Code Review / vid.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: c0cbcef)
RoleValidatorByOwningEntity permits by PermissionPropertiesOwningEntity 63/100863/5
authorEinat Vinouze <einat.vinouze@intl.att.com>
Tue, 28 Jan 2020 15:29:10 +0000 (17:29 +0200)
committerIttay Stern <ittay.stern@att.com>
Wed, 29 Jan 2020 19:31:17 +0000 (21:31 +0200)
PermissionPropertiesOwningEntity is sharing a parent interface
with PermissionPropertiesServiceType: WithPermissionProperties.

Issue-ID: VID-758
Change-Id: I90c04cb8d4331d68329f3a12329244f09c6bc184
Signed-off-by: Einat Vinouze <einat.vinouze@intl.att.com>
Signed-off-by: Ittay Stern <ittay.stern@att.com>
18 files changed:
vid-app-common/src/main/java/org/onap/vid/controller/AaiController2.java patch | blob | history
vid-app-common/src/main/java/org/onap/vid/controller/AsyncInstantiationController.java patch | blob | history
vid-app-common/src/main/java/org/onap/vid/model/ServiceInstanceSearchResult.java patch | blob | history
vid-app-common/src/main/java/org/onap/vid/roles/PermissionProperties.kt patch | blob | history
vid-app-common/src/main/java/org/onap/vid/roles/Role.java patch | blob | history
vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java patch | blob | history
vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java patch | blob | history
vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByOwningEntity.java patch | blob | history
vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceType.java patch | blob | history
vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorFactory.java patch | blob | history
vid-app-common/src/main/java/org/onap/vid/services/AaiServiceImpl.java patch | blob | history
vid-app-common/src/test/java/org/onap/vid/controller/LoggerControllerTest.java patch | blob | history
vid-app-common/src/test/java/org/onap/vid/controller/ServicePermissionsTest.java patch | blob | history
vid-app-common/src/test/java/org/onap/vid/roles/AlwaysValidRoleValidatorTest.java patch | blob | history
vid-app-common/src/test/java/org/onap/vid/roles/RoleProviderTest.java patch | blob | history
vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorByOwningEntityTest.java patch | blob | history
vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceTypeTest.java patch | blob | history
vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorsComposerTest.java patch | blob | history

diff --git a/vid-app-common/src/main/java/org/onap/vid/controller/AaiController2.java b/vid-app-common/src/main/java/org/onap/vid/controller/AaiController2.java
index dcbd9b9..2d7a925 100644 (file)
--- a/vid-app-common/src/main/java/org/onap/vid/controller/AaiController2.java
+++ b/vid-app-common/src/main/java/org/onap/vid/controller/AaiController2.java
@@ -33,7 +33,7 @@ import org.onap.vid.model.aaiTree.Network;
 import org.onap.vid.model.aaiTree.RelatedVnf;
 import org.onap.vid.model.aaiTree.VpnBinding;
 import org.onap.vid.properties.Features;
-import org.onap.vid.roles.PermissionProperties;
+import org.onap.vid.roles.PermissionPropertiesSubscriberAndServiceType;
 import org.onap.vid.roles.RoleProvider;
 import org.onap.vid.services.AaiService;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -95,7 +95,7 @@ public class AaiController2 extends VidRestrictedBaseController {
 
         final boolean isEditPermitted = roleProvider
                 .getUserRolesValidator(request)
-                .isServicePermitted(new PermissionProperties(subscriberId, serviceType));
+                .isServicePermitted(new PermissionPropertiesSubscriberAndServiceType(subscriberId, serviceType));
 
