz.git / blob
? search:


f9780dde10d7948a6e66fabdca0d2a1ce3281eaf
[aaf/authz.git] / authz-cmd / src / main / java / com / att / cmd / perm / Grant.java
1 /*******************************************************************************\r
2  * ============LICENSE_START====================================================\r
3  * * org.onap.aai\r
4  * * ===========================================================================\r
5  * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
6  * * Copyright © 2017 Amdocs\r
7  * * ===========================================================================\r
8  * * Licensed under the Apache License, Version 2.0 (the "License");\r
9  * * you may not use this file except in compliance with the License.\r
10  * * You may obtain a copy of the License at\r
11  * * \r
12  *  *      http://www.apache.org/licenses/LICENSE-2.0\r
13  * * \r
14  *  * Unless required by applicable law or agreed to in writing, software\r
15  * * distributed under the License is distributed on an "AS IS" BASIS,\r
16  * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
17  * * See the License for the specific language governing permissions and\r
18  * * limitations under the License.\r
19  * * ============LICENSE_END====================================================\r
20  * *\r
21  * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
22  * *\r
23  ******************************************************************************/\r
24 package com.att.cmd.perm;\r
25 \r
26 import com.att.cadi.CadiException;\r
27 import com.att.cadi.LocatorException;\r
28 import com.att.cadi.client.Future;\r
29 import com.att.cadi.client.Rcli;\r
30 import com.att.cadi.client.Retryable;\r
31 import com.att.cmd.AAFcli;\r
32 import com.att.cmd.Cmd;\r
33 import com.att.cmd.Param;\r
34 import com.att.cssa.rserv.HttpMethods;\r
35 import com.att.inno.env.APIException;\r
36 \r
37 import aaf.v2_0.Pkey;\r
38 import aaf.v2_0.RolePermRequest;\r
39 \r
40 /**\r
41  * \r
42  *\r
43  */\r
44 public class Grant extends Cmd {\r
45         private final static String[] options = {"grant","ungrant","setTo"};\r
46 \r
47         public Grant(Perm parent) {\r
48                 super(parent,null,\r
49                         new Param(optionsToString(options),true),\r
50                         new Param("type",true),\r
51                         new Param("instance",true),\r
52                         new Param("action",true),\r
53                         new Param("role[,role]* (!REQ S)",false)\r
54                         ); \r
55         }\r
56 \r
57         @Override\r
58         public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException {\r
59                 return same(new Retryable<Integer>() {\r
60                         @Override\r
61                         public Integer code(Rcli<?> client) throws CadiException, APIException {\r
62                                 int idx = index;\r
63                                 String action = args[idx++];\r
64                                 int option = whichOption(options, action);\r
65                 \r
66                                 RolePermRequest rpr = new RolePermRequest();\r
67                                 Pkey pk = new Pkey();\r
68                                 pk.setType(args[idx++]);\r
69                                 pk.setInstance(args[idx++]);\r
70                                 pk.setAction(args[idx++]);\r
71                                 rpr.setPerm(pk);\r
72                                 setStartEnd(rpr);\r
73                                 \r
74                                 Future<RolePermRequest> frpr = null;\r
75                 \r
76                                 if (option != 2) {\r
77                                         String[] roles = args[idx++].split(",");\r
78                                         String strA,strB;\r
79                                         for(String role : roles) {\r
80                                                 rpr.setRole(role);\r
81                                                 if(option==0) {\r
82                                                         // You can request to Grant Permission to a Role\r
83                                                         setQueryParamsOn(client);\r
84                                                         frpr = client.create(\r
85                                                                         "/authz/role/perm", \r
86                                                                         getDF(RolePermRequest.class),\r
87                                                                         rpr\r
88                                                                         );\r
89                                                         strA = "Granted Permission [";\r
90                                                         strB = "] to Role [";\r
91                                                 } else {\r
92                                                         // You can request to UnGrant Permission to a Role\r
93                                                         setQueryParamsOn(client);\r
94                                                         frpr = client.delete(\r
95                                                                         "/authz/role/" + role + "/perm", \r
96                                                                         getDF(RolePermRequest.class),\r
97                                                                         rpr\r
98                                                                         );\r
99                                                         strA = "UnGranted Permission [";\r
100                                                         strB = "] from Role [";\r
101                                                 }\r
102                                                 if(frpr.get(AAFcli.timeout())) {\r
103                                                         pw().println(strA + pk.getType() + '|' + pk.getInstance() + '|' + pk.getAction() \r
104                                                                         + strB + role +']');\r
105                                                 } else {\r
106                                                         if (frpr.code()==202) {\r
107                                                                 pw().print("Permission Role ");\r
108                                                                 pw().print(option==0?"Granted":"Ungranted");\r
109                                                                 pw().println(" Accepted, but requires Approvals before actualizing");\r
110                                                         } else {\r
111                                                                 error(frpr);\r
112                                                                 idx=Integer.MAX_VALUE;\r
113                                                         }                       \r
114                                                 }\r
115                                         }\r
116                                 } else {\r
117                                         String allRoles = "";\r
118                                         if (idx < args.length) \r
119                                                 allRoles = args[idx++];\r
120                                                 \r
121                                         rpr.setRole(allRoles);\r
122                                         frpr = client.update(\r
123                                                         "/authz/role/perm", \r
124                                                         getDF(RolePermRequest.class), \r
125                                                         rpr);\r
126                                         if(frpr.get(AAFcli.timeout())) {\r
127                                                 pw().println("Set Permission's Roles to [" + allRoles + "]");\r
128                                         } else {\r
129                                                 error(frpr);\r
130                                         }                       \r
131                                 } \r
132                                 return frpr==null?0:frpr.code();\r
133                         }\r
134                 });\r
135         }\r
136 \r
137         @Override\r
138         public void detailedHelp(int indent, StringBuilder sb) {\r
139                 detailLine(sb,indent,"Grant a Permission to a Role or Roles  OR");\r
140                 detailLine(sb,indent,"Ungrant a Permission from a Role or Roles  OR");\r
141                 detailLine(sb,indent,"Set a Permission's roles to roles supplied.");\r
142                 detailLine(sb,indent+4,"WARNING: Roles supplied with setTo will be the ONLY roles attached to this permission");\r
143                 detailLine(sb,indent+8,"If no roles are supplied, permission's roles are reset.");\r
144                 detailLine(sb,indent,"see Create for definitions of type,instance and action");\r
145                 api(sb,indent,HttpMethods.POST,"authz/role/perm",RolePermRequest.class,true);\r
146                 api(sb,indent,HttpMethods.DELETE,"authz/role/<role>/perm",RolePermRequest.class,false);\r
147                 api(sb,indent,HttpMethods.PUT,"authz/role/perm",RolePermRequest.class,false);\r
148 \r
149         }\r
150 \r
151 }\r
ARCHIVED- 2022-02-15 at the request of the project