Minor changes for Organization needs

[aaf/authz.git] / auth / auth-batch / src / main / java / org / onap / aaf / auth / batch / reports / Analyze.java

diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java
index 78c6ae3..227717b 100644 (file)
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java
@@ -57,6 +57,7 @@ import org.onap.aaf.auth.batch.helpers.X509;
 import org.onap.aaf.auth.dao.cass.CredDAO;
 import org.onap.aaf.auth.dao.cass.UserRoleDAO;
 import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.org.Organization.Expiration;
 import org.onap.aaf.auth.org.Organization.Identity;
 import org.onap.aaf.auth.org.OrganizationException;
 import org.onap.aaf.cadi.configure.Factory;
@@ -69,7 +70,7 @@ import org.onap.aaf.misc.env.util.Chrono;
 
 
 public class Analyze extends Batch {
-    private static final int unknown=0;
+       private static final int unknown=0;
     private static final int owner=1;
     private static final int supervisor=2;
     private static final int total=0;
@@ -82,6 +83,7 @@ public class Analyze extends Batch {
     private static final String EXPIRED_OWNERS = "ExpiredOwners";
     private static final String CSV = ".csv";
     private static final String INFO = "info";
+    private static final String NOT_COMPLIANT = "NotCompliant";
     private int minOwners;
     private Map<String, CSV.Writer> writerList;
     private ExpireRange expireRange;
@@ -89,6 +91,7 @@ public class Analyze extends Batch {
     private CSV.Writer deleteCW;
     private CSV.Writer needApproveCW;
     private CSV.Writer extendCW;
+    private CSV.Writer notCompliantCW;
     private Range futureRange;
     private final String sdate;
     private LastNotified ln;
@@ -146,6 +149,12 @@ public class Analyze extends Batch {
             extendCW.row(INFO,EXTEND,sdate,1);
             writerList.put(EXTEND,extendCW);
 
+            // Setup NotCompliant Writer for Apps
+            file = new File(logDir(),NOT_COMPLIANT + sdate + CSV);
+            CSV ncCSV = new CSV(env.access(),file);
+            notCompliantCW = ncCSV.writer();
+            writerList.put(NOT_COMPLIANT, notCompliantCW);
+            
             // Load full data of the following
             ln = new LastNotified(session);
 
@@ -384,12 +393,33 @@ public class Analyze extends Batch {
                                     }
                                     return;
                                 }
+                                if(org.isRevoked(trans, ur.user())) {
+                                       GregorianCalendar gc = new GregorianCalendar();
+                                       gc.setTime(ur.expires());
+                                       GregorianCalendar gracePeriodEnds = org.expiration(gc, Expiration.RevokedGracePeriodEnds, ur.user());
+                                       if(now.after(gracePeriodEnds.getTime())) {
+                                        ur.row(deleteCW, UserRole.UR,"Revoked ID, no grace period left");
+                                       } else {
+                                               ur.row(notCompliantCW, UserRole.UR, "Revoked ID: WARNING! GracePeriod Ends " + gracePeriodEnds.toString());
+                                       }
+                                       return;
+                                }
                                 ur.row(deleteCW, UserRole.UR,"Not in Organization");
                                 return;
                             } else if(Role.byName.get(ur.role())==null) {
                                 ur.row(deleteCW, UserRole.UR,String.format("Role %s does not exist", ur.role()));
                                 return;
+                            // Make sure owners can still be owners.
+                            } else if(ur.role().endsWith(".owner")) {
+                               String err = identity.mayOwn(); 
+                               if(err!=null) {
+                                       ur.row(deleteCW, UserRole.UR,String.format("%s may not be an owner: %s",ur.user(),err));
+                                       return;
+                               }
                             }
+                            
+                            
+                            
                             // Just let expired UserRoles sit until deleted
                             if(futureRange.inRange(ur.expires())&&(!mur.containsKey(ur.user() + '|' + ur.role()))) {
                                     // Cannot just delete owners, unless there is at least one left. Process later