         return new Permissions(isEditPermitted);
     }
diff --git a/vid-app-common/src/main/java/org/onap/vid/controller/AsyncInstantiationController.java b/vid-app-common/src/main/java/org/onap/vid/controller/AsyncInstantiationController.java
index 4b03ea4..ce8bbb5 100644 (file)
--- a/vid-app-common/src/main/java/org/onap/vid/controller/AsyncInstantiationController.java
+++ b/vid-app-common/src/main/java/org/onap/vid/controller/AsyncInstantiationController.java
@@ -33,7 +33,7 @@ import org.onap.vid.model.ServiceInfo;
 import org.onap.vid.model.serviceInstantiation.ServiceInstantiation;
 import org.onap.vid.mso.MsoResponseWrapper2;
 import org.onap.vid.properties.Features;
-import org.onap.vid.roles.PermissionProperties;
+import org.onap.vid.roles.AllPermissionProperties;
 import org.onap.vid.roles.RoleProvider;
 import org.onap.vid.roles.RoleValidator;
 import org.onap.vid.services.AsyncInstantiationBusinessLogic;
@@ -169,7 +169,11 @@ public class AsyncInstantiationController extends VidRestrictedBaseController {
     private void throwExceptionIfAccessDenied(ServiceInstantiation request, HttpServletRequest httpServletRequest, String userId) {
         if (featureManager.isActive(Features.FLAG_1906_INSTANTIATION_API_USER_VALIDATION)) {
             RoleValidator roleValidator = roleProvider.getUserRolesValidator(httpServletRequest);
-            if (!roleValidator.isServicePermitted(new PermissionProperties(request.getGlobalSubscriberId(), request.getSubscriptionServiceType()))) {
+            if (!roleValidator.isServicePermitted(new AllPermissionProperties(
+                request.getGlobalSubscriberId(),
+                request.getSubscriptionServiceType(),
+                request.getOwningEntityId()))
+            ) {
                 throw new AccessDeniedException(String.format("User %s is not allowed to make this request", userId));
             }
         }
diff --git a/vid-app-common/src/main/java/org/onap/vid/model/ServiceInstanceSearchResult.java b/vid-app-common/src/main/java/org/onap/vid/model/ServiceInstanceSearchResult.java
index 01cc11d..2665313 100644 (file)
--- a/vid-app-common/src/main/java/org/onap/vid/model/ServiceInstanceSearchResult.java
+++ b/vid-app-common/src/main/java/org/onap/vid/model/ServiceInstanceSearchResult.java
@@ -22,9 +22,9 @@ package org.onap.vid.model;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
 import org.apache.commons.lang3.StringUtils;
-import org.onap.vid.roles.WithPermissionProperties;
+import org.onap.vid.roles.WithPermissionPropertiesSubscriberAndServiceType;
 
-public class ServiceInstanceSearchResult implements WithPermissionProperties {
+public class ServiceInstanceSearchResult implements WithPermissionPropertiesSubscriberAndServiceType {
 
        private final String SUBSCRIBER_ID_FRONTEND_ALIAS = "globalCustomerId";
 
diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/PermissionProperties.kt b/vid-app-common/src/main/java/org/onap/vid/roles/PermissionProperties.kt
index f62b98a..dbdd413 100644 (file)
--- a/vid-app-common/src/main/java/org/onap/vid/roles/PermissionProperties.kt
+++ b/vid-app-common/src/main/java/org/onap/vid/roles/PermissionProperties.kt
@@ -3,15 +3,32 @@ package org.onap.vid.roles
 import org.onap.vid.aai.ServiceSubscription
 
 
-interface WithPermissionProperties {
+interface WithPermissionProperties
+
+interface WithPermissionPropertiesSubscriberAndServiceType: WithPermissionProperties {
     val subscriberId: String?
     val serviceType: String?
 }
 
-data class PermissionProperties(
-        override val subscriberId: String,
-        override val serviceType: String
-) : WithPermissionProperties {
-    constructor(serviceSubscription: ServiceSubscription, subscriberId: String) : this(subscriberId, serviceSubscription.serviceType)
+interface WithPermissionPropertiesOwningEntity: WithPermissionProperties {
+    val owningEntityId: String?
+}
+
+
+data class AllPermissionProperties(
+        override val subscriberId: String?,
+        override val serviceType: String?,
+        override val owningEntityId: String?
+): WithPermissionPropertiesOwningEntity, WithPermissionPropertiesSubscriberAndServiceType
+
+data class PermissionPropertiesOwningEntity(
+        override val owningEntityId: String?
+): WithPermissionPropertiesOwningEntity
+
+data class PermissionPropertiesSubscriberAndServiceType(
+        override val subscriberId: String?,
+        override val serviceType: String?
+) : WithPermissionPropertiesSubscriberAndServiceType {
+    constructor(serviceSubscription: ServiceSubscription, subscriberId: String?) : this(subscriberId, serviceSubscription.serviceType)
 }
 
diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/Role.java b/vid-app-common/src/main/java/org/onap/vid/roles/Role.java
index 3d94dc0..3de8944 100644 (file)
--- a/vid-app-common/src/main/java/org/onap/vid/roles/Role.java
+++ b/vid-app-common/src/main/java/org/onap/vid/roles/Role.java
@@ -20,49 +20,44 @@
 
 package org.onap.vid.roles;
 
-/**
- * Created by Oren on 7/1/17.
- */
-
 public class Role {
 
-    private EcompRole ecompRole;
+    private final EcompRole ecompRole;
+
+    private final String subscriberId;
 
-    private String subscriberId;
+    private final String serviceType;
 
-    private String serviceType;
+    private final String tenant;
 
-    private String tenant;
+    private final String owningEntityId;
 
