import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
public Result<Void> createNS(final AuthzTrans trans, REQUEST from, NsType type) {
final Result<Namespace> rnamespace = mapper.ns(trans, from);
final ServiceValidator v = new ServiceValidator();
public Result<Void> createNS(final AuthzTrans trans, REQUEST from, NsType type) {
final Result<Namespace> rnamespace = mapper.ns(trans, from);
final ServiceValidator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
final Namespace namespace = rnamespace.value;
final Result<NsDAO.Data> parentNs = ques.deriveNs(trans,namespace.name);
return Result.err(Status.ERR_BadData,v.errs());
}
final Namespace namespace = rnamespace.value;
final Result<NsDAO.Data> parentNs = ques.deriveNs(trans,namespace.name);
rnd = ques.mayUser(trans, trans.user(), parentNs.value,Access.write);
}
return rnd;
rnd = ques.mayUser(trans, trans.user(), parentNs.value,Access.write);
}
return rnd;
switch(fd.status) {
case OK:
Result<String> rfc = func.createFuture(trans, fd.value, namespace.name, trans.user(),parentNs.value, FUTURE_OP.C);
switch(fd.status) {
case OK:
Result<String> rfc = func.createFuture(trans, fd.value, namespace.name, trans.user(),parentNs.value, FUTURE_OP.C);
// Check if exists already
Result<List<Data>> rlnsd = ques.nsDAO.read(trans, ns);
// Check if exists already
Result<List<Data>> rlnsd = ques.nsDAO.read(trans, ns);
return Result.err(Status.ERR_ConflictAlreadyExists, "NS Property %s:%s exists", ns, key);
}
// Check if User may put
return Result.err(Status.ERR_ConflictAlreadyExists, "NS Property %s:%s exists", ns, key);
}
// Check if User may put
- if(!ques.isGranted(trans, trans.user(), ROOT_NS, Question.ATTRIB,
+ if (!ques.isGranted(trans, trans.user(), ROOT_NS, Question.ATTRIB,
":"+trans.org().getDomain()+".*:"+key, Access.write.name())) {
return Result.err(Status.ERR_Denied, "%s may not create NS Attrib [%s:%s]", trans.user(),ns, key);
}
":"+trans.org().getDomain()+".*:"+key, Access.write.name())) {
return Result.err(Status.ERR_Denied, "%s may not create NS Attrib [%s:%s]", trans.user(),ns, key);
}
public Result<KEYS> readNsByAttrib(AuthzTrans trans, String key) {
// Check inputs
final Validator v = new ServiceValidator();
public Result<KEYS> readNsByAttrib(AuthzTrans trans, String key) {
// Check inputs
final Validator v = new ServiceValidator();
- if(!ques.isGranted(trans, trans.user(), ROOT_NS, Question.ATTRIB,
+ if (!ques.isGranted(trans, trans.user(), ROOT_NS, Question.ATTRIB,
":"+trans.org().getDomain()+".*:"+key, Question.READ)) {
return Result.err(Status.ERR_Denied,"%s may not read NS by Attrib '%s'",trans.user(),key);
}
Result<Set<String>> rsd = ques.nsDAO.dao().readNsByAttrib(trans, key);
":"+trans.org().getDomain()+".*:"+key, Question.READ)) {
return Result.err(Status.ERR_Denied,"%s may not read NS by Attrib '%s'",trans.user(),key);
}
Result<Set<String>> rsd = ques.nsDAO.dao().readNsByAttrib(trans, key);
// Check if exists already (NS must exist)
Result<List<Data>> rlnsd = ques.nsDAO.read(trans, ns);
// Check if exists already (NS must exist)
Result<List<Data>> rlnsd = ques.nsDAO.read(trans, ns);
return Result.err(Status.ERR_NotFound, "NS Property %s:%s exists", ns, key);
}
// Check if User may put
return Result.err(Status.ERR_NotFound, "NS Property %s:%s exists", ns, key);
}
// Check if User may put
- if(!ques.isGranted(trans, trans.user(), ROOT_NS, Question.ATTRIB,
+ if (!ques.isGranted(trans, trans.user(), ROOT_NS, Question.ATTRIB,
":"+trans.org().getDomain()+".*:"+key, Access.write.name())) {
return Result.err(Status.ERR_Denied, "%s may not create NS Attrib [%s:%s]", trans.user(),ns, key);
}
":"+trans.org().getDomain()+".*:"+key, Access.write.name())) {
return Result.err(Status.ERR_Denied, "%s may not create NS Attrib [%s:%s]", trans.user(),ns, key);
}
v.nullOrBlank("Key",key).err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
// Check if exists already
Result<List<Data>> rlnsd = ques.nsDAO.read(trans, ns);
v.nullOrBlank("Key",key).err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
// Check if exists already
Result<List<Data>> rlnsd = ques.nsDAO.read(trans, ns);
return Result.err(Status.ERR_NotFound, "NS Property [%s:%s] does not exist", ns, key);
}
// Check if User may del
return Result.err(Status.ERR_NotFound, "NS Property [%s:%s] does not exist", ns, key);
}
// Check if User may del
- if(!ques.isGranted(trans, trans.user(), ROOT_NS, "attrib", ":" + ROOT_COMPANY + ".*:"+key, Access.write.name())) {
+ if (!ques.isGranted(trans, trans.user(), ROOT_NS, "attrib", ":" + ROOT_COMPANY + ".*:"+key, Access.write.name())) {
return Result.err(Status.ERR_Denied, "%s may not delete NS Attrib [%s:%s]", trans.user(),ns, key);
}
return Result.err(Status.ERR_Denied, "%s may not delete NS Attrib [%s:%s]", trans.user(),ns, key);
}
@Override
public Result<NSS> getNSbyName(AuthzTrans trans, String ns) {
final Validator v = new ServiceValidator();
@Override
public Result<NSS> getNSbyName(AuthzTrans trans, String ns) {
final Validator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
Result<List<NsDAO.Data>> rlnd = ques.nsDAO.read(trans, ns);
return Result.err(Status.ERR_BadData,v.errs());
}
Result<List<NsDAO.Data>> rlnd = ques.nsDAO.read(trans, ns);
return Result.err(Status.ERR_NotFound, "No data found for %s",ns);
}
Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), rlnd.value.get(0), Access.read);
return Result.err(Status.ERR_NotFound, "No data found for %s",ns);
}
Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), rlnd.value.get(0), Access.read);
return Result.err(rnd);
}
Namespace namespace = new Namespace(rnd.value);
Result<List<String>> rd = func.getOwners(trans, namespace.name, false);
return Result.err(rnd);
}
Namespace namespace = new Namespace(rnd.value);
Result<List<String>> rd = func.getOwners(trans, namespace.name, false);
namespace.owner = rd.value;
}
rd = func.getAdmins(trans, namespace.name, false);
namespace.owner = rd.value;
}
rd = func.getAdmins(trans, namespace.name, false);
}
Result<Collection<Namespace>> rn = loadNamepace(trans, user, ".admin", full);
}
Result<Collection<Namespace>> rn = loadNamepace(trans, user, ".admin", full);
}
Result<Collection<Namespace>> rn = loadNamepace(trans, user, null, full);
}
Result<Collection<Namespace>> rn = loadNamepace(trans, user, null, full);
private Result<Collection<Namespace>> loadNamepace(AuthzTrans trans, String user, String endsWith, boolean full) {
Result<List<UserRoleDAO.Data>> urd = ques.userRoleDAO.readByUser(trans, user);
private Result<Collection<Namespace>> loadNamepace(AuthzTrans trans, String user, String endsWith, boolean full) {
Result<List<UserRoleDAO.Data>> urd = ques.userRoleDAO.readByUser(trans, user);
return Result.err(urd);
}
Map<String, Namespace> lm = new HashMap<>();
Map<String, Namespace> other = full || endsWith==null?null:new TreeMap<>();
return Result.err(urd);
}
Map<String, Namespace> lm = new HashMap<>();
Map<String, Namespace> other = full || endsWith==null?null:new TreeMap<>();
RoleDAO.Data rd = RoleDAO.Data.decode(urdd);
Result<NsDAO.Data> nsd = ques.mayUser(trans, user, rd, Access.read);
RoleDAO.Data rd = RoleDAO.Data.decode(urdd);
Result<NsDAO.Data> nsd = ques.mayUser(trans, user, rd, Access.read);
namespace = new Namespace(nsd.value);
lm.put(namespace.name,namespace);
}
Result<List<String>> rls = func.getAdmins(trans, namespace.name, false);
namespace = new Namespace(nsd.value);
lm.put(namespace.name,namespace);
}
Result<List<String>> rls = func.getAdmins(trans, namespace.name, false);
namespace.admin=rls.value;
}
rls = func.getOwners(trans, namespace.name, false);
namespace.admin=rls.value;
}
rls = func.getOwners(trans, namespace.name, false);
RoleDAO.Data rd = RoleDAO.Data.decode(urdd);
Result<NsDAO.Data> nsd = ques.mayUser(trans, user, rd, Access.read);
RoleDAO.Data rd = RoleDAO.Data.decode(urdd);
Result<NsDAO.Data> nsd = ques.mayUser(trans, user, rd, Access.read);
namespace = new Namespace(nsd.value);
namespace.admin=new ArrayList<>();
namespace.owner=new ArrayList<>();
}
namespace = new Namespace(nsd.value);
namespace.admin=new ArrayList<>();
namespace.owner=new ArrayList<>();
}
lm.put(namespace.name,namespace);
} else {
other.put(namespace.name,namespace);
}
}
lm.put(namespace.name,namespace);
} else {
other.put(namespace.name,namespace);
}
}
return Result.err(Status.ERR_BadData, v.errs());
}
Result<Collection<Namespace>> rn = loadNamepace(trans, user, ".owner",full);
return Result.err(Status.ERR_BadData, v.errs());
}
Result<Collection<Namespace>> rn = loadNamepace(trans, user, ".owner",full);
@Override
public Result<NSS> getNSsChildren(AuthzTrans trans, String parent) {
final Validator v = new ServiceValidator();
@Override
public Result<NSS> getNSsChildren(AuthzTrans trans, String parent) {
final Validator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
Result<NsDAO.Data> rnd = ques.deriveNs(trans, parent);
return Result.err(Status.ERR_BadData,v.errs());
}
Result<NsDAO.Data> rnd = ques.deriveNs(trans, parent);
return Result.err(rnd);
}
rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);
return Result.err(rnd);
}
rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);
return Result.err(rnd);
}
Set<Namespace> lm = new HashSet<>();
Result<List<NsDAO.Data>> rlnd = ques.nsDAO.dao().getChildren(trans, parent);
return Result.err(rnd);
}
Set<Namespace> lm = new HashSet<>();
Result<List<NsDAO.Data>> rlnd = ques.nsDAO.dao().getChildren(trans, parent);
Namespace namespace = new Namespace(ndd);
Result<List<String>> rls = func.getAdmins(trans, namespace.name, false);
Namespace namespace = new Namespace(ndd);
Result<List<String>> rls = func.getAdmins(trans, namespace.name, false);
