summaryrefslogtreecommitdiffstats
path: root/auth/auth-deforg
diff options
context:
space:
mode:
Diffstat (limited to 'auth/auth-deforg')
-rw-r--r--auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java14
1 files changed, 13 insertions, 1 deletions
diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
index f1932a26..107141bc 100644
--- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
+++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
@@ -37,6 +37,7 @@ import org.onap.aaf.auth.org.Executor;
import org.onap.aaf.auth.org.Mailer;
import org.onap.aaf.auth.org.Organization;
import org.onap.aaf.auth.org.OrganizationException;
+import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.util.FQI;
import org.onap.aaf.misc.env.Env;
@@ -46,11 +47,14 @@ public class DefaultOrg implements Organization {
final String domain;
final String atDomain;
final String realm;
+
+ private final String root_ns;
private final String NAME;
private final Set<String> supportedRealms;
+
public DefaultOrg(Env env, String realm) throws OrganizationException {
this.realm = realm;
@@ -59,6 +63,7 @@ public class DefaultOrg implements Organization {
domain=FQI.reverseDomain(realm);
atDomain = '@'+domain;
NAME=env.getProperty(realm + ".name","Default Organization");
+ root_ns = env.getProperty(Config.AAF_ROOT_NS,Config.AAF_ROOT_NS_DEF);
try {
String defFile;
@@ -492,6 +497,7 @@ public class DefaultOrg implements Organization {
@Override
public String validate(AuthzTrans trans, Policy policy, Executor executor, String... vars) throws OrganizationException {
+ String user;
switch(policy) {
case OWNS_MECHID:
case CREATE_MECHID:
@@ -517,6 +523,12 @@ public class DefaultOrg implements Organization {
case CREATE_MECHID_BY_PERM_ONLY:
return getName() + " only allows sponsors to create MechIDs";
+ case MAY_EXTEND_CRED_EXPIRES:
+ // If parm, use it, otherwise, trans
+ user = vars.length>1?vars[1]:trans.user();
+ return executor.hasPermission(user, root_ns,"password", root_ns , "extend")
+ ?null:user + " does not have permission to extend passwords at " + getName();
+
default:
return policy.name() + " is unsupported at " + getName();
}
@@ -592,7 +604,7 @@ public class DefaultOrg implements Organization {
}
}
- return mailer.sendEmail(trans,dryRun,to,cc,subject,body,urgent)?0:1;
+ return mailer.sendEmail(trans,dryRun?"DefaultOrg":null,to,cc,subject,body,urgent)?0:1;
} else {
return 0;
}