auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java

   1 /**
   2  * ============LICENSE_START====================================================
   3  * org.onap.aaf
   4  * ===========================================================================
   5  * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
   6  * ===========================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END====================================================
  19  *
  20  */
  21 package org.onap.aaf.auth.batch.approvalsets;
  22
  23 import java.io.IOException;
  24 import java.util.Date;
  25 import java.util.GregorianCalendar;
  26 import java.util.List;
  27
  28 import org.onap.aaf.auth.batch.helpers.Approval;
  29 import org.onap.aaf.auth.dao.cass.ApprovalDAO;
  30 import org.onap.aaf.auth.dao.cass.NsDAO;
  31 import org.onap.aaf.auth.dao.cass.RoleDAO;
  32 import org.onap.aaf.auth.dao.cass.UserRoleDAO;
  33 import org.onap.aaf.auth.dao.cass.UserRoleDAO.Data;
  34 import org.onap.aaf.auth.dao.hl.Function.FUTURE_OP;
  35 import org.onap.aaf.auth.env.AuthzTrans;
  36 import org.onap.aaf.auth.layer.Result;
  37 import org.onap.aaf.auth.org.Organization;
  38 import org.onap.aaf.auth.org.Organization.Identity;
  39 import org.onap.aaf.auth.org.OrganizationException;
  40 import org.onap.aaf.cadi.CadiException;
  41 import org.onap.aaf.misc.env.util.Chrono;
  42
  43 public class URApprovalSet extends ApprovalSet {
  44         private static final String FMT_SUFFIX = "%s] - Expires %s";
  45         private static final String EXTEND_ACCESS_FMT = Approval.RE_APPROVAL_IN_ROLE + "%s] to Role [" + FMT_SUFFIX;
  46         private static final String REVALIDATE_AS_ADMIN_FMT = Approval.RE_VALIDATE_ADMIN + FMT_SUFFIX;
  47         private static final String REVALIDATE_AS_OWNER_FMT = Approval.RE_VALIDATE_OWNER + FMT_SUFFIX;
  48
  49         public URApprovalSet(final AuthzTrans trans, final GregorianCalendar start, final DataView dv, final Loader<UserRoleDAO.Data> lurdd) throws IOException, CadiException {
  50                 super(start, "user_role", dv);
  51                 Organization org = trans.org();
  52                 UserRoleDAO.Data urdd = lurdd.load();
  53                 setConstruct(urdd.bytify());
  54                 setMemo(getMemo(urdd));
  55                 GregorianCalendar expires = org.expiration(null, Organization.Expiration.UserInRole);
  56                 if(urdd.expires.before(expires.getTime())) {
  57                         expires.setTime(urdd.expires);
  58                 }
  59                 setExpires(expires);
  60                 setTargetKey(urdd.user+'|'+urdd.role);
  61                 setTargetDate(urdd.expires);
  62
  63                 Result<RoleDAO.Data> r = dv.roleByName(trans, urdd.role);
  64                 if(r.notOKorIsEmpty()) {
  65                         throw new CadiException(r.errorString());
  66                 }
  67                 Result<NsDAO.Data> n = dv.ns(trans, urdd.ns);
  68                 if(n.notOKorIsEmpty()) {
  69                         throw new CadiException(n.errorString());
  70                 }
  71                 UserRoleDAO.Data found = null;
  72                 Result<List<Data>> lur = dv.ursByRole(trans, urdd.role);
  73                 if(lur.isOK()) {
  74                         for(UserRoleDAO.Data ur : lur.value) {
  75                                 if(urdd.user.equals(ur.user)) {
  76                                         found = ur;
  77                                         break;
  78                                 }
  79                         }
  80                 }
  81                 if(found==null) {
  82                         throw new CadiException(String.format("User '%s' in Role '%s' does not exist", urdd.user,urdd.role));
  83                 }
  84
  85                 // Primarily, Owners are responsible, unless it's owned by self
  86                 boolean isOwner = false;
  87                 Result<List<UserRoleDAO.Data>> owners = dv.ursByRole(trans, urdd.ns+".owner");
  88                 if(owners.isOK()) {
  89                         for(UserRoleDAO.Data owner : owners.value) {
  90                                 if(urdd.user.equals(owner.user)) {
  91                                         isOwner = true;
  92                                 } else {
  93                                         ApprovalDAO.Data add = newApproval(urdd);
  94                                         add.approver = owner.user;
  95                                         add.type="owner";
  96                                         ladd.add(add);
  97                                 }
  98                         }
  99                 }
 100
 101                 if(isOwner) {
 102                         try {
 103                                 List<Identity> apprs = org.getApprovers(trans, urdd.user);
 104                                 if(apprs!=null) {
 105                                         for(Identity i : apprs) {
 106                                                 ApprovalDAO.Data add = newApproval(urdd);
 107                                                 add.approver = i.fullID();
 108                                                 add.type = org.getApproverType();
 109                                                 ladd.add(add);
 110                                         }
 111                                 }
 112                         } catch (OrganizationException e) {
 113                                 throw new CadiException(e);
 114                         }
 115                 }
 116         }
 117
 118         private void setTargetDate(Date expires) {
 119                 fdd.target_date = expires;
 120         }
 121
 122         private void setTargetKey(String key) {
 123                 fdd.target_key = key;
 124         }
 125
 126         private ApprovalDAO.Data newApproval(UserRoleDAO.Data urdd) {
 127                 ApprovalDAO.Data add = new ApprovalDAO.Data();
 128                 add.id = Chrono.dateToUUID(System.currentTimeMillis());
 129                 add.ticket = fdd.id;
 130                 add.user = urdd.user;
 131                 add.operation = FUTURE_OP.A.name();
 132                 add.status = ApprovalDAO.PENDING;
 133                 add.memo = getMemo(urdd);
 134                 return add;
 135         }
 136
 137         private String getMemo(Data urdd) {
 138                 switch(urdd.rname) {
 139                 case "owner":
 140                         return String.format(REVALIDATE_AS_OWNER_FMT,urdd.ns,Chrono.dateOnlyStamp(urdd.expires));
 141                 case "admin":
 142                         return String.format(REVALIDATE_AS_ADMIN_FMT,urdd.ns,Chrono.dateOnlyStamp(urdd.expires));
 143                 default:
 144                         return String.format(EXTEND_ACCESS_FMT,
 145                                            urdd.user,
 146                                            urdd.role,
 147                                            Chrono.dateOnlyStamp(urdd.expires));
 148                 }
 149         }
 150
 151 }