1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * ===========================================================================
\r
7 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
8 * * you may not use this file except in compliance with the License.
\r
9 * * You may obtain a copy of the License at
\r
11 * * http://www.apache.org/licenses/LICENSE-2.0
\r
13 * * Unless required by applicable law or agreed to in writing, software
\r
14 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
16 * * See the License for the specific language governing permissions and
\r
17 * * limitations under the License.
\r
18 * * ============LICENSE_END====================================================
\r
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
22 ******************************************************************************/
\r
23 package org.onap.aaf.cmd.user;
\r
25 import org.onap.aaf.cmd.AAFcli;
\r
26 import org.onap.aaf.cmd.Cmd;
\r
27 import org.onap.aaf.cmd.Param;
\r
28 import org.onap.aaf.cssa.rserv.HttpMethods;
\r
30 import org.onap.aaf.cadi.CadiException;
\r
31 import org.onap.aaf.cadi.LocatorException;
\r
32 import org.onap.aaf.cadi.client.Future;
\r
33 import org.onap.aaf.cadi.client.Rcli;
\r
34 import org.onap.aaf.cadi.client.Retryable;
\r
35 import org.onap.aaf.inno.env.APIException;
\r
37 import aaf.v2_0.UserRoleRequest;
\r
44 public class Role extends Cmd {
\r
45 private static final String[] options = {"add", "del", "setTo","extend"};
\r
46 public Role(User parent) {
\r
47 super(parent, "role", new Param(optionsToString(options), true), new Param("user", true), new Param(
\r
48 "role[,role]* (!REQ S)", false));
\r
52 public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException {
\r
53 return same(new Retryable<Integer>() {
\r
55 public Integer code(Rcli<?> client) throws CadiException, APIException {
\r
57 String key = args[idx++];
\r
58 int option = whichOption(options, key);
\r
59 String user = args[idx++];
\r
60 String realm = getOrgRealm();
\r
62 UserRoleRequest urr = new UserRoleRequest();
\r
63 if (user.indexOf('@') < 0 && realm != null) user += '@' + realm;
\r
65 // Set Start/End commands
\r
68 Future<?> fp = null;
\r
71 if (args.length < 5) {
\r
72 throw new CadiException(build(new StringBuilder("Too few args: "), null).toString());
\r
74 String[] roles = args[idx++].split(",");
\r
75 for (String role : roles) {
\r
76 String verb = null,participle=null;
\r
78 // You can request to be added or removed from role.
\r
79 setQueryParamsOn(client);
\r
82 fp = client.create("/authz/userRole", getDF(UserRoleRequest.class), urr);
\r
84 participle = "] to User [" ;
\r
87 fp = client.delete("/authz/userRole/" + urr.getUser() + '/' + urr.getRole(), Void.class);
\r
89 participle = "] from User [" ;
\r
92 fp = client.update("/authz/userRole/extend/" + urr.getUser() + '/' + urr.getRole());
\r
94 participle = "] to User [" ;
\r
97 throw new CadiException("Invalid action [" + key + ']');
\r
99 if (fp.get(AAFcli.timeout())) {
\r
101 pw().print(" Role [");
\r
102 pw().print(urr.getRole());
\r
103 pw().print(participle);
\r
104 pw().print(urr.getUser());
\r
107 switch(fp.code()) {
\r
109 pw().print("UserRole ");
\r
110 pw().print(option == 0 ? "Creation" : option==1?"Deletion":"Extension");
\r
111 pw().println(" Accepted, but requires Approvals before actualizing");
\r
115 pw().println("Failed with code 404: UserRole is not found, or you do not have permission to view");
\r
124 // option 2 is setTo command (an update call)
\r
125 String allRoles = "";
\r
126 if (idx < args.length)
\r
127 allRoles = args[idx++];
\r
129 urr.setRole(allRoles);
\r
130 fp = client.update("/authz/userRole/user", getDF(UserRoleRequest.class), urr);
\r
131 if (fp.get(AAFcli.timeout())) {
\r
132 pw().println("Set User's Roles to [" + allRoles + "]");
\r
137 return fp == null ? 0 : fp.code();
\r
143 public void detailedHelp(int indent, StringBuilder sb) {
\r
144 detailLine(sb, indent, "Add OR Delete a User to/from a Role OR");
\r
145 detailLine(sb, indent, "Set a User's Roles to the roles supplied");
\r
146 detailLine(sb, indent + 2, "user - ID of User");
\r
147 detailLine(sb, indent + 2, "role(s) - Role or Roles to which to add the User");
\r
149 detailLine(sb, indent + 2, "Note: this is the same as \"role user add...\" except allows");
\r
150 detailLine(sb, indent + 2, "assignment of user to multiple roles");
\r
151 detailLine(sb, indent + 2, "WARNING: Roles supplied with setTo will be the ONLY roles attached to this user");
\r
152 detailLine(sb, indent + 2, "If no roles are supplied, user's roles are reset.");
\r
153 api(sb, indent, HttpMethods.POST, "authz/userRole", UserRoleRequest.class, true);
\r
154 api(sb, indent, HttpMethods.DELETE, "authz/userRole/<user>/<role>", Void.class, false);
\r
155 api(sb, indent, HttpMethods.PUT, "authz/userRole/<user>", UserRoleRequest.class, false);
\r
Code Review / aaf / authz.git / blob