+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.dao.aaf.cass;\r
-\r
-import java.io.ByteArrayOutputStream;\r
-import java.io.DataInputStream;\r
-import java.io.DataOutputStream;\r
-import java.io.IOException;\r
-import java.nio.ByteBuffer;\r
-import java.util.HashSet;\r
-import java.util.List;\r
-import java.util.Set;\r
-\r
-import com.att.authz.env.AuthzTrans;\r
-import com.att.authz.layer.Result;\r
-import com.att.dao.Bytification;\r
-import com.att.dao.Cached;\r
-import com.att.dao.CassAccess;\r
-import com.att.dao.CassDAOImpl;\r
-import com.att.dao.Loader;\r
-import com.att.dao.Streamer;\r
-import com.att.dao.aaf.hl.Question;\r
-import com.att.inno.env.APIException;\r
-import com.att.inno.env.util.Split;\r
-import com.datastax.driver.core.Cluster;\r
-import com.datastax.driver.core.Row;\r
-import com.datastax.driver.core.exceptions.DriverException;\r
-\r
-public class RoleDAO extends CassDAOImpl<AuthzTrans,RoleDAO.Data> {\r
-\r
- public static final String TABLE = "role";\r
- public static final int CACHE_SEG = 0x40; // yields segment 0x0-0x3F\r
- \r
- private final HistoryDAO historyDAO;\r
- private final CacheInfoDAO infoDAO;\r
-\r
- private PSInfo psChildren, psNS, psName;\r
-\r
- public RoleDAO(AuthzTrans trans, Cluster cluster, String keyspace) throws APIException, IOException {\r
- super(trans, RoleDAO.class.getSimpleName(),cluster,keyspace,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));\r
- // Set up sub-DAOs\r
- historyDAO = new HistoryDAO(trans, this);\r
- infoDAO = new CacheInfoDAO(trans,this);\r
- init(trans);\r
- }\r
-\r
- public RoleDAO(AuthzTrans trans, HistoryDAO hDAO, CacheInfoDAO ciDAO) {\r
- super(trans, RoleDAO.class.getSimpleName(),hDAO,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));\r
- historyDAO = hDAO;\r
- infoDAO = ciDAO;\r
- init(trans);\r
- }\r
-\r
-\r
- //////////////////////////////////////////\r
- // Data Definition, matches Cassandra DM\r
- //////////////////////////////////////////\r
- private static final int KEYLIMIT = 2;\r
- /**\r
- * Data class that matches the Cassandra Table "role"\r
- */\r
- public static class Data extends CacheableData implements Bytification {\r
- public String ns;\r
- public String name;\r
- public Set<String> perms;\r
- public String description;\r
-\r
- ////////////////////////////////////////\r
- // Getters\r
- public Set<String> perms(boolean mutable) {\r
- if (perms == null) {\r
- perms = new HashSet<String>();\r
- } else if (mutable && !(perms instanceof HashSet)) {\r
- perms = new HashSet<String>(perms);\r
- }\r
- return perms;\r
- }\r
- \r
- public static Data create(NsDAO.Data ns, String name) {\r
- NsSplit nss = new NsSplit(ns,name); \r
- RoleDAO.Data rv = new Data();\r
- rv.ns = nss.ns;\r
- rv.name=nss.name;\r
- return rv;\r
- }\r
- \r
- public String fullName() {\r
- return ns + '.' + name;\r
- }\r
- \r
- public String encode() {\r
- return ns + '|' + name;\r
- }\r
- \r
- /**\r
- * Decode Perm String, including breaking into appropriate Namespace\r
- * \r
- * @param trans\r
- * @param q\r
- * @param r\r
- * @return\r
- */\r
- public static Result<Data> decode(AuthzTrans trans, Question q, String r) {\r
- String[] ss = Split.splitTrim('|', r,2);\r
- Data data = new Data();\r
- if(ss[1]==null) { // older 1 part encoding must be evaluated for NS\r
- Result<NsSplit> nss = q.deriveNsSplit(trans, ss[0]);\r
- if(nss.notOK()) {\r
- return Result.err(nss);\r
- }\r
- data.ns=nss.value.ns;\r
- data.name=nss.value.name;\r
- } else { // new 4 part encoding\r
- data.ns=ss[0];\r
- data.name=ss[1];\r
- }\r
- return Result.ok(data);\r
- }\r
-\r
- /**\r
- * Decode from UserRole Data\r
- * @param urdd\r
- * @return\r
- */\r
- public static RoleDAO.Data decode(UserRoleDAO.Data urdd) {\r
- RoleDAO.Data rd = new RoleDAO.Data();\r
- rd.ns = urdd.ns;\r
- rd.name = urdd.rname;\r
- return rd;\r
- }\r
-\r
-\r
- /**\r
- * Decode Perm String, including breaking into appropriate Namespace\r
- * \r
- * @param trans\r
- * @param q\r
- * @param p\r
- * @return\r
- */\r