namespace.admin=rls.value;
}
rls = func.getOwners(trans, namespace.name, false);
namespace.admin=rls.value;
}
rls = func.getOwners(trans, namespace.name, false);
public Result<Void> updateNsDescription(AuthzTrans trans, REQUEST from) {
final Result<Namespace> nsd = mapper.ns(trans, from);
final ServiceValidator v = new ServiceValidator();
public Result<Void> updateNsDescription(AuthzTrans trans, REQUEST from) {
final Result<Namespace> nsd = mapper.ns(trans, from);
final ServiceValidator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
Namespace namespace = nsd.value;
Result<List<NsDAO.Data>> rlnd = ques.nsDAO.read(trans, namespace.name);
return Result.err(Status.ERR_BadData,v.errs());
}
Namespace namespace = nsd.value;
Result<List<NsDAO.Data>> rlnd = ques.nsDAO.read(trans, namespace.name);
public Result<Void> createPerm(final AuthzTrans trans,REQUEST rreq) {
final Result<PermDAO.Data> newPd = mapper.perm(trans, rreq);
final ServiceValidator v = new ServiceValidator();
public Result<Void> createPerm(final AuthzTrans trans,REQUEST rreq) {
final Result<PermDAO.Data> newPd = mapper.perm(trans, rreq);
final ServiceValidator v = new ServiceValidator();
nsd = ques.mayUser(trans, trans.user(), newPd.value, Access.write);
}
return nsd;
}
});
Result<List<NsDAO.Data>> nsr = ques.nsDAO.read(trans, newPd.value.ns);
nsd = ques.mayUser(trans, trans.user(), newPd.value, Access.write);
}
return nsd;
}
});
Result<List<NsDAO.Data>> nsr = ques.nsDAO.read(trans, newPd.value.ns);
@Override
public Result<PERMS> getPermsByType(AuthzTrans trans, final String permType) {
final Validator v = new ServiceValidator();
@Override
public Result<PERMS> getPermsByType(AuthzTrans trans, final String permType) {
final Validator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
Result<List<PermDAO.Data>> rlpd = ques.getPermsByType(trans, permType);
return Result.err(Status.ERR_BadData,v.errs());
}
Result<List<PermDAO.Data>> rlpd = ques.getPermsByType(trans, permType);
// Note: Mapper will restrict what can be viewed
return mapper.perms(trans, rlpd.value, perms, true);
}
// Note: Mapper will restrict what can be viewed
return mapper.perms(trans, rlpd.value, perms, true);
}
@Override
public Result<PERMS> getPermsByName(AuthzTrans trans, String type, String instance, String action) {
final Validator v = new ServiceValidator();
@Override
public Result<PERMS> getPermsByName(AuthzTrans trans, String type, String instance, String action) {
final Validator v = new ServiceValidator();
|| v.nullOrBlank("PermInstance", instance).err()
|| v.nullOrBlank("PermAction", action).err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
Result<List<PermDAO.Data>> rlpd = ques.getPermsByName(trans, type, instance, action);
|| v.nullOrBlank("PermInstance", instance).err()
|| v.nullOrBlank("PermAction", action).err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
Result<List<PermDAO.Data>> rlpd = ques.getPermsByName(trans, type, instance, action);
// Note: Mapper will restrict what can be viewed
return mapper.perms(trans, rlpd.value, perms, true);
}
// Note: Mapper will restrict what can be viewed
return mapper.perms(trans, rlpd.value, perms, true);
}
@Override
public Result<PERMS> getPermsByUser(AuthzTrans trans, String user) {
final Validator v = new ServiceValidator();
@Override
public Result<PERMS> getPermsByUser(AuthzTrans trans, String user) {
final Validator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
Result<List<PermDAO.Data>> rlpd = ques.getPermsByUser(trans, user,
trans.requested(force));
return Result.err(Status.ERR_BadData,v.errs());
}
Result<List<PermDAO.Data>> rlpd = ques.getPermsByUser(trans, user,
trans.requested(force));
@Override
public Result<PERMS> getPermsByUserScope(AuthzTrans trans, String user, String[] scopes) {
final Validator v = new ServiceValidator();
@Override
public Result<PERMS> getPermsByUserScope(AuthzTrans trans, String user, String[] scopes) {
final Validator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
Result<List<PermDAO.Data>> rlpd = ques.getPermsByUser(trans, user, trans.requested(force));
return Result.err(Status.ERR_BadData,v.errs());
}
Result<List<PermDAO.Data>> rlpd = ques.getPermsByUser(trans, user, trans.requested(force));
public Result<PERMS> getPermsByUser(AuthzTrans trans, PERMS _perms, String user) {
PERMS perms = _perms;
final Validator v = new ServiceValidator();
public Result<PERMS> getPermsByUser(AuthzTrans trans, PERMS _perms, String user) {
PERMS perms = _perms;
final Validator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
//////////////
Result<List<PermDAO.Data>> rlpd = ques.getPermsByUser(trans, user,trans.requested(force));
return Result.err(Status.ERR_BadData,v.errs());
}
//////////////
Result<List<PermDAO.Data>> rlpd = ques.getPermsByUser(trans, user,trans.requested(force));
2) See if User is allowed
*/
Result<List<PermDAO.Data>> in = mapper.perms(trans, perms);
2) See if User is allowed
*/
Result<List<PermDAO.Data>> in = mapper.perms(trans, perms);
Access access = Access.valueOf(pdd.action);
String[] mdkey = Split.splitTrim(':',pdd.instance);
Access access = Access.valueOf(pdd.action);
String[] mdkey = Split.splitTrim(':',pdd.instance);
RoleDAO.Data rdd = new RoleDAO.Data();
rdd.ns=pdd.ns;
rdd.name=mdkey[2];
ok = ques.mayUser(trans, trans.user(), rdd, Access.read).isOK() && ques.mayUser(trans, user, rdd , access).isOK();
}
RoleDAO.Data rdd = new RoleDAO.Data();
rdd.ns=pdd.ns;
rdd.name=mdkey[2];
ok = ques.mayUser(trans, trans.user(), rdd, Access.read).isOK() && ques.mayUser(trans, user, rdd , access).isOK();
}
p.action=mdkey[4];
ok = ques.mayUser(trans, trans.user(), p, Access.read).isOK() && ques.mayUser(trans, user, p , access).isOK();
}
p.action=mdkey[4];
ok = ques.mayUser(trans, trans.user(), p, Access.read).isOK() && ques.mayUser(trans, user, p , access).isOK();
}
NsDAO.Data ndd = new NsDAO.Data();
ndd.name=pdd.ns;
ok = ques.mayUser(trans, trans.user(), ndd, Access.read).isOK() && ques.mayUser(trans, user, ndd , access).isOK();
}
}
}
NsDAO.Data ndd = new NsDAO.Data();
ndd.name=pdd.ns;
ok = ques.mayUser(trans, trans.user(), ndd, Access.read).isOK() && ques.mayUser(trans, user, ndd , access).isOK();
}
}
}
@Override
public Result<PERMS> getPermsByRole(AuthzTrans trans,String role) {
final Validator v = new ServiceValidator();
@Override
public Result<PERMS> getPermsByRole(AuthzTrans trans,String role) {
final Validator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, ques,role);
return Result.err(Status.ERR_BadData,v.errs());
}
Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, ques,role);
return Result.err(rrdd);
}
Result<NsDAO.Data> r = ques.mayUser(trans, trans.user(), rrdd.value, Access.read);
return Result.err(rrdd);
}
Result<NsDAO.Data> r = ques.mayUser(trans, trans.user(), rrdd.value, Access.read);
return Result.err(r);
}
PERMS perms = mapper.newInstance(API.PERMS);
Result<List<PermDAO.Data>> rlpd = ques.getPermsByRole(trans, role, trans.requested(force));
return Result.err(r);
}
PERMS perms = mapper.newInstance(API.PERMS);
Result<List<PermDAO.Data>> rlpd = ques.getPermsByRole(trans, role, trans.requested(force));
// Note: Mapper will restrict what can be viewed
return mapper.perms(trans, rlpd.value, perms, true);
}
// Note: Mapper will restrict what can be viewed
return mapper.perms(trans, rlpd.value, perms, true);
}
@Override
public Result<PERMS> getPermsByNS(AuthzTrans trans,String ns) {
final Validator v = new ServiceValidator();
@Override
public Result<PERMS> getPermsByNS(AuthzTrans trans,String ns) {
final Validator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
Result<NsDAO.Data> rnd = ques.deriveNs(trans, ns);
return Result.err(Status.ERR_BadData,v.errs());
}
Result<NsDAO.Data> rnd = ques.deriveNs(trans, ns);
return Result.err(rnd);
}
rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);
return Result.err(rnd);
}
rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);
// Note: Mapper will restrict what can be viewed
return mapper.perms(trans, rlpd.value,perms, true);
}
// Note: Mapper will restrict what can be viewed
return mapper.perms(trans, rlpd.value,perms, true);
}
public Result<Void> renamePerm(final AuthzTrans trans,REQUEST rreq, String origType, String origInstance, String origAction) {
final Result<PermDAO.Data> newPd = mapper.perm(trans, rreq);
final ServiceValidator v = new ServiceValidator();
public Result<Void> renamePerm(final AuthzTrans trans,REQUEST rreq, String origType, String origInstance, String origAction) {
final Result<PermDAO.Data> newPd = mapper.perm(trans, rreq);
final ServiceValidator v = new ServiceValidator();
Result<NsSplit> nss = ques.deriveNsSplit(trans, origType);
Result<List<PermDAO.Data>> origRlpd = ques.permDAO.read(trans, nss.value.ns, nss.value.name, origInstance, origAction);
Result<NsSplit> nss = ques.deriveNsSplit(trans, origType);
Result<List<PermDAO.Data>> origRlpd = ques.permDAO.read(trans, nss.value.ns, nss.value.name, origInstance, origAction);
return Result.err(Status.ERR_PermissionNotFound,
"Permission [%s|%s|%s] does not exist",
origType,origInstance,origAction);
return Result.err(Status.ERR_PermissionNotFound,
"Permission [%s|%s|%s] does not exist",
origType,origInstance,origAction);
public Result<Void> updatePermDescription(AuthzTrans trans, REQUEST from) {
final Result<PermDAO.Data> pd = mapper.perm(trans, from);
final ServiceValidator v = new ServiceValidator();
public Result<Void> updatePermDescription(AuthzTrans trans, REQUEST from) {
final Result<PermDAO.Data> pd = mapper.perm(trans, from);
final ServiceValidator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
