* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
package org.onap.aaf.auth.batch.approvalsets;
import java.io.IOException;
+import java.util.Date;
import java.util.GregorianCalendar;
import java.util.List;
+import org.onap.aaf.auth.batch.helpers.Approval;
import org.onap.aaf.auth.dao.cass.ApprovalDAO;
import org.onap.aaf.auth.dao.cass.NsDAO;
import org.onap.aaf.auth.dao.cass.RoleDAO;
import org.onap.aaf.misc.env.util.Chrono;
public class URApprovalSet extends ApprovalSet {
- public static final String EXTEND_STRING = "Extend access of User [%s] to Role [%s] - Expires %s";
-
- public URApprovalSet(final AuthzTrans trans, final GregorianCalendar start, final DataView dv, final Loader<UserRoleDAO.Data> lurdd) throws IOException, CadiException {
- super(start, "user_role", dv);
- Organization org = trans.org();
- UserRoleDAO.Data urdd = lurdd.load();
- setConstruct(urdd.bytify());
- setMemo(String.format(EXTEND_STRING,urdd.user,urdd.role,Chrono.dateOnlyStamp(urdd.expires)));
- setExpires(org.expiration(null, Organization.Expiration.UserInRole));
-
- Result<RoleDAO.Data> r = dv.roleByName(trans, urdd.role);
- if(r.notOKorIsEmpty()) {
- throw new CadiException(String.format("Role '%s' does not exist: %s", urdd.role, r.details));
- }
- Result<NsDAO.Data> n = dv.ns(trans, urdd.ns);
- if(n.notOKorIsEmpty()) {
- throw new CadiException(String.format("Namespace '%s' does not exist: %s", urdd.ns));
- }
- UserRoleDAO.Data found = null;
- Result<List<Data>> lur = dv.ursByRole(trans, urdd.role);
- if(lur.isOK()) {
- for(UserRoleDAO.Data ur : lur.value) {
- if(urdd.user.equals(ur.user)) {
- found = ur;
- break;
- }
- }
- }
- if(found==null) {
- throw new CadiException(String.format("User '%s' in Role '%s' does not exist: %s", urdd.user,urdd.role));
- }
-
- // Primarily, Owners are responsible, unless it's owned by self
- boolean isOwner = false;
- Result<List<UserRoleDAO.Data>> owners = dv.ursByRole(trans, urdd.ns+".owner");
- if(owners.isOK()) {
- for(UserRoleDAO.Data owner : owners.value) {
- if(urdd.user.equals(owner.user)) {
- isOwner = true;
- } else {
- ApprovalDAO.Data add = newApproval(urdd);
- add.approver = owner.user;
- add.type="owner";
- ladd.add(add);
- }
- }
- }
+ private static final String FMT_SUFFIX = "%s] - Expires %s";
+ private static final String EXTEND_ACCESS_FMT = Approval.RE_APPROVAL_IN_ROLE + "%s] to Role [" + FMT_SUFFIX;
+ private static final String REVALIDATE_AS_ADMIN_FMT = Approval.RE_VALIDATE_ADMIN + FMT_SUFFIX;
+ private static final String REVALIDATE_AS_OWNER_FMT = Approval.RE_VALIDATE_OWNER + FMT_SUFFIX;
+
+ public URApprovalSet(final AuthzTrans trans, final GregorianCalendar start, final DataView dv, final Loader<UserRoleDAO.Data> lurdd) throws IOException, CadiException {
+ super(start, "user_role", dv);
+ Organization org = trans.org();
+ UserRoleDAO.Data urdd = lurdd.load();
+ setConstruct(urdd.bytify());
+ setMemo(getMemo(urdd));
+ GregorianCalendar expires = org.expiration(null, Organization.Expiration.UserInRole);
+ if(urdd.expires.before(expires.getTime())) {
+ expires.setTime(urdd.expires);
+ }
+ setExpires(expires);
+ setTargetKey(urdd.user + '|' + urdd.role);
+ setTargetDate(urdd.expires);
+
+ Result<RoleDAO.Data> r = dv.roleByName(trans, urdd.role);
+ if(r.notOKorIsEmpty()) {
+ throw new CadiException(r.errorString());
+ }
+ Result<NsDAO.Data> n = dv.ns(trans, urdd.ns);
+ if(n.notOKorIsEmpty()) {
+ throw new CadiException(n.errorString());
+ }
+ UserRoleDAO.Data found = null;
+ Result<List<Data>> lur = dv.ursByRole(trans, urdd.role);
+ if(lur.isOK()) {
+ for(UserRoleDAO.Data ur : lur.value) {
+ if(urdd.user.equals(ur.user)) {
+ found = ur;
+ break;
+ }
+ }
+ }
+ if(found==null) {
+ throw new CadiException(String.format("User '%s' in Role '%s' does not exist", urdd.user,urdd.role));
+ }
+
+ // Primarily, Owners are responsible, unless it's owned by self
+ boolean isOwner = false;
+ Result<List<UserRoleDAO.Data>> owners = dv.ursByRole(trans, urdd.ns + ".owner");
+ if(owners.isOK()) {
+ for(UserRoleDAO.Data owner : owners.value) {
+ if(urdd.user.equals(owner.user)) {
+ isOwner = true;
+ } else {
+ ApprovalDAO.Data add = newApproval(urdd);
+ add.approver = owner.user;
+ add.type="owner";
+ ladd.add(add);
+ }
+ }
+ }
+
+ if(isOwner) {
+ try {
+ List<Identity> apprs = org.getApprovers(trans, urdd.user);
+ if(apprs!=null) {
+ for(Identity i : apprs) {
+ ApprovalDAO.Data add = newApproval(urdd);
+ add.approver = i.fullID();
+ add.type = org.getApproverType();
+ ladd.add(add);
+ }
+ }
+ } catch (OrganizationException e) {
+ throw new CadiException(e);
+ }
+ }
+ }
+
+ private void setTargetDate(Date expires) {
+ fdd.target_date = expires;
+ }
+
+ private void setTargetKey(String key) {
+ fdd.target_key = key;
+ }
- if(isOwner) {
- try {
- List<Identity> apprs = org.getApprovers(trans, urdd.user);
- if(apprs!=null) {
- for(Identity i : apprs) {
- ApprovalDAO.Data add = newApproval(urdd);
- Identity reportsTo = i.responsibleTo();
- if(reportsTo!=null) {
- add.approver = reportsTo.fullID();
- } else {
- throw new CadiException("No Supervisor for '" + urdd.user + '\'');
- }
- add.type = org.getApproverType();
- ladd.add(add);
- }
- }
- } catch (OrganizationException e) {
- throw new CadiException(e);
- }
- }
- }
+ private ApprovalDAO.Data newApproval(UserRoleDAO.Data urdd) {
+ ApprovalDAO.Data add = new ApprovalDAO.Data();
+ add.id = Chrono.dateToUUID(System.currentTimeMillis());
+ add.ticket = fdd.id;
+ add.user = urdd.user;
+ add.operation = FUTURE_OP.A.name();
+ add.status = ApprovalDAO.PENDING;
+ add.memo = getMemo(urdd);
+ return add;
+ }
- private ApprovalDAO.Data newApproval(Data urdd) throws CadiException {
- ApprovalDAO.Data add = new ApprovalDAO.Data();
- add.id = Chrono.dateToUUID(System.currentTimeMillis());
- add.ticket = fdd.id;
- add.user = urdd.user;
- add.operation = FUTURE_OP.A.name();
- add.status = ApprovalDAO.PENDING;
- add.memo = String.format("Re-Validate as Owner for AAF Namespace '%s' - expiring %s', ",
- urdd.ns,
- Chrono.dateOnlyStamp(urdd.expires));
- return add;
- }
+ private String getMemo(Data urdd) {
+ switch(urdd.rname) {
+ case "owner":
+ return String.format(REVALIDATE_AS_OWNER_FMT,urdd.ns,Chrono.dateOnlyStamp(urdd.expires));
+ case "admin":
+ return String.format(REVALIDATE_AS_ADMIN_FMT,urdd.ns,Chrono.dateOnlyStamp(urdd.expires));
+ default:
+ return String.format(EXTEND_ACCESS_FMT,
+ urdd.user,
+ urdd.role,
+ Chrono.dateOnlyStamp(urdd.expires));
+ }
+ }
}
Code Review / aaf / authz.git / blobdiff