-    public Role(EcompRole ecompRole, String subscriberId, String serviceType, String tenant) {
+    public Role(EcompRole ecompRole, String subscriberId, String serviceType, String tenant, String owningEntityId) {
         this.ecompRole = ecompRole;
         this.subscriberId = subscriberId;
         this.serviceType = serviceType;
         this.tenant = tenant;
+        this.owningEntityId = owningEntityId;
     }
 
     public EcompRole getEcompRole() {
         return ecompRole;
     }
 
-
     public String getSubscriberId() {
         return subscriberId;
     }
 
-    public void setSubscriberId(String subscriberId) {
-        this.subscriberId = subscriberId;
-    }
-
     public String getServiceType() {
         return serviceType;
     }
 
-
     public String getTenant() {
         return tenant;
     }
 
-
+    public String getOwningEntityId() {
+        return owningEntityId;
+    }
 
 }
diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java
index d9f2fde..c35f5f7 100644 (file)
--- a/vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java
+++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java
@@ -42,11 +42,6 @@ import org.onap.vid.services.AaiService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
-
-/**
- * Created by Oren on 7/1/17.
- */
-
 @Component
 public class RoleProvider {
 
@@ -147,11 +142,13 @@ public class RoleProvider {
 
     public Role createRoleFromStringArr(String[] roleParts, String rolePrefix) throws RoleParsingException {
         String globalCustomerID = replaceSubscriberNameToGlobalCustomerID(roleParts[0], rolePrefix);
+        String owningEntityId = translateOwningEntityNameToOwningEntityId(roleParts[0]);
+
         try {
             if (roleParts.length > 2) {
-                return new Role(EcompRole.READ, globalCustomerID, roleParts[1], roleParts[2]);
+                return new Role(EcompRole.READ, globalCustomerID, roleParts[1], roleParts[2], owningEntityId);
             } else {
-                return new Role(EcompRole.READ, globalCustomerID, roleParts[1], null);
+                return new Role(EcompRole.READ, globalCustomerID, roleParts[1], null, owningEntityId);
             }
         } catch (ArrayIndexOutOfBoundsException e) {
             if (roleParts.length > 0)
@@ -165,6 +162,10 @@ public class RoleProvider {
 
     }
 
+    private String translateOwningEntityNameToOwningEntityId(String owningEntityName) {
+        return owningEntityName; // TODO: translate to id
+    }
+
     public RoleValidator getUserRolesValidator(HttpServletRequest request) {
         return roleValidatorFactory.by(getUserRoles(request));
     }
diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java
index 7b7401a..14c0273 100644 (file)
--- a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java
+++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java
@@ -21,13 +21,8 @@
 
 package org.onap.vid.roles;
 
-import java.util.List;
-import org.apache.commons.lang3.StringUtils;
-import org.onap.portalsdk.core.util.SystemProperties;
-
 public interface RoleValidator {
 
-
     boolean isSubscriberPermitted(String subscriberId);
 
     boolean isServicePermitted(WithPermissionProperties serviceInstanceSearchResult);
diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByOwningEntity.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByOwningEntity.java
index 50fc109..8d73dc4 100644 (file)
--- a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByOwningEntity.java
+++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByOwningEntity.java
@@ -21,10 +21,25 @@
 package org.onap.vid.roles;
 
 
+import java.util.List;
+import org.apache.commons.lang3.StringUtils;
+
 public class RoleValidatorByOwningEntity implements RoleValidator{
 
-    public boolean isOwningEntityIdPermitted(String owningEntityId){
-        return false;
+    private final List<Role> userRoles;
+
+    RoleValidatorByOwningEntity(List<Role> roles) {
+        this.userRoles = roles;
+    }
+
+    private boolean isOwningEntityIdPermitted(String owningEntityId) {
+        if (StringUtils.isEmpty(owningEntityId)) {
+            return false;
+        }
+
+        return userRoles.stream().anyMatch(userRole ->
+            StringUtils.equals(userRole.getOwningEntityId(), owningEntityId)
+        );
     }
 
     @Override
@@ -34,7 +49,12 @@ public class RoleValidatorByOwningEntity implements RoleValidator{
 
     @Override
     public boolean isServicePermitted(WithPermissionProperties permissionProperties) {
-        return false;
+        if (permissionProperties instanceof WithPermissionPropertiesOwningEntity) {
+            String owningEntityId = ((WithPermissionPropertiesOwningEntity) permissionProperties).getOwningEntityId();
+            return isOwningEntityIdPermitted(owningEntityId);
+        } else {
+            return false;
+        }
     }
 
     @Override
diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceType.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceType.java
index 1e0f9f4..24a00f6 100644 (file)
--- a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceType.java
+++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceType.java
@@ -21,6 +21,7 @@
 package org.onap.vid.roles;
 
 import java.util.List;
+import org.apache.commons.lang3.StringUtils;
 
 public class RoleValidatorBySubscriberAndServiceType implements RoleValidator {
 
@@ -42,14 +43,21 @@ public class RoleValidatorBySubscriberAndServiceType implements RoleValidator {
 
