// for users and approvers still valid
String user = appr.getUser();
- if(org.isRevoked(noAvg, appr.getApprover())) {
- deleteCW.comment("Approver ID is revoked");
+ Date revokedAppr = org.isRevoked(noAvg, appr.getApprover());
+ Date revokedUser = org.isRevoked(noAvg, user);
+ if(revokedAppr!=null) {
+ deleteCW.comment("Approver ID is revoked on " + revokedAppr);
Approval.row(deleteCW, appr);
- } else if(user!=null && !user.isEmpty() && org.isRevoked(noAvg, user)) {
- deleteCW.comment("USER ID is revoked");
+ } else if(user!=null && !user.isEmpty() && revokedUser!=null) {
+ deleteCW.comment("USER ID is revoked on " + revokedUser);
Approval.row(deleteCW, appr);
} else {
ticket.approvals.add(appr); // add to found Ticket
}
return;
}
- if(org.isRevoked(trans, ur.user())) {
+ Date revoked = org.isRevoked(trans, ur.user());
+ if(revoked!=null) {
GregorianCalendar gc = new GregorianCalendar();
- gc.setTime(ur.expires());
+ gc.setTime(revoked);
GregorianCalendar gracePeriodEnds = org.expiration(gc, Expiration.RevokedGracePeriodEnds, ur.user());
if(now.after(gracePeriodEnds.getTime())) {
ur.row(deleteCW, UserRole.UR,"Revoked ID, no grace period left");
} else {
- ur.row(notCompliantCW, UserRole.UR, "Revoked ID: WARNING! GracePeriod Ends " + gracePeriodEnds.toString());
+ ur.row(notCompliantCW, UserRole.UR, "Revoked ID: WARNING! GracePeriod Ends " + Chrono.dateOnlyStamp(gracePeriodEnds));
}
return;
}
* feed with a "Deleted ID" feed.
*
*/
- public boolean isRevoked(AuthzTrans trans, String id);
+ public Date isRevoked(AuthzTrans trans, String id);
/**
}
@Override
- public boolean isRevoked(AuthzTrans trans, String id) {
+ public Date isRevoked(AuthzTrans trans, String id) {
// provide a corresponding feed that indicates that an ID has been intentionally removed from identities.dat table.
- return false;
+ return null;
}
@Override
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.util.FQI;
import org.onap.aaf.misc.env.Env;
+import org.onap.aaf.org.Identities.Data;
public class DefaultOrg implements Organization {
private static final String AAF_DATA_DIR = "aaf_data_dir";
* If the ID isn't in the revoked file, if it exists, it is revoked.
*/
@Override
- public boolean isRevoked(AuthzTrans trans, String key) {
+ public Date isRevoked(AuthzTrans trans, String key) {
if(revoked!=null) {
try {
revoked.open(trans, DefaultOrgIdentity.TIMEOUT);
} else {
search = key;
}
- return revoked.find(search, r)!=null;
+ Data revokedData = revoked.find(search, r);
+ return revokedData==null?null:new Date();
} finally {
revoked.close(trans);
}
trans.error().log(e);
}
}
- return false;
+ return null;
}
/* (non-Javadoc)
Code Review / aaf / authz.git / commitdiff