--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aaf\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package org.onap.aaf.cmd.perm;\r
+\r
+import org.onap.aaf.cmd.AAFcli;\r
+import org.onap.aaf.cmd.Cmd;\r
+import org.onap.aaf.cmd.Param;\r
+import org.onap.aaf.cssa.rserv.HttpMethods;\r
+\r
+import org.onap.aaf.cadi.CadiException;\r
+import org.onap.aaf.cadi.LocatorException;\r
+import org.onap.aaf.cadi.client.Future;\r
+import org.onap.aaf.cadi.client.Rcli;\r
+import org.onap.aaf.cadi.client.Retryable;\r
+import org.onap.aaf.inno.env.APIException;\r
+\r
+import aaf.v2_0.Pkey;\r
+import aaf.v2_0.RolePermRequest;\r
+\r
+/**\r
+ * \r
+ *\r
+ */\r
+public class Grant extends Cmd {\r
+ private final static String[] options = {"grant","ungrant","setTo"};\r
+\r
+ public Grant(Perm parent) {\r
+ super(parent,null,\r
+ new Param(optionsToString(options),true),\r
+ new Param("type",true),\r
+ new Param("instance",true),\r
+ new Param("action",true),\r
+ new Param("role[,role]* (!REQ S)",false)\r
+ ); \r
+ }\r
+\r
+ @Override\r
+ public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException {\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ int idx = index;\r
+ String action = args[idx++];\r
+ int option = whichOption(options, action);\r
+ \r
+ RolePermRequest rpr = new RolePermRequest();\r
+ Pkey pk = new Pkey();\r
+ pk.setType(args[idx++]);\r
+ pk.setInstance(args[idx++]);\r
+ pk.setAction(args[idx++]);\r
+ rpr.setPerm(pk);\r
+ setStartEnd(rpr);\r
+ \r
+ Future<RolePermRequest> frpr = null;\r
+ \r
+ if (option != 2) {\r
+ String[] roles = args[idx++].split(",");\r
+ String strA,strB;\r
+ for(String role : roles) {\r
+ rpr.setRole(role);\r
+ if(option==0) {\r
+ // You can request to Grant Permission to a Role\r
+ setQueryParamsOn(client);\r
+ frpr = client.create(\r
+ "/authz/role/perm", \r
+ getDF(RolePermRequest.class),\r
+ rpr\r
+ );\r
+ strA = "Granted Permission [";\r
+ strB = "] to Role [";\r
+ } else {\r
+ // You can request to UnGrant Permission to a Role\r
+ setQueryParamsOn(client);\r
+ frpr = client.delete(\r
+ "/authz/role/" + role + "/perm", \r
+ getDF(RolePermRequest.class),\r
+ rpr\r
+ );\r
+ strA = "UnGranted Permission [";\r
+ strB = "] from Role [";\r
+ }\r
+ if(frpr.get(AAFcli.timeout())) {\r
+ pw().println(strA + pk.getType() + '|' + pk.getInstance() + '|' + pk.getAction() \r
+ + strB + role +']');\r
+ } else {\r
+ if (frpr.code()==202) {\r
+ pw().print("Permission Role ");\r
+ pw().print(option==0?"Granted":"Ungranted");\r
+ pw().println(" Accepted, but requires Approvals before actualizing");\r
+ } else {\r
+ error(frpr);\r
+ idx=Integer.MAX_VALUE;\r
+ } \r
+ }\r
+ }\r
+ } else {\r
+ String allRoles = "";\r
+ if (idx < args.length) \r
+ allRoles = args[idx++];\r
+ \r
+ rpr.setRole(allRoles);\r
+ frpr = client.update(\r
+ "/authz/role/perm", \r
+ getDF(RolePermRequest.class), \r
+ rpr);\r
+ if(frpr.get(AAFcli.timeout())) {\r
+ pw().println("Set Permission's Roles to [" + allRoles + "]");\r
+ } else {\r
+ error(frpr);\r
+ } \r
+ } \r
+ return frpr==null?0:frpr.code();\r
+ }\r
+ });\r
+ }\r
+\r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb,indent,"Grant a Permission to a Role or Roles OR");\r
+ detailLine(sb,indent,"Ungrant a Permission from a Role or Roles OR");\r
+ detailLine(sb,indent,"Set a Permission's roles to roles supplied.");\r
+ detailLine(sb,indent+4,"WARNING: Roles supplied with setTo will be the ONLY roles attached to this permission");\r
+ detailLine(sb,indent+8,"If no roles are supplied, permission's roles are reset.");\r
+ detailLine(sb,indent,"see Create for definitions of type,instance and action");\r
+ api(sb,indent,HttpMethods.POST,"authz/role/perm",RolePermRequest.class,true);\r
+ api(sb,indent,HttpMethods.DELETE,"authz/role/<role>/perm",RolePermRequest.class,false);\r
+ api(sb,indent,HttpMethods.PUT,"authz/role/perm",RolePermRequest.class,false);\r
+\r
+ }\r
+\r
+}\r
Code Review / aaf / authz.git / blobdiff