Enable Organizations to have a subset of users the user roles of which do not expire

Issue-ID: AAF-1149 Signed-off-by: Sean Hassan <sean.hassan@att.com> Change-Id: Iaf04456abe78f2cb7972587b50f00bcaac3f83aa
author: Sean Hassan <sean.hassan@att.com> 2020-05-21 16:22:11 -0500
committer: Hassan, Sean (sh265m) <sean.hassan@att.com> 2020-05-22 13:59:04 -0500
commit: b6106cffafc89a9c3051c3196f54df643197e4ad (patch)
tree: cff90ac9839a734428a564a63e98547efa87e626
parent: f8e4fae3bb0e9a7d40a70a64971efd1813bee2d1 (diff)
6 files changed, 49 insertions, 6 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java
index ff2c72a5..3a813ecd 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java
@@ -438,7 +438,12 @@ public class Analyze extends Batch {
                                         if(r!=null) {
                                             Approval existing = findApproval(ur);
                                             if(existing==null) {
-                                                ur.row(needApproveCW,UserRole.APPROVE_UR);
+                                                if (org.isUserExpireExempt(ur.user(), ur.expires())) {
+                                                    ur.row(notCompliantCW, UserRole.UR);
+                                                } else {
+                                                    ur.row(needApproveCW, UserRole.APPROVE_UR,
+                                                            "Expired user role! Membership expired " + Chrono.dateOnlyStamp(ur.expires()));
+                                                }
                                             }
                                         }
                                     }
diff --git a/auth/auth-cass/pom.xml b/auth/auth-cass/pom.xml
index e061f061..2b465819 100644
--- a/auth/auth-cass/pom.xml
+++ b/auth/auth-cass/pom.xml
@@ -123,6 +123,11 @@
             <artifactId>slf4j-log4j12</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.onap.aaf.authz</groupId>
+            <artifactId>aaf-auth-deforg</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
     <build>
         <plugins>
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java
index 5a27e5ec..5a66be8a 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java
@@ -82,7 +82,7 @@ public class PermLookup {
                 List<UserRoleDAO.Data> lurdd = new ArrayList<>();
                 Date now = new Date();
                 for (UserRoleDAO.Data urdd : userRoles.value) {
-                    if (urdd.expires.after(now)) { // Remove Expired
+                    if (urdd.expires.after(now) || trans.org().isUserExpireExempt(user, urdd.expires)) { // Remove Expired
                         lurdd.add(urdd);
                     }
                 }
diff --git a/auth/auth-cass/src/test/java/org/onap/aaf/auth/dao/hl/JU_PermLookup.java b/auth/auth-cass/src/test/java/org/onap/aaf/auth/dao/hl/JU_PermLookup.java
index f5d22ba2..1d82505e 100644
--- a/auth/auth-cass/src/test/java/org/onap/aaf/auth/dao/hl/JU_PermLookup.java
+++ b/auth/auth-cass/src/test/java/org/onap/aaf/auth/dao/hl/JU_PermLookup.java
@@ -49,6 +49,7 @@ import org.onap.aaf.auth.layer.Result;
 import org.onap.aaf.cadi.Access;
 import org.onap.aaf.cadi.CadiException;
 import org.onap.aaf.misc.env.LogTarget;
+import org.onap.aaf.org.DefaultOrg;
 
 
 @RunWith(MockitoJUnitRunner.class)
@@ -130,13 +131,17 @@ public class JU_PermLookup {
         Result<List<UserRoleDAO.Data>> retVal1 = Mockito.mock(Result.class);
         retVal1.value = new ArrayList<UserRoleDAO.Data>();
         UserRoleDAO.Data dataObj = Mockito.mock( UserRoleDAO.Data.class);
-
         dataObj.expires = new Date();
 
         retVal1.value.add(dataObj);
         Mockito.doReturn(true).when(retVal1).isOKhasData();
+
         Mockito.doReturn(retVal1).when(userRoleDAO).readByUser(trans,"");
-        PermLookup cassExecutorObj =PermLookup.get(trans, q,"");
+
+        DefaultOrg org = Mockito.mock(DefaultOrg.class);
+        when(trans.org()).thenReturn(org);
+
+        PermLookup cassExecutorObj = PermLookup.get(trans, q,"");
         Result<List<UserRoleDAO.Data>> userRoles = cassExecutorObj.getUserRoles();
 
         //System.out.println(""+userRoles.status);
@@ -151,7 +156,11 @@ public class JU_PermLookup {
 
         Mockito.doReturn(false).when(retVal1).isOKhasData();
         Mockito.doReturn(retVal1).when(userRoleDAO).readByUser(trans,"");
-        PermLookup cassExecutorObj =PermLookup.get(trans, q,"");
+
+        DefaultOrg org = Mockito.mock(DefaultOrg.class);
+        when(trans.org()).thenReturn(org);
+
+        PermLookup cassExecutorObj = PermLookup.get(trans, q,"");
         Result<List<UserRoleDAO.Data>> userRoles = cassExecutorObj.getUserRoles();
 
 //        System.out.println("output is"+userRoles.status);
@@ -174,7 +183,11 @@ public class JU_PermLookup {
         retVal1.value.add(dataObj);
         Mockito.doReturn(true).when(retVal1).isOKhasData();
         Mockito.doReturn(retVal1).when(userRoleDAO).readByUser(trans,"");
-        PermLookup cassExecutorObj =PermLookup.get(trans, q,"");
+
+        DefaultOrg org = Mockito.mock(DefaultOrg.class);
+        when(trans.org()).thenReturn(org);
+
+        PermLookup cassExecutorObj = PermLookup.get(trans, q,"");
         Result<List<UserRoleDAO.Data>> userRoles = cassExecutorObj.getUserRoles();
 
         //System.out.println(userRoles.status);
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java
index f34ed151..795231eb 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java
@@ -348,6 +348,16 @@ public interface Organization {
 
     public void setTestMode(boolean dryRun);
 
+    /**
+     * Evaluates a user to determine if they are exempt from role expiration.
+     * Returns true if true, false is false. Default implementation is always false.
+     *
+     * @param user
+     * @param expires
+     * @return
+     */
+    public boolean isUserExpireExempt(String user, Date expires);
+
     public static final Organization NULL = new Organization()
     {
         private final GregorianCalendar gc = new GregorianCalendar(1900, 1, 1);
@@ -586,6 +596,11 @@ public interface Organization {
             return null;
         }
 
+        @Override
+        public boolean isUserExpireExempt(String user, Date expires) {
+            return false;
+        }
+
     };
 }
 
diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
index 1822e990..c7f3b1cc 100644
--- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
+++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
@@ -705,4 +705,9 @@ public class DefaultOrg implements Organization {
             return 0;
         }
     }
+
+    @Override
+    public boolean isUserExpireExempt(String user, Date expires) {
+        return false;
+    }
 }
author	Sean Hassan <sean.hassan@att.com>	2020-05-21 16:22:11 -0500
committer	Hassan, Sean (sh265m) <sean.hassan@att.com>	2020-05-22 13:59:04 -0500
commit	b6106cffafc89a9c3051c3196f54df643197e4ad (patch)
tree	cff90ac9839a734428a564a63e98547efa87e626
parent	f8e4fae3bb0e9a7d40a70a64971efd1813bee2d1 (diff)