summaryrefslogtreecommitdiffstats
path: root/auth/auth-cass
diff options
context:
space:
mode:
Diffstat (limited to 'auth/auth-cass')
-rw-r--r--auth/auth-cass/pom.xml18
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cached/FileGetter.java2
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java1
-rw-r--r--auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java12
4 files changed, 11 insertions, 22 deletions
diff --git a/auth/auth-cass/pom.xml b/auth/auth-cass/pom.xml
index d8e25cc3..5e86ba60 100644
--- a/auth/auth-cass/pom.xml
+++ b/auth/auth-cass/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.16-SNAPSHOT</version>
+ <version>2.1.17-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@@ -37,22 +37,6 @@
</roles>
</developer>
<developer>
- <name>Gabe Maurer</name>
- <email>gabe.maurer@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
- <name>Ian Howell</name>
- <email>ian.howell@att.com</email>
- <organization>ATT</organization>
- <roles>
- <role>Developer</role>
- </roles>
- </developer>
- <developer>
<name>Sai Gandham</name>
<email>sai.gandham@att.com</email>
<organization>ATT</organization>
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cached/FileGetter.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cached/FileGetter.java
index 75efdfae..31e5069b 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cached/FileGetter.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cached/FileGetter.java
@@ -129,7 +129,7 @@ public class FileGetter {
public static void main(String[] args) {
PropAccess access = new PropAccess(args);
- access.setProperty(AAF_FILEGETTER,"/Users/jg1555/cred.dat");
+ access.setProperty(AAF_FILEGETTER,"/opt/app/aaf/data/cred.dat");
FileGetter fg = FileGetter.singleton(access);
for(String id : new String[] {"m01891@aaf.att.com","bogus"}) {
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
index 0d5c487d..e5cde35c 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
@@ -227,7 +227,6 @@ public class Function {
if (rparent.notOK()) {
return Result.err(rparent);
}
- parent = rparent.value.parent;
if (!fromApproval) {
rparent = q.mayUser(trans, user, rparent.value, Access.write);
if (rparent.notOK()) {
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
index 1809686a..39578f83 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
@@ -786,11 +786,17 @@ public class Question {
return Result.err(Status.ERR_BadData,
"[%s] cannot be a delegate for self", dd.user);
}
- if (!isUser && !isGranted(trans, trans.user(), ROOT_NS,DELG,
- org.getDomain(), Question.CREATE)) {
- return Result.err(Status.ERR_Denied,
+ if (!isUser) {
+ String supportedDomain = org.supportedDomain(dd.user);
+ if(supportedDomain==null) {
+ return Result.err(Status.ERR_Denied,
+ "[%s] may not create a delegate for the domain for [%s]",
+ trans.user(), dd.user);
+ } else if(!isGranted(trans, trans.user(), ROOT_NS,DELG,supportedDomain,Question.CREATE)) {
+ return Result.err(Status.ERR_Denied,
"[%s] may not create a delegate for [%s]",
trans.user(), dd.user);
+ }
}
break;
case read: