X-Git-Url: https://gerrit.onap.org/r/gitweb?p=aaf%2Fauthz.git;a=blobdiff_plain;f=auth%2Fauth-batch%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fbatch%2Fapprovalsets%2FURApprovalSet.java;h=858690ac753a166a9daed9c27aaf925caebb92e5;hp=e1c75bf3d27ebba2e1df8dc1776d216208cdc0aa;hb=628b7105ce4d9818aac69a082e515f9275fd46fd;hpb=4b6435c97dc1e05ee6a1e06190e3c431f9d1a8fe diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java index e1c75bf3..858690ac 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java @@ -39,23 +39,24 @@ import org.onap.aaf.cadi.CadiException; import org.onap.aaf.misc.env.util.Chrono; public class URApprovalSet extends ApprovalSet { - public static final String EXTEND_STRING = "Extend access of User [%s] to Role [%s] - Expires %s"; + private boolean ownerSuperApprove; + public URApprovalSet(final AuthzTrans trans, final GregorianCalendar start, final DataView dv, final Loader lurdd) throws IOException, CadiException { super(start, "user_role", dv); Organization org = trans.org(); UserRoleDAO.Data urdd = lurdd.load(); setConstruct(urdd.bytify()); - setMemo(String.format(EXTEND_STRING,urdd.user,urdd.role,Chrono.dateOnlyStamp(urdd.expires))); + setMemo(getMemo(urdd)); setExpires(org.expiration(null, Organization.Expiration.UserInRole)); Result r = dv.roleByName(trans, urdd.role); if(r.notOKorIsEmpty()) { - throw new CadiException(String.format("Role '%s' does not exist: %s", urdd.role, r.details)); + throw new CadiException(r.errorString()); } Result n = dv.ns(trans, urdd.ns); if(n.notOKorIsEmpty()) { - throw new CadiException(String.format("Namespace '%s' does not exist: %s", urdd.ns,r.details)); + throw new CadiException(n.errorString()); } UserRoleDAO.Data found = null; Result> lur = dv.ursByRole(trans, urdd.role); @@ -68,7 +69,7 @@ public class URApprovalSet extends ApprovalSet { } } if(found==null) { - throw new CadiException(String.format("User '%s' in Role '%s' does not exist: %s", urdd.user,urdd.role,r.details)); + throw new CadiException(String.format("User '%s' in Role '%s' does not exist", urdd.user,urdd.role)); } // Primarily, Owners are responsible, unless it's owned by self @@ -87,7 +88,7 @@ public class URApprovalSet extends ApprovalSet { } } - if(isOwner) { + if(isOwner && ownerSuperApprove) { try { List apprs = org.getApprovers(trans, urdd.user); if(apprs!=null) { @@ -108,18 +109,38 @@ public class URApprovalSet extends ApprovalSet { } } } + + public void ownerSuperApprove() { + ownerSuperApprove = true; + } - private ApprovalDAO.Data newApproval(Data urdd) throws CadiException { + private ApprovalDAO.Data newApproval(UserRoleDAO.Data urdd) throws CadiException { ApprovalDAO.Data add = new ApprovalDAO.Data(); add.id = Chrono.dateToUUID(System.currentTimeMillis()); add.ticket = fdd.id; add.user = urdd.user; add.operation = FUTURE_OP.A.name(); add.status = ApprovalDAO.PENDING; - add.memo = String.format("Re-Validate as Owner for AAF Namespace '%s' - expiring %s', ", - urdd.ns, - Chrono.dateOnlyStamp(urdd.expires)); + add.memo = getMemo(urdd); return add; } + private String getMemo(Data urdd) { + switch(urdd.rname) { + case "owner": + return String.format("Revalidate as Owner of AAF Namespace [%s] - Expires %s", + urdd.ns, + Chrono.dateOnlyStamp(urdd.expires)); + case "admin": + return String.format("Revalidate as Admin of AAF Namespace [%s] - Expires %s", + urdd.ns, + Chrono.dateOnlyStamp(urdd.expires)); + default: + return String.format("Extend access of User [%s] to Role [%s] - Expires %s", + urdd.user, + urdd.role, + Chrono.dateOnlyStamp(urdd.expires)); + } + } + }