* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
namespace.owner = from.getResponsible();
namespace.description = from.getDescription();
trans.checkpoint(namespace.name, Env.ALWAYS);
namespace.owner = from.getResponsible();
namespace.description = from.getDescription();
trans.checkpoint(namespace.name, Env.ALWAYS);
NsType nt = NsType.fromString(from.getType());
if (nt.equals(NsType.UNKNOWN)) {
String ns = namespace.name;
NsType nt = NsType.fromString(from.getType());
if (nt.equals(NsType.UNKNOWN)) {
String ns = namespace.name;
tt = trans.start("Sort Perms", Env.SUB);
try {
Collections.sort(perms, new Comparator<Perm>() {
tt = trans.start("Sort Perms", Env.SUB);
try {
Collections.sort(perms, new Comparator<Perm>() {
@Override
public Result<Perms> perms(AuthzTrans trans, List<PermDAO.Data> from, Perms to, String[] nss, boolean filter) {
List<Perm> perms = to.getPerm();
@Override
public Result<Perms> perms(AuthzTrans trans, List<PermDAO.Data> from, Perms to, String[] nss, boolean filter) {
List<Perm> perms = to.getPerm();
tt = trans.start("Sort Perms", Env.SUB);
try {
Collections.sort(perms, new Comparator<Perm>() {
tt = trans.start("Sort Perms", Env.SUB);
try {
Collections.sort(perms, new Comparator<Perm>() {
for (Perm p : perms.getPerm()) {
Result<NsSplit> nss = q.deriveNsSplit(trans, p.getType());
PermDAO.Data pd = new PermDAO.Data();
for (Perm p : perms.getPerm()) {
Result<NsSplit> nss = q.deriveNsSplit(trans, p.getType());
PermDAO.Data pd = new PermDAO.Data();
@Override
public Result<PermDAO.Data> permkey(AuthzTrans trans, Pkey from) {
return q.permFrom(trans, from.getType(),from.getInstance(),from.getAction());
}
@Override
public Result<PermDAO.Data> permkey(AuthzTrans trans, Pkey from) {
return q.permFrom(trans, from.getType(),from.getInstance(),from.getAction());
}
@Override
public Result<PermDAO.Data> permFromRPRequest(AuthzTrans trans, Request req) {
RolePermRequest from = (RolePermRequest)req;
@Override
public Result<PermDAO.Data> permFromRPRequest(AuthzTrans trans, Request req) {
RolePermRequest from = (RolePermRequest)req;
if (perm==null)return Result.err(Status.ERR_NotFound, "Permission not found");
Result<NsSplit> nss = q.deriveNsSplit(trans, perm.getType());
PermDAO.Data pd = new PermDAO.Data();
if (perm==null)return Result.err(Status.ERR_NotFound, "Permission not found");
Result<NsSplit> nss = q.deriveNsSplit(trans, perm.getType());
PermDAO.Data pd = new PermDAO.Data();
pd.ns=nss.value.ns;
pd.type = nss.value.name;
pd.instance = from.getPerm().getInstance();
pd.action = from.getPerm().getAction();
trans.checkpoint(pd.fullPerm(), Env.ALWAYS);
pd.ns=nss.value.ns;
pd.type = nss.value.name;
pd.instance = from.getPerm().getInstance();
pd.action = from.getPerm().getAction();
trans.checkpoint(pd.fullPerm(), Env.ALWAYS);
if (from.getRole() != null) {
roles = from.getRole().split(",");
}
if (from.getRole() != null) {
roles = from.getRole().split(",");
}
@Override
public Result<RoleDAO.Data> roleFromRPRequest(AuthzTrans trans, Request req) {
RolePermRequest from = (RolePermRequest)req;
Result<NsSplit> nss = q.deriveNsSplit(trans, from.getRole());
RoleDAO.Data rd = new RoleDAO.Data();
@Override
public Result<RoleDAO.Data> roleFromRPRequest(AuthzTrans trans, Request req) {
RolePermRequest from = (RolePermRequest)req;
Result<NsSplit> nss = q.deriveNsSplit(trans, from.getRole());
RoleDAO.Data rd = new RoleDAO.Data();
rd.ns = nss.value.ns;
rd.name = nss.value.name;
trans.checkpoint(rd.fullName(), Env.ALWAYS);
rd.ns = nss.value.ns;
rd.name = nss.value.name;
trans.checkpoint(rd.fullName(), Env.ALWAYS);
@Override
public Result<PermDAO.Data> perm(AuthzTrans trans, Request req) {
PermRequest from = (PermRequest)req;
String type = from.getType();
if(type==null) {
@Override
public Result<PermDAO.Data> perm(AuthzTrans trans, Request req) {
PermRequest from = (PermRequest)req;
String type = from.getType();
if(type==null) {
- String[] split = Split.splitTrim(':', type);
- pd.ns = split[0];
- pd.type=split.length>1?split[1]:"";
- pd.instance = from.getInstance();
- pd.action = from.getAction();
- pd.description = from.getDescription();
