X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-service%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fservice%2FAuthzCassServiceImpl.java;h=c9730f5b6bfdbdee3dc683b47888beed7c7b45fa;hb=628b7105ce4d9818aac69a082e515f9275fd46fd;hp=c3e92df49135e9b5b63c938e12b804a07c9f26f0;hpb=4b5a7d721d994a49057e9bfb403c7bff1b376660;p=aaf%2Fauthz.git diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java index c3e92df4..c9730f5b 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java @@ -33,7 +33,6 @@ import java.io.IOException; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; -import java.util.Comparator; import java.util.Date; import java.util.GregorianCalendar; import java.util.HashMap; @@ -160,16 +159,16 @@ public class AuthzCassServiceImpl createNS(final AuthzTrans trans, REQUEST from, NsType type) { final Result rnamespace = mapper.ns(trans, from); final ServiceValidator v = new ServiceValidator(); - if(v.ns(rnamespace).err()) { + if (v.ns(rnamespace).err()) { return Result.err(Status.ERR_BadData,v.errs()); } final Namespace namespace = rnamespace.value; final Result parentNs = ques.deriveNs(trans,namespace.name); - if(parentNs.notOK()) { + if (parentNs.notOK()) { return Result.err(parentNs); } - if(namespace.name.lastIndexOf('.')<0) { // Root Namespace... Function will check if allowed + if (namespace.name.lastIndexOf('.')<0) { // Root Namespace... Function will check if allowed return func.createNS(trans, namespace, false); } @@ -184,7 +183,7 @@ public class AuthzCassServiceImpl rnd; @Override public Result mayChange() { - if(rnd==null) { + if (rnd==null) { rnd = ques.mayUser(trans, trans.user(), parentNs.value,Access.write); } return rnd; @@ -193,7 +192,7 @@ public class AuthzCassServiceImpl rfc = func.createFuture(trans, fd.value, namespace.name, trans.user(),parentNs.value, FUTURE_OP.C); - if(rfc.isOK()) { + if (rfc.isOK()) { return Result.err(Status.ACC_Future, "NS [%s] is saved for future processing",namespace.name); } else { return Result.err(rfc); @@ -293,7 +292,7 @@ public class AuthzCassServiceImpl > rlnsd = ques.nsDAO.read(trans, ns); - if(rlnsd.notOKorIsEmpty()) { + if (rlnsd.notOKorIsEmpty()) { return Result.err(rlnsd); } NsDAO.Data nsd = rlnsd.value.get(0); // Check for Existence - if(nsd.attrib.get(key)!=null) { + if (nsd.attrib.get(key)!=null) { return Result.err(Status.ERR_ConflictAlreadyExists, "NS Property %s:%s exists", ns, key); } // Check if User may put - if(!ques.isGranted(trans, trans.user(), ROOT_NS, Question.ATTRIB, + if (!ques.isGranted(trans, trans.user(), ROOT_NS, Question.ATTRIB, ":"+trans.org().getDomain()+".*:"+key, Access.write.name())) { return Result.err(Status.ERR_Denied, "%s may not create NS Attrib [%s:%s]", trans.user(),ns, key); } @@ -340,18 +339,18 @@ public class AuthzCassServiceImpl readNsByAttrib(AuthzTrans trans, String key) { // Check inputs final Validator v = new ServiceValidator(); - if(v.nullOrBlank("Key",key).err()) { + if (v.nullOrBlank("Key",key).err()) { return Result.err(Status.ERR_BadData,v.errs()); } // May Read - if(!ques.isGranted(trans, trans.user(), ROOT_NS, Question.ATTRIB, + if (!ques.isGranted(trans, trans.user(), ROOT_NS, Question.ATTRIB, ":"+trans.org().getDomain()+".*:"+key, Question.READ)) { return Result.err(Status.ERR_Denied,"%s may not read NS by Attrib '%s'",trans.user(),key); } Result> rsd = ques.nsDAO.dao().readNsByAttrib(trans, key); - if(rsd.notOK()) { + if (rsd.notOK()) { return Result.err(rsd); } return mapper().keys(rsd.value); @@ -376,7 +375,7 @@ public class AuthzCassServiceImpl > rlnsd = ques.nsDAO.read(trans, ns); - if(rlnsd.notOKorIsEmpty()) { + if (rlnsd.notOKorIsEmpty()) { return Result.err(rlnsd); } NsDAO.Data nsd = rlnsd.value.get(0); // Check for Existence - if(nsd.attrib.get(key)==null) { + if (nsd.attrib.get(key)==null) { return Result.err(Status.ERR_NotFound, "NS Property %s:%s exists", ns, key); } // Check if User may put - if(!ques.isGranted(trans, trans.user(), ROOT_NS, Question.ATTRIB, + if (!ques.isGranted(trans, trans.user(), ROOT_NS, Question.ATTRIB, ":"+trans.org().getDomain()+".*:"+key, Access.write.name())) { return Result.err(Status.ERR_Denied, "%s may not create NS Attrib [%s:%s]", trans.user(),ns, key); } @@ -428,25 +427,25 @@ public class AuthzCassServiceImpl > rlnsd = ques.nsDAO.read(trans, ns); - if(rlnsd.notOKorIsEmpty()) { + if (rlnsd.notOKorIsEmpty()) { return Result.err(rlnsd); } NsDAO.Data nsd = rlnsd.value.get(0); // Check for Existence - if(nsd.attrib.get(key)==null) { + if (nsd.attrib.get(key)==null) { return Result.err(Status.ERR_NotFound, "NS Property [%s:%s] does not exist", ns, key); } // Check if User may del - if(!ques.isGranted(trans, trans.user(), ROOT_NS, "attrib", ":" + ROOT_COMPANY + ".*:"+key, Access.write.name())) { + if (!ques.isGranted(trans, trans.user(), ROOT_NS, "attrib", ":" + ROOT_COMPANY + ".*:"+key, Access.write.name())) { return Result.err(Status.ERR_Denied, "%s may not delete NS Attrib [%s:%s]", trans.user(),ns, key); } @@ -473,28 +472,28 @@ public class AuthzCassServiceImpl getNSbyName(AuthzTrans trans, String ns) { final Validator v = new ServiceValidator(); - if(v.nullOrBlank("NS", ns).err()) { + if (v.nullOrBlank("NS", ns).err()) { return Result.err(Status.ERR_BadData,v.errs()); } Result> rlnd = ques.nsDAO.read(trans, ns); - if(rlnd.isOK()) { - if(rlnd.isEmpty()) { + if (rlnd.isOK()) { + if (rlnd.isEmpty()) { return Result.err(Status.ERR_NotFound, "No data found for %s",ns); } Result rnd = ques.mayUser(trans, trans.user(), rlnd.value.get(0), Access.read); - if(rnd.notOK()) { + if (rnd.notOK()) { return Result.err(rnd); } Namespace namespace = new Namespace(rnd.value); Result> rd = func.getOwners(trans, namespace.name, false); - if(rd.isOK()) { + if (rd.isOK()) { namespace.owner = rd.value; } rd = func.getAdmins(trans, namespace.name, false); - if(rd.isOK()) { + if (rd.isOK()) { namespace.admin = rd.value; } @@ -523,7 +522,7 @@ public class AuthzCassServiceImpl > rn = loadNamepace(trans, user, ".admin", full); - if(rn.notOK()) { + if (rn.notOK()) { return Result.err(rn); } if (rn.isEmpty()) { @@ -552,7 +551,7 @@ public class AuthzCassServiceImpl > rn = loadNamepace(trans, user, null, full); - if(rn.notOK()) { + if (rn.notOK()) { return Result.err(rn); } if (rn.isEmpty()) { @@ -565,55 +564,55 @@ public class AuthzCassServiceImpl > loadNamepace(AuthzTrans trans, String user, String endsWith, boolean full) { Result> urd = ques.userRoleDAO.readByUser(trans, user); - if(urd.notOKorIsEmpty()) { + if (urd.notOKorIsEmpty()) { return Result.err(urd); } Map lm = new HashMap<>(); Map other = full || endsWith==null?null:new TreeMap<>(); - for(UserRoleDAO.Data urdd : urd.value) { - if(full) { - if(endsWith==null || urdd.role.endsWith(endsWith)) { + for (UserRoleDAO.Data urdd : urd.value) { + if (full) { + if (endsWith==null || urdd.role.endsWith(endsWith)) { RoleDAO.Data rd = RoleDAO.Data.decode(urdd); Result nsd = ques.mayUser(trans, user, rd, Access.read); - if(nsd.isOK()) { + if (nsd.isOK()) { Namespace namespace = lm.get(nsd.value.name); - if(namespace==null) { + if (namespace==null) { namespace = new Namespace(nsd.value); lm.put(namespace.name,namespace); } Result> rls = func.getAdmins(trans, namespace.name, false); - if(rls.isOK()) { + if (rls.isOK()) { namespace.admin=rls.value; } rls = func.getOwners(trans, namespace.name, false); - if(rls.isOK()) { + if (rls.isOK()) { namespace.owner=rls.value; } } } } else { // Shortened version. Only Namespace Info available from Role. - if(Question.ADMIN.equals(urdd.rname) || Question.OWNER.equals(urdd.rname)) { + if (Question.ADMIN.equals(urdd.rname) || Question.OWNER.equals(urdd.rname)) { RoleDAO.Data rd = RoleDAO.Data.decode(urdd); Result nsd = ques.mayUser(trans, user, rd, Access.read); - if(nsd.isOK()) { + if (nsd.isOK()) { Namespace namespace = lm.get(nsd.value.name); - if(namespace==null) { - if(other!=null) { + if (namespace==null) { + if (other!=null) { namespace = other.remove(nsd.value.name); } - if(namespace==null) { + if (namespace==null) { namespace = new Namespace(nsd.value); namespace.admin=new ArrayList<>(); namespace.owner=new ArrayList<>(); } - if(endsWith==null || urdd.role.endsWith(endsWith)) { + if (endsWith==null || urdd.role.endsWith(endsWith)) { lm.put(namespace.name,namespace); } else { other.put(namespace.name,namespace); } } - if(Question.OWNER.equals(urdd.rname)) { + if (Question.OWNER.equals(urdd.rname)) { namespace.owner.add(urdd.user); } else { namespace.admin.add(urdd.user); @@ -642,7 +641,7 @@ public class AuthzCassServiceImpl > rn = loadNamepace(trans, user, ".owner",full); - if(rn.notOK()) { + if (rn.notOK()) { return Result.err(rn); } if (rn.isEmpty()) { @@ -666,34 +665,34 @@ public class AuthzCassServiceImpl getNSsChildren(AuthzTrans trans, String parent) { final Validator v = new ServiceValidator(); - if(v.nullOrBlank("NS", parent).err()) { + if (v.nullOrBlank("NS", parent).err()) { return Result.err(Status.ERR_BadData,v.errs()); } Result rnd = ques.deriveNs(trans, parent); - if(rnd.notOK()) { + if (rnd.notOK()) { return Result.err(rnd); } rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read); - if(rnd.notOK()) { + if (rnd.notOK()) { return Result.err(rnd); } Set lm = new HashSet<>(); Result> rlnd = ques.nsDAO.dao().getChildren(trans, parent); - if(rlnd.isOK()) { - if(rlnd.isEmpty()) { + if (rlnd.isOK()) { + if (rlnd.isEmpty()) { return Result.err(Status.ERR_NotFound, "No data found for %s",parent); } - for(NsDAO.Data ndd : rlnd.value) { + for (NsDAO.Data ndd : rlnd.value) { Namespace