+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cmd.user;\r
-\r
-import com.att.cadi.CadiException;\r
-import com.att.cadi.LocatorException;\r
-import com.att.cadi.client.Future;\r
-import com.att.cadi.client.Rcli;\r
-import com.att.cadi.client.Retryable;\r
-import com.att.cmd.AAFcli;\r
-import com.att.cmd.Cmd;\r
-import com.att.cmd.Param;\r
-import com.att.cssa.rserv.HttpMethods;\r
-import com.att.inno.env.APIException;\r
-\r
-import aaf.v2_0.UserRoleRequest;\r
-\r
-/**\r
- * p\r
- * \r
- *\r
- */\r
-public class Role extends Cmd {\r
- private static final String[] options = {"add", "del", "setTo","extend"};\r
- public Role(User parent) {\r
- super(parent, "role", new Param(optionsToString(options), true), new Param("user", true), new Param(\r
- "role[,role]* (!REQ S)", false));\r
- }\r
-\r
- @Override\r
- public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException {\r
- return same(new Retryable<Integer>() {\r
- @Override\r
- public Integer code(Rcli<?> client) throws CadiException, APIException {\r
- int idx = index;\r
- String key = args[idx++];\r
- int option = whichOption(options, key);\r
- String user = args[idx++];\r
- String realm = getOrgRealm();\r
-\r
- UserRoleRequest urr = new UserRoleRequest();\r
- if (user.indexOf('@') < 0 && realm != null) user += '@' + realm;\r
- urr.setUser(user);\r
- // Set Start/End commands\r
- setStartEnd(urr);\r
-\r
- Future<?> fp = null;\r
-\r
- if (option != 2) {\r
- if (args.length < 5) {\r
- throw new CadiException(build(new StringBuilder("Too few args: "), null).toString()); \r
- }\r
- String[] roles = args[idx++].split(",");\r
- for (String role : roles) {\r
- String verb = null,participle=null;\r
- urr.setRole(role);\r
- // You can request to be added or removed from role.\r
- setQueryParamsOn(client);\r
- switch(option) {\r
- case 0:\r
- fp = client.create("/authz/userRole", getDF(UserRoleRequest.class), urr);\r
- verb = "Added";\r
- participle = "] to User [" ;\r
- break;\r
- case 1:\r
- fp = client.delete("/authz/userRole/" + urr.getUser() + '/' + urr.getRole(), Void.class);\r
- verb = "Removed";\r
- participle = "] from User [" ;\r
- break;\r
- case 3:\r
- fp = client.update("/authz/userRole/extend/" + urr.getUser() + '/' + urr.getRole());\r
- verb = "Extended";\r
- participle = "] to User [" ;\r
- break;\r
- default:\r
- throw new CadiException("Invalid action [" + key + ']');\r
- }\r
- if (fp.get(AAFcli.timeout())) {\r
- pw().print(verb);\r
- pw().print(" Role [");\r
- pw().print(urr.getRole());\r
- pw().print(participle);\r
- pw().print(urr.getUser());\r
- pw().println(']');\r
- } else {\r
- switch(fp.code()) {\r
- case 202:\r
- pw().print("UserRole ");\r
- pw().print(option == 0 ? "Creation" : option==1?"Deletion":"Extension");\r
- pw().println(" Accepted, but requires Approvals before actualizing");\r
- break;\r
- case 404:\r
- if(option==3) {\r
- pw().println("Failed with code 404: UserRole is not found, or you do not have permission to view");\r
- break;\r
- }\r
- default:\r
- error(fp);\r
- }\r
- }\r
- }\r
- } else {\r
- // option 2 is setTo command (an update call)\r
- String allRoles = "";\r
- if (idx < args.length)\r
- allRoles = args[idx++];\r
-\r
- urr.setRole(allRoles);\r
- fp = client.update("/authz/userRole/user", getDF(UserRoleRequest.class), urr);\r
- if (fp.get(AAFcli.timeout())) {\r
- pw().println("Set User's Roles to [" + allRoles + "]");\r
- } else {\r
- error(fp);\r
- }\r
- }\r
- return fp == null ? 0 : fp.code();\r
- }\r
- });\r
- }\r
-\r
- @Override\r
- public void detailedHelp(int indent, StringBuilder sb) {\r
- detailLine(sb, indent, "Add OR Delete a User to/from a Role OR");\r
- detailLine(sb, indent, "Set a User's Roles to the roles supplied");\r
- detailLine(sb, indent + 2, "user - ID of User");\r
- detailLine(sb, indent + 2, "role(s) - Role or Roles to which to add the User");\r
- sb.append('\n');\r
- detailLine(sb, indent + 2, "Note: this is the same as \"role user add...\" except allows");\r
- detailLine(sb, indent + 2, "assignment of user to multiple roles");\r
- detailLine(sb, indent + 2, "WARNING: Roles supplied with setTo will be the ONLY roles attached to this user");\r
- detailLine(sb, indent + 2, "If no roles are supplied, user's roles are reset.");\r
- api(sb, indent, HttpMethods.POST, "authz/userRole", UserRoleRequest.class, true);\r
- api(sb, indent, HttpMethods.DELETE, "authz/userRole/<user>/<role>", Void.class, false);\r
- api(sb, indent, HttpMethods.PUT, "authz/userRole/<user>", UserRoleRequest.class, false);\r
- }\r
-\r
-}\r
Code Review / aaf / authz.git / blobdiff