     @Override
     public boolean isServicePermitted(WithPermissionProperties permissionProperties) {
-        for (Role role : userRoles) {
-            if (role.getSubscriberId().equals(permissionProperties.getSubscriberId()) && role.getServiceType().equals(permissionProperties.getServiceType())) {
-                return true;
-            }
+        if (permissionProperties instanceof WithPermissionPropertiesSubscriberAndServiceType) {
+            return isServicePermitted(
+                (WithPermissionPropertiesSubscriberAndServiceType) permissionProperties
+            );
         }
         return false;
     }
 
+    private boolean isServicePermitted(WithPermissionPropertiesSubscriberAndServiceType permissionProperties) {
+        return userRoles.stream().anyMatch(userRole ->
+            StringUtils.equals(userRole.getSubscriberId(), permissionProperties.getSubscriberId())
+                && StringUtils.equals(userRole.getServiceType(), permissionProperties.getServiceType())
+        );
+    }
+
     @Override
     public boolean isTenantPermitted(String subscriberId, String serviceType, String tenantName) {
         for (Role role : userRoles) {
diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorFactory.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorFactory.java
index f4334b1..b171ad7 100644 (file)
--- a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorFactory.java
+++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorFactory.java
@@ -2,8 +2,7 @@
  * ============LICENSE_START=======================================================
  * VID
  * ================================================================================
- * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
- * Modifications Copyright (C) 2018 - 2019 Nokia. All rights reserved.
+ * Copyright (C) 2017 - 2020 AT&T Intellectual Property. All rights reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -54,7 +53,7 @@ public class RoleValidatorFactory {
         else if (featureManager.isActive(Features.FLAG_2006_USER_PERMISSIONS_BY_OWNING_ENTITY)){
             return new RoleValidatorsComposer(
                 new RoleValidatorBySubscriberAndServiceType(roles),
-                new RoleValidatorByOwningEntity()
+                new RoleValidatorByOwningEntity(roles)
             );
         }
         else {
diff --git a/vid-app-common/src/main/java/org/onap/vid/services/AaiServiceImpl.java b/vid-app-common/src/main/java/org/onap/vid/services/AaiServiceImpl.java
index 66c0e6c..696aca5 100644 (file)
--- a/vid-app-common/src/main/java/org/onap/vid/services/AaiServiceImpl.java
+++ b/vid-app-common/src/main/java/org/onap/vid/services/AaiServiceImpl.java
@@ -85,7 +85,7 @@ import org.onap.vid.model.aaiTree.NodeType;
 import org.onap.vid.model.aaiTree.RelatedVnf;
 import org.onap.vid.model.aaiTree.VpnBinding;
 import org.onap.vid.model.aaiTree.VpnBindingKt;
-import org.onap.vid.roles.PermissionProperties;
+import org.onap.vid.roles.PermissionPropertiesSubscriberAndServiceType;
 import org.onap.vid.roles.RoleValidator;
 import org.onap.vid.utils.Intersection;
 import org.onap.vid.utils.Logging;
@@ -268,7 +268,7 @@ public class AaiServiceImpl implements AaiService {
         AaiResponse<Services> subscriberResponse = aaiClient.getSubscriberData(subscriberId, omitServiceInstances);
         for (ServiceSubscription serviceSubscription : subscriberResponse.getT().serviceSubscriptions.serviceSubscription) {
             serviceSubscription.isPermitted = roleValidator.isServicePermitted(
-                new PermissionProperties(serviceSubscription, subscriberResponse.getT().globalCustomerId));
+                new PermissionPropertiesSubscriberAndServiceType(serviceSubscription, subscriberResponse.getT().globalCustomerId));
         }
         return subscriberResponse;
 
@@ -312,7 +312,7 @@ public class AaiServiceImpl implements AaiService {
 
         if (serviceSubscriptions != null) {
             for (ServiceSubscription serviceSubscription : serviceSubscriptions.serviceSubscription) {
-                serviceSubscription.isPermitted = roleValidator.isServicePermitted(new PermissionProperties(serviceSubscription, subscriberId));
+                serviceSubscription.isPermitted = roleValidator.isServicePermitted(new PermissionPropertiesSubscriberAndServiceType(serviceSubscription, subscriberId));
                 results.addAll(getSearchResultsForSingleSubscription(
                     serviceSubscription, subscriberId, instanceIdentifier, subscriberName,
                     serviceSubscription.serviceType, roleValidator)
diff --git a/vid-app-common/src/test/java/org/onap/vid/controller/LoggerControllerTest.java b/vid-app-common/src/test/java/org/onap/vid/controller/LoggerControllerTest.java
index f0d8409..6f584ed 100644 (file)
--- a/vid-app-common/src/test/java/org/onap/vid/controller/LoggerControllerTest.java
+++ b/vid-app-common/src/test/java/org/onap/vid/controller/LoggerControllerTest.java
@@ -66,7 +66,7 @@ public class LoggerControllerTest {
 
