authz-service/src/main/java/org/onap/aaf/authz/cadi/DirectAAFLur.java

   1 /*******************************************************************************\r
   2  * ============LICENSE_START====================================================\r
   3  * * org.onap.aaf\r
   4  * * ===========================================================================\r
   5  * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
   6  * * ===========================================================================\r
   7  * * Licensed under the Apache License, Version 2.0 (the "License");\r
   8  * * you may not use this file except in compliance with the License.\r
   9  * * You may obtain a copy of the License at\r
  10  * * \r
  11  *  *      http://www.apache.org/licenses/LICENSE-2.0\r
  12  * * \r
  13  *  * Unless required by applicable law or agreed to in writing, software\r
  14  * * distributed under the License is distributed on an "AS IS" BASIS,\r
  15  * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
  16  * * See the License for the specific language governing permissions and\r
  17  * * limitations under the License.\r
  18  * * ============LICENSE_END====================================================\r
  19  * *\r
  20  * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
  21  * *\r
  22  ******************************************************************************/\r
  23 package org.onap.aaf.authz.cadi;\r
  24 \r
  25 import static org.onap.aaf.authz.layer.Result.OK;\r
  26 \r
  27 import java.security.Principal;\r
  28 import java.util.List;\r
  29 \r
  30 import org.onap.aaf.authz.env.AuthzEnv;\r
  31 import org.onap.aaf.authz.env.AuthzTrans;\r
  32 import org.onap.aaf.authz.layer.Result;\r
  33 import org.onap.aaf.dao.aaf.cass.PermDAO;\r
  34 import org.onap.aaf.dao.aaf.cass.PermDAO.Data;\r
  35 import org.onap.aaf.dao.aaf.hl.Question;\r
  36 \r
  37 import org.onap.aaf.cadi.Lur;\r
  38 import org.onap.aaf.cadi.Permission;\r
  39 \r
  40 public class DirectAAFLur implements Lur {\r
  41         private final AuthzEnv env;\r
  42         private final Question question;\r
  43         \r
  44         public DirectAAFLur(AuthzEnv env, Question question) {\r
  45                 this.env = env;\r
  46                 this.question = question;\r
  47         }\r
  48 \r
  49         @Override\r
  50         public boolean fish(Principal bait, Permission pond) {\r
  51                 return fish(env.newTransNoAvg(),bait,pond);\r
  52         }\r
  53         \r
  54         public boolean fish(AuthzTrans trans, Principal bait, Permission pond) {\r
  55                 Result<List<Data>> pdr = question.getPermsByUser(trans, bait.getName(),false);\r
  56                 switch(pdr.status) {\r
  57                         case OK:\r
  58                                 for(PermDAO.Data d : pdr.value) {\r
  59                                         if(new PermPermission(d).match(pond)) return true;\r
  60                                 }\r
  61                                 break;\r
  62                         default:\r
  63                                 trans.error().log("Can't access Cassandra to fulfill Permission Query: ",pdr.status,"-",pdr.details);\r
  64                 }\r
  65                 return false;\r
  66         }\r
  67 \r
  68         @Override\r
  69         public void fishAll(Principal bait, List<Permission> permissions) {\r
  70                 Result<List<Data>> pdr = question.getPermsByUser(env.newTrans(), bait.getName(),false);\r
  71                 switch(pdr.status) {\r
  72                         case OK:\r
  73                                 for(PermDAO.Data d : pdr.value) {\r
  74                                         permissions.add(new PermPermission(d));\r
  75                                 }\r
  76                                 break;\r
  77                         default:\r
  78                                 env.error().log("Can't access Cassandra to fulfill Permission Query: ",pdr.status,"-", pdr.details);\r
  79                 }\r
  80         }\r
  81         \r
  82         @Override\r
  83         public void destroy() {\r
  84         }\r
  85 \r
  86         @Override\r
  87         public boolean handlesExclusively(Permission pond) {\r
  88                 return false;\r
  89         }\r
  90         \r
  91         /**\r
  92          * Small Class implementing CADI's Permission with Cassandra Data\r
  93          *\r
  94          */\r
  95         public static class PermPermission implements Permission {\r
  96                 private PermDAO.Data data;\r
  97                 \r
  98                 public PermPermission(PermDAO.Data d) {\r
  99                         data = d;\r
 100                 }\r
 101                 \r
 102                 public PermPermission(AuthzTrans trans, Question q, String p) {\r
 103                         data = PermDAO.Data.create(trans, q, p);\r
 104                 }\r
 105                 \r
 106                 public PermPermission(String ns, String type, String instance, String action) {\r
 107                         data = new PermDAO.Data();\r
 108                         data.ns = ns;\r
 109                         data.type = type;\r
 110                         data.instance = instance;\r
 111                         data.action = action;\r
 112                 }\r
 113 \r
 114                 @Override\r
 115                 public String getKey() {\r
 116                         return data.type;\r
 117                 }\r
 118 \r
 119                 @Override\r
 120                 public boolean match(Permission p) {\r
 121                         if(p==null)return false;\r
 122                         PermDAO.Data pd;\r
 123                         if(p instanceof DirectAAFLur.PermPermission) {\r
 124                                 pd = ((DirectAAFLur.PermPermission)p).data;\r
 125                                 if(data.ns.equals(pd.ns))\r
 126                                         if(data.type.equals(pd.type))\r
 127                                                 if(data.instance!=null && (data.instance.equals(pd.instance) || "*".equals(data.instance)))\r
 128                                                         if(data.action!=null && (data.action.equals(pd.action) || "*".equals(data.action)))\r
 129                                                                 return true;\r
 130                         } else{\r
 131                                 String[] lp = p.getKey().split("\\|");\r
 132                                 if(lp.length<3)return false;\r
 133                                 if(data.fullType().equals(lp[0]))\r
 134                                         if(data.instance!=null && (data.instance.equals(lp[1]) || "*".equals(data.instance)))\r
 135                                                 if(data.action!=null && (data.action.equals(lp[2]) || "*".equals(data.action)))\r
 136                                                         return true;\r
 137                         }\r
 138                         return false;\r
 139                 }\r
 140 \r
 141                 @Override\r
 142                 public String permType() {\r
 143                         return "AAFLUR";\r
 144                 }\r
 145                 \r
 146         }\r
 147         \r
 148         public String toString() {\r
 149                 return "DirectAAFLur is enabled";\r
 150                 \r
 151         }\r
 152 \r
 153         @Override\r
 154         public boolean supports(String userName) {\r
 155                 //TODO\r
 156                 return true;\r
 157         }\r
 158 \r
 159         @Override\r
 160         public Permission createPerm(String p) {\r
 161                 // TODO Auto-generated method stub\r
 162                 return null;\r
 163         }\r
 164 \r
 165         @Override\r
 166         public void clear(Principal p, StringBuilder report) {\r
 167                 // TODO Auto-generated method stub\r
 168                 \r
 169         }\r
 170 }\r