namespace = new Namespace(ndd); Result> rls = func.getAdmins(trans, namespace.name, false); - if(rls.isOK()) { + if (rls.isOK()) { namespace.admin=rls.value; } rls = func.getOwners(trans, namespace.name, false); - if(rls.isOK()) { + if (rls.isOK()) { namespace.owner=rls.value; } @@ -720,17 +719,17 @@ public class AuthzCassServiceImpl updateNsDescription(AuthzTrans trans, REQUEST from) { final Result nsd = mapper.ns(trans, from); final ServiceValidator v = new ServiceValidator(); - if(v.ns(nsd).err()) { + if (v.ns(nsd).err()) { return Result.err(Status.ERR_BadData,v.errs()); } - if(v.nullOrBlank("description", nsd.value.description).err()) { + if (v.nullOrBlank("description", nsd.value.description).err()) { return Result.err(Status.ERR_BadData,v.errs()); } Namespace namespace = nsd.value; Result> rlnd = ques.nsDAO.read(trans, namespace.name); - if(rlnd.notOKorIsEmpty()) { + if (rlnd.notOKorIsEmpty()) { return Result.err(Status.ERR_NotFound, "Namespace [%s] does not exist",namespace.name); } @@ -739,7 +738,7 @@ public class AuthzCassServiceImpl rdr = ques.nsDAO.dao().addDescription(trans, namespace.name, namespace.description); - if(rdr.isOK()) { + if (rdr.isOK()) { return Result.ok(); } else { return Result.err(rdr); @@ -799,7 +798,7 @@ public class AuthzCassServiceImpl createPerm(final AuthzTrans trans,REQUEST rreq) { final Result newPd = mapper.perm(trans, rreq); final ServiceValidator v = new ServiceValidator(); - if(v.perm(newPd).err()) { + if (v.perm(newPd).err()) { return Result.err(Status.ERR_BadData,v.errs()); } @@ -817,14 +816,14 @@ public class AuthzCassServiceImpl nsd; @Override public Result mayChange() { - if(nsd==null) { + if (nsd==null) { nsd = ques.mayUser(trans, trans.user(), newPd.value, Access.write); } return nsd; } }); Result> nsr = ques.nsDAO.read(trans, newPd.value.ns); - if(nsr.notOKorIsEmpty()) { + if (nsr.notOKorIsEmpty()) { return Result.err(nsr); } switch(fd.status) { @@ -834,7 +833,7 @@ public class AuthzCassServiceImpl getPermsByType(AuthzTrans trans, final String permType) { final Validator v = new ServiceValidator(); - if(v.nullOrBlank("PermType", permType).err()) { + if (v.nullOrBlank("PermType", permType).err()) { return Result.err(Status.ERR_BadData,v.errs()); } Result> rlpd = ques.getPermsByType(trans, permType); - if(rlpd.notOK()) { + if (rlpd.notOK()) { return Result.err(rlpd); } // We don't have instance & action for mayUserView... do we want to loop through all returned here as well as in mapper? // Result r; -// if((r = ques.mayUserViewPerm(trans, trans.user(), permType)).notOK())return Result.err(r); +// if ((r = ques.mayUserViewPerm(trans, trans.user(), permType)).notOK())return Result.err(r); PERMS perms = mapper.newInstance(API.PERMS); - if(!rlpd.isEmpty()) { + if (!rlpd.isEmpty()) { // Note: Mapper will restrict what can be viewed return mapper.perms(trans, rlpd.value, perms, true); } @@ -895,19 +894,19 @@ public class AuthzCassServiceImpl getPermsByName(AuthzTrans trans, String type, String instance, String action) { final Validator v = new ServiceValidator(); - if(v.nullOrBlank("PermType", type).err() + if (v.nullOrBlank("PermType", type).err() || v.nullOrBlank("PermInstance", instance).err() || v.nullOrBlank("PermAction", action).err()) { return Result.err(Status.ERR_BadData,v.errs()); } Result> rlpd = ques.getPermsByName(trans, type, instance, action); - if(rlpd.notOK()) { + if (rlpd.notOK()) { return Result.err(rlpd); } PERMS perms = mapper.newInstance(API.PERMS); - if(!rlpd.isEmpty()) { + if (!rlpd.isEmpty()) { // Note: Mapper will restrict what can be viewed return mapper.perms(trans, rlpd.value, perms, true); } @@ -926,19 +925,19 @@ public class AuthzCassServiceImpl getPermsByUser(AuthzTrans trans, String user) { final Validator v = new ServiceValidator(); - if(v.nullOrBlank("User", user).err()) { + if (v.nullOrBlank("User", user).err()) { return Result.err(Status.ERR_BadData,v.errs()); } Result> rlpd = ques.getPermsByUser(trans, user, trans.requested(force)); - if(rlpd.notOK()) { + if (rlpd.notOK()) { return Result.err(rlpd); } PERMS perms = mapper.newInstance(API.PERMS); - if(rlpd.isEmpty()) { + if (rlpd.isEmpty()) { return Result.ok(perms); } // Note: Mapper will restrict what can be viewed @@ -962,18 +961,18 @@ public class AuthzCassServiceImpl getPermsByUserScope(AuthzTrans trans, String user, String[] scopes) { final Validator v = new ServiceValidator(); - if(v.nullOrBlank("User", user).err()) { + if (v.nullOrBlank("User", user).err()) { return Result.err(Status.ERR_BadData,v.errs()); } Result> rlpd = ques.getPermsByUser(trans, user, trans.requested(force)); - if(rlpd.notOK()) { + if (rlpd.notOK()) { return Result.err(rlpd); } PERMS perms = mapper.newInstance(API.PERMS); - if(rlpd.isEmpty()) { + if (rlpd.isEmpty()) { return Result.ok(perms); } // Note: Mapper will restrict what can be viewed @@ -1014,13 +1013,13 @@ public class AuthzCassServiceImpl getPermsByUser(AuthzTrans trans, PERMS _perms, String user) { PERMS perms = _perms; final Validator v = new ServiceValidator(); - if(v.nullOrBlank("User", user).err()) { + if (v.nullOrBlank("User", user).err()) { return Result.err(Status.ERR_BadData,v.errs()); } ////////////// Result> rlpd = ques.getPermsByUser(trans, user,trans.requested(force)); - if(rlpd.notOK()) { + if (rlpd.notOK()) { return Result.err(rlpd); } @@ -1029,25 +1028,25 @@ public class AuthzCassServiceImpl > in = mapper.perms(trans, perms); - if(in.isOKhasData()) { + if (in.isOKhasData()) { List out = rlpd.value; boolean ok; - for(PermDAO.Data pdd : in.value) { + for (PermDAO.Data pdd : in.value) { ok = false; - if("access".equals(pdd.type)) { + if ("access".equals(pdd.type)) { Access access = Access.valueOf(pdd.action); String[] mdkey = Split.splitTrim(':',pdd.instance); - if(mdkey.length>1) { + if (mdkey.length>1) { String type = mdkey[1]; - if("role".equals(type)) { - if(mdkey.length>2) { + if ("role".equals(type)) { + if (mdkey.length>2) { RoleDAO.Data rdd = new RoleDAO.Data(); rdd.ns=pdd.ns; rdd.name=mdkey[2]; ok = ques.mayUser(trans, trans.user(), rdd, Access.read).isOK() && ques.mayUser(trans, user, rdd , access).isOK(); } - } else if("perm".equals(type)) { - if(mdkey.length>4) { // also need instance/action + } else if ("perm".equals(type)) { + if (mdkey.length>4) { // also need instance/action PermDAO.Data p = new PermDAO.Data(); p.ns=pdd.ns; p.type=mdkey[2]; @@ -1055,21 +1054,21 @@ public class AuthzCassServiceImpl getPermsByRole(AuthzTrans trans,String role) { final Validator v = new ServiceValidator(); - if(v.nullOrBlank("Role", role).err()) { + if (v.nullOrBlank("Role", role).err()) { return Result.err(Status.ERR_BadData,v.errs()); } Result rrdd = RoleDAO.Data.decode(trans, ques,role); - if(rrdd.notOK()) { + if (rrdd.notOK()) { return Result.err(rrdd); } Result r = ques.mayUser(trans, trans.user(), rrdd.value, Access.read); - if(r.notOK()) { + if (r.notOK()) { return Result.err(r); } PERMS perms = mapper.newInstance(API.PERMS); Result> rlpd = ques.getPermsByRole(trans, role, trans.requested(force)); - if(rlpd.isOKhasData()) { + if (rlpd.isOKhasData()) { // Note: Mapper will restrict what can be viewed return mapper.perms(trans, rlpd.value, perms, true); } @@ -1125,27 +1124,27 @@ public class AuthzCassServiceImpl getPermsByNS(AuthzTrans trans,String ns) { final Validator v = new ServiceValidator(); - if(v.nullOrBlank("NS", ns).err()) { + if (v.nullOrBlank("NS", ns).err()) { return Result.err(Status.ERR_BadData,v.errs()); } Result rnd = ques.deriveNs(trans, ns); - if(rnd.notOK()) { + if (rnd.notOK()) { return Result.err(rnd); } rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read); - if(rnd.notOK()) { + if (rnd.notOK()) { return Result.err(rnd); } Result> rlpd = ques.permDAO.readNS(trans, ns); - if(rlpd.notOK()) { + if (rlpd.notOK()) { return Result.err(rlpd); } PERMS perms = mapper.newInstance(API.PERMS); - if(!rlpd.isEmpty()) { + if (!rlpd.isEmpty()) { // Note: Mapper will restrict what can be viewed return mapper.perms(trans, rlpd.value,perms, true); } @@ -1167,7 +1166,7 @@ public class AuthzCassServiceImpl renamePerm(final AuthzTrans trans,REQUEST rreq, String origType, String origInstance, String origAction) { final Result newPd = mapper.perm(trans, rreq); final ServiceValidator v = new ServiceValidator(); - if(v.perm(newPd).err()) { + if (v.perm(newPd).err()) { return Result.err(Status.ERR_BadData,v.errs()); } @@ -1179,7 +1178,7 @@ public class AuthzCassServiceImpl nss = ques.deriveNsSplit(trans, origType); Result> origRlpd = ques.permDAO.read(trans, nss.value.ns, nss.value.name, origInstance, origAction); - if(origRlpd.notOKorIsEmpty()) { + if (origRlpd.notOKorIsEmpty()) { return Result.err(Status.ERR_PermissionNotFound, "Permission [%s|%s|%s] does not exist", origType,origInstance,origAction); @@ -1229,14 +1228,14 @@ public class AuthzCassServiceImpl updatePermDescription(AuthzTrans trans, REQUEST from) { final Result pd = mapper.perm(trans, from); final ServiceValidator v = new ServiceValidator(); - if(v.perm(pd).err()) { + if (v.perm(pd).err()) { return Result.err(Status.ERR_BadData,v.errs()); } - if(v.nullOrBlank("description", pd.value.description).err()) { + if (v.nullOrBlank("description", pd.value.description).err()) { return Result.err(Status.ERR_BadData,v.errs()); } final PermDAO.Data perm = pd.value; - if(ques.permDAO.read(trans, perm.ns, perm.type, perm.instance,perm.action).notOKorIsEmpty()) { + if (ques.permDAO.read(trans, perm.ns, perm.type, perm.instance,perm.action).notOKorIsEmpty()) { return Result.err(Status.ERR_NotFound, "Permission [%s.