final PermDAO.Data perm = pd.value;
return Result.err(Status.ERR_BadData,v.errs());
}
final PermDAO.Data perm = pd.value;
- if(ques.permDAO.read(trans, perm.ns, perm.type, perm.instance,perm.action).notOKorIsEmpty()) {
+ if (ques.permDAO.read(trans, perm.ns, perm.type, perm.instance,perm.action).notOKorIsEmpty()) {
return Result.err(Status.ERR_NotFound, "Permission [%s.%s|%s|%s] does not exist",
perm.ns,perm.type,perm.instance,perm.action);
}
return Result.err(Status.ERR_NotFound, "Permission [%s.%s|%s|%s] does not exist",
perm.ns,perm.type,perm.instance,perm.action);
}
return Result.err(nsr);
}
Result<Void> rdr = ques.permDAO.addDescription(trans, perm.ns, perm.type, perm.instance,
perm.action, perm.description);
return Result.err(nsr);
}
Result<Void> rdr = ques.permDAO.addDescription(trans, perm.ns, perm.type, perm.instance,
perm.action, perm.description);
@Override
public Result<Void> resetPermRoles(final AuthzTrans trans, REQUEST rreq) {
final Result<PermDAO.Data> updt = mapper.permFromRPRequest(trans, rreq);
@Override
public Result<Void> resetPermRoles(final AuthzTrans trans, REQUEST rreq) {
final Result<PermDAO.Data> updt = mapper.permFromRPRequest(trans, rreq);
return Result.err(Status.ERR_PermissionNotFound,
"Permission [%s.%s|%s|%s] does not exist",
updt.value.ns,updt.value.type,updt.value.instance,updt.value.action);
return Result.err(Status.ERR_PermissionNotFound,
"Permission [%s.%s|%s|%s] does not exist",
updt.value.ns,updt.value.type,updt.value.instance,updt.value.action);
// Create a set of Update Roles, which are in Internal Format
Set<String> updtRoles = new HashSet<>();
Result<NsSplit> nss;
// Create a set of Update Roles, which are in Internal Format
Set<String> updtRoles = new HashSet<>();
Result<NsSplit> nss;
Set<String> currRoles = curr.roles(false);
// must add roles to this perm, and add this perm to each role
// in the update, but not in the current
for (String role : updtRoles) {
if (!currRoles.contains(role)) {
Result<RoleDAO.Data> key = RoleDAO.Data.decode(trans, ques, role);
Set<String> currRoles = curr.roles(false);
// must add roles to this perm, and add this perm to each role
// in the update, but not in the current
for (String role : updtRoles) {
if (!currRoles.contains(role)) {
Result<RoleDAO.Data> key = RoleDAO.Data.decode(trans, ques, role);
rv = func.addPermToRole(trans, r, curr, false);
if (rv.notOK() && rv.status!=Result.ERR_ConflictAlreadyExists) {
return Result.err(rv);
rv = func.addPermToRole(trans, r, curr, false);
if (rv.notOK() && rv.status!=Result.ERR_ConflictAlreadyExists) {
return Result.err(rv);
for (String role : currRoles) {
if (!updtRoles.contains(role)) {
Result<RoleDAO.Data> key = RoleDAO.Data.decode(trans, ques, role);
for (String role : currRoles) {
if (!updtRoles.contains(role)) {
Result<RoleDAO.Data> key = RoleDAO.Data.decode(trans, ques, role);
rv = func.delPermFromRole(trans, r, curr, true);
if (rv.notOK() && rv.status!=Status.ERR_PermissionNotFound) {
return Result.err(rv);
rv = func.delPermFromRole(trans, r, curr, true);
if (rv.notOK() && rv.status!=Status.ERR_PermissionNotFound) {
return Result.err(rv);
@Override
public Result<Void> deletePerm(final AuthzTrans trans, REQUEST from) {
Result<PermDAO.Data> pd = mapper.perm(trans, from);
@Override
public Result<Void> deletePerm(final AuthzTrans trans, REQUEST from) {
Result<PermDAO.Data> pd = mapper.perm(trans, from);
return Result.err(Status.ERR_BadData,v.errs());
}
final PermDAO.Data perm = pd.value;
return Result.err(Status.ERR_BadData,v.errs());
}
final PermDAO.Data perm = pd.value;
nsd = ques.mayUser(trans, trans.user(), perm, Access.write);
}
return nsd;
nsd = ques.mayUser(trans, trans.user(), perm, Access.write);
}
return nsd;
return Result.err(nsr);
}
Result<String> rfc = func.createFuture(trans, fd.value,
perm.encode(), trans.user(),nsr.value.get(0),FUTURE_OP.D);
return Result.err(nsr);
}
Result<String> rfc = func.createFuture(trans, fd.value,
perm.encode(), trans.user(),nsr.value.get(0),FUTURE_OP.D);
return Result.err(Status.ACC_Future, "Perm Deletion [%s] is saved for future processing",perm.encode());
} else {
return Result.err(rfc);
return Result.err(Status.ACC_Future, "Perm Deletion [%s] is saved for future processing",perm.encode());
} else {
return Result.err(rfc);
@Override
public Result<Void> deletePerm(AuthzTrans trans, String type, String instance, String action) {
final Validator v = new ServiceValidator();
@Override
public Result<Void> deletePerm(AuthzTrans trans, String type, String instance, String action) {
final Validator v = new ServiceValidator();
.nullOrBlank("Instance",instance)
.nullOrBlank("Action",action)
.err()) {
.nullOrBlank("Instance",instance)
.nullOrBlank("Action",action)
.err()) {
}
Result<PermDAO.Data> pd = ques.permFrom(trans, type, instance, action);
}
Result<PermDAO.Data> pd = ques.permFrom(trans, type, instance, action);
return func.deletePerm(trans, pd.value, trans.requested(force), false);
} else {
return Result.err(pd);
return func.deletePerm(trans, pd.value, trans.requested(force), false);
} else {
return Result.err(pd);
public Result<Void> createRole(final AuthzTrans trans, REQUEST from) {
final Result<RoleDAO.Data> rd = mapper.role(trans, from);
final ServiceValidator v = new ServiceValidator();
public Result<Void> createRole(final AuthzTrans trans, REQUEST from) {
final Result<RoleDAO.Data> rd = mapper.role(trans, from);
final ServiceValidator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
final RoleDAO.Data role = rd.value;
return Result.err(Status.ERR_BadData,v.errs());
}
final RoleDAO.Data role = rd.value;
nsd = ques.mayUser(trans, trans.user(), role, Access.write);
}
return nsd;
nsd = ques.mayUser(trans, trans.user(), role, Access.write);
}
return nsd;
case OK:
Result<String> rfc = func.createFuture(trans, fd.value,
role.encode(), trans.user(),nsr.value.get(0),FUTURE_OP.C);
case OK:
Result<String> rfc = func.createFuture(trans, fd.value,
role.encode(), trans.user(),nsr.value.get(0),FUTURE_OP.C);
@Override
public Result<ROLES> getRolesByName(AuthzTrans trans, String role) {
final Validator v = new ServiceValidator();
@Override
public Result<ROLES> getRolesByName(AuthzTrans trans, String role) {
final Validator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
// Determine if User can ask this question
Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, ques, role);
return Result.err(Status.ERR_BadData,v.errs());
}
// Determine if User can ask this question
Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, ques, role);
- if((r = ques.mayUser(trans, trans.user(), rrdd.value, Access.read)).notOK()) {
+ if ((r = ques.mayUser(trans, trans.user(), rrdd.value, Access.read)).notOK()) {
// Look up data
int query = role.indexOf('?');
Result<List<RoleDAO.Data>> rlrd = ques.getRolesByName(trans, query<0?role:role.substring(0, query));
// Look up data
int query = role.indexOf('?');
Result<List<RoleDAO.Data>> rlrd = ques.getRolesByName(trans, query<0?role:role.substring(0, query));
// Note: Mapper will restrict what can be viewed
ROLES roles = mapper.newInstance(API.ROLES);
return mapper.roles(trans, rlrd.value, roles, true);
// Note: Mapper will restrict what can be viewed
ROLES roles = mapper.newInstance(API.ROLES);
return mapper.roles(trans, rlrd.value, roles, true);
@Override
public Result<ROLES> getRolesByUser(AuthzTrans trans, String user) {
final Validator v = new ServiceValidator();
@Override
public Result<ROLES> getRolesByUser(AuthzTrans trans, String user) {
final Validator v = new ServiceValidator();
// Get list of roles per user, then add to Roles as we go
Result<List<RoleDAO.Data>> rlrd;
Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO.readByUser(trans, user);
// Get list of roles per user, then add to Roles as we go
Result<List<RoleDAO.Data>> rlrd;
Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO.readByUser(trans, user);
rlrd = ques.roleDAO.read(trans, urd.ns,urd.rname);
// Note: Mapper will restrict what can be viewed
// if user is the same as that which is looked up, no filtering is required
rlrd = ques.roleDAO.read(trans, urd.ns,urd.rname);
// Note: Mapper will restrict what can be viewed
// if user is the same as that which is looked up, no filtering is required
mapper.roles(trans, rlrd.value,roles, !user.equals(trans.user()));
}
}
mapper.roles(trans, rlrd.value,roles, !user.equals(trans.user()));
}
}
@Override
public Result<ROLES> getRolesByNS(AuthzTrans trans, String ns) {
final Validator v = new ServiceValidator();
@Override
public Result<ROLES> getRolesByNS(AuthzTrans trans, String ns) {
final Validator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
// check if user is allowed to view NS
Result<NsDAO.Data> rnsd = ques.deriveNs(trans, ns);
return Result.err(Status.ERR_BadData,v.errs());
}
// check if user is allowed to view NS
Result<NsDAO.Data> rnsd = ques.deriveNs(trans, ns);
return Result.err(rnsd);
}
rnsd = ques.mayUser(trans, trans.user(), rnsd.value, Access.read);
return Result.err(rnsd);
}
rnsd = ques.mayUser(trans, trans.user(), rnsd.value, Access.read);
ROLES roles = mapper.newInstance(API.ROLES);
// Get list of roles per user, then add to Roles as we go
Result<List<RoleDAO.Data>> rlrd = ques.roleDAO.readNS(trans, ns);
ROLES roles = mapper.newInstance(API.ROLES);
// Get list of roles per user, then add to Roles as we go
Result<List<RoleDAO.Data>> rlrd = ques.roleDAO.readNS(trans, ns);
// Note: Mapper doesn't need to restrict what can be viewed, because we did it already.
mapper.roles(trans,rlrd.value,roles,false);
}
// Note: Mapper doesn't need to restrict what can be viewed, because we did it already.
