package org.onap.aaf.auth.batch.approvalsets;
import java.io.IOException;
+import java.util.Date;
import java.util.GregorianCalendar;
import java.util.List;
+import org.onap.aaf.auth.batch.helpers.Approval;
import org.onap.aaf.auth.dao.cass.ApprovalDAO;
import org.onap.aaf.auth.dao.cass.NsDAO;
import org.onap.aaf.auth.dao.cass.RoleDAO;
import org.onap.aaf.misc.env.util.Chrono;
public class URApprovalSet extends ApprovalSet {
-
- private boolean ownerSuperApprove;
+ private static final String FMT_SUFFIX = "%s] - Expires %s";
+ private static final String EXTEND_ACCESS_FMT = Approval.RE_APPROVAL_IN_ROLE + "%s] to Role [" + FMT_SUFFIX;
+ private static final String REVALIDATE_AS_ADMIN_FMT = Approval.RE_VALIDATE_ADMIN + FMT_SUFFIX;
+ private static final String REVALIDATE_AS_OWNER_FMT = Approval.RE_VALIDATE_OWNER + FMT_SUFFIX;
public URApprovalSet(final AuthzTrans trans, final GregorianCalendar start, final DataView dv, final Loader<UserRoleDAO.Data> lurdd) throws IOException, CadiException {
super(start, "user_role", dv);
UserRoleDAO.Data urdd = lurdd.load();
setConstruct(urdd.bytify());
setMemo(getMemo(urdd));
- setExpires(org.expiration(null, Organization.Expiration.UserInRole));
+ GregorianCalendar expires = org.expiration(null, Organization.Expiration.UserInRole);
+ if(urdd.expires.before(expires.getTime())) {
+ expires.setTime(urdd.expires);
+ }
+ setExpires(expires);
+ setTargetKey(urdd.user+'|'+urdd.role);
+ setTargetDate(urdd.expires);
Result<RoleDAO.Data> r = dv.roleByName(trans, urdd.role);
if(r.notOKorIsEmpty()) {
}
}
- if(isOwner && ownerSuperApprove) {
+ if(isOwner) {
try {
List<Identity> apprs = org.getApprovers(trans, urdd.user);
if(apprs!=null) {
for(Identity i : apprs) {
ApprovalDAO.Data add = newApproval(urdd);
- Identity reportsTo = i.responsibleTo();
- if(reportsTo!=null) {
- add.approver = reportsTo.fullID();
- } else {
- throw new CadiException("No Supervisor for '" + urdd.user + '\'');
- }
+ add.approver = i.fullID();
add.type = org.getApproverType();
ladd.add(add);
}
}
}
- public void ownerSuperApprove() {
- ownerSuperApprove = true;
+ private void setTargetDate(Date expires) {
+ fdd.target_date = expires;
+ }
+
+ private void setTargetKey(String key) {
+ fdd.target_key = key;
}
- private ApprovalDAO.Data newApproval(UserRoleDAO.Data urdd) throws CadiException {
+ private ApprovalDAO.Data newApproval(UserRoleDAO.Data urdd) {
ApprovalDAO.Data add = new ApprovalDAO.Data();
add.id = Chrono.dateToUUID(System.currentTimeMillis());
add.ticket = fdd.id;
private String getMemo(Data urdd) {
switch(urdd.rname) {
case "owner":
- return String.format("Revalidate as Owner of AAF Namespace [%s] - Expires %s",
- urdd.ns,
- Chrono.dateOnlyStamp(urdd.expires));
+ return String.format(REVALIDATE_AS_OWNER_FMT,urdd.ns,Chrono.dateOnlyStamp(urdd.expires));
case "admin":
- return String.format("Revalidate as Admin of AAF Namespace [%s] - Expires %s",
- urdd.ns,
- Chrono.dateOnlyStamp(urdd.expires));
+ return String.format(REVALIDATE_AS_ADMIN_FMT,urdd.ns,Chrono.dateOnlyStamp(urdd.expires));
default:
- return String.format("Extend access of User [%s] to Role [%s] - Expires %s",
+ return String.format(EXTEND_ACCESS_FMT,
urdd.user,
urdd.role,
Chrono.dateOnlyStamp(urdd.expires));
Code Review / aaf / authz.git / blobdiff