%s|%s|%s] does not exist", perm.ns,perm.type,perm.instance,perm.action); } @@ -1247,13 +1246,13 @@ public class AuthzCassServiceImpl > nsr = ques.nsDAO.read(trans, pd.value.ns); - if(nsr.notOKorIsEmpty()) { + if (nsr.notOKorIsEmpty()) { return Result.err(nsr); } Result rdr = ques.permDAO.addDescription(trans, perm.ns, perm.type, perm.instance, perm.action, perm.description); - if(rdr.isOK()) { + if (rdr.isOK()) { return Result.ok(); } else { return Result.err(rdr); @@ -1273,12 +1272,12 @@ public class AuthzCassServiceImpl resetPermRoles(final AuthzTrans trans, REQUEST rreq) { final Result updt = mapper.permFromRPRequest(trans, rreq); - if(updt.notOKorIsEmpty()) { + if (updt.notOKorIsEmpty()) { return Result.err(updt); } final ServiceValidator v = new ServiceValidator(); - if(v.perm(updt).err()) { + if (v.perm(updt).err()) { return Result.err(Status.ERR_BadData,v.errs()); } @@ -1294,7 +1293,7 @@ public class AuthzCassServiceImpl updtRoles = new HashSet<>(); Result nss; - for(String role : updt.value.roles(false)) { + for (String role : updt.value.roles(false)) { nss = ques.deriveNsSplit(trans, role); - if(nss.isOK()) { + if (nss.isOK()) { updtRoles.add(nss.value.ns + '|' + nss.value.name); } else { trans.error().log(nss.errorString()); @@ -1314,17 +1313,17 @@ public class AuthzCassServiceImpl rv = null; - for(PermDAO.Data curr : rcurr.value) { + for (PermDAO.Data curr : rcurr.value) { Set currRoles = curr.roles(false); // must add roles to this perm, and add this perm to each role // in the update, but not in the current for (String role : updtRoles) { if (!currRoles.contains(role)) { Result key = RoleDAO.Data.decode(trans, ques, role); - if(key.isOKhasData()) { + if (key.isOKhasData()) { Result> rrd = ques.roleDAO.read(trans, key.value); - if(rrd.isOKhasData()) { - for(RoleDAO.Data r : rrd.value) { + if (rrd.isOKhasData()) { + for (RoleDAO.Data r : rrd.value) { rv = func.addPermToRole(trans, r, curr, false); if (rv.notOK() && rv.status!=Result.ERR_ConflictAlreadyExists) { return Result.err(rv); @@ -1341,10 +1340,10 @@ public class AuthzCassServiceImpl key = RoleDAO.Data.decode(trans, ques, role); - if(key.isOKhasData()) { + if (key.isOKhasData()) { Result> rdd = ques.roleDAO.read(trans, key.value); - if(rdd.isOKhasData()) { - for(RoleDAO.Data r : rdd.value) { + if (rdd.isOKhasData()) { + for (RoleDAO.Data r : rdd.value) { rv = func.delPermFromRole(trans, r, curr, true); if (rv.notOK() && rv.status!=Status.ERR_PermissionNotFound) { return Result.err(rv); @@ -1373,11 +1372,11 @@ public class AuthzCassServiceImpl deletePerm(final AuthzTrans trans, REQUEST from) { Result pd = mapper.perm(trans, from); - if(pd.notOK()) { + if (pd.notOK()) { return Result.err(pd); } final ServiceValidator v = new ServiceValidator(); - if(v.nullOrBlank(pd.value).err()) { + if (v.nullOrBlank(pd.value).err()) { return Result.err(Status.ERR_BadData,v.errs()); } final PermDAO.Data perm = pd.value; @@ -1397,7 +1396,7 @@ public class AuthzCassServiceImpl nsd; @Override public Result mayChange() { - if(nsd==null) { + if (nsd==null) { nsd = ques.mayUser(trans, trans.user(), perm, Access.write); } return nsd; @@ -1407,13 +1406,13 @@ public class AuthzCassServiceImpl > nsr = ques.nsDAO.read(trans, perm.ns); - if(nsr.notOKorIsEmpty()) { + if (nsr.notOKorIsEmpty()) { return Result.err(nsr); } Result rfc = func.createFuture(trans, fd.value, perm.encode(), trans.user(),nsr.value.get(0),FUTURE_OP.D); - if(rfc.isOK()) { + if (rfc.isOK()) { return Result.err(Status.ACC_Future, "Perm Deletion [%s] is saved for future processing",perm.encode()); } else { return Result.err(rfc); @@ -1442,7 +1441,7 @@ public class AuthzCassServiceImpl deletePerm(AuthzTrans trans, String type, String instance, String action) { final Validator v = new ServiceValidator(); - if(v.nullOrBlank("Type",type) + if (v.nullOrBlank("Type",type) .nullOrBlank("Instance",instance) .nullOrBlank("Action",action) .err()) { @@ -1450,7 +1449,7 @@ public class AuthzCassServiceImpl pd = ques.permFrom(trans, type, instance, action); - if(pd.isOK()) { + if (pd.isOK()) { return func.deletePerm(trans, pd.value, trans.requested(force), false); } else { return Result.err(pd); @@ -1485,11 +1484,11 @@ public class AuthzCassServiceImpl createRole(final AuthzTrans trans, REQUEST from) { final Result rd = mapper.role(trans, from); final ServiceValidator v = new ServiceValidator(); - if(v.role(rd).err()) { + if (v.role(rd).err()) { return Result.err(Status.ERR_BadData,v.errs()); } final RoleDAO.Data role = rd.value; - if(ques.roleDAO.read(trans, role.ns, role.name).isOKhasData()) { + if (ques.roleDAO.read(trans, role.ns, role.name).isOKhasData()) { return Result.err(Status.ERR_ConflictAlreadyExists, "Role [" + role.fullName() + "] already exists"); } @@ -1506,7 +1505,7 @@ public class AuthzCassServiceImpl nsd; @Override public Result mayChange() { - if(nsd==null) { + if (nsd==null) { nsd = ques.mayUser(trans, trans.user(), role, Access.write); } return nsd; @@ -1514,7 +1513,7 @@ public class AuthzCassServiceImpl > nsr = ques.nsDAO.read(trans, rd.value.ns); - if(nsr.notOKorIsEmpty()) { + if (nsr.notOKorIsEmpty()) { return Result.err(nsr); } @@ -1522,7 +1521,7 @@ public class AuthzCassServiceImpl rfc = func.createFuture(trans, fd.value, role.encode(), trans.user(),nsr.value.get(0),FUTURE_OP.C); - if(rfc.isOK()) { + if (rfc.isOK()) { return Result.err(Status.ACC_Future, "Role [%s.%s] is saved for future processing", rd.value.ns, rd.value.name); @@ -1531,7 +1530,7 @@ public class AuthzCassServiceImpl rdr = ques.roleDAO.create(trans, role); - if(rdr.isOK()) { + if (rdr.isOK()) { return Result.ok(); } else { return Result.err(rdr); @@ -1557,15 +1556,15 @@ public class AuthzCassServiceImpl getRolesByName(AuthzTrans trans, String role) { final Validator v = new ServiceValidator(); - if(v.nullOrBlank("Role", role).err()) { + if (v.nullOrBlank("Role", role).err()) { return Result.err(Status.ERR_BadData,v.errs()); } // Determine if User can ask this question Result rrdd = RoleDAO.Data.decode(trans, ques, role); - if(rrdd.isOKhasData()) { + if (rrdd.isOKhasData()) { Result r; - if((r = ques.mayUser(trans, trans.user(), rrdd.value, Access.read)).notOK()) { + if ((r = ques.mayUser(trans, trans.user(), rrdd.value, Access.read)).notOK()) { return Result.err(r); } } else { @@ -1575,7 +1574,7 @@ public class AuthzCassServiceImpl > rlrd = ques.getRolesByName(trans, query<0?role:role.substring(0, query)); - if(rlrd.isOK()) { + if (rlrd.isOK()) { // Note: Mapper will restrict what can be viewed ROLES roles = mapper.newInstance(API.ROLES); return mapper.roles(trans, rlrd.value, roles, true); @@ -1602,7 +1601,7 @@ public class AuthzCassServiceImpl getRolesByUser(AuthzTrans trans, String user) { final Validator v = new ServiceValidator(); - if(v.nullOrBlank("User", user).err()) { + if (v.nullOrBlank("User", user).err()) { return Result.err(Status.ERR_BadData,v.errs()); } @@ -1610,12 +1609,12 @@ public class AuthzCassServiceImpl > rlrd; Result> rlurd = ques.userRoleDAO.readByUser(trans, user); - if(rlurd.isOKhasData()) { - for(UserRoleDAO.Data urd : rlurd.value ) { + if (rlurd.isOKhasData()) { + for (UserRoleDAO.Data urd : rlurd.value ) { rlrd = ques.roleDAO.read(trans, urd.ns,urd.rname); // Note: Mapper will restrict what can be viewed // if user is the same as that which is looked up, no filtering is required - if(rlrd.isOKhasData()) { + if (rlrd.isOKhasData()) { mapper.roles(trans, rlrd.value,roles, !user.equals(trans.user())); } } @@ -1641,17 +1640,17 @@ public class AuthzCassServiceImpl getRolesByNS(AuthzTrans trans, String ns) { final Validator v = new ServiceValidator(); - if(v.nullOrBlank("NS", ns).err()) { + if (v.nullOrBlank("NS", ns).err()) { return Result.err(Status.ERR_BadData,v.errs()); } // check if user is allowed to view NS Result rnsd = ques.deriveNs(trans, ns); - if(rnsd.notOK()) { + if (rnsd.notOK()) { return Result.err(rnsd); } rnsd = ques.mayUser(trans, trans.user(), rnsd.value, Access.read); - if(rnsd.notOK()) { + if (rnsd.notOK()) { return Result.err(rnsd); } @@ -1660,8 +1659,8 @@ public class AuthzCassServiceImpl > rlrd = ques.roleDAO.readNS(trans, ns); - if(rlrd.isOK()) { - if(!rlrd.isEmpty()) { + if (rlrd.isOK()) { + if (!rlrd.isEmpty()) { // Note: Mapper doesn't need to restrict what can be viewed, because we did it already. mapper.roles(trans,rlrd.value,roles,false); } @@ -1691,7 +1690,7 @@ public class AuthzCassServiceImpl getRolesByNameOnly(AuthzTrans trans, String name) { final Validator v = new ServiceValidator(); - if(v.nullOrBlank("Name", name).err()) { + if (v.nullOrBlank("Name", name).err()) { return Result.err(Status.ERR_BadData,v.errs()); } @@ -1702,8 +1701,8 @@ public class AuthzCassServiceImpl > rlrd = ques.roleDAO.readName(trans, name); - if(rlrd.isOK()) { - if(!rlrd.isEmpty()) { + if (rlrd.isOK()) { + if (!rlrd.isEmpty()) { // Note: Mapper will restrict what can be viewed mapper.roles(trans,rlrd.value,roles,true); } @@ -1739,7 +1738,7 @@ public class AuthzCassServiceImpl getRolesByPerm(AuthzTrans trans, String type, String instance, String action) { final Validator v = new ServiceValidator(); - if(v.permType(type) + if (v.permType(type) .permInstance(instance) .permAction(action) .err()) { @@ -1751,22 +1750,22 @@ public class AuthzCassServiceImpl nsSplit = ques.deriveNsSplit(trans, type); - if(nsSplit.isOK()) { + if (nsSplit.isOK()) { PermDAO.Data pdd = new PermDAO.Data(nsSplit.value, instance, action); Result