diff options
author | Instrumental <jonathan.gathman@att.com> | 2019-06-20 07:22:59 -0500 |
---|---|---|
committer | Instrumental <jonathan.gathman@att.com> | 2019-06-20 07:23:22 -0500 |
commit | 2c3cb70208785cf0272eae075206074318ca74cc (patch) | |
tree | 23a9e75c4370739ba99accd657037180f6d2a8cc /auth/auth-cass/src/main | |
parent | a77e3d6e9180c1722a9d18f7717034bb0650a130 (diff) |
Fixes/Refinements from Testing
Issue-ID: AAF-857
Change-Id: I2c5a542982b77011ad4ed5c41e08e045c83e2e3f
Signed-off-by: Instrumental <jonathan.gathman@att.com>
Diffstat (limited to 'auth/auth-cass/src/main')
4 files changed, 11 insertions, 6 deletions
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/PermDAO.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/PermDAO.java index 3b77a577..0033f8a1 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/PermDAO.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/PermDAO.java @@ -105,8 +105,13 @@ public class PermDAO extends CassDAOImpl<AuthzTrans,PermDAO.Data> { } public String fullPerm() { - StringBuilder sb = new StringBuilder(ns); - sb.append(ns.indexOf('@')<0?'.':':'); + StringBuilder sb = new StringBuilder(); + if(ns==null) { + sb.append("null."); + } else { + sb.append(ns); + sb.append(ns.indexOf('@')<0?'.':':'); + } sb.append(type); sb.append('|'); sb.append(instance); diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java index 690ffa08..3fde5123 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java @@ -1055,8 +1055,8 @@ public class Function { } else if (!fullperm.roles.isEmpty()) { return Result .err(Status.ERR_DependencyExists, - "Permission [%s.%s|%s|%s] cannot be deleted as it is attached to 1 or more roles.", - fullperm.ns, fullperm.type, fullperm.instance, fullperm.action); + "Permission [%s] cannot be deleted as it is attached to 1 or more roles.", + fullperm.fullPerm()); } } diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java index 7160edec..d40c2ea0 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java @@ -616,7 +616,7 @@ public class Question { public Result<NsDAO.Data> mayUser(AuthzTrans trans, String user,PermDAO.Data pdd, Access access) { if(pdd.ns.indexOf('@')>-1) { - if(user.equals(pdd.ns)) { + if(user.equals(pdd.ns) || isGranted(trans,user,Define.ROOT_NS(),"access",pdd.instance,READ)) { NsDAO.Data ndd = new NsDAO.Data(); ndd.name = user; ndd.type = NsDAO.USER; diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFUserPass.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFUserPass.java index 62e1592f..3c7d873e 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFUserPass.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/direct/DirectAAFUserPass.java @@ -65,7 +65,7 @@ public class DirectAAFUserPass implements CredVal { } else { trans = env.newTransNoAvg(); if (state instanceof HttpServletRequest) { - trans.set((HttpServletRequest)state); + trans.set((HttpServletRequest)state,null); transfer=true; } } |