     @Test
     public void shouldThrowNotAuthorizedException_whenUserIsNotAuthorizedToGetLogs() throws Exception {
-        List<Role> list = ImmutableList.of(new Role(EcompRole.READ, "subName1", "servType1", "tenant1"));
+        List<Role> list = ImmutableList.of(new Role(EcompRole.READ, "subName1", "servType1", "tenant1", "owningEntityId"));
 
         given(provider.getUserRoles(argThat(req -> req.getRequestedSessionId().equals("id1")))).willReturn(list);
         given(provider.userPermissionIsReadLogs(list)).willReturn(false);
@@ -80,7 +80,7 @@ public class LoggerControllerTest {
 
     @Test
     public void shouldReturnLastAndOneBeforeLogLines_whenLimitIs2() throws Exception {
-        List<Role> list = ImmutableList.of(new Role(EcompRole.READ, "subName1", "servType1", "tenant1"));
+        List<Role> list = ImmutableList.of(new Role(EcompRole.READ, "subName1", "servType1", "tenant1", "owningEntityId"));
 
         given(provider.getUserRoles(argThat(req -> req.getRequestedSessionId().equals("id1")))).willReturn(list);
         given(provider.userPermissionIsReadLogs(list)).willReturn(true);
@@ -96,7 +96,7 @@ public class LoggerControllerTest {
 
     @Test
     public void shouldReturnEmptyString_whenLogFileIsEmpty() throws Exception {
-        List<Role> list = ImmutableList.of(new Role(EcompRole.READ, "subName1", "servType1", "tenant1"));
+        List<Role> list = ImmutableList.of(new Role(EcompRole.READ, "subName1", "servType1", "tenant1", "owningEntityId"));
 
         given(provider.getUserRoles(argThat(req -> req.getRequestedSessionId().equals("id1")))).willReturn(list);
         given(provider.userPermissionIsReadLogs(list)).willReturn(true);
@@ -111,7 +111,7 @@ public class LoggerControllerTest {
 
     @Test
     public void shouldReturnEmptyString_whenDebugLogFileIsEmpty() throws Exception {
-        List<Role> list = ImmutableList.of(new Role(EcompRole.READ, "subName1", "servType1", "tenant1"));
+        List<Role> list = ImmutableList.of(new Role(EcompRole.READ, "subName1", "servType1", "tenant1", "owningEntityId"));
 
         given(provider.getUserRoles(argThat(req -> req.getRequestedSessionId().equals("id1")))).willReturn(list);
         given(provider.userPermissionIsReadLogs(list)).willReturn(true);
diff --git a/vid-app-common/src/test/java/org/onap/vid/controller/ServicePermissionsTest.java b/vid-app-common/src/test/java/org/onap/vid/controller/ServicePermissionsTest.java
index 9f436b7..3b7dbfb 100644 (file)
--- a/vid-app-common/src/test/java/org/onap/vid/controller/ServicePermissionsTest.java
+++ b/vid-app-common/src/test/java/org/onap/vid/controller/ServicePermissionsTest.java
@@ -31,7 +31,7 @@ import static org.mockito.Mockito.when;
 
 import org.jetbrains.annotations.NotNull;
 import org.onap.vid.aai.model.Permissions;
-import org.onap.vid.roles.PermissionProperties;
+import org.onap.vid.roles.PermissionPropertiesSubscriberAndServiceType;
 import org.onap.vid.roles.RoleProvider;
 import org.onap.vid.roles.RoleValidator;
 import org.springframework.mock.web.MockHttpServletRequest;
@@ -54,7 +54,7 @@ public class ServicePermissionsTest {
         RoleProvider roleProvider = mock(RoleProvider.class);
         RoleValidator roleValidator = mock(RoleValidator.class);
         when(roleProvider.getUserRolesValidator(any())).thenReturn(roleValidator);
-        when(roleValidator.isServicePermitted(new PermissionProperties(subscriberId, serviceType))).thenReturn(expected);
+        when(roleValidator.isServicePermitted(new PermissionPropertiesSubscriberAndServiceType(subscriberId, serviceType))).thenReturn(expected);
 