res; - if((res=ques.mayUser(trans, trans.user(), pdd, Question.Access.read)).notOK()) { + if ((res=ques.mayUser(trans, trans.user(), pdd, Question.Access.read)).notOK()) { return Result.err(res); } Result> pdlr = ques.permDAO.read(trans, pdd); - if(pdlr.isOK())for(PermDAO.Data pd : pdlr.value) { + if (pdlr.isOK())for (PermDAO.Data pd : pdlr.value) { Result> rlrd; - for(String r : pd.roles) { + for (String r : pd.roles) { Result rs = RoleDAO.Data.decodeToArray(trans, ques, r); - if(rs.isOK()) { + if (rs.isOK()) { rlrd = ques.roleDAO.read(trans, rs.value[0],rs.value[1]); // Note: Mapper will restrict what can be viewed - if(rlrd.isOKhasData()) { + if (rlrd.isOKhasData()) { mapper.roles(trans,rlrd.value,roles,true); } } @@ -1792,15 +1791,15 @@ public class AuthzCassServiceImpl updateRoleDescription(AuthzTrans trans, REQUEST from) { final Result rd = mapper.role(trans, from); final ServiceValidator v = new ServiceValidator(); - if(v.role(rd).err()) { + if (v.role(rd).err()) { return Result.err(Status.ERR_BadData,v.errs()); } { - if(v.nullOrBlank("description", rd.value.description).err()) { + if (v.nullOrBlank("description", rd.value.description).err()) { return Result.err(Status.ERR_BadData,v.errs()); } } final RoleDAO.Data role = rd.value; - if(ques.roleDAO.read(trans, role.ns, role.name).notOKorIsEmpty()) { + if (ques.roleDAO.read(trans, role.ns, role.name).notOKorIsEmpty()) { return Result.err(Status.ERR_NotFound, "Role [" + role.fullName() + "] does not exist"); } @@ -1809,12 +1808,12 @@ public class AuthzCassServiceImpl > nsr = ques.nsDAO.read(trans, rd.value.ns); - if(nsr.notOKorIsEmpty()) { + if (nsr.notOKorIsEmpty()) { return Result.err(nsr); } Result rdr = ques.roleDAO.addDescription(trans, role.ns, role.name, role.description); - if(rdr.isOK()) { + if (rdr.isOK()) { return Result.ok(); } else { return Result.err(rdr); @@ -1846,24 +1845,24 @@ public class AuthzCassServiceImpl addPermToRole(final AuthzTrans trans, REQUEST rreq) { // Translate Request into Perm and Role Objects final Result rpd = mapper.permFromRPRequest(trans, rreq); - if(rpd.notOKorIsEmpty()) { + if (rpd.notOKorIsEmpty()) { return Result.err(rpd); } final Result rrd = mapper.roleFromRPRequest(trans, rreq); - if(rrd.notOKorIsEmpty()) { + if (rrd.notOKorIsEmpty()) { return Result.err(rrd); } // Validate Role and Perm values final ServiceValidator v = new ServiceValidator(); - if(v.perm(rpd.value) + if (v.perm(rpd.value) .role(rrd.value) .err()) { return Result.err(Status.ERR_BadData,v.errs()); } Result> rlrd = ques.roleDAO.read(trans, rrd.value.ns, rrd.value.name); - if(rlrd.notOKorIsEmpty()) { + if (rlrd.notOKorIsEmpty()) { return Result.err(Status.ERR_RoleNotFound, "Role [%s] does not exist", rrd.value.fullName()); } @@ -1871,8 +1870,8 @@ public class AuthzCassServiceImpl > rlpd = ques.permDAO.read(trans, rpd.value.ns, rpd.value.type, rpd.value.instance, rpd.value.action); PermDAO.Data createPerm = null; // if not null, create first - if(rlpd.notOKorIsEmpty()) { // Permission doesn't exist - if(trans.requested(force)) { + if (rlpd.notOKorIsEmpty()) { // Permission doesn't exist + if (trans.requested(force)) { // Remove roles from perm data object so we just create the perm here createPerm = rpd.value; createPerm.roles.clear(); @@ -1903,14 +1902,14 @@ public class AuthzCassServiceImpl nsd; @Override public Result mayChange() { - if(nsd==null) { + if (nsd==null) { nsd = ques.mayUser(trans, trans.user(), rpd.value, Access.write); } return nsd; } }); Result> nsr = ques.nsDAO.read(trans, rpd.value.ns); - if(nsr.notOKorIsEmpty()) { + if (nsr.notOKorIsEmpty()) { return Result.err(nsr); } switch(fd.status) { @@ -1920,7 +1919,7 @@ public class AuthzCassServiceImpl rv = null; - if(createPerm!=null) {// has been validated for creating + if (createPerm!=null) {// has been validated for creating rv = func.createPerm(trans, createPerm, false); } - if(rv==null || rv.isOK()) { + if (rv==null || rv.isOK()) { rv = func.addPermToRole(trans, rrd.value, rpd.value, false); } return rv; @@ -1962,16 +1961,16 @@ public class AuthzCassServiceImpl delPermFromRole(final AuthzTrans trans, REQUEST rreq) { final Result updt = mapper.permFromRPRequest(trans, rreq); - if(updt.notOKorIsEmpty()) { + if (updt.notOKorIsEmpty()) { return Result.err(updt); } final Result rrd = mapper.roleFromRPRequest(trans, rreq); - if(rrd.notOKorIsEmpty()) { + if (rrd.notOKorIsEmpty()) { return Result.err(rrd); } final ServiceValidator v = new ServiceValidator(); - if(v.nullOrBlank(updt.value) + if (v.nullOrBlank(updt.value) .nullOrBlank(rrd.value) .err()) { return Result.err(Status.ERR_BadData,v.errs()); @@ -1984,7 +1983,7 @@ public class AuthzCassServiceImpl > rlpd = ques.permDAO.read(trans, pdd.ns, pdd.type, pdd.instance, pdd.action); - if(rlpd.notOKorIsEmpty()) { + if (rlpd.notOKorIsEmpty()) { return Result.err(Status.ERR_PermissionNotFound, "Permission [%s.%s|%s|%s] does not exist", pdd.ns,pdd.type,pdd.instance,pdd.action); @@ -2002,14 +2001,14 @@ public class AuthzCassServiceImpl nsd; @Override public Result mayChange() { - if(nsd==null) { + if (nsd==null) { nsd = ques.mayUser(trans, trans.user(), pdd, Access.write); } return nsd; } }); Result> nsr = ques.nsDAO.read(trans, pdd.ns); - if(nsr.notOKorIsEmpty()) { + if (nsr.notOKorIsEmpty()) { return Result.err(nsr); } switch(fd.status) { @@ -2020,7 +2019,7 @@ public class AuthzCassServiceImpl delPermFromRole(AuthzTrans trans, String role, String type, String instance, String action) { Result rpns = ques.deriveNs(trans, type); - if(rpns.notOKorIsEmpty()) { + if (rpns.notOKorIsEmpty()) { return Result.err(rpns); } final Validator v = new ServiceValidator(); - if(v.role(role) + if (v.role(role) .permType(rpns.value.name,rpns.value.parent) .permInstance(instance) .permAction(action) @@ -2067,17 +2066,17 @@ public class AuthzCassServiceImpl rrns = ques.deriveNs(trans, role); - if(rrns.notOKorIsEmpty()) { + if (rrns.notOKorIsEmpty()) { return Result.err(rrns); } final Result> rrd = ques.roleDAO.read(trans, rrns.value.parent, rrns.value.name); - if(rrd.notOKorIsEmpty()) { + if (rrd.notOKorIsEmpty()) { return Result.err(rrd); } final Result> rpd = ques.permDAO.read(trans, rpns.value.parent, rpns.value.name, instance, action); - if(rpd.notOKorIsEmpty()) { + if (rpd.notOKorIsEmpty()) { return Result.err(rpd); } @@ -2097,9 +2096,9 @@ public class AuthzCassServiceImpl deleteRole(AuthzTrans trans, String role) { Result rrdd = RoleDAO.Data.decode(trans,ques,role); - if(rrdd.isOKhasData()) { + if (rrdd.isOKhasData()) { final ServiceValidator v = new ServiceValidator(); - if(v.nullOrBlank(rrdd.value).err()) { + if (v.nullOrBlank(rrdd.value).err()) { return Result.err(Status.ERR_BadData,v.errs()); } return func.deleteRole(trans, rrdd.value, false, false); @@ -2125,30 +2124,25 @@ public class AuthzCassServiceImpl deleteRole(final AuthzTrans trans, REQUEST from) { final Result rd = mapper.role(trans, from); final ServiceValidator v = new ServiceValidator(); - if(rd==null) { + if (rd==null) { return Result.err(Status.ERR_BadData,"Request does not contain Role"); } - if(v.nullOrBlank(rd.value).err()) { + if (v.nullOrBlank(rd.value).err()) { return Result.err(Status.ERR_BadData,v.errs()); } final RoleDAO.Data role = rd.value; - if(ques.roleDAO.read(trans, role).notOKorIsEmpty() && !trans.requested(force)) { + if (ques.roleDAO.read(trans, role).notOKorIsEmpty() && !trans.requested(force)) { return Result.err(Status.ERR_RoleNotFound, "Role [" + role.fullName() + "] does not exist"); } Result fd = mapper.future(trans,RoleDAO.TABLE,from,role,false, - new Mapper.Memo() { - @Override - public String get() { - return "Delete Role [" + role.fullName() + ']' - + " and all attached user roles"; - } - }, + () -> "Delete Role [" + role.fullName() + ']' + + " and all attached user roles", new MayChange() { private Result nsd; @Override public Result mayChange() { - if(nsd==null) { + if (nsd==null) { nsd = ques.mayUser(trans, trans.user(), role, Access.write); } return nsd; @@ -2158,13 +2152,13 @@ public class AuthzCassServiceImpl > nsr = ques.nsDAO.read(trans, rd.value.ns); - if(nsr.notOKorIsEmpty()) { + if (nsr.notOKorIsEmpty()) { return Result.err(nsr); } Result rfc = func.createFuture(trans, fd.value, role.encode(), trans.user(),nsr.value.get(0),FUTURE_OP.D); - if(rfc.isOK()) { + if (rfc.isOK()) { return Result.err(Status.ACC_Future, "Role Deletion [%s.