--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aaf\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package org.onap.aaf.dao.aaf.hl;\r
+\r
+import java.util.ArrayList;\r
+import java.util.Date;\r
+import java.util.HashMap;\r
+import java.util.List;\r
+import java.util.Map;\r
+import java.util.Set;\r
+import java.util.TreeSet;\r
+\r
+import org.onap.aaf.authz.env.AuthzTrans;\r
+import org.onap.aaf.authz.layer.Result;\r
+import org.onap.aaf.dao.aaf.cass.PermDAO;\r
+import org.onap.aaf.dao.aaf.cass.RoleDAO;\r
+import org.onap.aaf.dao.aaf.cass.Status;\r
+import org.onap.aaf.dao.aaf.cass.UserRoleDAO;\r
+\r
+/**\r
+ * PermLookup is a Storage class for the various pieces of looking up Permission \r
+ * during Transactions to avoid duplicate processing\r
+ * \r
+ *\r
+ */\r
+// Package on purpose\r
+class PermLookup {\r
+ private AuthzTrans trans;\r
+ private String user;\r
+ private Question q;\r
+ private Result<List<UserRoleDAO.Data>> userRoles = null;\r
+ private Result<List<RoleDAO.Data>> roles = null;\r
+ private Result<Set<String>> permNames = null;\r
+ private Result<List<PermDAO.Data>> perms = null;\r
+ \r
+ private PermLookup() {}\r
+ \r
+ static PermLookup get(AuthzTrans trans, Question q, String user) {\r
+ PermLookup lp=null;\r
+ Map<String, PermLookup> permMap = trans.get(Question.PERMS, null);\r
+ if (permMap == null) {\r
+ trans.put(Question.PERMS, permMap = new HashMap<String, PermLookup>());\r
+ } else {\r
+ lp = permMap.get(user);\r
+ }\r
+\r
+ if (lp == null) {\r
+ lp = new PermLookup();\r
+ lp.trans = trans;\r
+ lp.user = user;\r
+ lp.q = q;\r
+ permMap.put(user, lp);\r
+ }\r
+ return lp;\r
+ }\r
+ \r
+ public Result<List<UserRoleDAO.Data>> getUserRoles() {\r
+ if(userRoles==null) {\r
+ userRoles = q.userRoleDAO.readByUser(trans,user);\r
+ if(userRoles.isOKhasData()) {\r
+ List<UserRoleDAO.Data> lurdd = new ArrayList<UserRoleDAO.Data>();\r
+ Date now = new Date();\r
+ for(UserRoleDAO.Data urdd : userRoles.value) {\r
+ if(urdd.expires.after(now)) { // Remove Expired\r
+ lurdd.add(urdd);\r
+ }\r
+ }\r
+ if(lurdd.size()==0) {\r
+ return userRoles = Result.err(Status.ERR_UserNotFound,\r
+ "%s not found or not associated with any Roles: ",\r
+ user);\r
+ } else {\r
+ return userRoles = Result.ok(lurdd);\r
+ }\r
+ } else {\r
+ return userRoles;\r
+ }\r
+ } else {\r
+ return userRoles;\r
+ }\r
+ }\r
+\r
+ public Result<List<RoleDAO.Data>> getRoles() {\r
+ if(roles==null) {\r
+ Result<List<UserRoleDAO.Data>> rur = getUserRoles();\r
+ if(rur.isOK()) {\r
+ List<RoleDAO.Data> lrdd = new ArrayList<RoleDAO.Data>();\r
+ for (UserRoleDAO.Data urdata : rur.value) {\r
+ // Gather all permissions from all Roles\r
+ if(urdata.ns==null || urdata.rname==null) {\r
+ trans.error().printf("DB Content Error: nulls in User Role %s %s", urdata.user,urdata.role);\r
+ } else {\r
+ Result<List<RoleDAO.Data>> rlrd = q.roleDAO.read(\r
+ trans, urdata.ns, urdata.rname);\r
+ if(rlrd.isOK()) {\r
+ lrdd.addAll(rlrd.value);\r
+ }\r
+ }\r
+ }\r
+ return roles = Result.ok(lrdd);\r
+ } else {\r
+ return roles = Result.err(rur);\r
+ }\r
+ } else {\r
+ return roles;\r
+ }\r
+ }\r
+\r
+ public Result<Set<String>> getPermNames() {\r
+ if(permNames==null) {\r
+ Result<List<RoleDAO.Data>> rlrd = getRoles();\r
+ if (rlrd.isOK()) {\r
+ Set<String> pns = new TreeSet<String>();\r
+ for (RoleDAO.Data rdata : rlrd.value) {\r
+ pns.addAll(rdata.perms(false));\r
+ }\r
+ return permNames = Result.ok(pns);\r
+ } else {\r
+ return permNames = Result.err(rlrd);\r
+ }\r
+ } else {\r
+ return permNames;\r
+ }\r
+ }\r
+ \r
+ public Result<List<PermDAO.Data>> getPerms(boolean lookup) {\r
+ if(perms==null) {\r
+ // Note: It should be ok for a Valid user to have no permissions -\r
+ // 8/12/2013\r
+ Result<Set<String>> rss = getPermNames();\r
+ if(rss.isOK()) {\r
+ List<PermDAO.Data> lpdd = new ArrayList<PermDAO.Data>();\r
+ for (String perm : rss.value) {\r
+ if(lookup) {\r
+ Result<String[]> ap = PermDAO.Data.decodeToArray(trans, q, perm);\r
+ if(ap.isOK()) {\r
+ Result<List<PermDAO.Data>> rlpd = q.permDAO.read(perm,trans,ap);\r
+ if (rlpd.isOKhasData()) {\r
+ for (PermDAO.Data pData : rlpd.value) {\r
+ lpdd.add(pData);\r
+ }\r
+ }\r
+ } else {\r
+ trans.error().log("In getPermsByUser, for", user, perm);\r
+ }\r
+ } else {\r
+ Result<PermDAO.Data> pr = PermDAO.Data.decode(trans, q, perm);\r
+ if (pr.notOK()) {\r
+ trans.error().log("In getPermsByUser, for", user, pr.errorString());\r
+ } else {\r
+ lpdd.add(pr.value);\r
+ }\r
+ }\r
+\r
+ }\r
+ return perms = Result.ok(lpdd);\r
+ } else {\r
+ return perms = Result.err(rss);\r
+ }\r
+ } else {\r
+ return perms;\r
+ }\r
+ }\r
+}\r
Code Review / aaf / authz.git / blobdiff