         AaiController2 aaiController2 = new AaiController2(null, roleProvider, null, null);
 
diff --git a/vid-app-common/src/test/java/org/onap/vid/roles/AlwaysValidRoleValidatorTest.java b/vid-app-common/src/test/java/org/onap/vid/roles/AlwaysValidRoleValidatorTest.java
index 4b511fe..6826b1e 100644 (file)
--- a/vid-app-common/src/test/java/org/onap/vid/roles/AlwaysValidRoleValidatorTest.java
+++ b/vid-app-common/src/test/java/org/onap/vid/roles/AlwaysValidRoleValidatorTest.java
@@ -33,7 +33,8 @@ public class AlwaysValidRoleValidatorTest {
 
     @Test
     public void testIsServicePermitted() {
-        assertTrue(new AlwaysValidRoleValidator().isServicePermitted(new PermissionProperties("any", "any")));
+        WithPermissionProperties emptyPermissionProperties = new WithPermissionProperties() {};
+        assertTrue(new AlwaysValidRoleValidator().isServicePermitted(emptyPermissionProperties));
     }
 
     @Test
diff --git a/vid-app-common/src/test/java/org/onap/vid/roles/RoleProviderTest.java b/vid-app-common/src/test/java/org/onap/vid/roles/RoleProviderTest.java
index 3935349..8d81c92 100644 (file)
--- a/vid-app-common/src/test/java/org/onap/vid/roles/RoleProviderTest.java
+++ b/vid-app-common/src/test/java/org/onap/vid/roles/RoleProviderTest.java
@@ -22,7 +22,6 @@ package org.onap.vid.roles;
 
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.hamcrest.CoreMatchers.is;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.when;
 import static org.mockito.MockitoAnnotations.initMocks;
@@ -32,7 +31,6 @@ import java.util.List;
 import java.util.Map;
 import javax.servlet.http.HttpServletRequest;
 import org.assertj.core.util.Lists;
-import org.hamcrest.CoreMatchers;
 import org.mockito.Mock;
 import org.onap.vid.aai.AaiResponse;
 import org.onap.vid.aai.exceptions.RoleParsingException;
@@ -117,7 +115,7 @@ public class RoleProviderTest {
 
     @Test
     public void shouldProperlyRetrieveUserRolesWhenPermissionIsDifferentThanRead() {
-        Role expectedRole = new Role(EcompRole.READ, SAMPLE_SUBSCRIBER_ID, SAMPLE_SERVICE, SAMPLE_TENANT);
+        Role expectedRole = new Role(EcompRole.READ, SAMPLE_SUBSCRIBER_ID, SAMPLE_SERVICE, SAMPLE_TENANT, owningEntityId());
         setSubscribers();
 
         List<Role> userRoles = roleProvider.getUserRoles(request);
@@ -138,13 +136,14 @@ public class RoleProviderTest {
 
     @Test
     public void shouldReturnNotReadOnlyPermissionWhenRolesArePresent() {
-        assertThat(roleProvider.userPermissionIsReadOnly(Lists.list(new Role(EcompRole.READ, SAMPLE_SUBSCRIBER, SAMPLE_SERVICE, SAMPLE_TENANT)))).isFalse();
+        assertThat(roleProvider.userPermissionIsReadOnly(Lists.list(new Role(
+            EcompRole.READ, SAMPLE_SUBSCRIBER, SAMPLE_SERVICE, SAMPLE_TENANT, owningEntityId())))).isFalse();
     }
 
     @Test
     public void userShouldHavePermissionToReadLogsWhenServiceAndTenantAreCorrect() {
-        Role withoutPermission = new Role(EcompRole.READ, SAMPLE_SUBSCRIBER, SAMPLE_SERVICE, SAMPLE_TENANT);
-        Role withPermission = new Role(EcompRole.READ, SAMPLE_SUBSCRIBER, SERVICE_TYPE_LOGS, TENANT_PERMITTED);
+        Role withoutPermission = new Role(EcompRole.READ, SAMPLE_SUBSCRIBER, SAMPLE_SERVICE, SAMPLE_TENANT, owningEntityId());
+        Role withPermission = new Role(EcompRole.READ, SAMPLE_SUBSCRIBER, SERVICE_TYPE_LOGS, TENANT_PERMITTED, owningEntityId());
 
         assertThat(roleProvider.userPermissionIsReadLogs(Lists.list(withoutPermission, withPermission))).isTrue();
     }
@@ -159,6 +158,12 @@ public class RoleProviderTest {
         assertThat(result).isEqualTo(expectedRoleValidator);
     }
 
+    private String owningEntityId() {
+        // while translateOwningEntityNameToOwningEntityId does nothing, no translation happens.
+        // this will be changed later.
+        return SAMPLE_SUBSCRIBER;
+    }
+
     private void setSubscribers() {
         Subscriber subscriber = new Subscriber();
         subscriber.subscriberName = SAMPLE_SUBSCRIBER;
diff --git a/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorByOwningEntityTest.java b/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorByOwningEntityTest.java
index 8d7a1b9..d84ac6e 100644 (file)
--- a/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorByOwningEntityTest.java
+++ b/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorByOwningEntityTest.java
@@ -20,15 +20,23 @@
 
 package org.onap.vid.roles;
 
