Enable Organizations to have a subset of users the user roles of which do not expire

[aaf/authz.git] / auth / auth-batch / src / main / java / org / onap / aaf / auth / batch / reports / Analyze.java

diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java
index ff2c72a..3a813ec 100644 (file)
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java
@@ -438,7 +438,12 @@ public class Analyze extends Batch {
                                         if(r!=null) {
                                             Approval existing = findApproval(ur);
                                             if(existing==null) {
-                                                ur.row(needApproveCW,UserRole.APPROVE_UR);
+                                                if (org.isUserExpireExempt(ur.user(), ur.expires())) {
+                                                    ur.row(notCompliantCW, UserRole.UR);
+                                                } else {
+                                                    ur.row(needApproveCW, UserRole.APPROVE_UR,
+                                                            "Expired user role! Membership expired " + Chrono.dateOnlyStamp(ur.expires()));
+                                                }
                                             }
                                         }
                                     }