%s] is saved for future processing", rd.value.ns, rd.value.name); @@ -2196,18 +2190,18 @@ public class AuthzCassServiceImpl mayChange() { - if(nsd==null) { + if (nsd==null) { nsd = ques.validNSOfDomain(trans, cred.id); } // is Ns of CredID valid? - if(nsd.isOK()) { + if (nsd.isOK()) { try { // Check Org Policy - if(trans.org().validate(trans,Policy.CREATE_MECHID, exec, cred.id)==null) { + if (trans.org().validate(trans,Policy.CREATE_MECHID, exec, cred.id)==null) { return Result.ok(); } else { Result rmc = ques.mayUser(trans, trans.user(), nsd.value, Access.write); - if(rmc.isOKhasData()) { + if (rmc.isOKhasData()) { return rmc; } } @@ -2234,21 +2228,21 @@ public class AuthzCassServiceImpl mayChange() { // User can change himself (but not create) - if(trans.user().equals(cred.id)) { + if (trans.user().equals(cred.id)) { return Result.ok(); } - if(nsd==null) { + if (nsd==null) { nsd = ques.validNSOfDomain(trans, cred.id); } // Get the Namespace - if(nsd.isOK()) { - if(ques.mayUser(trans, trans.user(), nsd.value,Access.write).isOK()) { + if (nsd.isOK()) { + if (ques.mayUser(trans, trans.user(), nsd.value,Access.write).isOK()) { return Result.ok(); } String user[] = Split.split('.',trans.user()); - if(user.length>2) { + if (user.length>2) { String company = user[user.length-1] + '.' + user[user.length-2]; - if(ques.isGranted(trans, trans.user(), ROOT_NS,"password",company,"reset")) { + if (ques.isGranted(trans, trans.user(), ROOT_NS,"password",company,"reset")) { return Result.ok(); } } @@ -2282,13 +2276,13 @@ public class AuthzCassServiceImpl rcred = mapper.cred(trans, from, true); - if(rcred.isOKhasData()) { + if (rcred.isOKhasData()) { byte[] rawCred = rcred.value.cred.array(); rcred = ques.userCredSetup(trans, rcred.value); final ServiceValidator v = new ServiceValidator(); - if(v.cred(trans, trans.org(),rcred,true).err()) { // Note: Creates have stricter Validations + if (v.cred(trans, trans.org(),rcred,true).err()) { // Note: Creates have stricter Validations return Result.err(Status.ERR_BadData,v.errs()); } @@ -2301,12 +2295,12 @@ public class AuthzCassServiceImpl > nsr = ques.nsDAO.read(trans, rcred.value.ns); - if(nsr.notOKorIsEmpty()) { + if (nsr.notOKorIsEmpty()) { return Result.err(Status.ERR_NsNotFound,"Cannot provision %s on non-existent Namespace %s",mechID.id(),rcred.value.ns); } @@ -2327,9 +2321,9 @@ public class AuthzCassServiceImpl rfc = func.createFuture(trans, fd.value, rcred.value.id + '|' + rcred.value.type.toString() + '|' + rcred.value.expires, trans.user(), nsr.value.get(0), FUTURE_OP.C); - if(rfc.isOK()) { + if (rfc.isOK()) { return Result.err(Status.ACC_Future, "Credential Request [%s|%s|%s] is saved for future processing", rcred.value.id, Integer.toString(rcred.value.type), @@ -2388,21 +2382,22 @@ public class AuthzCassServiceImpl > admins = func.getAdmins(trans, nsr.value.get(0).name, false); // OK, it's a first ID, and not by NS Admin, so let's set TempPassword length // Note, we only do this on First time, because of possibility of // prematurely expiring a production id - if(admins.isOKhasData() && !admins.value.contains(trans.user())) { + if (admins.isOKhasData() && !admins.value.contains(trans.user())) { rcred.value.expires = org.expiration(null, Expiration.TempPassword).getTime(); } } } catch (Exception e) { trans.error().log(e, "While setting expiration to TempPassword"); } + Resultudr = ques.credDAO.create(trans, rcred.value); - if(udr.isOK()) { + if (udr.isOK()) { return Result.ok(); } return Result.err(udr); @@ -2430,17 +2425,17 @@ public class AuthzCassServiceImpl getCredsByNS(AuthzTrans trans, String ns) { final Validator v = new ServiceValidator(); - if(v.ns(ns).err()) { + if (v.ns(ns).err()) { return Result.err(Status.ERR_BadData,v.errs()); } // check if user is allowed to view NS Result rnd = ques.deriveNs(trans,ns); - if(rnd.notOK()) { + if (rnd.notOK()) { return Result.err(rnd); } rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read); - if(rnd.notOK()) { + if (rnd.notOK()) { return Result.err(rnd); } @@ -2449,8 +2444,8 @@ public class AuthzCassServiceImpl > rlcd = ques.credDAO.readNS(trans, ns); - if(rlcd.isOK()) { - if(!rlcd.isEmpty()) { + if (rlcd.isOK()) { + if (!rlcd.isEmpty()) { return mapper.cred(rlcd.value, users); } return Result.ok(users); @@ -2476,18 +2471,18 @@ public class AuthzCassServiceImpl getCredsByID(AuthzTrans trans, String id) { final Validator v = new ServiceValidator(); - if(v.nullOrBlank("ID",id).err()) { + if (v.nullOrBlank("ID",id).err()) { return Result.err(Status.ERR_BadData,v.errs()); } String ns = Question.domain2ns(id); // check if user is allowed to view NS Result rnd = ques.deriveNs(trans,ns); - if(rnd.notOK()) { + if (rnd.notOK()) { return Result.err(rnd); } rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read); - if(rnd.notOK()) { + if (rnd.notOK()) { return Result.err(rnd); } @@ -2496,8 +2491,8 @@ public class AuthzCassServiceImpl > rlcd = ques.credDAO.readID(trans, id); - if(rlcd.isOK()) { - if(!rlcd.isEmpty()) { + if (rlcd.isOK()) { + if (!rlcd.isEmpty()) { return mapper.cred(rlcd.value, users); } return Result.ok(users); @@ -2526,8 +2521,8 @@ public class AuthzCassServiceImpl > rlcd = ques.certDAO.readID(trans, id); - if(rlcd.isOK()) { - if(!rlcd.isEmpty()) { + if (rlcd.isOK()) { + if (!rlcd.isEmpty()) { return mapper.cert(rlcd.value, certs); } return Result.ok(certs); @@ -2557,16 +2552,16 @@ public class AuthzCassServiceImpl rcred = mapper.cred(trans, from, true); - if(rcred.isOKhasData()) { + if (rcred.isOKhasData()) { rcred = ques.userCredSetup(trans, rcred.value); final ServiceValidator v = new ServiceValidator(); - if(v.cred(trans, trans.org(),rcred,false).err()) {// Note: Creates have stricter Validations + if (v.cred(trans, trans.org(),rcred,false).err()) {// Note: Creates have stricter Validations return Result.err(Status.ERR_BadData,v.errs()); } Result> rlcd = ques.credDAO.readID(trans, rcred.value.id); - if(rlcd.notOKorIsEmpty()) { + if (rlcd.notOKorIsEmpty()) { return Result.err(Status.ERR_UserNotFound, "Credential does not exist"); } @@ -2577,7 +2572,7 @@ public class AuthzCassServiceImpl ri = selectEntryIfMultiple((CredRequest)from, rlcd.value); - if(ri.notOK()) { + if (ri.notOK()) { return Result.err(ri); } int entry = ri.value; @@ -2598,7 +2593,7 @@ public class AuthzCassServiceImpl > nsr = ques.nsDAO.read(trans, rcred.value.ns); - if(nsr.notOKorIsEmpty()) { + if (nsr.notOKorIsEmpty()) { return Result.err(nsr); } @@ -2607,7 +2602,7 @@ public class AuthzCassServiceImpl rfc = func.createFuture(trans, fd.value, rcred.value.id + '|' + rcred.value.type.toString() + '|' + rcred.value.expires, trans.user(), nsr.value.get(0), FUTURE_OP.U); - if(rfc.isOK()) { + if (rfc.isOK()) { return Result.err(Status.ACC_Future, "Credential Request [%s|%s|%s]", rcred.value.id, Integer.toString(rcred.value.type), @@ -2620,7 +2615,7 @@ public class AuthzCassServiceImpl cred = mapper.cred(trans, from, false); Organization org = trans.org(); final ServiceValidator v = new ServiceValidator(); - if(v.notOK(cred).err() || + if (v.notOK(cred).err() || v.nullOrBlank(cred.value.id, "Invalid ID").err() || v.user(org,cred.value.id).err()) { return Result.err(Status.ERR_BadData,v.errs()); @@ -2720,13 +2713,13 @@ public class AuthzCassServiceImpl > rlcd = ques.credDAO.readID(trans, cred.value.id); - if(rlcd.notOKorIsEmpty()) { + if (rlcd.notOKorIsEmpty()) { return Result.err(Status.ERR_UserNotFound, "Credential does not exist"); } //Need to do the "Pick Entry" mechanism Result ri = selectEntryIfMultiple((CredRequest)from, rlcd.value); - if(ri.notOK()) { + if (ri.notOK()) { return Result.err(ri); } @@ -2737,12 +2730,12 @@ public class AuthzCassServiceImpl value) { // ensure credentials are sorted so we can fully automate Cred regression test - Collections.sort(value, new Comparator() { - @Override - public int compare(CredDAO.Data cred1, CredDAO.Data cred2) { - return cred1.expires.compareTo(cred2.expires); - } - }); + Collections.sort(value, (cred1, cred2) -> cred1.expires.compareTo(cred2.expires)); String [] vars = new String[value.size()+1]; vars[0]="Choice"; for (int i = 0; i < value.size(); i++) { @@ -2779,7 +2767,7 @@ public class AuthzCassServiceImpl deleteUserCred(AuthzTrans trans, REQUEST from) { final Result cred = mapper.cred(trans, from, false); final Validator v = new ServiceValidator(); - if(v.nullOrBlank("cred", cred.value.id).err()) { + if (v.nullOrBlank("cred", cred.value.id).err()) { return Result.err(Status.ERR_BadData,v.errs()); } Result> rlcd = ques.credDAO.readID(trans, cred.value.id); - if(rlcd.notOKorIsEmpty()) { + if (rlcd.notOKorIsEmpty()) { // Empty Creds should have no user_roles. Result> rlurd = ques.userRoleDAO.readByUser(trans, cred.value.id); - if(rlurd.isOK()) { - for(UserRoleDAO.Data data : rlurd.value) { + if (rlurd.isOK()) { + for (UserRoleDAO.Data data : rlurd.value) { ques.userRoleDAO.delete(trans, data, false); } } @@ -2827,21 +2815,21 @@ public class AuthzCassServiceImpl 1) { CredRequest cr = (CredRequest)from; String inputOption = cr.getEntry(); if (inputOption == null) { String message = selectCredFromList(rlcd.value, true); - String[] variables = buildVariables(rlcd.value); + Object[] variables = buildVariables(rlcd.value); return Result.err(Status.ERR_ChoiceNeeded, message, variables); } else { try { - if(inputOption.length()>5) { // should be a date + if (inputOption.length()>5) { // should be a date Date d = Chrono.xmlDatatypeFactory.newXMLGregorianCalendar(inputOption).toGregorianCalendar().getTime(); entry = 0; - for(CredDAO.Data cd : rlcd.value) { - if(cd.type.equals(cr.getType()) && cd.expires.equals(d)) { + for (CredDAO.Data cd : rlcd.value) { + if (cd.type.equals(cr.getType()) && cd.expires.equals(d)) { break; } ++entry; @@ -2849,9 +2837,9 @@ public class AuthzCassServiceImpl fd = mapper.future(trans,CredDAO.TABLE,from,cred.value,false, - new Mapper.Memo() { - @Override - public String get() { - return "Delete Credential [" + - cred.value.id + - ']'; - } - }, + Result fd = mapper.future(trans,CredDAO.TABLE,from,cred.value,false, + () -> "Delete Credential [" + + cred.value.id + + ']', mc); Result> nsr = ques.nsDAO.read(trans, cred.value.ns); - if(nsr.notOKorIsEmpty()) { + if (nsr.notOKorIsEmpty()) { return Result.err(nsr); } @@ -2885,7 +2868,7 @@ public class AuthzCassServiceImpl rfc = func.createFuture(trans, fd.value, cred.value.id, trans.user(), nsr.value.get(0), FUTURE_OP.D); - if(rfc.isOK()) { + if (rfc.isOK()) { return Result.err(Status.ACC_Future, "Credential Delete [%s] is saved for future processing",cred.value.id); } else { return Result.err(rfc); @@ -2893,7 +2876,7 @@ public class AuthzCassServiceImpl