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.withSettings;
 import static org.testng.Assert.assertFalse;
 
+import com.google.common.collect.ImmutableList;
 import org.testng.annotations.BeforeMethod;
+import org.testng.annotations.DataProvider;
 import org.testng.annotations.Test;
 
 public class RoleValidatorByOwningEntityTest {
 
     private static final String OWNING_ENTITY_ID = "owningEntityId";
     private static final String SUBSCRIBER_NAME = "subscriber_name";
+    private static final String NOT_MATCHING_OWNING_ENTITY_ID = "notMatchingOwningEntityId";
+
     private static final String SERVICE_TYPE = "serviceType";
     private static final String GLOBAL_CUSTOMER_ID = "globalCustomerId";
     private static final String TENANT_NAME = "tenantName";
@@ -37,13 +45,9 @@ public class RoleValidatorByOwningEntityTest {
     private RoleValidatorByOwningEntity roleValidatorByOwningEntity;
 
     @BeforeMethod
-    public void setup(){
-        roleValidatorByOwningEntity = new RoleValidatorByOwningEntity();
-    }
-
-    @Test
-    public void testIsOwningEntityIdPermitted() {
-        assertFalse(roleValidatorByOwningEntity.isOwningEntityIdPermitted(OWNING_ENTITY_ID));
+    public void setup() {
+        final Role SAMPLE_ROLE = new Role(EcompRole.READ, "", "", "", OWNING_ENTITY_ID);
+        roleValidatorByOwningEntity = new RoleValidatorByOwningEntity(ImmutableList.of(SAMPLE_ROLE));
     }
 
     @Test
@@ -52,13 +56,35 @@ public class RoleValidatorByOwningEntityTest {
     }
 
     @Test
-    public void testIsServicePermitted() {
-        assertFalse(roleValidatorByOwningEntity.isServicePermitted(new PermissionProperties(SUBSCRIBER_NAME, SERVICE_TYPE)));
+    public void isServicePermitted_owningEntityMatch_returnTrue() {
+        PermissionPropertiesOwningEntity permittedOwningEntity =
+            new PermissionPropertiesOwningEntity(OWNING_ENTITY_ID);
+
+        assertThat(roleValidatorByOwningEntity.isServicePermitted(permittedOwningEntity), is(true));
+    }
+
+    @DataProvider
+    public static Object[][] nonMatchingPermissionProperties() {
+        return new Object[][]{
+            {new PermissionPropertiesOwningEntity(NOT_MATCHING_OWNING_ENTITY_ID)},
+            {new PermissionPropertiesOwningEntity("")},
+            {new WithPermissionProperties() {}},
+            {mock(PermissionPropertiesOwningEntity.class,
+                withSettings().name("PermissionPropertiesOwningEntity with null owningEntityId"))},
+            {new PermissionPropertiesSubscriberAndServiceType(OWNING_ENTITY_ID, OWNING_ENTITY_ID)},
+        };
+    }
+
+    @Test(dataProvider = "nonMatchingPermissionProperties")
+    public void isServicePermitted_nonMatchingPermissionProperties_returnFalse(WithPermissionProperties permissionProperties) {
+        assertThat(permissionProperties.toString(), roleValidatorByOwningEntity.isServicePermitted(
+            permissionProperties
+        ), is(false));
     }
 
     @Test
     public void testIsTenantPermitted() {
-        assertFalse(roleValidatorByOwningEntity.isTenantPermitted(GLOBAL_CUSTOMER_ID , SERVICE_TYPE, TENANT_NAME));
+        assertFalse(roleValidatorByOwningEntity.isTenantPermitted(GLOBAL_CUSTOMER_ID, SERVICE_TYPE, TENANT_NAME));
     }
 
-}
\ No newline at end of file
+}
diff --git a/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceTypeTest.java b/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceTypeTest.java
index d90ea51..b6958cd 100644 (file)
--- a/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceTypeTest.java
+++ b/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceTypeTest.java
@@ -24,10 +24,7 @@ package org.onap.vid.roles;
 import static org.assertj.core.api.Assertions.assertThat;
 
 import com.google.common.collect.ImmutableList;
-import com.google.common.collect.ImmutableMap;
 import java.util.List;
-import java.util.Map;
-import org.onap.vid.mso.rest.RequestDetails;
 import org.testng.annotations.BeforeMethod;
 import org.testng.annotations.Test;
 