mapper.roles(trans,rlrd.value,roles,false);
}
@Override
public Result<ROLES> getRolesByNameOnly(AuthzTrans trans, String name) {
final Validator v = new ServiceValidator();
@Override
public Result<ROLES> getRolesByNameOnly(AuthzTrans trans, String name) {
final Validator v = new ServiceValidator();
ROLES roles = mapper.newInstance(API.ROLES);
// Get list of roles per user, then add to Roles as we go
Result<List<RoleDAO.Data>> rlrd = ques.roleDAO.readName(trans, name);
ROLES roles = mapper.newInstance(API.ROLES);
// Get list of roles per user, then add to Roles as we go
Result<List<RoleDAO.Data>> rlrd = ques.roleDAO.readName(trans, name);
// Note: Mapper will restrict what can be viewed
mapper.roles(trans,rlrd.value,roles,true);
}
// Note: Mapper will restrict what can be viewed
mapper.roles(trans,rlrd.value,roles,true);
}
@Override
public Result<ROLES> getRolesByPerm(AuthzTrans trans, String type, String instance, String action) {
final Validator v = new ServiceValidator();
@Override
public Result<ROLES> getRolesByPerm(AuthzTrans trans, String type, String instance, String action) {
final Validator v = new ServiceValidator();
ROLES roles = mapper.newInstance(API.ROLES);
// Get list of roles per user, then add to Roles as we go
Result<NsSplit> nsSplit = ques.deriveNsSplit(trans, type);
ROLES roles = mapper.newInstance(API.ROLES);
// Get list of roles per user, then add to Roles as we go
Result<NsSplit> nsSplit = ques.deriveNsSplit(trans, type);
- if((res=ques.mayUser(trans, trans.user(), pdd, Question.Access.read)).notOK()) {
+ if ((res=ques.mayUser(trans, trans.user(), pdd, Question.Access.read)).notOK()) {
rlrd = ques.roleDAO.read(trans, rs.value[0],rs.value[1]);
// Note: Mapper will restrict what can be viewed
rlrd = ques.roleDAO.read(trans, rs.value[0],rs.value[1]);
// Note: Mapper will restrict what can be viewed
mapper.roles(trans,rlrd.value,roles,true);
}
}
mapper.roles(trans,rlrd.value,roles,true);
}
}
public Result<Void> updateRoleDescription(AuthzTrans trans, REQUEST from) {
final Result<RoleDAO.Data> rd = mapper.role(trans, from);
final ServiceValidator v = new ServiceValidator();
public Result<Void> updateRoleDescription(AuthzTrans trans, REQUEST from) {
final Result<RoleDAO.Data> rd = mapper.role(trans, from);
final ServiceValidator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
}
final RoleDAO.Data role = rd.value;
return Result.err(Status.ERR_BadData,v.errs());
}
}
final RoleDAO.Data role = rd.value;
return Result.err(nsr);
}
Result<Void> rdr = ques.roleDAO.addDescription(trans, role.ns, role.name, role.description);
return Result.err(nsr);
}
Result<Void> rdr = ques.roleDAO.addDescription(trans, role.ns, role.name, role.description);
public Result<Void> addPermToRole(final AuthzTrans trans, REQUEST rreq) {
// Translate Request into Perm and Role Objects
final Result<PermDAO.Data> rpd = mapper.permFromRPRequest(trans, rreq);
public Result<Void> addPermToRole(final AuthzTrans trans, REQUEST rreq) {
// Translate Request into Perm and Role Objects
final Result<PermDAO.Data> rpd = mapper.permFromRPRequest(trans, rreq);
.role(rrd.value)
.err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
Result<List<RoleDAO.Data>> rlrd = ques.roleDAO.read(trans, rrd.value.ns, rrd.value.name);
.role(rrd.value)
.err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
Result<List<RoleDAO.Data>> rlrd = ques.roleDAO.read(trans, rrd.value.ns, rrd.value.name);
Result<List<PermDAO.Data>> rlpd = ques.permDAO.read(trans, rpd.value.ns,
rpd.value.type, rpd.value.instance, rpd.value.action);
PermDAO.Data createPerm = null; // if not null, create first
Result<List<PermDAO.Data>> rlpd = ques.permDAO.read(trans, rpd.value.ns,
rpd.value.type, rpd.value.instance, rpd.value.action);
PermDAO.Data createPerm = null; // if not null, create first
nsd = ques.mayUser(trans, trans.user(), rpd.value, Access.write);
}
return nsd;
}
});
Result<List<NsDAO.Data>> nsr = ques.nsDAO.read(trans, rpd.value.ns);
nsd = ques.mayUser(trans, trans.user(), rpd.value, Access.write);
}
return nsd;
}
});
Result<List<NsDAO.Data>> nsr = ques.nsDAO.read(trans, rpd.value.ns);
rv = func.addPermToRole(trans, rrd.value, rpd.value, false);
}
return rv;
rv = func.addPermToRole(trans, rrd.value, rpd.value, false);
}
return rv;
@Override
public Result<Void> delPermFromRole(final AuthzTrans trans, REQUEST rreq) {
final Result<PermDAO.Data> updt = mapper.permFromRPRequest(trans, rreq);
@Override
public Result<Void> delPermFromRole(final AuthzTrans trans, REQUEST rreq) {
final Result<PermDAO.Data> updt = mapper.permFromRPRequest(trans, rreq);
Result<List<PermDAO.Data>> rlpd = ques.permDAO.read(trans, pdd.ns, pdd.type,
pdd.instance, pdd.action);
Result<List<PermDAO.Data>> rlpd = ques.permDAO.read(trans, pdd.ns, pdd.type,
pdd.instance, pdd.action);
return Result.err(Status.ERR_PermissionNotFound,
"Permission [%s.%s|%s|%s] does not exist",
pdd.ns,pdd.type,pdd.instance,pdd.action);
return Result.err(Status.ERR_PermissionNotFound,
"Permission [%s.%s|%s|%s] does not exist",
pdd.ns,pdd.type,pdd.instance,pdd.action);
nsd = ques.mayUser(trans, trans.user(), pdd, Access.write);
}
return nsd;
}
});
Result<List<NsDAO.Data>> nsr = ques.nsDAO.read(trans, pdd.ns);
nsd = ques.mayUser(trans, trans.user(), pdd, Access.write);
}
return nsd;
}
});
Result<List<NsDAO.Data>> nsr = ques.nsDAO.read(trans, pdd.ns);
@Override
public Result<Void> delPermFromRole(AuthzTrans trans, String role, String type, String instance, String action) {
Result<Data> rpns = ques.deriveNs(trans, type);
@Override
public Result<Void> delPermFromRole(AuthzTrans trans, String role, String type, String instance, String action) {
Result<Data> rpns = ques.deriveNs(trans, type);
return Result.err(rrns);
}
final Result<List<RoleDAO.Data>> rrd = ques.roleDAO.read(trans, rrns.value.parent, rrns.value.name);
return Result.err(rrns);
}
final Result<List<RoleDAO.Data>> rrd = ques.roleDAO.read(trans, rrns.value.parent, rrns.value.name);
return Result.err(rrd);
}
final Result<List<PermDAO.Data>> rpd = ques.permDAO.read(trans, rpns.value.parent, rpns.value.name, instance, action);
return Result.err(rrd);
}
final Result<List<PermDAO.Data>> rpd = ques.permDAO.read(trans, rpns.value.parent, rpns.value.name, instance, action);
@Override
public Result<Void> deleteRole(AuthzTrans trans, String role) {
Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans,ques,role);
@Override
public Result<Void> deleteRole(AuthzTrans trans, String role) {
Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans,ques,role);
return Result.err(Status.ERR_BadData,v.errs());
}
return func.deleteRole(trans, rrdd.value, false, false);
return Result.err(Status.ERR_BadData,v.errs());
}
return func.deleteRole(trans, rrdd.value, false, false);
public Result<Void> deleteRole(final AuthzTrans trans, REQUEST from) {
final Result<RoleDAO.Data> rd = mapper.role(trans, from);
final ServiceValidator v = new ServiceValidator();
public Result<Void> deleteRole(final AuthzTrans trans, REQUEST from) {
final Result<RoleDAO.Data> rd = mapper.role(trans, from);
final ServiceValidator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
final RoleDAO.Data role = rd.value;
return Result.err(Status.ERR_BadData,v.errs());
}
final RoleDAO.Data role = rd.value;
return Result.err(Status.ERR_RoleNotFound, "Role [" + role.fullName() + "] does not exist");
}
Result<FutureDAO.Data> fd = mapper.future(trans,RoleDAO.TABLE,from,role,false,
return Result.err(Status.ERR_RoleNotFound, "Role [" + role.fullName() + "] does not exist");
}
Result<FutureDAO.Data> fd = mapper.future(trans,RoleDAO.TABLE,from,role,false,
- new Mapper.Memo() {
- @Override
- public String get() {
- return "Delete Role [" + role.fullName() + ']'
- + " and all attached user roles";
- }
- },
+ () -> "Delete Role [" + role.fullName() + ']'
+ + " and all attached user roles",
nsd = ques.mayUser(trans, trans.user(), role, Access.write);
}
return nsd;
nsd = ques.mayUser(trans, trans.user(), role, Access.write);
}
return nsd;
return Result.err(nsr);
}
Result<String> rfc = func.createFuture(trans, fd.value,
role.encode(), trans.user(),nsr.value.get(0),FUTURE_OP.D);
return Result.err(nsr);
}
Result<String> rfc = func.createFuture(trans, fd.value,
role.encode(), trans.user(),nsr.value.get(0),FUTURE_OP.D);
nsd = ques.validNSOfDomain(trans, cred.id);
}
// is Ns of CredID valid?
nsd = ques.validNSOfDomain(trans, cred.id);
}
// is Ns of CredID valid?
