auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java

   1 /**
   2  * ============LICENSE_START====================================================
   3  * org.onap.aaf
   4  * ===========================================================================
   5  * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
   6  * ===========================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END====================================================
  19  *
  20  */
  21
  22 package org.onap.aaf.auth.dao.hl;
  23
  24 import java.util.ArrayList;
  25 import java.util.Date;
  26 import java.util.HashMap;
  27 import java.util.List;
  28 import java.util.Map;
  29 import java.util.Set;
  30 import java.util.TreeSet;
  31
  32 import org.onap.aaf.auth.dao.cass.PermDAO;
  33 import org.onap.aaf.auth.dao.cass.RoleDAO;
  34 import org.onap.aaf.auth.dao.cass.Status;
  35 import org.onap.aaf.auth.dao.cass.UserRoleDAO;
  36 import org.onap.aaf.auth.env.AuthzTrans;
  37 import org.onap.aaf.auth.layer.Result;
  38
  39 /**
  40  * PermLookup is a Storage class for the various pieces of looking up Permission
  41  * during Transactions to avoid duplicate processing
  42  *
  43  * @author Jonathan
  44  *
  45  */
  46 // Package on purpose
  47 class PermLookup {
  48         private AuthzTrans trans;
  49         private String user;
  50         private Question q;
  51         private Result<List<UserRoleDAO.Data>> userRoles = null;
  52         private Result<List<RoleDAO.Data>> roles = null;
  53         private Result<Set<String>> permNames = null;
  54         private Result<List<PermDAO.Data>> perms = null;
  55
  56         private PermLookup() {}
  57
  58         static PermLookup get(AuthzTrans trans, Question q, String user) {
  59                 PermLookup lp=null;
  60                 Map<String, PermLookup> permMap = trans.get(Question.PERMS, null);
  61                 if (permMap == null) {
  62                         trans.put(Question.PERMS, permMap = new HashMap<String, PermLookup>());
  63                 } else {
  64                         lp = permMap.get(user);
  65                 }
  66
  67                 if (lp == null) {
  68                         lp = new PermLookup();
  69                         lp.trans = trans;
  70                         lp.user = user;
  71                         lp.q = q;
  72                         permMap.put(user, lp);
  73                 }
  74                 return lp;
  75         }
  76
  77         public Result<List<UserRoleDAO.Data>> getUserRoles() {
  78                 if(userRoles==null) {
  79                         userRoles = q.userRoleDAO.readByUser(trans,user);
  80                         if(userRoles.isOKhasData()) {
  81                                 List<UserRoleDAO.Data> lurdd = new ArrayList<UserRoleDAO.Data>();
  82                                 Date now = new Date();
  83                                 for(UserRoleDAO.Data urdd : userRoles.value) {
  84                                         if(urdd.expires.after(now)) { // Remove Expired
  85                                                 lurdd.add(urdd);
  86                                         }
  87                                 }
  88                                 if(lurdd.size()==0) {
  89                                         return userRoles = Result.err(Status.ERR_UserNotFound,
  90                                                                 "%s not found or not associated with any Roles: ",
  91                                                                 user);
  92                                 } else {
  93                                         return userRoles = Result.ok(lurdd);
  94                                 }
  95                         } else {
  96                                 return userRoles;
  97                         }
  98                 } else {
  99                         return userRoles;
 100                 }
 101         }
 102
 103         public Result<List<RoleDAO.Data>> getRoles() {
 104                 if(roles==null) {
 105                         Result<List<UserRoleDAO.Data>> rur = getUserRoles();
 106                         if(rur.isOK()) {
 107                                 List<RoleDAO.Data> lrdd = new ArrayList<RoleDAO.Data>();
 108                                 for (UserRoleDAO.Data urdata : rur.value) {
 109                                         // Gather all permissions from all Roles
 110                                             if(urdata.ns==null || urdata.rname==null) {
 111                                                 return Result.err(Status.ERR_BadData,"DB Content Error: nulls in User Role %s %s", urdata.user,urdata.role);
 112                                             } else {
 113                                                         Result<List<RoleDAO.Data>> rlrd = q.roleDAO.read(
 114                                                                         trans, urdata.ns, urdata.rname);
 115                                                         if(rlrd.isOK()) {
 116                                                                 lrdd.addAll(rlrd.value);
 117                                                         }
 118                                             }
 119                                         }
 120                                 return roles = Result.ok(lrdd);
 121                         } else {
 122                                 return roles = Result.err(rur);
 123                         }
 124                 } else {
 125                         return roles;
 126                 }
 127         }
 128
 129         public Result<Set<String>> getPermNames() {
 130                 if(permNames==null) {
 131                         Result<List<RoleDAO.Data>> rlrd = getRoles();
 132                         if (rlrd.isOK()) {
 133                                 Set<String> pns = new TreeSet<String>();
 134                                 for (RoleDAO.Data rdata : rlrd.value) {
 135                                         pns.addAll(rdata.perms(false));
 136                                 }
 137                                 return permNames = Result.ok(pns);
 138                         } else {
 139                                 return permNames = Result.err(rlrd);
 140                         }
 141                 } else {
 142                         return permNames;
 143                 }
 144         }
 145
 146         public Result<List<PermDAO.Data>> getPerms(boolean lookup) {
 147                 if(perms==null) {
 148                         // Note: It should be ok for a Valid user to have no permissions -
 149                         // Jonathan 8/12/2013
 150                         Result<Set<String>> rss = getPermNames();
 151                         if(rss.isOK()) {
 152                                 List<PermDAO.Data> lpdd = new ArrayList<PermDAO.Data>();
 153                                 for (String perm : rss.value) {
 154                                         if(lookup) {
 155                                                 Result<String[]> ap = PermDAO.Data.decodeToArray(trans, q, perm);
 156                                                 if(ap.isOK()) {
 157
 158                                                         Result<List<PermDAO.Data>> rlpd = q.permDAO.read(perm,trans,ap.value);
 159                                                         if (rlpd.isOKhasData()) {
 160                                                                 for (PermDAO.Data pData : rlpd.value) {
 161                                                                         lpdd.add(pData);
 162                                                                 }
 163                                                         }
 164                                                 } else {
 165                                                         trans.error().log("In getPermsByUser, for", user, perm);
 166                                                 }
 167                                         } else {
 168                                                 Result<PermDAO.Data> pr = PermDAO.Data.decode(trans, q, perm);
 169                                                 if (pr.notOK()) {
 170                                                         trans.error().log("In getPermsByUser, for", user, pr.errorString());
 171                                                 } else {
 172                                                         lpdd.add(pr.value);
 173                                                 }
 174                                         }
 175
 176                                 }
 177                                 return perms = Result.ok(lpdd);
 178                         } else {
 179                                 return perms = Result.err(rss);
 180                         }
 181                 } else {
 182                         return perms;
 183                 }
 184         }
 185 }