diff options
author | Sean Hassan <sean.hassan@att.com> | 2020-05-21 16:22:11 -0500 |
---|---|---|
committer | Hassan, Sean (sh265m) <sean.hassan@att.com> | 2020-05-22 13:59:04 -0500 |
commit | b6106cffafc89a9c3051c3196f54df643197e4ad (patch) | |
tree | cff90ac9839a734428a564a63e98547efa87e626 /auth | |
parent | f8e4fae3bb0e9a7d40a70a64971efd1813bee2d1 (diff) |
Enable Organizations to have a subset of users the user roles of which do not expire
Issue-ID: AAF-1149
Signed-off-by: Sean Hassan <sean.hassan@att.com>
Change-Id: Iaf04456abe78f2cb7972587b50f00bcaac3f83aa
Diffstat (limited to 'auth')
6 files changed, 49 insertions, 6 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java index ff2c72a5..3a813ecd 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java @@ -438,7 +438,12 @@ public class Analyze extends Batch { if(r!=null) { Approval existing = findApproval(ur); if(existing==null) { - ur.row(needApproveCW,UserRole.APPROVE_UR); + if (org.isUserExpireExempt(ur.user(), ur.expires())) { + ur.row(notCompliantCW, UserRole.UR); + } else { + ur.row(needApproveCW, UserRole.APPROVE_UR, + "Expired user role! Membership expired " + Chrono.dateOnlyStamp(ur.expires())); + } } } } diff --git a/auth/auth-cass/pom.xml b/auth/auth-cass/pom.xml index e061f061..2b465819 100644 --- a/auth/auth-cass/pom.xml +++ b/auth/auth-cass/pom.xml @@ -123,6 +123,11 @@ <artifactId>slf4j-log4j12</artifactId> <scope>test</scope> </dependency> + <dependency> + <groupId>org.onap.aaf.authz</groupId> + <artifactId>aaf-auth-deforg</artifactId> + <scope>test</scope> + </dependency> </dependencies> <build> <plugins> diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java index 5a27e5ec..5a66be8a 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java @@ -82,7 +82,7 @@ public class PermLookup { List<UserRoleDAO.Data> lurdd = new ArrayList<>(); Date now = new Date(); for (UserRoleDAO.Data urdd : userRoles.value) { - if (urdd.expires.after(now)) { // Remove Expired + if (urdd.expires.after(now) || trans.org().isUserExpireExempt(user, urdd.expires)) { // Remove Expired lurdd.add(urdd); } } diff --git a/auth/auth-cass/src/test/java/org/onap/aaf/auth/dao/hl/JU_PermLookup.java b/auth/auth-cass/src/test/java/org/onap/aaf/auth/dao/hl/JU_PermLookup.java index f5d22ba2..1d82505e 100644 --- a/auth/auth-cass/src/test/java/org/onap/aaf/auth/dao/hl/JU_PermLookup.java +++ b/auth/auth-cass/src/test/java/org/onap/aaf/auth/dao/hl/JU_PermLookup.java @@ -49,6 +49,7 @@ import org.onap.aaf.auth.layer.Result; import org.onap.aaf.cadi.Access; import org.onap.aaf.cadi.CadiException; import org.onap.aaf.misc.env.LogTarget; +import org.onap.aaf.org.DefaultOrg; @RunWith(MockitoJUnitRunner.class) @@ -130,13 +131,17 @@ public class JU_PermLookup { Result<List<UserRoleDAO.Data>> retVal1 = Mockito.mock(Result.class); retVal1.value = new ArrayList<UserRoleDAO.Data>(); UserRoleDAO.Data dataObj = Mockito.mock( UserRoleDAO.Data.class); - dataObj.expires = new Date(); retVal1.value.add(dataObj); Mockito.doReturn(true).when(retVal1).isOKhasData(); + Mockito.doReturn(retVal1).when(userRoleDAO).readByUser(trans,""); - PermLookup cassExecutorObj =PermLookup.get(trans, q,""); + + DefaultOrg org = Mockito.mock(DefaultOrg.class); + when(trans.org()).thenReturn(org); + + PermLookup cassExecutorObj = PermLookup.get(trans, q,""); Result<List<UserRoleDAO.Data>> userRoles = cassExecutorObj.getUserRoles(); //System.out.println(""+userRoles.status); @@ -151,7 +156,11 @@ public class JU_PermLookup { Mockito.doReturn(false).when(retVal1).isOKhasData(); Mockito.doReturn(retVal1).when(userRoleDAO).readByUser(trans,""); - PermLookup cassExecutorObj =PermLookup.get(trans, q,""); + + DefaultOrg org = Mockito.mock(DefaultOrg.class); + when(trans.org()).thenReturn(org); + + PermLookup cassExecutorObj = PermLookup.get(trans, q,""); Result<List<UserRoleDAO.Data>> userRoles = cassExecutorObj.getUserRoles(); // System.out.println("output is"+userRoles.status); @@ -174,7 +183,11 @@ public class JU_PermLookup { retVal1.value.add(dataObj); Mockito.doReturn(true).when(retVal1).isOKhasData(); Mockito.doReturn(retVal1).when(userRoleDAO).readByUser(trans,""); - PermLookup cassExecutorObj =PermLookup.get(trans, q,""); + + DefaultOrg org = Mockito.mock(DefaultOrg.class); + when(trans.org()).thenReturn(org); + + PermLookup cassExecutorObj = PermLookup.get(trans, q,""); Result<List<UserRoleDAO.Data>> userRoles = cassExecutorObj.getUserRoles(); //System.out.println(userRoles.status); diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java index f34ed151..795231eb 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java @@ -348,6 +348,16 @@ public interface Organization { public void setTestMode(boolean dryRun); + /** + * Evaluates a user to determine if they are exempt from role expiration. + * Returns true if true, false is false. Default implementation is always false. + * + * @param user + * @param expires + * @return + */ + public boolean isUserExpireExempt(String user, Date expires); + public static final Organization NULL = new Organization() { private final GregorianCalendar gc = new GregorianCalendar(1900, 1, 1); @@ -586,6 +596,11 @@ public interface Organization { return null; } + @Override + public boolean isUserExpireExempt(String user, Date expires) { + return false; + } + }; } diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java index 1822e990..c7f3b1cc 100644 --- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java +++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java @@ -705,4 +705,9 @@ public class DefaultOrg implements Organization { return 0; } } + + @Override + public boolean isUserExpireExempt(String user, Date expires) { + return false; + } } |