package org.onap.aai.introspection.sideeffect;
-import java.io.UnsupportedEncodingException;
-import java.net.URISyntaxException;
-
-import java.util.List;
import java.util.Map.Entry;
import java.util.Optional;
+
+import org.apache.commons.lang3.ObjectUtils;
import org.apache.tinkerpop.gremlin.structure.Vertex;
-import org.apache.tinkerpop.gremlin.structure.VertexProperty;
-import org.onap.aai.edges.exceptions.AmbiguousRuleChoiceException;
-import org.onap.aai.edges.exceptions.EdgeRuleNotFoundException;
import org.onap.aai.exceptions.AAIException;
import org.onap.aai.introspection.Introspector;
import org.onap.aai.schema.enums.PropertyMetadata;
import org.onap.aai.serialization.db.DBSerializer;
import org.onap.aai.serialization.engines.TransactionalGraphEngine;
+import org.springframework.util.CollectionUtils;
public class OwnerCheck extends SideEffect {
+ public static final String READ_ONLY_SUFFIX = "_readOnly";
+ private static final String DATA_OWNER = "data-owner";
+
public OwnerCheck(Introspector obj, Vertex self, TransactionalGraphEngine dbEngine, DBSerializer serializer) {
super(obj, self, dbEngine, serializer);
}
@Override
protected void processURI(Optional<String> completeUri, Entry<String, String> entry)
throws AAIException {
- if (serializer.getGroups() != null && !serializer.getGroups().isEmpty()) {
- List<Vertex> owningEntity = self.graph().traversal()
- .V(self)
- .inE("org.onap.relationships.inventory.BelongsTo")
- .outV()
- .has("aai-node-type", "owning-entity")
- .toList();
+ if (!isAuthorized(serializer.getGroups(), self)) {
- if(!owningEntity.isEmpty()) {
- VertexProperty owningEntityName = owningEntity.get(0).property("owning-entity-name");
+ throw new AAIException("AAI_3304",
+ "Group(s) :" + serializer.getGroups() + " not authorized to perform function");
- if(!serializer.getGroups().contains(owningEntityName.orElseGet(null))) {
- throw new AAIException("AAI_3304",
- "Group(s) :" + serializer.getGroups() + " not authorized to perform function");
- }
- }
} //else skip processing because no required properties were specified
}
+ public static boolean isAuthorized(java.util.Set<String> groups, Vertex vertex) {
+ if (!CollectionUtils.isEmpty(groups)) {
+ Object dataOwnerProperty = vertex.property(DATA_OWNER).orElse(null);
+ if (ObjectUtils.isNotEmpty(dataOwnerProperty)) {
+ String dataOwner = dataOwnerProperty.toString();
+ String dataOwnerWithReadAccess = dataOwner + READ_ONLY_SUFFIX;
+ return groups.stream()
+ .anyMatch(group -> group.equals(dataOwner) || group.equals(dataOwnerWithReadAccess));
+ }
+ }
+ return true;
+ }
+
@Override
protected PropertyMetadata getPropertyMetadata() {
return PropertyMetadata.OWNER_CHECK;