summaryrefslogtreecommitdiffstats
path: root/auth/auth-service/src
diff options
context:
space:
mode:
Diffstat (limited to 'auth/auth-service/src')
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java45
-rw-r--r--auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java12
2 files changed, 42 insertions, 15 deletions
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
index 1d201f9a..8fc2ad52 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
@@ -826,7 +826,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
rdd.ns = pdd.ns;
rdd.name = "user";
- pdd.roles(true).add(rdd.encode());
+ pdd.roles(true).add(rdd.fullName());
Result<PermDAO.Data> rpdd = permDAO.create(trans, pdd);
if(rpdd.notOK()) {
return Result.err(rpdd);
@@ -3087,7 +3087,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
final UserRoleDAO.Data userRole = urr.value;
final ServiceValidator v = new ServiceValidator();
- if (v.user_role(userRole).err() ||
+ if (v.user_role(trans.user(),userRole).err() ||
v.user(trans.org(), userRole.user).err()) {
return Result.err(Status.ERR_BadData,v.errs());
}
@@ -3103,6 +3103,9 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
private Result<NsDAO.Data> nsd;
@Override
public Result<?> mayChange() {
+ if(urr.value.role.startsWith(urr.value.user)) {
+ return Result.ok((NsDAO.Data)null);
+ }
if (nsd==null) {
RoleDAO.Data r = RoleDAO.Data.decode(userRole);
nsd = ques.mayUser(trans, trans.user(), r, Access.write);
@@ -3110,15 +3113,24 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
return nsd;
}
});
- Result<NsDAO.Data> nsr = ques.deriveNs(trans, userRole.role);
- if (nsr.notOKorIsEmpty()) {
- return Result.err(nsr);
+
+ NsDAO.Data ndd;
+ if(userRole.role.startsWith(userRole.user)) {
+ userRole.ns=userRole.user;
+ userRole.rname="user";
+ ndd = null;
+ } else {
+ Result<NsDAO.Data> nsr = ques.deriveNs(trans, userRole.role);
+ if (nsr.notOK()) {
+ return Result.err(nsr);
+ }
+ ndd = nsr.value;
}
switch(fd.status) {
case OK:
Result<String> rfc = func.createFuture(trans, fd.value, userRole.user+'|'+userRole.ns + '.' + userRole.rname,
- userRole.user, nsr.value, FUTURE_OP.C);
+ userRole.user, ndd, FUTURE_OP.C);
if (rfc.isOK()) {
return Result.err(Status.ACC_Future, "UserRole [%s - %s.%s] is saved for future processing",
userRole.user,
@@ -3658,16 +3670,21 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE
}
// May user see Namespace of Permission (since it's only one piece... we can't check for "is permission part of")
- Result<NsDAO.Data> rnd = ques.deriveNs(trans,type);
- if (rnd.notOK()) {
- return Result.err(rnd);
+ Result<List<HistoryDAO.Data>> resp;
+ if(type.startsWith(trans.user())) {
+ resp = ques.historyDAO().readBySubject(trans, type, "perm", yyyymm);
+ } else {
+ Result<NsDAO.Data> rnd = ques.deriveNs(trans,type);
+ if (rnd.notOK()) {
+ return Result.err(rnd);
+ }
+ rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);
+ if (rnd.notOK()) {
+ return Result.err(rnd);
+ }
+ resp = ques.historyDAO().readBySubject(trans, type, "perm", yyyymm);
}
- rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read);
- if (rnd.notOK()) {
- return Result.err(rnd);
- }
- Result<List<HistoryDAO.Data>> resp = ques.historyDAO().readBySubject(trans, type, "perm", yyyymm);
if (resp.notOK()) {
return Result.err(resp);
}
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java
index fb7556ed..df8bde8b 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java
@@ -86,7 +86,7 @@ public class ServiceValidator extends Validator {
}
return this;
}
-
+
public ServiceValidator role(RoleDAO.Data pd) {
if (pd==null) {
msg("Role Data is null.");
@@ -219,6 +219,16 @@ public class ServiceValidator extends Validator {
return this;
}
+ public ServiceValidator user_role(String user, UserRoleDAO.Data urdd) {
+ role(user,urdd.role);
+ if(!urdd.role.startsWith(user)) {
+ nullOrBlank("UserRole.ns",urdd.ns);
+ nullOrBlank("UserRole.rname",urdd.rname);
+ }
+ return this;
+ }
+
+
public ServiceValidator user_role(UserRoleDAO.Data urdd) {
if (urdd==null) {
msg("UserRole is null");