@@ -38,20 +35,17 @@ public class RoleValidatorBySubscriberAndServiceTypeTest {
     private static final String SAMPLE_SERVICE_TYPE = "sampleServiceType";
     private static final String NOT_MATCHING_TENANT = "notMatchingTenant";
     private static final String SAMPLE_TENANT = "sampleTenant";
+    private static final String SOME_OWNING_ENTITY_ID = "someOwningEntityId";
 
-    private static final Role SAMPLE_ROLE = new Role(EcompRole.READ, SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE, SAMPLE_TENANT);
+    private static final Role SAMPLE_ROLE = new Role(
+        EcompRole.READ, SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE, SAMPLE_TENANT, SOME_OWNING_ENTITY_ID);
 
     private List<Role> roles = ImmutableList.of(SAMPLE_ROLE);
-    private Map<String, Object> subscriberInfo = ImmutableMap.of("globalSubscriberId", SAMPLE_SUBSCRIBER);
-    private Map<String, Object> requestParameters = ImmutableMap.of("subscriptionServiceType", SAMPLE_SERVICE_TYPE);
-    private Map<String, Object> requestDetailsProperties = ImmutableMap.of("subscriberInfo", subscriberInfo, "requestParameters", requestParameters);
-    private RequestDetails requestDetails;
     private RoleValidatorBySubscriberAndServiceType roleValidatorBySubscriberAndServiceType;
 
     @BeforeMethod
     public void setUp() {
         roleValidatorBySubscriberAndServiceType = new RoleValidatorBySubscriberAndServiceType(roles);
-        requestDetails = new RequestDetails();
     }
 
     @Test
@@ -66,19 +60,33 @@ public class RoleValidatorBySubscriberAndServiceTypeTest {
 
     @Test
     public void shouldPermitServiceWhenNamesMatches() {
-        assertThat(roleValidatorBySubscriberAndServiceType.isServicePermitted(new PermissionProperties(SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE))).isTrue();
+        assertThat(roleValidatorBySubscriberAndServiceType.isServicePermitted(
+            new PermissionPropertiesSubscriberAndServiceType(SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE))).isTrue();
     }
 
+    @Test
+    public void isServicePermitted_serviceWithAllPermissionProperties_isPermitted() {
+        assertThat(roleValidatorBySubscriberAndServiceType.isServicePermitted(
+            new AllPermissionProperties(SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE, SOME_OWNING_ENTITY_ID))).isTrue();
+    }
 
     @Test
     public void shouldNotPermitServiceWhenSubscriberNameNotMatches() {
         assertThat(
-            roleValidatorBySubscriberAndServiceType.isServicePermitted(new PermissionProperties(NOT_MATCHING_SUBSCRIBER, SAMPLE_SERVICE_TYPE))).isFalse();
+            roleValidatorBySubscriberAndServiceType.isServicePermitted(
+                new PermissionPropertiesSubscriberAndServiceType(NOT_MATCHING_SUBSCRIBER, SAMPLE_SERVICE_TYPE))).isFalse();
     }
 
     @Test
     public void shouldNotPermitServiceWhenServiceTypeNotMatches() {
-        assertThat(roleValidatorBySubscriberAndServiceType.isServicePermitted(new PermissionProperties(SAMPLE_SUBSCRIBER, NOT_MATCHING_SUBSCRIBER))).isFalse();
+        assertThat(roleValidatorBySubscriberAndServiceType.isServicePermitted(
+            new PermissionPropertiesSubscriberAndServiceType(SAMPLE_SUBSCRIBER, NOT_MATCHING_SUBSCRIBER))).isFalse();
+    }
+
+    @Test
+    public void isServicePermitted_owningEntityPermissionProperties_isNotPermitted() {
+        assertThat(roleValidatorBySubscriberAndServiceType.isServicePermitted(
+            new PermissionPropertiesOwningEntity(SAMPLE_SUBSCRIBER))).isFalse();
     }
 
     @Test
diff --git a/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorsComposerTest.java b/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorsComposerTest.java
index 91ea953..c0892da 100644 (file)
--- a/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorsComposerTest.java
+++ b/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorsComposerTest.java
@@ -43,7 +43,7 @@ public class RoleValidatorsComposerTest {
     public static Object[][] allInterfaceFunctions() {
         return Stream.<Function<RoleValidator, Boolean>>of(
             (RoleValidator o) -> o.isSubscriberPermitted("subscriberId"),
-            (RoleValidator o) -> o.isServicePermitted(new PermissionProperties("subscriberId", "serviceType")),
+            (RoleValidator o) -> o.isServicePermitted(new WithPermissionProperties() {}),
             (RoleValidator o) -> o.isTenantPermitted("subscriberId", "serviceType", "tenantName")
         ).map(it -> new Object[]{it}).collect(toList()).toArray(new Object[][]{});
     }
ARCHIVED- 2022-02-15 at the request of the project