- public static Result<String[]> decodeToArray(AuthzTrans trans, Question q, String p) {\r
- String[] ss = Split.splitTrim('|', p,2);\r
- if(ss[1]==null) { // older 1 part encoding must be evaluated for NS\r
- Result<NsSplit> nss = q.deriveNsSplit(trans, ss[0]);\r
- if(nss.notOK()) {\r
- return Result.err(nss);\r
- }\r
- ss[0] = nss.value.ns;\r
- ss[1] = nss.value.name;\r
- }\r
- return Result.ok(ss);\r
- }\r
- \r
- @Override\r
- public int[] invalidate(Cached<?,?> cache) {\r
- return new int[] {\r
- seg(cache,ns,name),\r
- seg(cache,ns),\r
- seg(cache,name),\r
- };\r
- }\r
-\r
- @Override\r
- public ByteBuffer bytify() throws IOException {\r
- ByteArrayOutputStream baos = new ByteArrayOutputStream();\r
- RoleLoader.deflt.marshal(this,new DataOutputStream(baos));\r
- return ByteBuffer.wrap(baos.toByteArray());\r
- }\r
- \r
- @Override\r
- public void reconstitute(ByteBuffer bb) throws IOException {\r
- RoleLoader.deflt.unmarshal(this, toDIS(bb));\r
- }\r
-\r
- @Override\r
- public String toString() {\r
- return ns + '.' + name;\r
- }\r
- }\r
-\r
- private static class RoleLoader extends Loader<Data> implements Streamer<Data> {\r
- public static final int MAGIC=923577343;\r
- public static final int VERSION=1;\r
- public static final int BUFF_SIZE=96;\r
-\r
- public static final RoleLoader deflt = new RoleLoader(KEYLIMIT);\r
- \r
- public RoleLoader(int keylimit) {\r
- super(keylimit);\r
- }\r
- \r
- @Override\r
- public Data load(Data data, Row row) {\r
- // Int more efficient\r
- data.ns = row.getString(0);\r
- data.name = row.getString(1);\r
- data.perms = row.getSet(2,String.class);\r
- data.description = row.getString(3);\r
- return data;\r
- }\r
-\r
- @Override\r
- protected void key(Data data, int _idx, Object[] obj) {\r
- int idx = _idx;\r
- obj[idx]=data.ns;\r
- obj[++idx]=data.name;\r
- }\r
-\r
- @Override\r
- protected void body(Data data, int _idx, Object[] obj) {\r
- int idx = _idx;\r
- obj[idx]=data.perms;\r
- obj[++idx]=data.description;\r
- }\r
-\r
- @Override\r
- public void marshal(Data data, DataOutputStream os) throws IOException {\r
- writeHeader(os,MAGIC,VERSION);\r
- writeString(os, data.ns);\r
- writeString(os, data.name);\r
- writeStringSet(os,data.perms);\r
- writeString(os, data.description);\r
- }\r
-\r
- @Override\r
- public void unmarshal(Data data, DataInputStream is) throws IOException {\r
- /*int version = */readHeader(is,MAGIC,VERSION);\r
- // If Version Changes between Production runs, you'll need to do a switch Statement, and adequately read in fields\r
- byte[] buff = new byte[BUFF_SIZE];\r
- data.ns = readString(is, buff);\r
- data.name = readString(is,buff);\r
- data.perms = readStringSet(is,buff);\r
- data.description = readString(is,buff);\r
- }\r
- };\r
-\r
- private void init(AuthzTrans trans) {\r
- String[] helpers = setCRUD(trans, TABLE, Data.class, RoleLoader.deflt);\r
- \r
- psNS = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE +\r
- " WHERE ns = ?", new RoleLoader(1),readConsistency);\r
-\r
- psName = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE +\r
- " WHERE name = ?", new RoleLoader(1),readConsistency);\r
-\r
- psChildren = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE + \r
- " WHERE ns=? AND name > ? AND name < ?", \r
- new RoleLoader(3) {\r
- @Override\r
- protected void key(Data data, int _idx, Object[] obj) {\r
- int idx = _idx;\r
- obj[idx] = data.ns;\r
- obj[++idx]=data.name + DOT;\r
- obj[++idx]=data.name + DOT_PLUS_ONE;\r
- }\r
- },readConsistency);\r
- \r
- }\r
-\r
- public Result<List<Data>> readNS(AuthzTrans trans, String ns) {\r
- return psNS.read(trans, R_TEXT + " NS " + ns, new Object[]{ns});\r
- }\r
-\r
- public Result<List<Data>> readName(AuthzTrans trans, String name) {\r
- return psName.read(trans, R_TEXT + name, new Object[]{name});\r
- }\r
-\r
- public Result<List<Data>> readChildren(AuthzTrans trans, String ns, String role) {\r
- if(role.length()==0 || "*".equals(role)) {\r
- return psChildren.read(trans, R_TEXT, new Object[]{ns, FIRST_CHAR, LAST_CHAR}); \r
