--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aaf\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package org.onap.aaf.cmd.user;\r
+\r
+import org.onap.aaf.cmd.AAFcli;\r
+import org.onap.aaf.cmd.Cmd;\r
+import org.onap.aaf.cmd.Param;\r
+import org.onap.aaf.cssa.rserv.HttpMethods;\r
+\r
+import org.onap.aaf.cadi.CadiException;\r
+import org.onap.aaf.cadi.LocatorException;\r
+import org.onap.aaf.cadi.client.Future;\r
+import org.onap.aaf.cadi.client.Rcli;\r
+import org.onap.aaf.cadi.client.Retryable;\r
+import org.onap.aaf.inno.env.APIException;\r
+\r
+import aaf.v2_0.UserRoleRequest;\r
+\r
+/**\r
+ * p\r
+ * \r
+ *\r
+ */\r
+public class Role extends Cmd {\r
+ private static final String[] options = {"add", "del", "setTo","extend"};\r
+ public Role(User parent) {\r
+ super(parent, "role", new Param(optionsToString(options), true), new Param("user", true), new Param(\r
+ "role[,role]* (!REQ S)", false));\r
+ }\r
+\r
+ @Override\r
+ public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException {\r
+ return same(new Retryable<Integer>() {\r
+ @Override\r
+ public Integer code(Rcli<?> client) throws CadiException, APIException {\r
+ int idx = index;\r
+ String key = args[idx++];\r
+ int option = whichOption(options, key);\r
+ String user = args[idx++];\r
+ String realm = getOrgRealm();\r
+\r
+ UserRoleRequest urr = new UserRoleRequest();\r
+ if (user.indexOf('@') < 0 && realm != null) user += '@' + realm;\r
+ urr.setUser(user);\r
+ // Set Start/End commands\r
+ setStartEnd(urr);\r
+\r
+ Future<?> fp = null;\r
+\r
+ if (option != 2) {\r
+ if (args.length < 5) {\r
+ throw new CadiException(build(new StringBuilder("Too few args: "), null).toString()); \r
+ }\r
+ String[] roles = args[idx++].split(",");\r
+ for (String role : roles) {\r
+ String verb = null,participle=null;\r
+ urr.setRole(role);\r
+ // You can request to be added or removed from role.\r
+ setQueryParamsOn(client);\r
+ switch(option) {\r
+ case 0:\r
+ fp = client.create("/authz/userRole", getDF(UserRoleRequest.class), urr);\r
+ verb = "Added";\r
+ participle = "] to User [" ;\r
+ break;\r
+ case 1:\r
+ fp = client.delete("/authz/userRole/" + urr.getUser() + '/' + urr.getRole(), Void.class);\r
+ verb = "Removed";\r
+ participle = "] from User [" ;\r
+ break;\r
+ case 3:\r
+ fp = client.update("/authz/userRole/extend/" + urr.getUser() + '/' + urr.getRole());\r
+ verb = "Extended";\r
+ participle = "] to User [" ;\r
+ break;\r
+ default:\r
+ throw new CadiException("Invalid action [" + key + ']');\r
+ }\r
+ if (fp.get(AAFcli.timeout())) {\r
+ pw().print(verb);\r
+ pw().print(" Role [");\r
+ pw().print(urr.getRole());\r
+ pw().print(participle);\r
+ pw().print(urr.getUser());\r
+ pw().println(']');\r
+ } else {\r
+ switch(fp.code()) {\r
+ case 202:\r
+ pw().print("UserRole ");\r
+ pw().print(option == 0 ? "Creation" : option==1?"Deletion":"Extension");\r
+ pw().println(" Accepted, but requires Approvals before actualizing");\r
+ break;\r
+ case 404:\r
+ if(option==3) {\r
+ pw().println("Failed with code 404: UserRole is not found, or you do not have permission to view");\r
+ break;\r
+ }\r
+ default:\r
+ error(fp);\r
+ }\r
+ }\r
+ }\r
+ } else {\r
+ // option 2 is setTo command (an update call)\r
+ String allRoles = "";\r
+ if (idx < args.length)\r
+ allRoles = args[idx++];\r
+\r
+ urr.setRole(allRoles);\r
+ fp = client.update("/authz/userRole/user", getDF(UserRoleRequest.class), urr);\r
+ if (fp.get(AAFcli.timeout())) {\r
+ pw().println("Set User's Roles to [" + allRoles + "]");\r
+ } else {\r
+ error(fp);\r
+ }\r
+ }\r
+ return fp == null ? 0 : fp.code();\r
+ }\r
+ });\r
+ }\r
+\r
+ @Override\r
+ public void detailedHelp(int indent, StringBuilder sb) {\r
+ detailLine(sb, indent, "Add OR Delete a User to/from a Role OR");\r
+ detailLine(sb, indent, "Set a User's Roles to the roles supplied");\r
+ detailLine(sb, indent + 2, "user - ID of User");\r
+ detailLine(sb, indent + 2, "role(s) - Role or Roles to which to add the User");\r
+ sb.append('\n');\r
+ detailLine(sb, indent + 2, "Note: this is the same as \"role user add...\" except allows");\r
+ detailLine(sb, indent + 2, "assignment of user to multiple roles");\r
+ detailLine(sb, indent + 2, "WARNING: Roles supplied with setTo will be the ONLY roles attached to this user");\r
+ detailLine(sb, indent + 2, "If no roles are supplied, user's roles are reset.");\r
+ api(sb, indent, HttpMethods.POST, "authz/userRole", UserRoleRequest.class, true);\r
+ api(sb, indent, HttpMethods.DELETE, "authz/userRole/<user>/<role>", Void.class, false);\r
+ api(sb, indent, HttpMethods.PUT, "authz/userRole/<user>", UserRoleRequest.class, false);\r
+ }\r
+\r
+}\r
Code Review / aaf / authz.git / blobdiff