AT&T 2.0.19 Code drop, stage 4

[aaf/authz.git] / authz-cass / src / main / java / org / onap / aaf / dao / aaf / hl / PermLookup.java

/*******************************************************************************\r
 * ============LICENSE_START====================================================\r
 * * org.onap.aaf\r
 * * ===========================================================================\r
 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
 * * ===========================================================================\r
 * * Licensed under the Apache License, Version 2.0 (the "License");\r
 * * you may not use this file except in compliance with the License.\r
 * * You may obtain a copy of the License at\r
 * * \r
 *  *      http://www.apache.org/licenses/LICENSE-2.0\r
 * * \r
 *  * Unless required by applicable law or agreed to in writing, software\r
 * * distributed under the License is distributed on an "AS IS" BASIS,\r
 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
 * * See the License for the specific language governing permissions and\r
 * * limitations under the License.\r
 * * ============LICENSE_END====================================================\r
 * *\r
 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
 * *\r
 ******************************************************************************/\r
package org.onap.aaf.dao.aaf.hl;\r
\r
import java.util.ArrayList;\r
import java.util.Date;\r
import java.util.HashMap;\r
import java.util.List;\r
import java.util.Map;\r
import java.util.Set;\r
import java.util.TreeSet;\r
\r
import org.onap.aaf.authz.env.AuthzTrans;\r
import org.onap.aaf.authz.layer.Result;\r
import org.onap.aaf.dao.aaf.cass.PermDAO;\r
import org.onap.aaf.dao.aaf.cass.RoleDAO;\r
import org.onap.aaf.dao.aaf.cass.Status;\r
import org.onap.aaf.dao.aaf.cass.UserRoleDAO;\r
\r
/**\r
 * PermLookup is a Storage class for the various pieces of looking up Permission \r
 * during Transactions to avoid duplicate processing\r
 * \r
 *\r
 */\r
// Package on purpose\r
class PermLookup {\r
        private AuthzTrans trans;\r
        private String user;\r
        private Question q;\r
        private Result<List<UserRoleDAO.Data>> userRoles = null;\r
        private Result<List<RoleDAO.Data>> roles = null;\r
        private Result<Set<String>> permNames = null;\r
        private Result<List<PermDAO.Data>> perms = null;\r
        \r
        private PermLookup() {}\r
        \r
        static PermLookup get(AuthzTrans trans, Question q, String user) {\r
                PermLookup lp=null;\r
                Map<String, PermLookup> permMap = trans.get(Question.PERMS, null);\r
                if (permMap == null) {\r
                        trans.put(Question.PERMS, permMap = new HashMap<String, PermLookup>());\r
                } else {\r
                        lp = permMap.get(user);\r
                }\r
\r
                if (lp == null) {\r
                        lp = new PermLookup();\r
                        lp.trans = trans;\r
                        lp.user = user;\r
                        lp.q = q;\r
                        permMap.put(user, lp);\r
                }\r
                return lp;\r
        }\r
        \r
        public Result<List<UserRoleDAO.Data>> getUserRoles() {\r
                if(userRoles==null) {\r
                        userRoles = q.userRoleDAO.readByUser(trans,user);\r
                        if(userRoles.isOKhasData()) {\r
                                List<UserRoleDAO.Data> lurdd = new ArrayList<UserRoleDAO.Data>();\r
                                Date now = new Date();\r
                                for(UserRoleDAO.Data urdd : userRoles.value) {\r
                                        if(urdd.expires.after(now)) { // Remove Expired\r
                                                lurdd.add(urdd);\r
                                        }\r
                                }\r
                                if(lurdd.size()==0) {\r
                                        return userRoles = Result.err(Status.ERR_UserNotFound,\r
                                                                "%s not found or not associated with any Roles: ",\r
                                                                user);\r
                                } else {\r
                                        return userRoles = Result.ok(lurdd);\r
                                }\r
                        } else {\r
                                return userRoles;\r
                        }\r
                } else {\r
                        return userRoles;\r
                }\r
        }\r
\r
        public Result<List<RoleDAO.Data>> getRoles() {\r
                if(roles==null) {\r
                        Result<List<UserRoleDAO.Data>> rur = getUserRoles();\r
                        if(rur.isOK()) {\r
                                List<RoleDAO.Data> lrdd = new ArrayList<RoleDAO.Data>();\r
                                for (UserRoleDAO.Data urdata : rur.value) {\r
                                        // Gather all permissions from all Roles\r
                                            if(urdata.ns==null || urdata.rname==null) {\r
                                                trans.error().printf("DB Content Error: nulls in User Role %s %s", urdata.user,urdata.role);\r
                                            } else {\r
                                                        Result<List<RoleDAO.Data>> rlrd = q.roleDAO.read(\r
                                                                        trans, urdata.ns, urdata.rname);\r
                                                        if(rlrd.isOK()) {\r
                                                                lrdd.addAll(rlrd.value);\r
                                                        }\r
                                            }\r
                                        }\r
                                return roles = Result.ok(lrdd);\r
                        } else {\r
                                return roles = Result.err(rur);\r
                        }\r
                } else {\r
                        return roles;\r
                }\r
        }\r
\r
        public Result<Set<String>> getPermNames() {\r
                if(permNames==null) {\r
                        Result<List<RoleDAO.Data>> rlrd = getRoles();\r
                        if (rlrd.isOK()) {\r
                                Set<String> pns = new TreeSet<String>();\r
                                for (RoleDAO.Data rdata : rlrd.value) {\r
                                        pns.addAll(rdata.perms(false));\r
                                }\r
                                return permNames = Result.ok(pns);\r
                        } else {\r
                                return permNames = Result.err(rlrd);\r
                        }\r
                } else {\r
                        return permNames;\r
                }\r
        }\r
        \r
        public Result<List<PermDAO.Data>> getPerms(boolean lookup) {\r
                if(perms==null) {\r
                        // Note: It should be ok for a Valid user to have no permissions -\r
                        // 8/12/2013\r
                        Result<Set<String>> rss = getPermNames();\r
                        if(rss.isOK()) {\r
                                List<PermDAO.Data> lpdd = new ArrayList<PermDAO.Data>();\r
                                for (String perm : rss.value) {\r
                                        if(lookup) {\r
                                                Result<String[]> ap = PermDAO.Data.decodeToArray(trans, q, perm);\r
                                                if(ap.isOK()) {\r
                                                        Result<List<PermDAO.Data>> rlpd = q.permDAO.read(perm,trans,ap);\r
                                                        if (rlpd.isOKhasData()) {\r
                                                                for (PermDAO.Data pData : rlpd.value) {\r
                                                                        lpdd.add(pData);\r
                                                                }\r
                                                        }\r
                                                } else {\r
                                                        trans.error().log("In getPermsByUser, for", user, perm);\r
                                                }\r
                                        } else {\r
                                                Result<PermDAO.Data> pr = PermDAO.Data.decode(trans, q, perm);\r
                                                if (pr.notOK()) {\r
                                                        trans.error().log("In getPermsByUser, for", user, pr.errorString());\r
                                                } else {\r
                                                        lpdd.add(pr.value);\r
                                                }\r
                                        }\r
\r
                                }\r
                                return perms = Result.ok(lpdd);\r
                        } else {\r
                                return perms = Result.err(rss);\r
                        }\r
                } else {\r
                        return perms;\r
                }\r
        }\r
}\r