udr = null; if (!trans.requested(force)) { - if(entry<0 || entry >= rlcd.value.size()) { + if (entry<0 || entry >= rlcd.value.size()) { return Result.err(Status.ERR_BadData,"Invalid Choice [" + entry + "] chosen for Delete [%s] is saved for future processing",cred.value.id); } udr = ques.credDAO.delete(trans, rlcd.value.get(entry),false); @@ -2905,15 +2888,15 @@ public class AuthzCassServiceImpl > rlurd = ques.userRoleDAO.readByUser(trans, cred.value.id); - if(rlurd.isOK()) { - for(UserRoleDAO.Data data : rlurd.value) { + if (rlurd.isOK()) { + for (UserRoleDAO.Data data : rlurd.value) { ques.userRoleDAO.delete(trans, data, false); } } } - if(udr==null) { + if (udr==null) { return Result.err(Result.ERR_NotFound,"No User Data found"); } if (udr.isOK()) { @@ -2933,11 +2916,11 @@ public class AuthzCassServiceImpl data = mapper.cred(trans, credReq,false); - if(data.notOKorIsEmpty()) { + if (data.notOKorIsEmpty()) { return Result.err(data); } CredDAO.Data cred = data.value; // of the Mapped Cred - if(cred.cred==null) { + if (cred.cred==null) { return Result.err(Result.ERR_BadData,"No Password"); } else { return ques.doesUserCredMatch(trans, cred.id, cred.cred.array()); @@ -2984,7 +2967,7 @@ public class AuthzCassServiceImpl rq = ques.doesUserCredMatch(trans, bp.getName(), bp.getCred()); // Note: Only want to log problem, don't want to send back to end user - if(rq.isOK()) { + if (rq.isOK()) { return rq; } else { trans.audit().log(rq.errorString()); @@ -3018,13 +3001,13 @@ public class AuthzCassServiceImpl urr = mapper.userRole(trans, from); - if(urr.notOKorIsEmpty()) { + if (urr.notOKorIsEmpty()) { return Result.err(urr); } final UserRoleDAO.Data userRole = urr.value; final ServiceValidator v = new ServiceValidator(); - if(v.user_role(userRole).err() || + if (v.user_role(userRole).err() || v.user(trans.org(), userRole.user).err()) { return Result.err(Status.ERR_BadData,v.errs()); } @@ -3033,19 +3016,14 @@ public class AuthzCassServiceImpl fd = mapper.future(trans,UserRoleDAO.TABLE,from,urr.value,true, // may request Approvals - new Mapper.Memo() { - @Override - public String get() { - return "Add User [" + userRole.user + "] to Role [" + - userRole.role + - ']'; - } - }, + () -> "Add User [" + userRole.user + "] to Role [" + + userRole.role + + ']', new MayChange() { private Result nsd; @Override public Result mayChange() { - if(nsd==null) { + if (nsd==null) { RoleDAO.Data r = RoleDAO.Data.decode(userRole); nsd = ques.mayUser(trans, trans.user(), r, Access.write); } @@ -3053,7 +3031,7 @@ public class AuthzCassServiceImpl nsr = ques.deriveNs(trans, userRole.role); - if(nsr.notOKorIsEmpty()) { + if (nsr.notOKorIsEmpty()) { return Result.err(nsr); } @@ -3061,7 +3039,7 @@ public class AuthzCassServiceImpl rfc = func.createFuture(trans, fd.value, userRole.user+'|'+userRole.ns + '.' + userRole.rname, userRole.user, nsr.value, FUTURE_OP.C); - if(rfc.isOK()) { + if (rfc.isOK()) { return Result.err(Status.ACC_Future, "UserRole [%s - %s.%s] is saved for future processing", userRole.user, userRole.ns, @@ -3094,13 +3072,13 @@ public class AuthzCassServiceImpl getUserRolesByRole(AuthzTrans trans, String role) { final Validator v = new ServiceValidator(); - if(v.nullOrBlank("Role",role).err()) { + if (v.nullOrBlank("Role",role).err()) { return Result.err(Status.ERR_BadData,v.errs()); } Result rrdd; rrdd = RoleDAO.Data.decode(trans,ques,role); - if(rrdd.notOK()) { + if (rrdd.notOK()) { return Result.err(rrdd); } // May Requester see result? @@ -3116,8 +3094,8 @@ public class AuthzCassServiceImpl userSet = new HashSet<>(); Result> rlurd = ques.userRoleDAO.readByRole(trans, role); - if(rlurd.isOK()) { - for(UserRoleDAO.Data data : rlurd.value) { + if (rlurd.isOK()) { + for (UserRoleDAO.Data data : rlurd.value) { userSet.add(data); } } @@ -3143,13 +3121,13 @@ public class AuthzCassServiceImpl getUserRolesByUser(AuthzTrans trans, String user) { final Validator v = new ServiceValidator(); - if(v.nullOrBlank("User",user).err()) { + if (v.nullOrBlank("User",user).err()) { return Result.err(Status.ERR_BadData,v.errs()); } // Get list of roles per user, then add to Roles as we go Result> rlurd = ques.userRoleDAO.readByUser(trans, user); - if(rlurd.notOK()) { + if (rlurd.notOK()) { return Result.err(rlurd); } @@ -3164,16 +3142,16 @@ public class AuthzCassServiceImpl content; - if(mustFilter) { + if (mustFilter) { content = new ArrayList<>(rlurd.value.size()); // avoid multi-memory redos - for(UserRoleDAO.Data data : rlurd.value) { + for (UserRoleDAO.Data data : rlurd.value) { ndd.name=data.ns; Result mur = ques.mayUser(trans, callingUser, ndd, Access.read); - if(mur.isOK()){ + if (mur.isOK()){ content.add(data); } } @@ -3224,7 +3202,7 @@ public class AuthzCassServiceImpl resetRolesForUser(AuthzTrans trans, REQUEST rreq) { Result rurdd = mapper.userRole(trans, rreq); final ServiceValidator v = new ServiceValidator(); - if(rurdd.notOKorIsEmpty()) { + if (rurdd.notOKorIsEmpty()) { return Result.err(rurdd); } if (v.user(trans.org(), rurdd.value.user).err()) { @@ -3233,15 +3211,15 @@ public class AuthzCassServiceImpl currRoles = new HashSet<>(); Result> rlurd = ques.userRoleDAO.readByUser(trans, rurdd.value.user); - if(rlurd.isOK()) { - for(UserRoleDAO.Data data : rlurd.value) { + if (rlurd.isOK()) { + for (UserRoleDAO.Data data : rlurd.value) { currRoles.add(data.role); } } Result rv = null; String[] roles; - if(rurdd.value.role==null) { + if (rurdd.value.role==null) { roles = new String[0]; } else { roles = rurdd.value.role.split(","); @@ -3252,7 +3230,7 @@ public class AuthzCassServiceImpl rrdd = RoleDAO.Data.decode(trans, ques, role); - if(rrdd.notOK()) { + if (rrdd.notOK()) { return Result.err(rrdd); } @@ -3263,11 +3241,11 @@ public class AuthzCassServiceImpl nsr = ques.deriveNs(trans, role); - if(nsr.notOKorIsEmpty()) { + if (nsr.notOKorIsEmpty()) { return Result.err(nsr); } - if(currRoles.contains(role)) { + if (currRoles.contains(role)) { currRoles.remove(role); } else { rv = func.addUserRole(trans, rurdd.value); @@ -3280,7 +3258,7 @@ public class AuthzCassServiceImpl resetUsersForRole(AuthzTrans trans, REQUEST rreq) { Result rurdd = mapper.userRole(trans, rreq); - if(rurdd.notOKorIsEmpty()) { + if (rurdd.notOKorIsEmpty()) { return Result.err(rurdd); } final ServiceValidator v = new ServiceValidator(); @@ -3321,14 +3299,14 @@ public class AuthzCassServiceImpl nsr = ques.deriveNs(trans, rurdd.value.role); - if(nsr.notOKorIsEmpty()) { + if (nsr.notOKorIsEmpty()) { return Result.err(nsr); } Set currUsers = new HashSet<>(); Result> rlurd = ques.userRoleDAO.readByRole(trans, rurdd.value.role); - if(rlurd.isOK()) { - for(UserRoleDAO.Data data : rlurd.value) { + if (rlurd.isOK()) { + for (UserRoleDAO.Data data : rlurd.value) { currUsers.add(data.user); } } @@ -3352,7 +3330,7 @@ public class AuthzCassServiceImpl extendUserRole(AuthzTrans trans, String user, String role) { Organization org = trans.org(); final ServiceValidator v = new ServiceValidator(); - if(v.user(org, user) + if (v.user(org, user) .role(role) .err()) { return Result.err(Status.ERR_BadData,v.errs()); } Result rrdd = RoleDAO.Data.decode(trans,ques,role); - if(rrdd.notOK()) { + if (rrdd.notOK()) { return Result.err(rrdd); } Result rcr = ques.mayUser(trans, trans.user(), rrdd.value, Access.write); boolean mayNotChange; - if((mayNotChange = rcr.notOK()) && !trans.requested(future)) { + if ((mayNotChange = rcr.notOK()) && !trans.requested(future)) { return Result.err(rcr); } Result> rr = ques.userRoleDAO.read(trans, user,role); - if(rr.notOK()) { + if (rr.notOK()) { return Result.err(rr); } - for(UserRoleDAO.Data userRole : rr.value) { - if(mayNotChange) { // Function exited earlier if !trans.futureRequested + for (UserRoleDAO.Data userRole : rr.value) { + if (mayNotChange) { // Function exited earlier if !trans.futureRequested FutureDAO.Data fto = new FutureDAO.Data(); fto.target=UserRoleDAO.TABLE; fto.memo = "Extend User ["+userRole.user+"] in Role ["+userRole.role+"]"; @@ -3428,7 +3406,7 @@ public class AuthzCassServiceImpl rfc = func.createFuture(trans, fto, userRole.user+'|'+userRole.role, userRole.user, rcr.value, FUTURE_OP.U); - if(rfc.isOK()) { + if (rfc.isOK()) { return Result.err(Status.ACC_Future, "UserRole [%s - %s] is saved for future processing", userRole.user, userRole.role); @@ -3456,14 +3434,14 @@ public class AuthzCassServiceImpl deleteUserRole(AuthzTrans trans, String usr, String role) { Validator val = new ServiceValidator(); - if(val.nullOrBlank("User", usr) + if (val.nullOrBlank("User", usr) .nullOrBlank("Role", role).err()) { return Result.err(Status.ERR_BadData, val.errs()); } boolean mayNotChange; Result rrdd = RoleDAO.Data.decode(trans,ques,role); - if(rrdd.notOK()) { + if (rrdd.notOK()) { return Result.err(rrdd); } @@ -3471,24 +3449,24 @@ public class AuthzCassServiceImpl rns = ques.mayUser(trans, trans.user(), rdd, Access.write); // Make sure we don't delete the last owner of valid NS - if(rns.isOKhasData() && Question.OWNER.equals(rdd.name) && ques.countOwner(trans,rdd.ns)<=1) { + if (rns.isOKhasData() && Question.OWNER.equals(rdd.name) && ques.countOwner(trans,rdd.ns)<=1) { return Result.err(Status.ERR_Denied,"You may not delete the last Owner of " + rdd.ns ); } - if(mayNotChange=rns.notOK()) { - if(!trans.requested(future)) { + if (mayNotChange=rns.notOK()) { + if (!trans.requested(future)) { return Result.err(rns); } } Result> rulr; - if((rulr=ques.userRoleDAO.read(trans, usr, role)).notOKorIsEmpty()) { + if ((rulr=ques.userRoleDAO.read(trans, usr, role)).notOKorIsEmpty()) { return Result.err(Status.ERR_UserRoleNotFound, "User [ "+usr+" ] is not " + "Assigned to the Role [ " + role + " ]"); } UserRoleDAO.Data userRole = rulr.value.get(0); - if(mayNotChange) { // Function exited earlier if !trans.futureRequested + if (mayNotChange) { // Function exited earlier if !trans.futureRequested FutureDAO.Data fto = new FutureDAO.Data(); fto.target=UserRoleDAO.TABLE; fto.memo = "Remove User ["+userRole.user+"] from Role ["+userRole.role+"]"; @@ -3498,7 +3476,7 @@ public class AuthzCassServiceImpl rfc = func.createFuture(trans, fto, userRole.user+'|'+userRole.role, userRole.user, rns.value, FUTURE_OP.D); - if(rfc.isOK()) { + if (rfc.isOK()) { return Result.err(Status.ACC_Future, "UserRole [%s - %s] is saved for future processing", userRole.user, userRole.role); @@ -3523,7 +3501,7 @@ public class AuthzCassServiceImpl getUserInRole(AuthzTrans trans, String user, String role) { final Validator v = new ServiceValidator(); - if(v.role(role).nullOrBlank("User", user).err()) { + if (v.role(role).nullOrBlank("User", user).err()) { return Result.err(Status.ERR_BadData,v.errs()); } @@ -3533,18 +3511,18 @@ public class AuthzCassServiceImpl rnd = ques.mayUser(trans, trans.user(), ns.value, Access.write); // May calling user see by virtue of the Role Result rrdd = RoleDAO.Data.decode(trans, ques, role); - if(rrdd.notOK()) { + if (rrdd.notOK()) { return Result.err(rrdd); } Result rnd = ques.mayUser(trans, trans.user(), rrdd.value,Access.read); - if(rnd.notOK()) { + if (rnd.notOK()) { return Result.err(rnd); } HashSet userSet = new HashSet<>(); Result> rlurd = ques.userRoleDAO.readUserInRole(trans, user, role); - if(rlurd.isOK()) { - for(UserRoleDAO.Data data : rlurd.value) { + if (rlurd.isOK()) { + for (UserRoleDAO.Data data : rlurd.value) { userSet.add(data); } } @@ -3568,7 +3546,7 @@ public class AuthzCassServiceImpl getUsersByRole(AuthzTrans trans, String role) { final Validator v = new ServiceValidator(); - if(v.nullOrBlank("Role",role).err()) { + if (v.nullOrBlank("Role",role).err()) { return Result.err(Status.ERR_BadData,v.errs()); } @@ -3578,15 +3556,15 @@ public class AuthzCassServiceImpl rnd = ques.mayUser(trans, trans.user(), ns.value, Access.write); // May calling user see by virtue of the Role Result rrdd = RoleDAO.Data.decode(trans, ques, role); - if(rrdd.notOK()) { + if (rrdd.notOK()) { return Result.err(rrdd); } boolean contactOnly = false; // Allow the request of any valid user to find the contact of the NS (Owner) Result rnd = ques.mayUser(trans, trans.user(), rrdd.value,Access.read); - if(rnd.notOK()) { - if(Question.OWNER.equals(rrdd.value.name)) { + if (rnd.notOK()) { + if (Question.OWNER.equals(rrdd.value.name)) { contactOnly = true; } else { return Result.err(rnd); @@ -3595,9 +3573,9 @@ public class AuthzCassServiceImpl userSet = new HashSet<>(); Result> rlurd = ques.userRoleDAO.readByRole(trans, role); - if(rlurd.isOK()) { - for(UserRoleDAO.Data data : rlurd.value) { - if(contactOnly) { //scrub data + if (rlurd.isOK()) { + for (UserRoleDAO.Data data : rlurd.value) { + if (contactOnly) { //scrub data // Can't change actual object, or will mess up the cache. UserRoleDAO.Data scrub = new UserRoleDAO.Data(); scrub.ns = data.ns; @@ -3635,7 +3613,7 @@ public class AuthzCassServiceImpl getUsersByPermission(AuthzTrans trans, String type, String instance, String action) { final Validator v = new ServiceValidator(); - if(v.nullOrBlank("Type",type) + if (v.nullOrBlank("Type",type) .nullOrBlank("Instance",instance) .nullOrBlank("Action",action) .err()) { @@ -3643,7 +3621,7 @@ public class AuthzCassServiceImpl nss = ques.deriveNsSplit(trans, type); - if(nss.notOK()) { + if (nss.notOK()) { return Result.err(nss); } @@ -3660,19 +3638,19 @@ public class AuthzCassServiceImpl roleUsed = new HashSet<>(); Set userSet = new HashSet<>(); - if(!nss.isEmpty()) { + if (!nss.isEmpty()) { Result> rlp = ques.permDAO.readByType(trans, nss.value.ns, nss.value.name); - if(rlp.isOKhasData()) { - for(PermDAO.Data pd : rlp.value) { - if((allInstance || pd.instance.equals(instance)) && + if (rlp.isOKhasData()) { + for (PermDAO.Data pd : rlp.value) { + if ((allInstance || pd.instance.equals(instance)) && (allAction || pd.action.equals(action))) { - if(ques.mayUser(trans, trans.user(),pd,Access.read).isOK()) { - for(String role : pd.roles) { - if(!roleUsed.contains(role)) { // avoid evaluating Role many times + if (ques.mayUser(trans, trans.user(),pd,Access.read).isOK()) { + for (String role : pd.roles) { + if (!roleUsed.contains(role)) { // avoid evaluating Role many times roleUsed.add(role); Result> rlurd = ques.userRoleDAO.readByRole(trans, role.replace('|', '.')); - if(rlurd.isOKhasData()) { - for(UserRoleDAO.Data urd : rlurd.value) { + if (rlurd.isOKhasData()) { + for (UserRoleDAO.Data urd : rlurd.value) { userSet.add(urd); } } @@ -3695,37 +3673,37 @@ public class AuthzCassServiceImpl getHistoryByUser(final AuthzTrans trans, String user, final int[] yyyymm, final int sort) { final Validator v = new ServiceValidator(); - if(v.nullOrBlank("User",user).err()) { + if (v.nullOrBlank("User",user).err()) { return Result.err(Status.ERR_BadData,v.errs()); } Result rnd; // Users may look at their own data - if(trans.user().equals(user)) { + if (trans.user().equals(user)) { // Users may look at their own data } else { int at = user.indexOf('@'); - if(at>=0 && trans.org().getRealm().equals(user.substring(at+1))) { + if (at>=0 && trans.org().getRealm().equals(user.substring(at+1))) { NsDAO.Data nsd = new NsDAO.Data(); nsd.name = Question.domain2ns(user); rnd = ques.mayUser(trans, trans.user(), nsd, Access.read); - if(rnd.notOK()) { + if (rnd.notOK()) { return Result.err(rnd); } } else { rnd = ques.validNSOfDomain(trans, user); - if(rnd.notOK()) { + if (rnd.notOK()) { return Result.err(rnd); } rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read); - if(rnd.notOK()) { + if (rnd.notOK()) { return Result.err(rnd); } } } Result> resp = ques.historyDAO.readByUser(trans, user, yyyymm); - if(resp.notOK()) { + if (resp.notOK()) { return Result.err(resp); } return mapper.history(trans, resp.value,sort); @@ -3734,21 +3712,21 @@ public class AuthzCassServiceImpl getHistoryByRole(AuthzTrans trans, String role, int[] yyyymm, final int sort) { final Validator v = new ServiceValidator(); - if(v.nullOrBlank("Role",role).err()) { + if (v.nullOrBlank("Role",role).err()) { return Result.err(Status.ERR_BadData,v.errs()); } Result rrdd = RoleDAO.Data.decode(trans, ques, role); - if(rrdd.notOK()) { + if (rrdd.notOK()) { return Result.err(rrdd); } Result rnd = ques.mayUser(trans, trans.user(), rrdd.value, Access.read); - if(rnd.notOK()) { + if (rnd.notOK()) { return Result.err(rnd); } Result> resp = ques.historyDAO.readBySubject(trans, role, "role", yyyymm); - if(resp.notOK()) { + if (resp.notOK()) { return Result.err(resp); } return mapper.history(trans, resp.value,sort); @@ -3757,23 +3735,23 @@ public class AuthzCassServiceImpl getHistoryByPerm(AuthzTrans trans, String type, int[] yyyymm, final int sort) { final Validator v = new ServiceValidator(); - if(v.nullOrBlank("Type",type) + if (v.nullOrBlank("Type",type) .err()) { return Result.err(Status.ERR_BadData,v.errs()); } // May user see Namespace of Permission (since it's only one piece... we can't check for "is permission part of") Result rnd = ques.deriveNs(trans,type); - if(rnd.notOK()) { + if (rnd.notOK()) { return Result.err(rnd); } rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read); - if(rnd.notOK()) { + if (rnd.notOK()) { return Result.err(rnd); } Result> resp = ques.historyDAO.readBySubject(trans, type, "perm", yyyymm); - if(resp.notOK()) { + if (resp.notOK()) { return Result.err(resp); } return mapper.history(trans, resp.value,sort); @@ -3782,22 +3760,22 @@ public class AuthzCassServiceImpl getHistoryByNS(AuthzTrans trans, String ns, int[] yyyymm, final int sort) { final Validator v = new ServiceValidator(); - if(v.nullOrBlank("NS",ns) + if (v.nullOrBlank("NS",ns) .err()) { return Result.err(Status.ERR_BadData,v.errs()); } Result rnd = ques.deriveNs(trans,ns); - if(rnd.notOK()) { + if (rnd.notOK()) { return Result.err(rnd); } rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read); - if(rnd.notOK()) { + if (rnd.notOK()) { return Result.err(rnd); } Result> resp = ques.historyDAO.readBySubject(trans, ns, "ns", yyyymm); - if(resp.notOK()) { + if (resp.notOK()) { return Result.err(resp); } return mapper.history(trans, resp.value,sort); @@ -3820,60 +3798,54 @@ public class AuthzCassServiceImpl createOrUpdateDelegate(final AuthzTrans trans, REQUEST base, final Access access) { final Result rd = mapper.delegate(trans, base); final ServiceValidator v = new ServiceValidator(); - if(v.delegate(trans.org(),rd).err()) { + if (v.delegate(trans.org(),rd).err()) { return Result.err(Status.ERR_BadData,v.errs()); } final DelegateDAO.Data dd = rd.value; Result> ddr = ques.delegateDAO.read(trans, dd); - if(access==Access.create && ddr.isOKhasData()) { + if (access==Access.create && ddr.isOKhasData()) { return Result.err(Status.ERR_ConflictAlreadyExists, "[%s] already delegates to [%s]", dd.user, ddr.value.get(0).delegate); - } else if(access!=Access.create && ddr.notOKorIsEmpty()) { + } else if (access!