--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aaf\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package org.onap.aaf.cmd.role;\r
+\r
+import org.onap.aaf.cmd.AAFcli;\r
+import org.onap.aaf.cmd.Cmd;\r
+import org.onap.aaf.cmd.Param;\r
+import org.onap.aaf.cssa.rserv.HttpMethods;\r
+\r
+import org.onap.aaf.cadi.CadiException;\r
+import org.onap.aaf.cadi.LocatorException;\r
+import org.onap.aaf.cadi.client.Future;\r
+import org.onap.aaf.cadi.client.Rcli;\r
+import org.onap.aaf.cadi.client.Retryable;\r
+import org.onap.aaf.inno.env.APIException;\r
+\r
+import aaf.v2_0.UserRoleRequest;\r
+\r
+/**\r
+ * p\r
+ *\r
+ */\r
+public class User extends Cmd {\r
+ private final static String[] options = {"add","del","setTo","extend"};\r
+ public User(Role parent) {\r
+ super(parent,"user", \r
+ new Param(optionsToString(options),true),\r
+ new Param("role",true),\r
+ new Param("id[,id]* (not required for setTo)",false)); \r
+ }\r
+\r
+ @Override\r
+ public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException {\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ int idx = index;\r
+ String realm = getOrgRealm();\r
+ String action = args[idx++];\r
+ int option = whichOption(options, action);\r
+ UserRoleRequest urr = new UserRoleRequest();\r
+ urr.setRole(args[idx++]);\r
+ // Set Start/End commands\r
+ setStartEnd(urr);\r
+ \r
+ Future<?> fp = null;\r
+ \r
+ if (option != 2) {\r
+ String[] ids = args[idx++].split(",");\r
+ String verb=null,participle=null;\r
+ // You can request to be added or removed from role.\r
+ setQueryParamsOn(client);\r
+\r
+ for(String id: ids) {\r
+ if (id.indexOf('@') < 0 && realm != null) id += '@' + realm;\r
+ urr.setUser(id);\r
+ switch(option) {\r
+ case 0:\r
+ fp = client.create(\r
+ "/authz/userRole", \r
+ getDF(UserRoleRequest.class), \r
+ urr);\r
+ verb = "Added";\r
+ participle = "] to Role [" ;\r
+ break;\r
+ case 1:\r
+ fp = client.delete(\r
+ "/authz/userRole/"+urr.getUser()+'/'+urr.getRole(), \r
+ Void.class);\r
+ verb = "Removed";\r
+ participle = "] from Role [" ;\r
+ break;\r
+ case 3:\r
+ fp = client.update("/authz/userRole/extend/" + urr.getUser() + '/' + urr.getRole());\r
+ verb = "Extended";\r
+ participle = "] in Role [" ;\r
+ break;\r
+\r
+ default: // actually, should never get here...\r
+ throw new CadiException("Invalid action [" + action + ']');\r
+ }\r
+ if(fp.get(AAFcli.timeout())) {\r
+ pw().print(verb);\r
+ pw().print(" User [");\r
+ pw().print(urr.getUser());\r
+ pw().print(participle);\r
+ pw().print(urr.getRole());\r
+ pw().println(']');\r
+ } else {\r
+ switch(fp.code()) {\r
+ case 202:\r
+ pw().print("User Role ");\r
+ pw().print(action);\r
+ pw().println(" is Accepted, but requires Approvals before actualizing");\r
+ break;\r
+ case 404:\r
+ if(option==3) {\r
+ pw().println("Failed with code 404: UserRole is not found, or you do not have permission to view");\r
+ break;\r
+ }\r
+ default:\r
+ error(fp);\r
+ }\r
+ }\r
+ }\r
+ } else {\r
+ String allUsers = "";\r
+ if (idx < args.length) \r
+ allUsers = args[idx++];\r
+ StringBuilder finalUsers = new StringBuilder(); \r
+ for (String u : allUsers.split(",")) {\r
+ if (u != "") {\r
+ if (u.indexOf('@') < 0 && realm != null) u += '@' + realm;\r
+ if (finalUsers.length() > 0) finalUsers.append(",");\r
+ finalUsers.append(u);\r
+ }\r
+ }\r
+\r
+ urr.setUser(finalUsers.toString());\r
+ fp = client.update(\r
+ "/authz/userRole/role", \r
+ getDF(UserRoleRequest.class), \r
+ urr);\r
+ if(fp.get(AAFcli.timeout())) {\r
+ pw().println("Set the Role to Users [" + allUsers + "]");\r
+ } else {\r
+ error(fp);\r
+ } \r
+ }\r
+ return fp==null?0:fp.code();\r
+ }\r
+ });\r
+ }\r
+ \r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb,indent,"Add OR Delete a User to/from a Role OR");\r
+ detailLine(sb,indent,"Set a User's Roles to the roles supplied");\r
+ detailLine(sb,indent+2,"role - Name of Role to create");\r
+ detailLine(sb,indent+2,"id(s) - ID or IDs to add to the Role");\r
+ sb.append('\n');\r
+ detailLine(sb,indent+2,"Note: this is the same as \"user role add...\" except allows");\r
+ detailLine(sb,indent+2,"assignment of role to multiple userss");\r
+ detailLine(sb,indent+2,"WARNING: Users supplied with setTo will be the ONLY users attached to this role");\r
+ detailLine(sb,indent+2,"If no users are supplied, the users attached to this role are reset.");\r
+ api(sb,indent,HttpMethods.POST,"authz/userRole",UserRoleRequest.class,true);\r
+ api(sb,indent,HttpMethods.DELETE,"authz/userRole/<user>/<role>",Void.class,false);\r
+ api(sb,indent,HttpMethods.PUT,"authz/userRole/<role>",UserRoleRequest.class,false);\r
+ }\r
+\r
+}\r
Code Review / aaf / authz.git / blobdiff