- return Result.ok(pd);
+ String[] split = Split.splitTrim(':', type);
+ pd.ns = split[0];
+ pd.type=split.length>1?split[1]:"";
+ pd.instance = from.getInstance();
+ pd.action = from.getAction();
+ pd.description = from.getDescription();
+ return Result.ok(pd);
- Result<NsSplit> nss = q.deriveNsSplit(trans, from.getType());
- if (nss.isOK()) {
- pd.ns=nss.value.ns;
- pd.type = nss.value.name;
- pd.instance = from.getInstance();
- pd.action = from.getAction();
- pd.description = from.getDescription();
- trans.checkpoint(pd.fullPerm(), Env.ALWAYS);
- return Result.ok(pd);
- } else {
- return Result.err(nss);
- }
- }
- }
-
+ Result<NsSplit> nss = q.deriveNsSplit(trans, from.getType());
+ if (nss.isOK()) {
+ pd.ns=nss.value.ns;
+ pd.type = nss.value.name;
+ pd.instance = from.getInstance();
+ pd.action = from.getAction();
+ pd.description = from.getDescription();
+ trans.checkpoint(pd.fullPerm(), Env.ALWAYS);
+ return Result.ok(pd);
+ } else {
+ return Result.err(nss);
+ }
+ }
+ }
+
@Override
public Request ungrantRequest(AuthzTrans trans, String role, String type, String instance, String action) {
RolePermRequest rpr = new RolePermRequest();
@Override
public Request ungrantRequest(AuthzTrans trans, String role, String type, String instance, String action) {
RolePermRequest rpr = new RolePermRequest();
*/
@Override
public Result<Roles> roles(AuthzTrans trans, List<RoleDAO.Data> from, Roles to, boolean filter) {
*/
@Override
public Result<Roles> roles(AuthzTrans trans, List<RoleDAO.Data> from, Roles to, boolean filter) {
for (RoleDAO.Data frole : from) {
// Only Add Data to view if User is allowed to see this Role
if (!filter || q.mayUser(trans, trans.user(), frole,Access.read).isOK()) {
for (RoleDAO.Data frole : from) {
// Only Add Data to view if User is allowed to see this Role
if (!filter || q.mayUser(trans, trans.user(), frole,Access.read).isOK()) {
to.ns = Question.domain2ns(to.id);
to.type = from.getType();
if(to.type!=null && to.type==CredDAO.FQI) {
to.ns = Question.domain2ns(to.id);
to.type = from.getType();
if(to.type!=null && to.type==CredDAO.FQI) {
- String passwd = from.getPassword();
- if (requiresPass) {
- String ok = trans.org().isValidPassword(trans, to.id,passwd);
- if (ok.length()>0) {
- return Result.err(Status.ERR_BadData,ok);
- }
- }
- if (passwd != null) {
- to.cred = ByteBuffer.wrap(passwd.getBytes());
- to.type = CredDAO.RAW;
- } else {
- to.type = CredDAO.NONE;
- }
- }
-
+ String passwd = from.getPassword();
+ if (requiresPass) {
+ String ok = trans.org().isValidPassword(trans, to.id,passwd);
+ if (ok.length()>0) {
+ return Result.err(Status.ERR_BadData,ok);
+ }
+ }
+ if (passwd != null) {
+ to.cred = ByteBuffer.wrap(passwd.getBytes());
+ to.type = CredDAO.RAW;
+ } else {
+ to.type = CredDAO.NONE;
+ }
+ }
+
// Note: Ensure requested EndDate created will match Organization Password Rules
// P.S. Do not apply TempPassword rule here. Do that when you know you are doing a Create/Reset (see Service)
to.expires = getExpires(trans.org(),Expiration.Password,base,from.getId());
// Note: Ensure requested EndDate created will match Organization Password Rules
// P.S. Do not apply TempPassword rule here. Do that when you know you are doing a Create/Reset (see Service)
to.expires = getExpires(trans.org(),Expiration.Password,base,from.getId());
@Override
public Result<Users> cred(List<CredDAO.Data> from, Users to) {
List<User> cu = to.getUser();
@Override
public Result<Users> cred(List<CredDAO.Data> from, Users to) {
List<User> cu = to.getUser();
@Override
public Result<Certs> cert(List<CertDAO.Data> from, Certs to) {
List<Cert> lc = to.getCert();
@Override
public Result<Certs> cert(List<CertDAO.Data> from, Certs to) {
List<Cert> lc = to.getCert();
/**
* Analyze whether Requests should be acted on now, or in the future, based on Start Date, and whether the requester
* is allowed to change this value directly
/**
* Analyze whether Requests should be acted on now, or in the future, based on Start Date, and whether the requester
* is allowed to change this value directly
* Returning Result.OK means it should be done in the future.