=Access.create && ddr.notOKorIsEmpty()) { return Result.err(Status.ERR_NotFound, "[%s] does not have a Delegate Record to [%s].",dd.user,access.name()); } Result rv = ques.mayUser(trans, dd, access); - if(rv.notOK()) { + if (rv.notOK()) { return rv; } - Result fd = mapper.future(trans,DelegateDAO.TABLE,base, dd, false, - new Mapper.Memo() { - @Override - public String get() { - StringBuilder sb = new StringBuilder(); - sb.append(access.name()); - sb.setCharAt(0, Character.toUpperCase(sb.charAt(0))); - sb.append("Delegate "); - sb.append(access==Access.create?"[":"to ["); - sb.append(rd.value.delegate); - sb.append("] for ["); - sb.append(rd.value.user); - sb.append(']'); - return sb.toString(); - } + Result fd = mapper.future(trans,DelegateDAO.TABLE,base, dd, false, + () -> { + StringBuilder sb = new StringBuilder(); + sb.append(access.name()); + sb.setCharAt(0, Character.toUpperCase(sb.charAt(0))); + sb.append("Delegate "); + sb.append(access==Access.create?"[":"to ["); + sb.append(rd.value.delegate); + sb.append("] for ["); + sb.append(rd.value.user); + sb.append(']'); + return sb.toString(); }, - new MayChange() { - @Override - public Result mayChange() { - return Result.ok(); // Validate in code above - } + () -> { + return Result.ok(); // Validate in code above }); switch(fd.status) { case OK: Result rfc = func.createFuture(trans, fd.value, dd.user, trans.user(),null, access==Access.create?FUTURE_OP.C:FUTURE_OP.U); - if(rfc.isOK()) { + if (rfc.isOK()) { return Result.err(Status.ACC_Future, "Delegate for [%s]", dd.user); } else { return Result.err(rfc); } case Status.ACC_Now: - if(access==Access.create) { + if (access==Access.create) { Result rdr = ques.delegateDAO.create(trans, dd); - if(rdr.isOK()) { + if (rdr.isOK()) { return Result.ok(); } else { return Result.err(rdr); @@ -3890,17 +3862,17 @@ public class AuthzCassServiceImpl deleteDelegate(AuthzTrans trans, REQUEST base) { final Result rd = mapper.delegate(trans, base); final Validator v = new ServiceValidator(); - if(v.notOK(rd).nullOrBlank("User", rd.value.user).err()) { + if (v.notOK(rd).nullOrBlank("User", rd.value.user).err()) { return Result.err(Status.ERR_BadData,v.errs()); } Result> ddl; - if((ddl=ques.delegateDAO.read(trans, rd.value)).notOKorIsEmpty()) { + if ((ddl=ques.delegateDAO.read(trans, rd.value)).notOKorIsEmpty()) { return Result.err(Status.ERR_DelegateNotFound,"Cannot delete non-existent Delegate"); } final DelegateDAO.Data dd = ddl.value.get(0); Result rv = ques.mayUser(trans, dd, Access.write); - if(rv.notOK()) { + if (rv.notOK()) { return rv; } @@ -3911,17 +3883,17 @@ public class AuthzCassServiceImpl deleteDelegate(AuthzTrans trans, String userName) { DelegateDAO.Data dd = new DelegateDAO.Data(); final Validator v = new ServiceValidator(); - if(v.nullOrBlank("User", userName).err()) { + if (v.nullOrBlank("User", userName).err()) { return Result.err(Status.ERR_BadData,v.errs()); } dd.user = userName; Result> ddl; - if((ddl=ques.delegateDAO.read(trans, dd)).notOKorIsEmpty()) { + if ((ddl=ques.delegateDAO.read(trans, dd)).notOKorIsEmpty()) { return Result.err(Status.ERR_DelegateNotFound,"Cannot delete non-existent Delegate"); } dd = ddl.value.get(0); Result rv = ques.mayUser(trans, dd, Access.write); - if(rv.notOK()) { + if (rv.notOK()) { return rv; } @@ -3931,7 +3903,7 @@ public class AuthzCassServiceImpl getDelegatesByUser(AuthzTrans trans, String user) { final Validator v = new ServiceValidator(); - if(v.nullOrBlank("User", user).err()) { + if (v.nullOrBlank("User", user).err()) { return Result.err(Status.ERR_BadData,v.errs()); } @@ -3939,7 +3911,7 @@ public class AuthzCassServiceImpl rv = ques.mayUser(trans, ddd, Access.read); - if(rv.notOK()) { + if (rv.notOK()) { return Result.err(rv); } @@ -3960,14 +3932,14 @@ public class AuthzCassServiceImpl getDelegatesByDelegate(AuthzTrans trans, String delegate) { final Validator v = new ServiceValidator(); - if(v.nullOrBlank("Delegate", delegate).err()) { + if (v.nullOrBlank("Delegate", delegate).err()) { return Result.err(Status.ERR_BadData,v.errs()); } DelegateDAO.Data ddd = new DelegateDAO.Data(); ddd.user = delegate; Result rv = ques.mayUser(trans, ddd, Access.read); - if(rv.notOK()) { + if (rv.notOK()) { return Result.err(rv); } @@ -3992,11 +3964,11 @@ public class AuthzCassServiceImpl updateApproval(AuthzTrans trans, APPROVALS approvals) { Result> rlad = mapper.approvals(approvals); - if(rlad.notOK()) { + if (rlad.notOK()) { return Result.err(rlad); } int numApprs = rlad.value.size(); - if(numApprs<1) { + if (numApprs<1) { return Result.err(Status.ERR_NoApprovals,"No Approvals sent for Updating"); } int numProcessed = 0; @@ -4004,41 +3976,37 @@ public class AuthzCassServiceImpl > curr; Lookup> apprByTicket=null; - for(ApprovalDAO.Data updt : rlad.value) { - if(updt.ticket!=null) { + for (ApprovalDAO.Data updt : rlad.value) { + if (updt.ticket!=null) { curr = ques.approvalDAO.readByTicket(trans, updt.ticket); - if(curr.isOKhasData()) { + if (curr.isOKhasData()) { final List add = curr.value; - apprByTicket = new Lookup>() { // Store a Pre-Lookup - @Override - public List get(AuthzTrans trans, Object ... noop) { - return add; - } - }; + // Store a Pre-Lookup + apprByTicket = (trans1, noop) -> add; } - } else if(updt.id!=null) { + } else if (updt.id!=null) { curr = ques.approvalDAO.read(trans, updt); - } else if(updt.approver!=null) { + } else if (updt.approver!=null) { curr = ques.approvalDAO.readByApprover(trans, updt.approver); } else { return Result.err(Status.ERR_BadData,"Approvals need ID, Ticket or Approval data to update"); } - if(curr.isOKhasData()) { + if (curr.isOKhasData()) { Map>> delegateCache = new HashMap<>(); Map futureCache = new HashMap<>(); FutureDAO.Data hasDeleted = new FutureDAO.Data(); - for(ApprovalDAO.Data cd : curr.value) { - if("pending".equals(cd.status)) { + for (ApprovalDAO.Data cd : curr.value) { + if ("pending".equals(cd.status)) { // Check for right record. Need ID, or (Ticket&Trans.User==Appr) // If Default ID boolean delegatedAction = ques.isDelegated(trans, user, cd.approver, delegateCache); String delegator = cd.approver; - if(updt.id!=null || + if (updt.id!=null || (updt.ticket!=null && user.equals(cd.approver)) || (updt.ticket!=null && delegatedAction)) { - if(updt.ticket.equals(cd.ticket)) { + if (updt.ticket.equals(cd.ticket)) { Changed ch = new Changed(); cd.id = ch.changed(cd.id,updt.id); // cd.ticket = changed(cd.ticket,updt.ticket); @@ -4049,29 +4017,29 @@ public class AuthzCassServiceImpl rfdd = ques.futureDAO.readPrimKey(trans, cd.ticket); - if(rfdd.isOK()) { + if (rfdd.isOK()) { fdd = rfdd.value; // null is ok } else { fdd = hasDeleted; } futureCache.put(cd.ticket, fdd); // processed this Ticket... don't do others on this ticket } - if(fdd==hasDeleted) { // YES, by Object + if (fdd==hasDeleted) { // YES, by Object cd.ticket = null; cd.status = "ticketDeleted"; ch.hasChanged(true); } else { FUTURE_OP fop = FUTURE_OP.toFO(cd.operation); - if(fop==null) { + if (fop==null) { trans.info().printf("Approval Status %s is not actionable",cd.status); - } else if(apprByTicket!=null) { + } else if (apprByTicket!=null) { Result rv = func.performFutureOp(trans, fop, fdd, apprByTicket,func.urDBLookup); if (rv.isOK()) { switch(rv.value) { @@ -4097,7 +4065,7 @@ public class AuthzCassServiceImpl T changed(T src, T proposed) { - if(proposed==null || (src!=null && src.equals(proposed))) { + if (proposed==null || (src!=null && src.equals(proposed))) { return src; } hasChanged=true; @@ -4137,12 +4105,12 @@ public class AuthzCassServiceImpl getApprovalsByUser(AuthzTrans trans, String user) { final Validator v = new ServiceValidator(); - if(v.nullOrBlank("User", user).err()) { + if (v.nullOrBlank("User", user).err()) { return Result.err(Status.ERR_BadData,v.errs()); } Result> rapd = ques.approvalDAO.readByUser(trans, user); - if(rapd.isOK()) { + if (rapd.isOK()) { return mapper.approvals(rapd.value); } else { return Result.err(rapd); @@ -4152,7 +4120,7 @@ public class AuthzCassServiceImpl getApprovalsByTicket(AuthzTrans trans, String ticket) { final Validator v = new ServiceValidator(); - if(v.nullOrBlank("Ticket", ticket).err()) { + if (v.nullOrBlank("Ticket", ticket).err()) { return Result.err(Status.ERR_BadData,v.errs()); } UUID uuid; @@ -4163,7 +4131,7 @@ public class AuthzCassServiceImpl > rapd = ques.approvalDAO.readByTicket(trans, uuid); - if(rapd.isOK()) { + if (rapd.isOK()) { return mapper.approvals(rapd.value); } else { return Result.err(rapd); @@ -4173,14 +4141,14 @@ public class AuthzCassServiceImpl getApprovalsByApprover(AuthzTrans trans, String approver) { final Validator v = new ServiceValidator(); - if(v.nullOrBlank("Approver", approver).err()) { + if (v.nullOrBlank("Approver", approver).err()) { return Result.err(Status.ERR_BadData,v.errs()); } List listRapds = new ArrayList<>(); Result> myRapd = ques.approvalDAO.readByApprover(trans, approver); - if(myRapd.notOK()) { + if (myRapd.notOK()) { return Result.err(myRapd); } @@ -4211,7 +4179,7 @@ public class AuthzCassServiceImpl cacheClear(AuthzTrans trans, String cname) { - if(ques.isGranted(trans,trans.user(),ROOT_NS,CACHE,cname,"clear")) { + if (ques.isGranted(trans,trans.user(),ROOT_NS,CACHE,cname,"clear")) { return ques.clearCache(trans,cname); } return Result.err(Status.ERR_Denied, "%s does not have AAF Permission '%s.%s|%s|clear", @@ -4223,12 +4191,12 @@ public class AuthzCassServiceImpl cacheClear(AuthzTrans trans, String cname, int[] segment) { - if(ques.isGranted(trans,trans.user(),ROOT_NS,CACHE,cname,"clear")) { + if (ques.isGranted(trans,trans.user(),ROOT_NS,CACHE,cname,"clear")) { Result v=null; - for(int i: segment) { + for (int i: segment) { v=ques.cacheClear(trans,cname,i); } - if(v!=null) { + if (v!=null) { return v; } }