- if(trans.org().validate(trans,Policy.CREATE_MECHID, exec, cred.id)==null) {
+ if (trans.org().validate(trans,Policy.CREATE_MECHID, exec, cred.id)==null) {
return Result.ok();
} else {
Result<?> rmc = ques.mayUser(trans, trans.user(), nsd.value, Access.write);
return Result.ok();
} else {
Result<?> rmc = ques.mayUser(trans, trans.user(), nsd.value, Access.write);
- if(nsd.isOK()) {
- if(ques.mayUser(trans, trans.user(), nsd.value,Access.write).isOK()) {
+ if (nsd.isOK()) {
+ if (ques.mayUser(trans, trans.user(), nsd.value,Access.write).isOK()) {
- if(ques.isGranted(trans, trans.user(), ROOT_NS,"password",company,"reset")) {
+ if (ques.isGranted(trans, trans.user(), ROOT_NS,"password",company,"reset")) {
byte[] rawCred = rcred.value.cred.array();
rcred = ques.userCredSetup(trans, rcred.value);
final ServiceValidator v = new ServiceValidator();
byte[] rawCred = rcred.value.cred.array();
rcred = ques.userCredSetup(trans, rcred.value);
final ServiceValidator v = new ServiceValidator();
- if(v.cred(trans, trans.org(),rcred,true).err()) { // Note: Creates have stricter Validations
+ if (v.cred(trans, trans.org(),rcred,true).err()) { // Note: Creates have stricter Validations
return Result.err(Status.ERR_Policy,"MechIDs must be registered with %s before provisioning in AAF",org.getName());
}
Result<List<NsDAO.Data>> nsr = ques.nsDAO.read(trans, rcred.value.ns);
return Result.err(Status.ERR_Policy,"MechIDs must be registered with %s before provisioning in AAF",org.getName());
}
Result<List<NsDAO.Data>> nsr = ques.nsDAO.read(trans, rcred.value.ns);
return Result.err(Status.ERR_NsNotFound,"Cannot provision %s on non-existent Namespace %s",mechID.id(),rcred.value.ns);
}
return Result.err(Status.ERR_NsNotFound,"Cannot provision %s on non-existent Namespace %s",mechID.id(),rcred.value.ns);
}
// password to validate char differences.
rb = ques.userCredCheck(trans, curr, rawCred);
// password to validate char differences.
rb = ques.userCredCheck(trans, curr, rawCred);
return Result.err(Status.ERR_Policy, "Credential content cannot be reused.");
} else if (Chrono.dateOnlyStamp(curr.expires).equals(Chrono.dateOnlyStamp(rcred.value.expires)) && curr.type==rcred.value.type) {
return Result.err(Status.ERR_ConflictAlreadyExists, "Credential with same Expiration Date exists, use 'reset'");
return Result.err(Status.ERR_Policy, "Credential content cannot be reused.");
} else if (Chrono.dateOnlyStamp(curr.expires).equals(Chrono.dateOnlyStamp(rcred.value.expires)) && curr.type==rcred.value.type) {
return Result.err(Status.ERR_ConflictAlreadyExists, "Credential with same Expiration Date exists, use 'reset'");
String theMechID = rcred.value.id;
Boolean otherMechIDs = false;
// find out if this is the only mechID. other MechIDs mean special handling (not automated)
String theMechID = rcred.value.id;
Boolean otherMechIDs = false;
// find out if this is the only mechID. other MechIDs mean special handling (not automated)
- for(CredDAO.Data cd : ques.credDAO.readNS(trans,nsr.value.get(0).name).value) {
- if(!cd.id.equals(theMechID)) {
+ for (CredDAO.Data cd : ques.credDAO.readNS(trans,nsr.value.get(0).name).value) {
+ if (!cd.id.equals(theMechID)) {
- if((reason=org.validate(trans, Policy.CREATE_MECHID, exec, theMechID,trans.user(),otherMechIDs.toString()))!=null) {
+ if ((reason=org.validate(trans, Policy.CREATE_MECHID, exec, theMechID,trans.user(),otherMechIDs.toString()))!=null) {
Result<String> rfc = func.createFuture(trans, fd.value,
rcred.value.id + '|' + rcred.value.type.toString() + '|' + rcred.value.expires,
trans.user(), nsr.value.get(0), FUTURE_OP.C);
Result<String> rfc = func.createFuture(trans, fd.value,
rcred.value.id + '|' + rcred.value.type.toString() + '|' + rcred.value.expires,
trans.user(), nsr.value.get(0), FUTURE_OP.C);
return Result.err(Status.ACC_Future, "Credential Request [%s|%s|%s] is saved for future processing",
rcred.value.id,
Integer.toString(rcred.value.type),
return Result.err(Status.ACC_Future, "Credential Request [%s|%s|%s] is saved for future processing",
rcred.value.id,
Integer.toString(rcred.value.type),
// && !nsr.value.get(0).isAdmin(trans.getUserPrincipal().getName())) {
Result<List<String>> admins = func.getAdmins(trans, nsr.value.get(0).name, false);
// OK, it's a first ID, and not by NS Admin, so let's set TempPassword length
// Note, we only do this on First time, because of possibility of
// prematurely expiring a production id
// && !nsr.value.get(0).isAdmin(trans.getUserPrincipal().getName())) {
Result<List<String>> admins = func.getAdmins(trans, nsr.value.get(0).name, false);
// OK, it's a first ID, and not by NS Admin, so let's set TempPassword length
// Note, we only do this on First time, because of possibility of
// prematurely expiring a production id
rcred.value.expires = org.expiration(null, Expiration.TempPassword).getTime();
}
}
} catch (Exception e) {
trans.error().log(e, "While setting expiration to TempPassword");
}
rcred.value.expires = org.expiration(null, Expiration.TempPassword).getTime();
}
}
} catch (Exception e) {
trans.error().log(e, "While setting expiration to TempPassword");
}
@Override
public Result<USERS> getCredsByNS(AuthzTrans trans, String ns) {
final Validator v = new ServiceValidator();
@Override
public Result<USERS> getCredsByNS(AuthzTrans trans, String ns) {
final Validator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
// check if user is allowed to view NS
Result<NsDAO.Data> rnd = ques.deriveNs(trans,ns);
return Result.err(Status.ERR_BadData,v.errs());
}
// check if user is allowed to view NS
Result<NsDAO.Data> rnd = ques.deriveNs(trans,ns);
return Result.err(rnd);
}
rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);
return Result.err(rnd);
}
rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);
USERS users = mapper.newInstance(API.USERS);
Result<List<CredDAO.Data>> rlcd = ques.credDAO.readNS(trans, ns);
USERS users = mapper.newInstance(API.USERS);
Result<List<CredDAO.Data>> rlcd = ques.credDAO.readNS(trans, ns);
@Override
public Result<USERS> getCredsByID(AuthzTrans trans, String id) {
final Validator v = new ServiceValidator();
@Override
public Result<USERS> getCredsByID(AuthzTrans trans, String id) {
final Validator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
String ns = Question.domain2ns(id);
// check if user is allowed to view NS
Result<NsDAO.Data> rnd = ques.deriveNs(trans,ns);
return Result.err(Status.ERR_BadData,v.errs());
}
String ns = Question.domain2ns(id);
// check if user is allowed to view NS
Result<NsDAO.Data> rnd = ques.deriveNs(trans,ns);
return Result.err(rnd);
}
rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);
return Result.err(rnd);
}
rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);
USERS users = mapper.newInstance(API.USERS);
Result<List<CredDAO.Data>> rlcd = ques.credDAO.readID(trans, id);
USERS users = mapper.newInstance(API.USERS);
Result<List<CredDAO.Data>> rlcd = ques.credDAO.readID(trans, id);
CERTS certs = mapper.newInstance(API.CERTS);
Result<List<CertDAO.Data>> rlcd = ques.certDAO.readID(trans, id);
CERTS certs = mapper.newInstance(API.CERTS);
Result<List<CertDAO.Data>> rlcd = ques.certDAO.readID(trans, id);
TimeTaken tt = trans.start(cmdDescription, Env.SUB);
try {
Result<CredDAO.Data> rcred = mapper.cred(trans, from, true);
TimeTaken tt = trans.start(cmdDescription, Env.SUB);
try {
Result<CredDAO.Data> rcred = mapper.cred(trans, from, true);
rcred = ques.userCredSetup(trans, rcred.value);
final ServiceValidator v = new ServiceValidator();
rcred = ques.userCredSetup(trans, rcred.value);
final ServiceValidator v = new ServiceValidator();
- if(v.cred(trans, trans.org(),rcred,false).err()) {// Note: Creates have stricter Validations
+ if (v.cred(trans, trans.org(),rcred,false).err()) {// Note: Creates have stricter Validations
return Result.err(Status.ERR_BadData,v.errs());
}
Result<List<CredDAO.Data>> rlcd = ques.credDAO.readID(trans, rcred.value.id);
return Result.err(Status.ERR_BadData,v.errs());
}
Result<List<CredDAO.Data>> rlcd = ques.credDAO.readID(trans, rcred.value.id);
Result<String> rfc = func.createFuture(trans, fd.value,
rcred.value.id + '|' + rcred.value.type.toString() + '|' + rcred.value.expires,
trans.user(), nsr.value.get(0), FUTURE_OP.U);
Result<String> rfc = func.createFuture(trans, fd.value,
rcred.value.id + '|' + rcred.value.type.toString() + '|' + rcred.value.expires,
trans.user(), nsr.value.get(0), FUTURE_OP.U);
return Result.err(Status.ACC_Future, "Credential Request [%s|%s|%s]",
rcred.value.id,
Integer.toString(rcred.value.type),
return Result.err(Status.ACC_Future, "Credential Request [%s|%s|%s]",
rcred.value.id,
Integer.toString(rcred.value.type),
// If we are Resetting Password on behalf of someone else (am not the Admin)
// use TempPassword Expiration time.
Expiration exp;
// If we are Resetting Password on behalf of someone else (am not the Admin)
// use TempPassword Expiration time.
Expiration exp;
String inputOption = cr.getEntry();
if (inputOption == null) {
String message = selectCredFromList(lcd, false);
String inputOption = cr.getEntry();
if (inputOption == null) {
String message = selectCredFromList(lcd, false);
return Result.err(Status.ERR_ChoiceNeeded, message, variables);
} else {
entry = Integer.parseInt(inputOption) - 1;
return Result.err(Status.ERR_ChoiceNeeded, message, variables);
} else {
entry = Integer.parseInt(inputOption) - 1;
Result<CredDAO.Data> cred = mapper.cred(trans, from, false);
Organization org = trans.org();
final ServiceValidator v = new ServiceValidator();
Result<CredDAO.Data> cred = mapper.cred(trans, from, false);
Organization org = trans.org();
final ServiceValidator v = new ServiceValidator();
v.nullOrBlank(cred.value.id, "Invalid ID").err() ||
v.user(org,cred.value.id).err()) {
return Result.err(Status.ERR_BadData,v.errs());
v.nullOrBlank(cred.value.id, "Invalid ID").err() ||
v.user(org,cred.value.id).err()) {
return Result.err(Status.ERR_BadData,v.errs());
// Get the list of Cred Entries
Result<List<CredDAO.Data>> rlcd = ques.credDAO.readID(trans, cred.value.id);
// Get the list of Cred Entries
Result<List<CredDAO.Data>> rlcd = ques.credDAO.readID(trans, cred.value.id);
return Result.err(Status.ERR_UserNotFound, "Credential does not exist");
}
//Need to do the "Pick Entry" mechanism
Result<Integer> ri = selectEntryIfMultiple((CredRequest)from, rlcd.value);
return Result.err(Status.ERR_UserNotFound, "Credential does not exist");
}
//Need to do the "Pick Entry" mechanism
Result<Integer> ri = selectEntryIfMultiple((CredRequest)from, rlcd.value);
private String[] buildVariables(List<CredDAO.Data> value) {
// ensure credentials are sorted so we can fully automate Cred regression test
private String[] buildVariables(List<CredDAO.Data> value) {
// ensure credentials are sorted so we can fully automate Cred regression test
- Collections.sort(value, new Comparator<CredDAO.Data>() {
- @Override
- public int compare(CredDAO.Data cred1, CredDAO.Data cred2) {
- return cred1.expires.compareTo(cred2.expires);
- }
- });
+ Collections.sort(value, (cred1, cred2) -> cred1.expires.compareTo(cred2.expires));
errMessage.append(" %s\n");
}
errMessage.append("Run same command again with chosen entry as last parameter");
errMessage.append(" %s\n");
}
errMessage.append("Run same command again with chosen entry as last parameter");
public Result<Void> deleteUserCred(AuthzTrans trans, REQUEST from) {
final Result<CredDAO.Data> cred = mapper.cred(trans, from, false);
final Validator v = new ServiceValidator();
public Result<Void> deleteUserCred(AuthzTrans trans, REQUEST from) {
final Result<CredDAO.Data> cred = mapper.cred(trans, from, false);
final Validator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
Result<List<CredDAO.Data>> rlcd = ques.credDAO.readID(trans, cred.value.id);
return Result.err(Status.ERR_BadData,v.errs());
}
Result<List<CredDAO.Data>> rlcd = ques.credDAO.readID(trans, cred.value.id);
// Empty Creds should have no user_roles.
Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO.readByUser(trans, cred.value.id);
// Empty Creds should have no user_roles.
Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO.readByUser(trans, cred.value.id);
if (rlcd.value.size() > 1) {
CredRequest cr = (CredRequest)from;
String inputOption = cr.getEntry();
if (inputOption == null) {
String message = selectCredFromList(rlcd.value, true);
if (rlcd.value.size() > 1) {
CredRequest cr = (CredRequest)from;
String inputOption = cr.getEntry();
if (inputOption == null) {
String message = selectCredFromList(rlcd.value, true);
- Result<FutureDAO.Data> fd = mapper.future(trans,CredDAO.TABLE,from,cred.value,false,
- new Mapper.Memo() {
- @Override
- public String get() {
- return "Delete Credential [" +
- cred.value.id +
- ']';
- }
- },
+ Result<FutureDAO.Data> fd = mapper.future(trans,CredDAO.TABLE,from,cred.value,false,
+ () -> "Delete Credential [" +
+ cred.value.id +
+ ']',
Result<String> rfc = func.createFuture(trans, fd.value, cred.value.id,
trans.user(), nsr.value.get(0), FUTURE_OP.D);
Result<String> rfc = func.createFuture(trans, fd.value, cred.value.id,
trans.user(), nsr.value.get(0), FUTURE_OP.D);
return Result.err(Status.ACC_Future, "Credential Delete [%s] is saved for future processing",cred.value.id);
} else {
return Result.err(rfc);
return Result.err(Status.ACC_Future, "Credential Delete [%s] is saved for future processing",cred.value.id);
} else {
return Result.err(rfc);
return Result.err(Status.ERR_BadData,"Invalid Choice [" + entry + "] chosen for Delete [%s] is saved for future processing",cred.value.id);
}
udr = ques.credDAO.delete(trans, rlcd.value.get(entry),false);
return Result.err(Status.ERR_BadData,"Invalid Choice [" + entry + "] chosen for Delete [%s] is saved for future processing",cred.value.id);
}
udr = ques.credDAO.delete(trans, rlcd.value.get(entry),false);
try {
// Note: Mapper assigns RAW type
Result<CredDAO.Data> data = mapper.cred(trans, credReq,false);
try {
// Note: Mapper assigns RAW type
Result<CredDAO.Data> data = mapper.cred(trans, credReq,false);
return Result.err(Result.ERR_BadData,"No Password");
} else {
return ques.doesUserCredMatch(trans, cred.id, cred.cred.array());
return Result.err(Result.ERR_BadData,"No Password");
} else {
return ques.doesUserCredMatch(trans, cred.id, cred.cred.array());
BasicPrincipal bp = new BasicPrincipal(basicAuth,trans.org().getRealm());
Result<Date> rq = ques.doesUserCredMatch(trans, bp.getName(), bp.getCred());
// Note: Only want to log problem, don't want to send back to end user
BasicPrincipal bp = new BasicPrincipal(basicAuth,trans.org().getRealm());
Result<Date> rq = ques.doesUserCredMatch(trans, bp.getName(), bp.getCred());
// Note: Only want to log problem, don't want to send back to end user
TimeTaken tt = trans.start("Create UserRole", Env.SUB);
try {
Result<UserRoleDAO.Data> urr = mapper.userRole(trans, from);
TimeTaken tt = trans.start("Create UserRole", Env.SUB);
try {
Result<UserRoleDAO.Data> urr = mapper.userRole(trans, from);
v.user(trans.org(), userRole.user).err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
v.user(trans.org(), userRole.user).err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
// Check if user can change first
Result<FutureDAO.Data> fd = mapper.future(trans,UserRoleDAO.TABLE,from,urr.value,true, // may request Approvals
// Check if user can change first
Result<FutureDAO.Data> fd = mapper.future(trans,UserRoleDAO.TABLE,from,urr.value,true, // may request Approvals
RoleDAO.Data r = RoleDAO.Data.decode(userRole);
nsd = ques.mayUser(trans, trans.user(), r, Access.write);
}
RoleDAO.Data r = RoleDAO.Data.decode(userRole);
nsd = ques.mayUser(trans, trans.user(), r, Access.write);
}
case OK:
Result<String> rfc = func.createFuture(trans, fd.value, userRole.user+'|'+userRole.ns + '.' + userRole.rname,
userRole.user, nsr.value, FUTURE_OP.C);
case OK:
Result<String> rfc = func.createFuture(trans, fd.value, userRole.user+'|'+userRole.ns + '.' + userRole.rname,
userRole.user, nsr.value, FUTURE_OP.C);
@Override
public Result<USERROLES> getUserRolesByRole(AuthzTrans trans, String role) {
final Validator v = new ServiceValidator();
@Override
public Result<USERROLES> getUserRolesByRole(AuthzTrans trans, String role) {
final Validator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
Result<RoleDAO.Data> rrdd;
rrdd = RoleDAO.Data.decode(trans,ques,role);
return Result.err(Status.ERR_BadData,v.errs());
}
Result<RoleDAO.Data> rrdd;
rrdd = RoleDAO.Data.decode(trans,ques,role);
// Get list of roles per user, then add to Roles as we go
HashSet<UserRoleDAO.Data> userSet = new HashSet<>();
Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO.readByRole(trans, role);
// Get list of roles per user, then add to Roles as we go
HashSet<UserRoleDAO.Data> userSet = new HashSet<>();
Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO.readByRole(trans, role);
@Override
public Result<USERROLES> getUserRolesByUser(AuthzTrans trans, String user) {
final Validator v = new ServiceValidator();
@Override
public Result<USERROLES> getUserRolesByUser(AuthzTrans trans, String user) {
final Validator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
// Get list of roles per user, then add to Roles as we go
Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO.readByUser(trans, user);
return Result.err(Status.ERR_BadData,v.errs());
}
// Get list of roles per user, then add to Roles as we go
Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO.readByUser(trans, user);
mustFilter = false;
} else {
Organization org = trans.org();
try {
Identity orgID = org.getIdentity(trans, user);
Identity manager = orgID==null?null:orgID.responsibleTo();
mustFilter = false;
} else {
Organization org = trans.org();
try {
Identity orgID = org.getIdentity(trans, user);
Identity manager = orgID==null?null:orgID.responsibleTo();
- } else if(ques.isGranted(trans, callingUser, ROOT_NS, Question.ACCESS, "*", Access.read.name())) {
+ } else if (ques.isGranted(trans, callingUser, ROOT_NS, Question.ACCESS, "*", Access.read.name())) {
ndd.name=data.ns;
Result<Data> mur = ques.mayUser(trans, callingUser, ndd, Access.read);
ndd.name=data.ns;
Result<Data> mur = ques.mayUser(trans, callingUser, ndd, Access.read);
public Result<Void> resetRolesForUser(AuthzTrans trans, REQUEST rreq) {
Result<UserRoleDAO.Data> rurdd = mapper.userRole(trans, rreq);
final ServiceValidator v = new ServiceValidator();
public Result<Void> resetRolesForUser(AuthzTrans trans, REQUEST rreq) {
Result<UserRoleDAO.Data> rurdd = mapper.userRole(trans, rreq);
final ServiceValidator v = new ServiceValidator();
return Result.err(rurdd);
}
if (v.user(trans.org(), rurdd.value.user).err()) {
return Result.err(rurdd);
}
if (v.user(trans.org(), rurdd.value.user).err()) {
Set<String> currRoles = new HashSet<>();
Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO.readByUser(trans, rurdd.value.user);
Set<String> currRoles = new HashSet<>();
Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO.readByUser(trans, rurdd.value.user);
return Result.err(Status.ERR_BadData,v.errs());
}
Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, ques, role);
return Result.err(Status.ERR_BadData,v.errs());
}
Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, ques, role);
for (String role : currRoles) {
rurdd.value.role(trans,ques,role);
rv = ques.userRoleDAO.delete(trans, rurdd.value, false);
for (String role : currRoles) {
rurdd.value.role(trans,ques,role);
rv = ques.userRoleDAO.delete(trans, rurdd.value, false);
trans.info().log(rurdd.value.user,"/",rurdd.value.role, "expected to be deleted, but does not exist");
// return rv; // if it doesn't exist, don't error out
}
trans.info().log(rurdd.value.user,"/",rurdd.value.role, "expected to be deleted, but does not exist");
// return rv; // if it doesn't exist, don't error out
}
@Override
public Result<Void> resetUsersForRole(AuthzTrans trans, REQUEST rreq) {
Result<UserRoleDAO.Data> rurdd = mapper.userRole(trans, rreq);
@Override
public Result<Void> resetUsersForRole(AuthzTrans trans, REQUEST rreq) {
Result<UserRoleDAO.Data> rurdd = mapper.userRole(trans, rreq);
return Result.err(nsr);
}
Set<String> currUsers = new HashSet<>();
Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO.readByRole(trans, rurdd.value.role);
return Result.err(nsr);
}
Set<String> currUsers = new HashSet<>();
Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO.readByRole(trans, rurdd.value.role);
for (String user : currUsers) {
rurdd.value.user = user;
rv = ques.userRoleDAO.delete(trans, rurdd.value, false);
for (String user : currUsers) {
rurdd.value.user = user;
rv = ques.userRoleDAO.delete(trans, rurdd.value, false);
public Result<Void> extendUserRole(AuthzTrans trans, String user, String role) {
Organization org = trans.org();
final ServiceValidator v = new ServiceValidator();
public Result<Void> extendUserRole(AuthzTrans trans, String user, String role) {
Organization org = trans.org();
final ServiceValidator v = new ServiceValidator();
.role(role)
.err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans,ques,role);
.role(role)
.err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans,ques,role);
return Result.err(rrdd);
}
Result<NsDAO.Data> rcr = ques.mayUser(trans, trans.user(), rrdd.value, Access.write);
boolean mayNotChange;
return Result.err(rrdd);
}
Result<NsDAO.Data> rcr = ques.mayUser(trans, trans.user(), rrdd.value, Access.write);
boolean mayNotChange;
- for(UserRoleDAO.Data userRole : rr.value) {
- if(mayNotChange) { // Function exited earlier if !trans.futureRequested
+ for (UserRoleDAO.Data userRole : rr.value) {
+ if (mayNotChange) { // Function exited earlier if !trans.futureRequested
FutureDAO.Data fto = new FutureDAO.Data();
fto.target=UserRoleDAO.TABLE;
fto.memo = "Extend User ["+userRole.user+"] in Role ["+userRole.role+"]";
FutureDAO.Data fto = new FutureDAO.Data();