* Returning Result.ACC_Now means to act on table change now.
*/
@Override
* Returning Result.OK means it should be done in the future.
* Returning Result.ACC_Now means to act on table change now.
*/
@Override
- public Result<FutureDAO.Data> future(AuthzTrans trans, String table, Request from,
+ public Result<FutureDAO.Data> future(AuthzTrans trans, String table, Request from,
Bytification content, boolean enableApproval, Memo memo, MayChange mc) {
Result<?> rMayChange;
Bytification content, boolean enableApproval, Memo memo, MayChange mc) {
Result<?> rMayChange;
if (!needsAppr && (needsAppr = (rMayChange=mc.mayChange()).notOK())) {
if (enableApproval) {
if (!trans.requested(AuthzTrans.REQD_TYPE.future)) {
if (!needsAppr && (needsAppr = (rMayChange=mc.mayChange()).notOK())) {
if (enableApproval) {
if (!trans.requested(AuthzTrans.REQD_TYPE.future)) {
GregorianCalendar expires = trans.org().expiration(start, Expiration.Future);
XMLGregorianCalendar xgc;
if ((xgc=from.getEnd())!=null) {
GregorianCalendar fgc = xgc.toGregorianCalendar();
expires = expires.before(fgc)?expires:fgc; // Min of desired expiration, and Org expiration
}
GregorianCalendar expires = trans.org().expiration(start, Expiration.Future);
XMLGregorianCalendar xgc;
if ((xgc=from.getEnd())!=null) {
GregorianCalendar fgc = xgc.toGregorianCalendar();
expires = expires.before(fgc)?expires:fgc; // Min of desired expiration, and Org expiration
}
//TODO needs two answers from this. What's the NSS, and may Change.
FutureDAO.Data fto;
if (start.after(now) || needsAppr ) {
//TODO needs two answers from this. What's the NSS, and may Change.
FutureDAO.Data fto;
if (start.after(now) || needsAppr ) {
@Override
public Result<List<ApprovalDAO.Data>> approvals(Approvals apprs) {
List<ApprovalDAO.Data> lappr = new ArrayList<>();
@Override
public Result<List<ApprovalDAO.Data>> approvals(Approvals apprs) {
List<ApprovalDAO.Data> lappr = new ArrayList<>();
XMLGregorianCalendar xgc = a.getUpdated();
if (xgc!=null)ad.updated=xgc.toGregorianCalendar().getTime();
lappr.add(ad);
XMLGregorianCalendar xgc = a.getUpdated();
if (xgc!=null)ad.updated=xgc.toGregorianCalendar().getTime();
lappr.add(ad);
/*
* We want "Expired" dates to start at a specified time set by the Organization, and consistent wherever
* the date is created from.
/*
* We want "Expired" dates to start at a specified time set by the Organization, and consistent wherever
* the date is created from.
private Date getExpires(Organization org, Expiration exp, Request base, String id) {
XMLGregorianCalendar end = base.getEnd();
GregorianCalendar gc = end==null?new GregorianCalendar():end.toGregorianCalendar();
GregorianCalendar orggc;
private Date getExpires(Organization org, Expiration exp, Request base, String id) {
XMLGregorianCalendar end = base.getEnd();
GregorianCalendar gc = end==null?new GregorianCalendar():end.toGregorianCalendar();
GregorianCalendar orggc;
GregorianCalendar endgc = end==null||gc.after(orggc)?orggc:gc;
// Allow the Organization to determine when official "day Start" begins, Specifically when to consider something Expired.
endgc = Chrono.firstMomentOfDay(endgc);
GregorianCalendar endgc = end==null||gc.after(orggc)?orggc:gc;
// Allow the Organization to determine when official "day Start" begins, Specifically when to consider something Expired.
endgc = Chrono.firstMomentOfDay(endgc);