X-Git-Url: https://gerrit.onap.org/r/gitweb?p=aaf%2Fauthz.git;a=blobdiff_plain;f=auth%2Fauth-batch%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fbatch%2Freports%2FAnalyze.java;fp=auth%2Fauth-batch%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fbatch%2Freports%2FAnalyze.java;h=227717b74a80547009c9d8c5de8e192cbdf67e54;hp=5cab52976ca08d76cc6eed2b8e1ce5ff6bb8069a;hb=3ca2e6964bf2aab93394cf542b6354ca735703c0;hpb=97b7c2435bf2fb9f2e27593c06b9b85fc4dc70aa

diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java
index 5cab5297..227717b7 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java
@@ -57,6 +57,7 @@ import org.onap.aaf.auth.batch.helpers.X509;
 import org.onap.aaf.auth.dao.cass.CredDAO;
 import org.onap.aaf.auth.dao.cass.UserRoleDAO;
 import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.org.Organization.Expiration;
 import org.onap.aaf.auth.org.Organization.Identity;
 import org.onap.aaf.auth.org.OrganizationException;
 import org.onap.aaf.cadi.configure.Factory;
@@ -392,12 +393,33 @@ public class Analyze extends Batch {
                                     }
                                     return;
                                 }
+                                if(org.isRevoked(trans, ur.user())) {
+                                	GregorianCalendar gc = new GregorianCalendar();
+                                	gc.setTime(ur.expires());
+                                	GregorianCalendar gracePeriodEnds = org.expiration(gc, Expiration.RevokedGracePeriodEnds, ur.user());
+                                	if(now.after(gracePeriodEnds.getTime())) {
+                                        ur.row(deleteCW, UserRole.UR,"Revoked ID, no grace period left");
+                                	} else {
+                                		ur.row(notCompliantCW, UserRole.UR, "Revoked ID: WARNING! GracePeriod Ends " + gracePeriodEnds.toString());
+                                	}
+                                	return;
+                                }
                                 ur.row(deleteCW, UserRole.UR,"Not in Organization");
                                 return;
                             } else if(Role.byName.get(ur.role())==null) {
                                 ur.row(deleteCW, UserRole.UR,String.format("Role %s does not exist", ur.role()));
                                 return;
+                            // Make sure owners can still be owners.
+                            } else if(ur.role().endsWith(".owner")) {
+                            	String err = identity.mayOwn(); 
+                            	if(err!=null) {
+                            		ur.row(deleteCW, UserRole.UR,String.format("%s may not be an owner: %s",ur.user(),err));
+                            		return;
+                            	}
                             }
+                            
+                            
+                            
                             // Just let expired UserRoles sit until deleted
                             if(futureRange.inRange(ur.expires())&&(!mur.containsKey(ur.user() + '|' + ur.role()))) {
                                     // Cannot just delete owners, unless there is at least one left. Process later