fto.target=UserRoleDAO.TABLE;
fto.memo = "Extend User ["+userRole.user+"] in Role ["+userRole.role+"]";
Result<String> rfc = func.createFuture(trans, fto,
userRole.user+'|'+userRole.role, userRole.user, rcr.value, FUTURE_OP.U);
Result<String> rfc = func.createFuture(trans, fto,
userRole.user+'|'+userRole.role, userRole.user, rcr.value, FUTURE_OP.U);
@Override
public Result<Void> deleteUserRole(AuthzTrans trans, String usr, String role) {
Validator val = new ServiceValidator();
@Override
public Result<Void> deleteUserRole(AuthzTrans trans, String usr, String role) {
Validator val = new ServiceValidator();
.nullOrBlank("Role", role).err()) {
return Result.err(Status.ERR_BadData, val.errs());
}
boolean mayNotChange;
Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans,ques,role);
.nullOrBlank("Role", role).err()) {
return Result.err(Status.ERR_BadData, val.errs());
}
boolean mayNotChange;
Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans,ques,role);
Result<NsDAO.Data> rns = ques.mayUser(trans, trans.user(), rdd, Access.write);
// Make sure we don't delete the last owner of valid NS
Result<NsDAO.Data> rns = ques.mayUser(trans, trans.user(), rdd, Access.write);
// Make sure we don't delete the last owner of valid NS
return Result.err(Status.ERR_UserRoleNotFound, "User [ "+usr+" ] is not "
+ "Assigned to the Role [ " + role + " ]");
}
UserRoleDAO.Data userRole = rulr.value.get(0);
return Result.err(Status.ERR_UserRoleNotFound, "User [ "+usr+" ] is not "
+ "Assigned to the Role [ " + role + " ]");
}
UserRoleDAO.Data userRole = rulr.value.get(0);
FutureDAO.Data fto = new FutureDAO.Data();
fto.target=UserRoleDAO.TABLE;
fto.memo = "Remove User ["+userRole.user+"] from Role ["+userRole.role+"]";
FutureDAO.Data fto = new FutureDAO.Data();
fto.target=UserRoleDAO.TABLE;
fto.memo = "Remove User ["+userRole.user+"] from Role ["+userRole.role+"]";
Result<String> rfc = func.createFuture(trans, fto,
userRole.user+'|'+userRole.role, userRole.user, rns.value, FUTURE_OP.D);
Result<String> rfc = func.createFuture(trans, fto,
userRole.user+'|'+userRole.role, userRole.user, rns.value, FUTURE_OP.D);
@Override
public Result<USERS> getUserInRole(AuthzTrans trans, String user, String role) {
final Validator v = new ServiceValidator();
@Override
public Result<USERS> getUserInRole(AuthzTrans trans, String user, String role) {
final Validator v = new ServiceValidator();
// Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), ns.value, Access.write);
// May calling user see by virtue of the Role
Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, ques, role);
// Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), ns.value, Access.write);
// May calling user see by virtue of the Role
Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, ques, role);
return Result.err(rrdd);
}
Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), rrdd.value,Access.read);
return Result.err(rrdd);
}
Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), rrdd.value,Access.read);
return Result.err(rnd);
}
HashSet<UserRoleDAO.Data> userSet = new HashSet<>();
Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO.readUserInRole(trans, user, role);
return Result.err(rnd);
}
HashSet<UserRoleDAO.Data> userSet = new HashSet<>();
Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO.readUserInRole(trans, user, role);
@Override
public Result<USERS> getUsersByRole(AuthzTrans trans, String role) {
final Validator v = new ServiceValidator();
@Override
public Result<USERS> getUsersByRole(AuthzTrans trans, String role) {
final Validator v = new ServiceValidator();
// Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), ns.value, Access.write);
// May calling user see by virtue of the Role
Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, ques, role);
// Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), ns.value, Access.write);
// May calling user see by virtue of the Role
Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, ques, role);
return Result.err(rrdd);
}
boolean contactOnly = false;
// Allow the request of any valid user to find the contact of the NS (Owner)
Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), rrdd.value,Access.read);
return Result.err(rrdd);
}
boolean contactOnly = false;
// Allow the request of any valid user to find the contact of the NS (Owner)
Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), rrdd.value,Access.read);
HashSet<UserRoleDAO.Data> userSet = new HashSet<>();
Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO.readByRole(trans, role);
HashSet<UserRoleDAO.Data> userSet = new HashSet<>();
Result<List<UserRoleDAO.Data>> rlurd = ques.userRoleDAO.readByRole(trans, role);
// Can't change actual object, or will mess up the cache.
UserRoleDAO.Data scrub = new UserRoleDAO.Data();
scrub.ns = data.ns;
// Can't change actual object, or will mess up the cache.
UserRoleDAO.Data scrub = new UserRoleDAO.Data();
scrub.ns = data.ns;
@Override
public Result<USERS> getUsersByPermission(AuthzTrans trans, String type, String instance, String action) {
final Validator v = new ServiceValidator();
@Override
public Result<USERS> getUsersByPermission(AuthzTrans trans, String type, String instance, String action) {
final Validator v = new ServiceValidator();
.nullOrBlank("Instance",instance)
.nullOrBlank("Action",action)
.err()) {
.nullOrBlank("Instance",instance)
.nullOrBlank("Action",action)
.err()) {
- if(rlp.isOKhasData()) {
- for(PermDAO.Data pd : rlp.value) {
- if((allInstance || pd.instance.equals(instance)) &&
+ if (rlp.isOKhasData()) {
+ for (PermDAO.Data pd : rlp.value) {
+ if ((allInstance || pd.instance.equals(instance)) &&
- if(ques.mayUser(trans, trans.user(),pd,Access.read).isOK()) {
- for(String role : pd.roles) {
- if(!roleUsed.contains(role)) { // avoid evaluating Role many times
+ if (ques.mayUser(trans, trans.user(),pd,Access.read).isOK()) {
+ for (String role : pd.roles) {
+ if (!roleUsed.contains(role)) { // avoid evaluating Role many times
@Override
public Result<HISTORY> getHistoryByUser(final AuthzTrans trans, String user, final int[] yyyymm, final int sort) {
final Validator v = new ServiceValidator();
@Override
public Result<HISTORY> getHistoryByUser(final AuthzTrans trans, String user, final int[] yyyymm, final int sort) {
final Validator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
Result<NsDAO.Data> rnd;
// Users may look at their own data
return Result.err(Status.ERR_BadData,v.errs());
}
Result<NsDAO.Data> rnd;
// Users may look at their own data
NsDAO.Data nsd = new NsDAO.Data();
nsd.name = Question.domain2ns(user);
rnd = ques.mayUser(trans, trans.user(), nsd, Access.read);
NsDAO.Data nsd = new NsDAO.Data();
nsd.name = Question.domain2ns(user);
rnd = ques.mayUser(trans, trans.user(), nsd, Access.read);
return Result.err(rnd);
}
rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);
return Result.err(rnd);
}
rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);
@Override
public Result<HISTORY> getHistoryByRole(AuthzTrans trans, String role, int[] yyyymm, final int sort) {
final Validator v = new ServiceValidator();
@Override
public Result<HISTORY> getHistoryByRole(AuthzTrans trans, String role, int[] yyyymm, final int sort) {
final Validator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, ques, role);
return Result.err(Status.ERR_BadData,v.errs());
}
Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, ques, role);
return Result.err(rrdd);
}
Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), rrdd.value, Access.read);
return Result.err(rrdd);
}
Result<NsDAO.Data> rnd = ques.mayUser(trans, trans.user(), rrdd.value, Access.read);
return Result.err(rnd);
}
Result<List<HistoryDAO.Data>> resp = ques.historyDAO.readBySubject(trans, role, "role", yyyymm);
return Result.err(rnd);
}
Result<List<HistoryDAO.Data>> resp = ques.historyDAO.readBySubject(trans, role, "role", yyyymm);
@Override
public Result<HISTORY> getHistoryByPerm(AuthzTrans trans, String type, int[] yyyymm, final int sort) {
final Validator v = new ServiceValidator();
@Override
public Result<HISTORY> getHistoryByPerm(AuthzTrans trans, String type, int[] yyyymm, final int sort) {
final Validator v = new ServiceValidator();
.err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
// May user see Namespace of Permission (since it's only one piece... we can't check for "is permission part of")
Result<NsDAO.Data> rnd = ques.deriveNs(trans,type);
.err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
// May user see Namespace of Permission (since it's only one piece... we can't check for "is permission part of")
Result<NsDAO.Data> rnd = ques.deriveNs(trans,type);
return Result.err(rnd);
}
rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);
return Result.err(rnd);
}
rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);
return Result.err(rnd);
}
Result<List<HistoryDAO.Data>> resp = ques.historyDAO.readBySubject(trans, type, "perm", yyyymm);
return Result.err(rnd);
}
Result<List<HistoryDAO.Data>> resp = ques.historyDAO.readBySubject(trans, type, "perm", yyyymm);
@Override
public Result<HISTORY> getHistoryByNS(AuthzTrans trans, String ns, int[] yyyymm, final int sort) {
final Validator v = new ServiceValidator();
@Override
public Result<HISTORY> getHistoryByNS(AuthzTrans trans, String ns, int[] yyyymm, final int sort) {
final Validator v = new ServiceValidator();
.err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
Result<NsDAO.Data> rnd = ques.deriveNs(trans,ns);
.err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
Result<NsDAO.Data> rnd = ques.deriveNs(trans,ns);
return Result.err(rnd);
}
rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);
return Result.err(rnd);
}
rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);
return Result.err(rnd);
}
Result<List<HistoryDAO.Data>> resp = ques.historyDAO.readBySubject(trans, ns, "ns", yyyymm);
return Result.err(rnd);
}
