Enable Organizations to have a subset of users the user roles of which do not expire

[aaf/authz.git] / auth / auth-cass / src / main / java / org / onap / aaf / auth / dao / hl / PermLookup.java
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java

index 6bb440a..5a66be8 100644 (file)
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java
@@ -7,9 +7,9 @@
   * Licensed under the Apache License, Version 2.0 (the "License");
   * you may not use this file except in compliance with the License.
   * You may obtain a copy of the License at
- * 
+ *
   *      http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
   * Unless required by applicable law or agreed to in writing, software
   * distributed under the License is distributed on an "AS IS" BASIS,
   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -27,6 +27,7 @@ import java.util.HashMap;
  import java.util.List;
  import java.util.Map;
  import java.util.Set;
+import java.util.TreeMap;
  import java.util.TreeSet;
  
  import org.onap.aaf.auth.dao.cass.PermDAO;
@@ -37,14 +38,14 @@ import org.onap.aaf.auth.env.AuthzTrans;
  import org.onap.aaf.auth.layer.Result;
  
  /**
- * PermLookup is a Storage class for the various pieces of looking up Permission 
+ * PermLookup is a Storage class for the various pieces of looking up Permission
   * during Transactions to avoid duplicate processing
- * 
+ *
   * @author Jonathan
   *
   */
  // Package on purpose
-class PermLookup {
+public class PermLookup {
      private AuthzTrans trans;
      private String user;
      private Question q;
@@ -52,10 +53,10 @@ class PermLookup {
      private Result<List<RoleDAO.Data>> roles = null;
      private Result<Set<String>> permNames = null;
      private Result<List<PermDAO.Data>> perms = null;
-    
+
      private PermLookup() {}
-    
-    static PermLookup get(AuthzTrans trans, Question q, String user) {
+
+    public static PermLookup get(AuthzTrans trans, Question q, String user) {
          PermLookup lp=null;
          Map<String, PermLookup> permMap = trans.get(Question.PERMS, null);
          if (permMap == null) {
@@ -73,19 +74,19 @@ class PermLookup {
          }
          return lp;
      }
-    
+
      public Result<List<UserRoleDAO.Data>> getUserRoles() {
-        if(userRoles==null) {
-            userRoles = q.userRoleDAO.readByUser(trans,user);
-            if(userRoles.isOKhasData()) {
+        if (userRoles==null) {
+            userRoles = q.userRoleDAO().readByUser(trans,user);
+            if (userRoles.isOKhasData()) {
                  List<UserRoleDAO.Data> lurdd = new ArrayList<>();
                  Date now = new Date();
-                for(UserRoleDAO.Data urdd : userRoles.value) {
-                    if(urdd.expires.after(now)) { // Remove Expired
+                for (UserRoleDAO.Data urdd : userRoles.value) {
+                    if (urdd.expires.after(now) || trans.org().isUserExpireExempt(user, urdd.expires)) { // Remove Expired
                          lurdd.add(urdd);
                      }
                  }
-                if(lurdd.size()==0) {
+                if (lurdd.size()==0) {
                      return userRoles = Result.err(Status.ERR_UserNotFound,
                                  "%s not found or not associated with any Roles: ",
                                  user);
@@ -101,18 +102,18 @@ class PermLookup {
      }
  
      public Result<List<RoleDAO.Data>> getRoles() {
-        if(roles==null) {
+        if (roles==null) {
              Result<List<UserRoleDAO.Data>> rur = getUserRoles();
-            if(rur.isOK()) {
+            if (rur.isOK()) {
                  List<RoleDAO.Data> lrdd = new ArrayList<>();
                  for (UserRoleDAO.Data urdata : rur.value) {
                      // Gather all permissions from all Roles
-                        if(urdata.ns==null || urdata.rname==null) {
+                        if (urdata.ns==null || urdata.rname==null) {
                              return Result.err(Status.ERR_BadData,"DB Content Error: nulls in User Role %s %s", urdata.user,urdata.role);
                          } else {
-                            Result<List<RoleDAO.Data>> rlrd = q.roleDAO.read(
+                            Result<List<RoleDAO.Data>> rlrd = q.roleDAO().read(
                                      trans, urdata.ns, urdata.rname);
-                            if(rlrd.isOK()) {
+                            if (rlrd.isOK()) {
                                  lrdd.addAll(rlrd.value);
                              }
                          }
@@ -127,7 +128,7 @@ class PermLookup {
      }
  
      public Result<Set<String>> getPermNames() {
-        if(permNames==null) {
+        if (permNames==null) {
              Result<List<RoleDAO.Data>> rlrd = getRoles();
              if (rlrd.isOK()) {
                  Set<String> pns = new TreeSet<>();
@@ -142,23 +143,42 @@ class PermLookup {
              return permNames;
          }
      }
-    
+
      public Result<List<PermDAO.Data>> getPerms(boolean lookup) {
-        if(perms==null) {
+        if (perms==null) {
              // Note: It should be ok for a Valid user to have no permissions -
              // Jonathan 8/12/2013
              Result<Set<String>> rss = getPermNames();
-            if(rss.isOK()) {
+            if (rss.isOK()) {
                  List<PermDAO.Data> lpdd = new ArrayList<>();
                  for (String perm : rss.value) {
-                    if(lookup) {
+                    if (lookup) {
+                        Map<String,PermDAO.Data> mspdd = new TreeMap<>();
                          Result<String[]> ap = PermDAO.Data.decodeToArray(trans, q, perm);
-                        if(ap.isOK()) {
-                             
-                            Result<List<PermDAO.Data>> rlpd = q.permDAO.read(perm,trans,ap.value);
+                        if (ap.isOK()) {
+
+                            Result<List<PermDAO.Data>> rlpd = q.permDAO().read(perm,trans,ap.value);
                              if (rlpd.isOKhasData()) {
                                  for (PermDAO.Data pData : rlpd.value) {
-                                    lpdd.add(pData);
+                                    // ONLY add perms/roles which are related to this lookup
+                                    for(String pdr : pData.roles(false)) {
+                                        for(RoleDAO.Data r : roles.value) {
+                                            if(pdr.equals(r.encode())) {
+                                                PermDAO.Data pdd = mspdd.get(pData.fullPerm());
+                                                if(pdd==null) {
+                                                    pdd = new PermDAO.Data();
+                                                    pdd.ns = pData.ns;
+                                                    pdd.type = pData.type;
+                                                    pdd.instance = pData.instance;
+                                                    pdd.action = pData.action;
+                                                    pdd.description = pData.description;
+                                                    lpdd.add(pdd);
+                                                }
+                                                pdd.roles(true).add(pdr);
+                                                break;
+                                            }
+                                        }
+                                    }
                                  }
                              }
                          } else {