X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-cass%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fdao%2Fhl%2FPermLookup.java;h=5a66be8af8260c30363544b83d5f9416aeccc331;hb=HEAD;hp=8d15c95834aae449b1533dc5f8d0f2576e364060;hpb=ff1417ff60baee231a28272f9a16ef2c9c8ea0a2;p=aaf%2Fauthz.git diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java index 8d15c958..5a66be8a 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -27,6 +27,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Set; +import java.util.TreeMap; import java.util.TreeSet; import org.onap.aaf.auth.dao.cass.PermDAO; @@ -37,14 +38,14 @@ import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.layer.Result; /** - * PermLookup is a Storage class for the various pieces of looking up Permission + * PermLookup is a Storage class for the various pieces of looking up Permission * during Transactions to avoid duplicate processing - * + * * @author Jonathan * */ // Package on purpose -class PermLookup { +public class PermLookup { private AuthzTrans trans; private String user; private Question q; @@ -52,10 +53,10 @@ class PermLookup { private Result> roles = null; private Result> permNames = null; private Result> perms = null; - + private PermLookup() {} - - static PermLookup get(AuthzTrans trans, Question q, String user) { + + public static PermLookup get(AuthzTrans trans, Question q, String user) { PermLookup lp=null; Map permMap = trans.get(Question.PERMS, null); if (permMap == null) { @@ -73,7 +74,7 @@ class PermLookup { } return lp; } - + public Result> getUserRoles() { if (userRoles==null) { userRoles = q.userRoleDAO().readByUser(trans,user); @@ -81,7 +82,7 @@ class PermLookup { List lurdd = new ArrayList<>(); Date now = new Date(); for (UserRoleDAO.Data urdd : userRoles.value) { - if (urdd.expires.after(now)) { // Remove Expired + if (urdd.expires.after(now) || trans.org().isUserExpireExempt(user, urdd.expires)) { // Remove Expired lurdd.add(urdd); } } @@ -142,7 +143,7 @@ class PermLookup { return permNames; } } - + public Result> getPerms(boolean lookup) { if (perms==null) { // Note: It should be ok for a Valid user to have no permissions - @@ -152,13 +153,32 @@ class PermLookup { List lpdd = new ArrayList<>(); for (String perm : rss.value) { if (lookup) { + Map mspdd = new TreeMap<>(); Result ap = PermDAO.Data.decodeToArray(trans, q, perm); if (ap.isOK()) { - + Result> rlpd = q.permDAO().read(perm,trans,ap.value); if (rlpd.isOKhasData()) { for (PermDAO.Data pData : rlpd.value) { - lpdd.add(pData); + // ONLY add perms/roles which are related to this lookup + for(String pdr : pData.roles(false)) { + for(RoleDAO.Data r : roles.value) { + if(pdr.equals(r.encode())) { + PermDAO.Data pdd = mspdd.get(pData.fullPerm()); + if(pdd==null) { + pdd = new PermDAO.Data(); + pdd.ns = pData.ns; + pdd.type = pData.type; + pdd.instance = pData.instance; + pdd.action = pData.action; + pdd.description = pData.description; + lpdd.add(pdd); + } + pdd.roles(true).add(pdr); + break; + } + } + } } } } else {