diff options
Diffstat (limited to 'auth/auth-service')
3 files changed, 16 insertions, 10 deletions
diff --git a/auth/auth-service/pom.xml b/auth/auth-service/pom.xml index 63585f94..9f9ca869 100644 --- a/auth/auth-service/pom.xml +++ b/auth/auth-service/pom.xml @@ -17,7 +17,7 @@ <parent> <groupId>org.onap.aaf.authz</groupId> <artifactId>authparent</artifactId> - <version>2.1.16-SNAPSHOT</version> + <version>2.1.17-SNAPSHOT</version> <relativePath>../pom.xml</relativePath> </parent> diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java index 2431e0eb..67410305 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java @@ -2346,10 +2346,11 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } switch(action) { case DELETE: + String why; if(ques.isOwner(trans, user,ns) || - ques.isAdmin(trans, user,ns) || - ques.isGranted(trans, user, ROOT_NS,"password",company,DELETE)) { - return Result.ok(); + ques.isAdmin(trans, user,ns) || + ques.isGranted(trans, user, ROOT_NS,"password",company,DELETE)) { + return Result.ok(); } break; case RESET: @@ -2509,13 +2510,16 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE try { if (firstID) { // OK, it's a first ID, and not by NS Owner - if(!ques.isOwner(trans,trans.user(),cdd.ns)) { + String user = trans.user(); + if(!ques.isOwner(trans,user,cdd.ns)) { // Admins are not allowed to set first Cred, but Org has already // said entity MAY create, typically by Permission // We can't know which reason they are allowed here, so we // have to assume that any with Special Permission would not be // an Admin. - if(ques.isAdmin(trans, trans.user(), cdd.ns)) { + String domain = org.supportedDomain(user); + if((domain!=null && !ques.isGranted(trans, user, ROOT_NS, "mechid", domain, Question.CREATE)) && + ques.isAdmin(trans, user, cdd.ns)) { return Result.err(Result.ERR_Denied, "Only Owners may create first passwords in their Namespace. Admins may modify after one exists" ); } else { @@ -3900,6 +3904,10 @@ public class AuthzCassServiceImpl <NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE } final DelegateDAO.Data dd = rd.value; + + if(dd.user.contentEquals(dd.delegate) && !trans.requested(force)) { + return Result.err(Status.ERR_InvalidDelegate,dd.user + " cannot delegate to self"); + } Result<List<DelegateDAO.Data>> ddr = ques.delegateDAO().read(trans, dd); if (access==Access.create && ddr.isOKhasData()) { diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java index 60b76ea2..4a299e7e 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java @@ -135,7 +135,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE (nssDF = env.newDataFactory(service.mapper().getClass(API.NSS))).in(dataType).out(dataType); (permRequestDF = env.newDataFactory(service.mapper().getClass(API.PERM_REQ))).in(dataType).out(dataType); (permsDF = env.newDataFactory(service.mapper().getClass(API.PERMS))).in(dataType).out(dataType); -// (permKeyDF = env.newDataFactory(service.mapper().getClass(API.PERM_KEY))).in(dataType).out(dataType); + (roleDF = env.newDataFactory(service.mapper().getClass(API.ROLES))).in(dataType).out(dataType); (roleRequestDF = env.newDataFactory(service.mapper().getClass(API.ROLE_REQ))).in(dataType).out(dataType); (usersDF = env.newDataFactory(service.mapper().getClass(API.USERS))).in(dataType).out(dataType); @@ -174,7 +174,7 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE if (result.variables==null || result.variables.length<1) { detail = new String[1]; } else { - List<String> dlist = new ArrayList<String>(); + List<String> dlist = new ArrayList<>(); dlist.add(null); String os; for(Object s : result.variables) { @@ -185,8 +185,6 @@ public abstract class AuthzFacadeImpl<NSS,PERMS,PERMKEY,ROLES,USERS,USERROLES,DE detail = new String[dlist.size()]; dlist.toArray(detail); } - //int httpstatus; - switch(result.status) { case ERR_ActionNotCompleted: msgId = "SVC1202"; |