X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-batch%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fbatch%2Fapprovalsets%2FURApprovalSet.java;h=6b9e5e0bac24252e4962a936a5132be5dc59a24d;hb=1296352d8eafee57f982a4342ad79ada4aa56d28;hp=b6767d4a6d388100acf9f06d118fb5d062143b16;hpb=59ffb7d529245c3bd0233dbf6cb0ae9fe9ccb856;p=aaf%2Fauthz.git diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java index b6767d4a..6b9e5e0b 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -21,9 +21,11 @@ package org.onap.aaf.auth.batch.approvalsets; import java.io.IOException; +import java.util.Date; import java.util.GregorianCalendar; import java.util.List; +import org.onap.aaf.auth.batch.helpers.Approval; import org.onap.aaf.auth.dao.cass.ApprovalDAO; import org.onap.aaf.auth.dao.cass.NsDAO; import org.onap.aaf.auth.dao.cass.RoleDAO; @@ -39,87 +41,111 @@ import org.onap.aaf.cadi.CadiException; import org.onap.aaf.misc.env.util.Chrono; public class URApprovalSet extends ApprovalSet { - public static final String EXTEND_STRING = "Extend access of User [%s] to Role [%s] - Expires %s"; - - public URApprovalSet(final AuthzTrans trans, final GregorianCalendar start, final DataView dv, final Loader lurdd) throws IOException, CadiException { - super(start, "user_role", dv); - Organization org = trans.org(); - UserRoleDAO.Data urdd = lurdd.load(); - setConstruct(urdd.bytify()); - setMemo(String.format(EXTEND_STRING,urdd.user,urdd.role,Chrono.dateOnlyStamp(urdd.expires))); - setExpires(org.expiration(null, Organization.Expiration.UserInRole)); - - Result r = dv.roleByName(trans, urdd.role); - if(r.notOKorIsEmpty()) { - throw new CadiException(String.format("Role '%s' does not exist: %s", urdd.role, r.details)); - } - Result n = dv.ns(trans, urdd.ns); - if(n.notOKorIsEmpty()) { - throw new CadiException(String.format("Namespace '%s' does not exist: %s", urdd.ns)); - } - UserRoleDAO.Data found = null; - Result> lur = dv.ursByRole(trans, urdd.role); - if(lur.isOK()) { - for(UserRoleDAO.Data ur : lur.value) { - if(urdd.user.equals(ur.user)) { - found = ur; - break; - } - } - } - if(found==null) { - throw new CadiException(String.format("User '%s' in Role '%s' does not exist: %s", urdd.user,urdd.role)); - } - - // Primarily, Owners are responsible, unless it's owned by self - boolean isOwner = false; - Result> owners = dv.ursByRole(trans, urdd.ns+".owner"); - if(owners.isOK()) { - for(UserRoleDAO.Data owner : owners.value) { - if(urdd.user.equals(owner.user)) { - isOwner = true; - } else { - ApprovalDAO.Data add = newApproval(urdd); - add.approver = owner.user; - add.type="owner"; - ladd.add(add); - } - } - } + private static final String FMT_SUFFIX = "%s] - Expires %s"; + private static final String EXTEND_ACCESS_FMT = Approval.RE_APPROVAL_IN_ROLE + "%s] to Role [" + FMT_SUFFIX; + private static final String REVALIDATE_AS_ADMIN_FMT = Approval.RE_VALIDATE_ADMIN + FMT_SUFFIX; + private static final String REVALIDATE_AS_OWNER_FMT = Approval.RE_VALIDATE_OWNER + FMT_SUFFIX; + + public URApprovalSet(final AuthzTrans trans, final GregorianCalendar start, final DataView dv, final Loader lurdd) throws IOException, CadiException { + super(start, "user_role", dv); + Organization org = trans.org(); + UserRoleDAO.Data urdd = lurdd.load(); + setConstruct(urdd.bytify()); + setMemo(getMemo(urdd)); + GregorianCalendar expires = org.expiration(null, Organization.Expiration.UserInRole); + if(urdd.expires.before(expires.getTime())) { + expires.setTime(urdd.expires); + } + setExpires(expires); + setTargetKey(urdd.user + '|' + urdd.role); + setTargetDate(urdd.expires); + + Result r = dv.roleByName(trans, urdd.role); + if(r.notOKorIsEmpty()) { + throw new CadiException(r.errorString()); + } + Result n = dv.ns(trans, urdd.ns); + if(n.notOKorIsEmpty()) { + throw new CadiException(n.errorString()); + } + UserRoleDAO.Data found = null; + Result> lur = dv.ursByRole(trans, urdd.role); + if(lur.isOK()) { + for(UserRoleDAO.Data ur : lur.value) { + if(urdd.user.equals(ur.user)) { + found = ur; + break; + } + } + } + if(found==null) { + throw new CadiException(String.format("User '%s' in Role '%s' does not exist", urdd.user,urdd.role)); + } + + // Primarily, Owners are responsible, unless it's owned by self + boolean isOwner = false; + Result> owners = dv.ursByRole(trans, urdd.ns + ".owner"); + if(owners.isOK()) { + for(UserRoleDAO.Data owner : owners.value) { + if(urdd.user.equals(owner.user)) { + isOwner = true; + } else { + ApprovalDAO.Data add = newApproval(urdd); + add.approver = owner.user; + add.type="owner"; + ladd.add(add); + } + } + } + + if(isOwner) { + try { + List apprs = org.getApprovers(trans, urdd.user); + if(apprs!=null) { + for(Identity i : apprs) { + ApprovalDAO.Data add = newApproval(urdd); + add.approver = i.fullID(); + add.type = org.getApproverType(); + ladd.add(add); + } + } + } catch (OrganizationException e) { + throw new CadiException(e); + } + } + } + + private void setTargetDate(Date expires) { + fdd.target_date = expires; + } + + private void setTargetKey(String key) { + fdd.target_key = key; + } - if(isOwner) { - try { - List apprs = org.getApprovers(trans, urdd.user); - if(apprs!=null) { - for(Identity i : apprs) { - ApprovalDAO.Data add = newApproval(urdd); - Identity reportsTo = i.responsibleTo(); - if(reportsTo!=null) { - add.approver = reportsTo.fullID(); - } else { - throw new CadiException("No Supervisor for '" + urdd.user + '\''); - } - add.type = org.getApproverType(); - ladd.add(add); - } - } - } catch (OrganizationException e) { - throw new CadiException(e); - } - } - } + private ApprovalDAO.Data newApproval(UserRoleDAO.Data urdd) { + ApprovalDAO.Data add = new ApprovalDAO.Data(); + add.id = Chrono.dateToUUID(System.currentTimeMillis()); + add.ticket = fdd.id; + add.user = urdd.user; + add.operation = FUTURE_OP.A.name(); + add.status = ApprovalDAO.PENDING; + add.memo = getMemo(urdd); + return add; + } - private ApprovalDAO.Data newApproval(Data urdd) throws CadiException { - ApprovalDAO.Data add = new ApprovalDAO.Data(); - add.id = Chrono.dateToUUID(System.currentTimeMillis()); - add.ticket = fdd.id; - add.user = urdd.user; - add.operation = FUTURE_OP.A.name(); - add.status = ApprovalDAO.PENDING; - add.memo = String.format("Re-Validate as Owner for AAF Namespace '%s' - expiring %s', ", - urdd.ns, - Chrono.dateOnlyStamp(urdd.expires)); - return add; - } + private String getMemo(Data urdd) { + switch(urdd.rname) { + case "owner": + return String.format(REVALIDATE_AS_OWNER_FMT,urdd.ns,Chrono.dateOnlyStamp(urdd.expires)); + case "admin": + return String.format(REVALIDATE_AS_ADMIN_FMT,urdd.ns,Chrono.dateOnlyStamp(urdd.expires)); + default: + return String.format(EXTEND_ACCESS_FMT, + urdd.user, + urdd.role, + Chrono.dateOnlyStamp(urdd.expires)); + } + } }