Remove Tabs, per Jococo

[aaf/authz.git] / auth / auth-batch / src / main / java / org / onap / aaf / auth / batch / approvalsets / URApprovalSet.java

/**
 * ============LICENSE_START====================================================
 * org.onap.aaf
 * ===========================================================================
 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
 * ===========================================================================
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *      http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 * ============LICENSE_END====================================================
 *
 */
package org.onap.aaf.auth.batch.approvalsets;

import java.io.IOException;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.List;

import org.onap.aaf.auth.batch.helpers.Approval;
import org.onap.aaf.auth.dao.cass.ApprovalDAO;
import org.onap.aaf.auth.dao.cass.NsDAO;
import org.onap.aaf.auth.dao.cass.RoleDAO;
import org.onap.aaf.auth.dao.cass.UserRoleDAO;
import org.onap.aaf.auth.dao.cass.UserRoleDAO.Data;
import org.onap.aaf.auth.dao.hl.Function.FUTURE_OP;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.layer.Result;
import org.onap.aaf.auth.org.Organization;
import org.onap.aaf.auth.org.Organization.Identity;
import org.onap.aaf.auth.org.OrganizationException;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.misc.env.util.Chrono;

public class URApprovalSet extends ApprovalSet {
    private static final String FMT_SUFFIX = "%s] - Expires %s";
    private static final String EXTEND_ACCESS_FMT = Approval.RE_APPROVAL_IN_ROLE + "%s] to Role [" + FMT_SUFFIX;
    private static final String REVALIDATE_AS_ADMIN_FMT = Approval.RE_VALIDATE_ADMIN + FMT_SUFFIX;
    private static final String REVALIDATE_AS_OWNER_FMT = Approval.RE_VALIDATE_OWNER + FMT_SUFFIX;

    public URApprovalSet(final AuthzTrans trans, final GregorianCalendar start, final DataView dv, final Loader<UserRoleDAO.Data> lurdd) throws IOException, CadiException {
        super(start, "user_role", dv);
        Organization org = trans.org();
        UserRoleDAO.Data urdd = lurdd.load();
        setConstruct(urdd.bytify());
        setMemo(getMemo(urdd));
        GregorianCalendar expires = org.expiration(null, Organization.Expiration.UserInRole);
        if(urdd.expires.before(expires.getTime())) {
            expires.setTime(urdd.expires);
        }
        setExpires(expires);
        setTargetKey(urdd.user+'|'+urdd.role);
        setTargetDate(urdd.expires);
        
        Result<RoleDAO.Data> r = dv.roleByName(trans, urdd.role);
        if(r.notOKorIsEmpty()) {
            throw new CadiException(r.errorString());
        }
        Result<NsDAO.Data> n = dv.ns(trans, urdd.ns);
        if(n.notOKorIsEmpty()) {
            throw new CadiException(n.errorString());
        }
        UserRoleDAO.Data found = null;
        Result<List<Data>> lur = dv.ursByRole(trans, urdd.role);
        if(lur.isOK()) {
            for(UserRoleDAO.Data ur : lur.value) {
                if(urdd.user.equals(ur.user)) {
                    found = ur;
                    break;
                }
            }
        }
        if(found==null) {
            throw new CadiException(String.format("User '%s' in Role '%s' does not exist", urdd.user,urdd.role));
        }
        
        // Primarily, Owners are responsible, unless it's owned by self
        boolean isOwner = false;
        Result<List<UserRoleDAO.Data>> owners = dv.ursByRole(trans, urdd.ns+".owner");
        if(owners.isOK()) {
            for(UserRoleDAO.Data owner : owners.value) {
                if(urdd.user.equals(owner.user)) {
                    isOwner = true;
                } else {
                    ApprovalDAO.Data add = newApproval(urdd);
                    add.approver = owner.user;
                    add.type="owner";
                    ladd.add(add);
                }
            }
        }

        if(isOwner) {
            try {
                List<Identity> apprs = org.getApprovers(trans, urdd.user);
                if(apprs!=null) {
                    for(Identity i : apprs) {
                        ApprovalDAO.Data add = newApproval(urdd);
                        add.approver = i.fullID();
                        add.type = org.getApproverType();
                        ladd.add(add);
                    }
                }
            } catch (OrganizationException e) {
                throw new CadiException(e);
            }
        }
    }
    
    private void setTargetDate(Date expires) {
        fdd.target_date = expires;
    }

    private void setTargetKey(String key) {
        fdd.target_key = key;
    }

    private ApprovalDAO.Data newApproval(UserRoleDAO.Data urdd) {
        ApprovalDAO.Data add = new ApprovalDAO.Data();
        add.id = Chrono.dateToUUID(System.currentTimeMillis());
        add.ticket = fdd.id;
        add.user = urdd.user;
        add.operation = FUTURE_OP.A.name();
        add.status = ApprovalDAO.PENDING;
        add.memo = getMemo(urdd);
        return add;
    }

    private String getMemo(Data urdd) {
        switch(urdd.rname) {
        case "owner":
            return String.format(REVALIDATE_AS_OWNER_FMT,urdd.ns,Chrono.dateOnlyStamp(urdd.expires));
        case "admin":
            return String.format(REVALIDATE_AS_ADMIN_FMT,urdd.ns,Chrono.dateOnlyStamp(urdd.expires));
        default:
            return String.format(EXTEND_ACCESS_FMT,
                       urdd.user,
                       urdd.role,
                       Chrono.dateOnlyStamp(urdd.expires));
        }
    }

}