diff options
Diffstat (limited to 'auth/auth-service/src')
-rw-r--r-- | auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java | 45 | ||||
-rw-r--r-- | auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java | 12 |
2 files changed, 42 insertions, 15 deletions
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java index 1d201f9a..8fc2ad52 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java @@ -826,7 +826,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE rdd.ns = pdd.ns; rdd.name = "user"; - pdd.roles(true).add(rdd.encode()); + pdd.roles(true).add(rdd.fullName()); Result<PermDAO.Data> rpdd = permDAO.create(trans, pdd); if(rpdd.notOK()) { return Result.err(rpdd); @@ -3087,7 +3087,7 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE final UserRoleDAO.Data userRole = urr.value; final ServiceValidator v = new ServiceValidator(); - if (v.user_role(userRole).err() || + if (v.user_role(trans.user(),userRole).err() || v.user(trans.org(), userRole.user).err()) { return Result.err(Status.ERR_BadData,v.errs()); } @@ -3103,6 +3103,9 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE private Result<NsDAO.Data> nsd; @Override public Result<?> mayChange() { + if(urr.value.role.startsWith(urr.value.user)) { + return Result.ok((NsDAO.Data)null); + } if (nsd==null) { RoleDAO.Data r = RoleDAO.Data.decode(userRole); nsd = ques.mayUser(trans, trans.user(), r, Access.write); @@ -3110,15 +3113,24 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE return nsd; } }); - Result<NsDAO.Data> nsr = ques.deriveNs(trans, userRole.role); - if (nsr.notOKorIsEmpty()) { - return Result.err(nsr); + + NsDAO.Data ndd; + if(userRole.role.startsWith(userRole.user)) { + userRole.ns=userRole.user; + userRole.rname="user"; + ndd = null; + } else { + Result<NsDAO.Data> nsr = ques.deriveNs(trans, userRole.role); + if (nsr.notOK()) { + return Result.err(nsr); + } + ndd = nsr.value; } switch(fd.status) { case OK: Result<String> rfc = func.createFuture(trans, fd.value, userRole.user+'|'+userRole.ns + '.' + userRole.rname, - userRole.user, nsr.value, FUTURE_OP.C); + userRole.user, ndd, FUTURE_OP.C); if (rfc.isOK()) { return Result.err(Status.ACC_Future, "UserRole [%s - %s.%s] is saved for future processing", userRole.user, @@ -3658,16 +3670,21 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } // May user see Namespace of Permission (since it's only one piece... we can't check for "is permission part of") - Result<NsDAO.Data> rnd = ques.deriveNs(trans,type); - if (rnd.notOK()) { - return Result.err(rnd); + Result<List<HistoryDAO.Data>> resp; + if(type.startsWith(trans.user())) { + resp = ques.historyDAO().readBySubject(trans, type, "perm", yyyymm); + } else { + Result<NsDAO.Data> rnd = ques.deriveNs(trans,type); + if (rnd.notOK()) { + return Result.err(rnd); + } + rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read); + if (rnd.notOK()) { + return Result.err(rnd); + } + resp = ques.historyDAO().readBySubject(trans, type, "perm", yyyymm); } - rnd = ques.mayUser(trans, trans.user(), rnd.value, Access.read); - if (rnd.notOK()) { - return Result.err(rnd); - } - Result<List<HistoryDAO.Data>> resp = ques.historyDAO().readBySubject(trans, type, "perm", yyyymm); if (resp.notOK()) { return Result.err(resp); } diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java index fb7556ed..df8bde8b 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java @@ -86,7 +86,7 @@ public class ServiceValidator extends Validator { } return this; } - + public ServiceValidator role(RoleDAO.Data pd) { if (pd==null) { msg("Role Data is null."); @@ -219,6 +219,16 @@ public class ServiceValidator extends Validator { return this; } + public ServiceValidator user_role(String user, UserRoleDAO.Data urdd) { + role(user,urdd.role); + if(!urdd.role.startsWith(user)) { + nullOrBlank("UserRole.ns",urdd.ns); + nullOrBlank("UserRole.rname",urdd.rname); + } + return this; + } + + public ServiceValidator user_role(UserRoleDAO.Data urdd) { if (urdd==null) { msg("UserRole is null"); |