Organization defined users whose user roles do not expire will also not have their...

[aaf/authz.git] / auth / auth-cass / src / main / java / org / onap / aaf / auth / dao / hl / Function.java

diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
index e1ac77c..761ebec 100644 (file)
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
@@ -227,7 +227,6 @@ public class Function {
         if (rparent.notOK()) {
             return Result.err(rparent);
         }
-        parent = rparent.value.parent;
         if (!fromApproval) {
             rparent = q.mayUser(trans, user, rparent.value, Access.write);
             if (rparent.notOK()) {
@@ -297,7 +296,8 @@ public class Function {
         }
 
         // VALIDATIONS done... Add NS
-        if ((rq = q.nsDAO().create(trans, namespace.data())).notOK()) {
+        rq = q.nsDAO().create(trans, namespace.data());
+        if (rq.notOK()) {
             return Result.err(rq);
         }
 
@@ -759,7 +759,7 @@ public class Function {
             }
 
             for (CredDAO.Data cd : cdr.value) {
-                if (cd.expires.after(now)) {
+                if (cd.expires.after(now) || trans.org().isUserExpireExempt(cd.id, cd.expires)) {
                     return Result.ok();
                 }
             }
@@ -1440,7 +1440,7 @@ public class Function {
         List<UserRoleDAO.Data> list = rurdd.value;
         List<String> rv = new ArrayList<>(list.size()); // presize
         for (UserRoleDAO.Data urdd : rurdd.value) {
-            if (includeExpired || urdd.expires.after(now)) {
+            if (includeExpired || urdd.expires.after(now) || trans.org().isUserExpireExempt(urdd.user, urdd.expires)) {
                 rv.add(urdd.user);
             }
         }