diff options
Diffstat (limited to 'auth/auth-deforg')
-rw-r--r-- | auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java index f1932a26..107141bc 100644 --- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java +++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java @@ -37,6 +37,7 @@ import org.onap.aaf.auth.org.Executor; import org.onap.aaf.auth.org.Mailer; import org.onap.aaf.auth.org.Organization; import org.onap.aaf.auth.org.OrganizationException; +import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.util.FQI; import org.onap.aaf.misc.env.Env; @@ -46,11 +47,14 @@ public class DefaultOrg implements Organization { final String domain; final String atDomain; final String realm; + + private final String root_ns; private final String NAME; private final Set<String> supportedRealms; + public DefaultOrg(Env env, String realm) throws OrganizationException { this.realm = realm; @@ -59,6 +63,7 @@ public class DefaultOrg implements Organization { domain=FQI.reverseDomain(realm); atDomain = '@'+domain; NAME=env.getProperty(realm + ".name","Default Organization"); + root_ns = env.getProperty(Config.AAF_ROOT_NS,Config.AAF_ROOT_NS_DEF); try { String defFile; @@ -492,6 +497,7 @@ public class DefaultOrg implements Organization { @Override public String validate(AuthzTrans trans, Policy policy, Executor executor, String... vars) throws OrganizationException { + String user; switch(policy) { case OWNS_MECHID: case CREATE_MECHID: @@ -517,6 +523,12 @@ public class DefaultOrg implements Organization { case CREATE_MECHID_BY_PERM_ONLY: return getName() + " only allows sponsors to create MechIDs"; + case MAY_EXTEND_CRED_EXPIRES: + // If parm, use it, otherwise, trans + user = vars.length>1?vars[1]:trans.user(); + return executor.hasPermission(user, root_ns,"password", root_ns , "extend") + ?null:user + " does not have permission to extend passwords at " + getName(); + default: return policy.name() + " is unsupported at " + getName(); } @@ -592,7 +604,7 @@ public class DefaultOrg implements Organization { } } - return mailer.sendEmail(trans,dryRun,to,cc,subject,body,urgent)?0:1; + return mailer.sendEmail(trans,dryRun?"DefaultOrg":null,to,cc,subject,body,urgent)?0:1; } else { return 0; } |