- } else {\r
- return psChildren.read(trans, R_TEXT, new Object[]{ns, role+DOT, role+DOT_PLUS_ONE});\r
- }\r
- }\r
-\r
- /**\r
- * Add a single Permission to the Role's Permission Collection\r
- * \r
- * @param trans\r
- * @param role\r
- * @param perm\r
- * @param type\r
- * @param action\r
- * @return\r
- */\r
- public Result<Void> addPerm(AuthzTrans trans, RoleDAO.Data role, PermDAO.Data perm) {\r
- // Note: Prepared Statements for Collection updates aren't supported\r
- String pencode = perm.encode();\r
- try {\r
- getSession(trans).execute(UPDATE_SP + TABLE + " SET perms = perms + {'" + \r
- pencode + "'} WHERE " +\r
- "ns = '" + role.ns + "' AND name = '" + role.name + "';");\r
- } catch (DriverException | APIException | IOException e) {\r
- reportPerhapsReset(trans,e);\r
- return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG);\r
- }\r
-\r
- wasModified(trans, CRUD.update, role, "Added permission " + pencode + " to role " + role.fullName());\r
- return Result.ok();\r
- }\r
-\r
- /**\r
- * Remove a single Permission from the Role's Permission Collection\r
- * @param trans\r
- * @param role\r
- * @param perm\r
- * @param type\r
- * @param action\r
- * @return\r
- */\r
- public Result<Void> delPerm(AuthzTrans trans, RoleDAO.Data role, PermDAO.Data perm) {\r
- // Note: Prepared Statements for Collection updates aren't supported\r
-\r
- String pencode = perm.encode();\r
- \r
- //ResultSet rv =\r
- try {\r
- getSession(trans).execute(UPDATE_SP + TABLE + " SET perms = perms - {'" + \r
- pencode + "'} WHERE " +\r
- "ns = '" + role.ns + "' AND name = '" + role.name + "';");\r
- } catch (DriverException | APIException | IOException e) {\r
- reportPerhapsReset(trans,e);\r
- return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG);\r
- }\r
-\r
- //TODO how can we tell when it doesn't?\r
- wasModified(trans, CRUD.update, role, "Removed permission " + pencode + " from role " + role.fullName() );\r
- return Result.ok();\r
- }\r
- \r
- /**\r
- * Add description to role\r
- * \r
- * @param trans\r
- * @param ns\r
- * @param name\r
- * @param description\r
- * @return\r
- */\r
- public Result<Void> addDescription(AuthzTrans trans, String ns, String name, String description) {\r
- try {\r
- getSession(trans).execute(UPDATE_SP + TABLE + " SET description = '" \r
- + description + "' WHERE ns = '" + ns + "' AND name = '" + name + "';");\r
- } catch (DriverException | APIException | IOException e) {\r
- reportPerhapsReset(trans,e);\r
- return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG);\r
- }\r
-\r
- Data data = new Data();\r
- data.ns=ns;\r
- data.name=name;\r
- wasModified(trans, CRUD.update, data, "Added description " + description + " to role " + data.fullName(), null );\r
- return Result.ok();\r
- }\r
- \r
- \r
- /**\r
- * Log Modification statements to History\r
- * @param modified which CRUD action was done\r
- * @param data entity data that needs a log entry\r
- * @param overrideMessage if this is specified, we use it rather than crafting a history message based on data\r
- */\r
- @Override\r
- protected void wasModified(AuthzTrans trans, CRUD modified, Data data, String ... override) {\r
- boolean memo = override.length>0 && override[0]!=null;\r
- boolean subject = override.length>1 && override[1]!=null;\r
-\r
- HistoryDAO.Data hd = HistoryDAO.newInitedData();\r
- hd.user = trans.user();\r
- hd.action = modified.name();\r
- hd.target = TABLE;\r
- hd.subject = subject ? override[1] : data.fullName();\r
- hd.memo = memo ? override[0] : (data.fullName() + " was " + modified.name() + 'd' );\r
- if(modified==CRUD.delete) {\r
- try {\r
- hd.reconstruct = data.bytify();\r
- } catch (IOException e) {\r
- trans.error().log(e,"Could not serialize RoleDAO.Data");\r
- }\r
- }\r
-\r
- if(historyDAO.create(trans, hd).status!=Status.OK) {\r
- trans.error().log("Cannot log to History");\r
- }\r
- if(infoDAO.touch(trans, TABLE,data.invalidate(cache)).notOK()) {\r
- trans.error().log("Cannot touch CacheInfo for Role");\r
- }\r
- }\r
-\r
- \r
-}\r