Result<List<HistoryDAO.Data>> resp = ques.historyDAO.readBySubject(trans, ns, "ns", yyyymm);
private Result<Void> createOrUpdateDelegate(final AuthzTrans trans, REQUEST base, final Access access) {
final Result<DelegateDAO.Data> rd = mapper.delegate(trans, base);
final ServiceValidator v = new ServiceValidator();
private Result<Void> createOrUpdateDelegate(final AuthzTrans trans, REQUEST base, final Access access) {
final Result<DelegateDAO.Data> rd = mapper.delegate(trans, base);
final ServiceValidator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
final DelegateDAO.Data dd = rd.value;
Result<List<DelegateDAO.Data>> ddr = ques.delegateDAO.read(trans, dd);
return Result.err(Status.ERR_BadData,v.errs());
}
final DelegateDAO.Data dd = rd.value;
Result<List<DelegateDAO.Data>> ddr = ques.delegateDAO.read(trans, dd);
return Result.err(Status.ERR_ConflictAlreadyExists, "[%s] already delegates to [%s]", dd.user, ddr.value.get(0).delegate);
return Result.err(Status.ERR_ConflictAlreadyExists, "[%s] already delegates to [%s]", dd.user, ddr.value.get(0).delegate);
return Result.err(Status.ERR_NotFound, "[%s] does not have a Delegate Record to [%s].",dd.user,access.name());
}
Result<Void> rv = ques.mayUser(trans, dd, access);
return Result.err(Status.ERR_NotFound, "[%s] does not have a Delegate Record to [%s].",dd.user,access.name());
}
Result<Void> rv = ques.mayUser(trans, dd, access);
- Result<FutureDAO.Data> fd = mapper.future(trans,DelegateDAO.TABLE,base, dd, false,
- new Mapper.Memo() {
- @Override
- public String get() {
- StringBuilder sb = new StringBuilder();
- sb.append(access.name());
- sb.setCharAt(0, Character.toUpperCase(sb.charAt(0)));
- sb.append("Delegate ");
- sb.append(access==Access.create?"[":"to [");
- sb.append(rd.value.delegate);
- sb.append("] for [");
- sb.append(rd.value.user);
- sb.append(']');
- return sb.toString();
- }
+ Result<FutureDAO.Data> fd = mapper.future(trans,DelegateDAO.TABLE,base, dd, false,
+ () -> {
+ StringBuilder sb = new StringBuilder();
+ sb.append(access.name());
+ sb.setCharAt(0, Character.toUpperCase(sb.charAt(0)));
+ sb.append("Delegate ");
+ sb.append(access==Access.create?"[":"to [");
+ sb.append(rd.value.delegate);
+ sb.append("] for [");
+ sb.append(rd.value.user);
+ sb.append(']');
+ return sb.toString();
});
switch(fd.status) {
case OK:
Result<String> rfc = func.createFuture(trans, fd.value,
dd.user, trans.user(),null, access==Access.create?FUTURE_OP.C:FUTURE_OP.U);
});
switch(fd.status) {
case OK:
Result<String> rfc = func.createFuture(trans, fd.value,
dd.user, trans.user(),null, access==Access.create?FUTURE_OP.C:FUTURE_OP.U);
public Result<Void> deleteDelegate(AuthzTrans trans, REQUEST base) {
final Result<DelegateDAO.Data> rd = mapper.delegate(trans, base);
final Validator v = new ServiceValidator();
public Result<Void> deleteDelegate(AuthzTrans trans, REQUEST base) {
final Result<DelegateDAO.Data> rd = mapper.delegate(trans, base);
final Validator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
Result<List<DelegateDAO.Data>> ddl;
return Result.err(Status.ERR_BadData,v.errs());
}
Result<List<DelegateDAO.Data>> ddl;
return Result.err(Status.ERR_DelegateNotFound,"Cannot delete non-existent Delegate");
}
final DelegateDAO.Data dd = ddl.value.get(0);
Result<Void> rv = ques.mayUser(trans, dd, Access.write);
return Result.err(Status.ERR_DelegateNotFound,"Cannot delete non-existent Delegate");
}
final DelegateDAO.Data dd = ddl.value.get(0);
Result<Void> rv = ques.mayUser(trans, dd, Access.write);
public Result<Void> deleteDelegate(AuthzTrans trans, String userName) {
DelegateDAO.Data dd = new DelegateDAO.Data();
final Validator v = new ServiceValidator();
public Result<Void> deleteDelegate(AuthzTrans trans, String userName) {
DelegateDAO.Data dd = new DelegateDAO.Data();
final Validator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
dd.user = userName;
Result<List<DelegateDAO.Data>> ddl;
return Result.err(Status.ERR_BadData,v.errs());
}
dd.user = userName;
Result<List<DelegateDAO.Data>> ddl;
return Result.err(Status.ERR_DelegateNotFound,"Cannot delete non-existent Delegate");
}
dd = ddl.value.get(0);
Result<Void> rv = ques.mayUser(trans, dd, Access.write);
return Result.err(Status.ERR_DelegateNotFound,"Cannot delete non-existent Delegate");
}
dd = ddl.value.get(0);
Result<Void> rv = ques.mayUser(trans, dd, Access.write);
@Override
public Result<DELGS> getDelegatesByUser(AuthzTrans trans, String user) {
final Validator v = new ServiceValidator();
@Override
public Result<DELGS> getDelegatesByUser(AuthzTrans trans, String user) {
final Validator v = new ServiceValidator();
@Override
public Result<DELGS> getDelegatesByDelegate(AuthzTrans trans, String delegate) {
final Validator v = new ServiceValidator();
@Override
public Result<DELGS> getDelegatesByDelegate(AuthzTrans trans, String delegate) {
final Validator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
DelegateDAO.Data ddd = new DelegateDAO.Data();
ddd.user = delegate;
Result<Void> rv = ques.mayUser(trans, ddd, Access.read);
return Result.err(Status.ERR_BadData,v.errs());
}
DelegateDAO.Data ddd = new DelegateDAO.Data();
ddd.user = delegate;
Result<Void> rv = ques.mayUser(trans, ddd, Access.read);
@Override
public Result<Void> updateApproval(AuthzTrans trans, APPROVALS approvals) {
Result<List<ApprovalDAO.Data>> rlad = mapper.approvals(approvals);
@Override
public Result<Void> updateApproval(AuthzTrans trans, APPROVALS approvals) {
Result<List<ApprovalDAO.Data>> rlad = mapper.approvals(approvals);
curr = ques.approvalDAO.readByApprover(trans, updt.approver);
} else {
return Result.err(Status.ERR_BadData,"Approvals need ID, Ticket or Approval data to update");
}
curr = ques.approvalDAO.readByApprover(trans, updt.approver);
} else {
return Result.err(Status.ERR_BadData,"Approvals need ID, Ticket or Approval data to update");
}
Map<String, Result<List<DelegateDAO.Data>>> delegateCache = new HashMap<>();
Map<UUID, FutureDAO.Data> futureCache = new HashMap<>();
FutureDAO.Data hasDeleted = new FutureDAO.Data();
Map<String, Result<List<DelegateDAO.Data>>> delegateCache = new HashMap<>();
Map<UUID, FutureDAO.Data> futureCache = new HashMap<>();
FutureDAO.Data hasDeleted = new FutureDAO.Data();
// Check for right record. Need ID, or (Ticket&Trans.User==Appr)
// If Default ID
boolean delegatedAction = ques.isDelegated(trans, user, cd.approver, delegateCache);
String delegator = cd.approver;
// Check for right record. Need ID, or (Ticket&Trans.User==Appr)
// If Default ID
boolean delegatedAction = ques.isDelegated(trans, user, cd.approver, delegateCache);
String delegator = cd.approver;
Changed ch = new Changed();
cd.id = ch.changed(cd.id,updt.id);
// cd.ticket = changed(cd.ticket,updt.ticket);
Changed ch = new Changed();
cd.id = ch.changed(cd.id,updt.id);
// cd.ticket = changed(cd.ticket,updt.ticket);
cd.memo = ch.changed(cd.memo,updt.memo);
cd.operation = ch.changed(cd.operation,updt.operation);
cd.updated = ch.changed(cd.updated,updt.updated==null?new Date():updt.updated);
cd.memo = ch.changed(cd.memo,updt.memo);
cd.operation = ch.changed(cd.operation,updt.operation);
cd.updated = ch.changed(cd.updated,updt.updated==null?new Date():updt.updated);
fdd = rfdd.value; // null is ok
} else {
fdd = hasDeleted;
}
futureCache.put(cd.ticket, fdd); // processed this Ticket... don't do others on this ticket
}
fdd = rfdd.value; // null is ok
} else {
fdd = hasDeleted;
}
futureCache.put(cd.ticket, fdd); // processed this Ticket... don't do others on this ticket
}
Result<OP_STATUS> rv = func.performFutureOp(trans, fop, fdd, apprByTicket,func.urDBLookup);
if (rv.isOK()) {
switch(rv.value) {
Result<OP_STATUS> rv = func.performFutureOp(trans, fop, fdd, apprByTicket,func.urDBLookup);
if (rv.isOK()) {
switch(rv.value) {
private boolean hasChanged = false;
public<T> T changed(T src, T proposed) {
private boolean hasChanged = false;
public<T> T changed(T src, T proposed) {
@Override
public Result<APPROVALS> getApprovalsByUser(AuthzTrans trans, String user) {
final Validator v = new ServiceValidator();
@Override
public Result<APPROVALS> getApprovalsByUser(AuthzTrans trans, String user) {
final Validator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
Result<List<ApprovalDAO.Data>> rapd = ques.approvalDAO.readByUser(trans, user);
return Result.err(Status.ERR_BadData,v.errs());
}
Result<List<ApprovalDAO.Data>> rapd = ques.approvalDAO.readByUser(trans, user);
@Override
public Result<APPROVALS> getApprovalsByTicket(AuthzTrans trans, String ticket) {
final Validator v = new ServiceValidator();
@Override
public Result<APPROVALS> getApprovalsByTicket(AuthzTrans trans, String ticket) {
final Validator v = new ServiceValidator();
@Override
public Result<APPROVALS> getApprovalsByApprover(AuthzTrans trans, String approver) {
final Validator v = new ServiceValidator();
@Override
public Result<APPROVALS> getApprovalsByApprover(AuthzTrans trans, String approver) {
final Validator v = new ServiceValidator();
return Result.err(Status.ERR_BadData,v.errs());
}
List<ApprovalDAO.Data> listRapds = new ArrayList<>();
Result<List<ApprovalDAO.Data>> myRapd = ques.approvalDAO.readByApprover(trans, approver);
return Result.err(Status.ERR_BadData,v.errs());
}
List<ApprovalDAO.Data> listRapds = new ArrayList<>();
Result<List<ApprovalDAO.Data>> myRapd = ques.approvalDAO.readByApprover(trans, approver);
- if(ques.isGranted(trans,trans.user(),ROOT_NS,CACHE,cname,"clear")) {
+ if (ques.isGranted(trans,trans.user(),ROOT_NS,CACHE,cname,"clear")) {
return ques.clearCache(trans,cname);
}
return Result.err(Status.ERR_Denied, "%s does not have AAF Permission '%s.%s|%s|clear",
return ques.clearCache(trans,cname);
}
return Result.err(Status.ERR_Denied, "%s does not have AAF Permission '%s.%s|%s|clear",
- if(ques.isGranted(trans,trans.user(),ROOT_NS,CACHE,cname,"clear")) {
+ if (ques.isGranted(trans,trans.user(),ROOT_NS,CACHE,cname,"clear")) {