--- /dev/null
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.auth.cmd.perm;
+
+import org.onap.aaf.auth.cmd.AAFcli;
+import org.onap.aaf.auth.cmd.Cmd;
+import org.onap.aaf.auth.cmd.Param;
+import org.onap.aaf.auth.rserv.HttpMethods;
+import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.LocatorException;
+import org.onap.aaf.cadi.client.Future;
+import org.onap.aaf.cadi.client.Rcli;
+import org.onap.aaf.cadi.client.Retryable;
+import org.onap.aaf.misc.env.APIException;
+
+import aaf.v2_0.Pkey;
+import aaf.v2_0.RolePermRequest;
+
+/**
+ *
+ * @author Jonathan
+ *
+ */
+public class Grant extends Cmd {
+ private final static String[] options = {"grant","ungrant","setTo"};
+
+ public Grant(Perm parent) {
+ super(parent,null,
+ new Param(optionsToString(options),true),
+ new Param("type",true),
+ new Param("instance",true),
+ new Param("action",true),
+ new Param("role[,role]* (!REQ S)",false)
+ );
+ }
+
+ @Override
+ public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException {
+ return same(new Retryable<Integer>() {
+ @Override
+ public Integer code(Rcli<?> client) throws CadiException, APIException {
+ int idx = index;
+ String action = args[idx++];
+ int option = whichOption(options, action);
+
+ RolePermRequest rpr = new RolePermRequest();
+ Pkey pk = new Pkey();
+ pk.setType(args[idx++]);
+ pk.setInstance(args[idx++]);
+ pk.setAction(args[idx++]);
+ rpr.setPerm(pk);
+ setStartEnd(rpr);
+
+ Future<RolePermRequest> frpr = null;
+
+ if (option != 2) {
+ String[] roles = args[idx++].split(",");
+ String strA,strB;
+ for(String role : roles) {
+ rpr.setRole(role);
+ if(option==0) {
+ // You can request to Grant Permission to a Role
+ setQueryParamsOn(client);
+ frpr = client.create(
+ "/authz/role/perm",
+ getDF(RolePermRequest.class),
+ rpr
+ );
+ strA = "Granted Permission [";
+ strB = "] to Role [";
+ } else {
+ // You can request to UnGrant Permission to a Role
+ setQueryParamsOn(client);
+ frpr = client.delete(
+ "/authz/role/" + role + "/perm",
+ getDF(RolePermRequest.class),
+ rpr
+ );
+ strA = "UnGranted Permission [";
+ strB = "] from Role [";
+ }
+ if(frpr.get(AAFcli.timeout())) {
+ pw().println(strA + pk.getType() + '|' + pk.getInstance() + '|' + pk.getAction()
+ + strB + role +']');
+ } else {
+ if (frpr.code()==202) {
+ pw().print("Permission Role ");
+ pw().print(option==0?"Granted":"Ungranted");
+ pw().println(" Accepted, but requires Approvals before actualizing");
+ } else {
+ error(frpr);
+ idx=Integer.MAX_VALUE;
+ }
+ }
+ }
+ } else {
+ String allRoles = "";
+ if (idx < args.length)
+ allRoles = args[idx++];
+
+ rpr.setRole(allRoles);
+ frpr = client.update(
+ "/authz/role/perm",
+ getDF(RolePermRequest.class),
+ rpr);
+ if(frpr.get(AAFcli.timeout())) {
+ pw().println("Set Permission's Roles to [" + allRoles + "]");
+ } else {
+ error(frpr);
+ }
+ }
+ return frpr==null?0:frpr.code();
+ }
+ });
+ }
+
+ @Override
+ public void detailedHelp(int indent, StringBuilder sb) {
+ detailLine(sb,indent,"Grant a Permission to a Role or Roles OR");
+ detailLine(sb,indent,"Ungrant a Permission from a Role or Roles OR");
+ detailLine(sb,indent,"Set a Permission's roles to roles supplied.");
+ detailLine(sb,indent+4,"WARNING: Roles supplied with setTo will be the ONLY roles attached to this permission");
+ detailLine(sb,indent+8,"If no roles are supplied, permission's roles are reset.");
+ detailLine(sb,indent,"see Create for definitions of type,instance and action");
+ api(sb,indent,HttpMethods.POST,"authz/role/perm",RolePermRequest.class,true);
+ api(sb,indent,HttpMethods.DELETE,"authz/role/<role>/perm",RolePermRequest.class,false);
+ api(sb,indent,HttpMethods.PUT,"authz/role/perm",RolePermRequest.class,false);
+
+ }
+
+}
Code Review / aaf / authz.git / blobdiff