import java.util.ArrayList;
import java.util.UUID;
+import javax.servlet.http.HttpServletRequest;
+
+import org.onap.aaf.auth.common.Define;
import org.onap.aaf.auth.env.AuthzEnv;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.gui.AAF_GUI;
public Cells get(final AuthzTrans trans, final AAF_GUI gui) {
Cells rv=Cells.EMPTY;
final String ticket = trans.get(sTicket, null);
- if(ticket!=null) {
+ if (ticket!=null) {
try {
rv = gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Cells>() {
@Override
gui.getDF(Approvals.class)
);
- if(fa.get(AAF_GUI.TIMEOUT)) {
- if (!trans.user().equals(fa.value.getApprovals().get(0).getUser())) {
- return Cells.EMPTY;
- }
+ if (fa.get(AAF_GUI.TIMEOUT)) {
+ Approval app = fa.value.getApprovals().get(0);
+ if(app==null) {
+ return Cells.EMPTY;
+ } else {
+ if (!(trans.user().equals(app.getUser()) ||
+ trans.user().equals(app.getApprover()))) {
+ HttpServletRequest req = trans.get(gui.slot_httpServletRequest,null);
+ if(req==null || !req.isUserInRole(Define.ROOT_NS()+"|access|*|*")) {
+ return Cells.EMPTY;
+ }
+ }
+ }
tt.done();
tt = trans.start("Load Data", Env.SUB);
boolean first = true;
Code Review / aaf / authz.git / blobdiff