summaryrefslogtreecommitdiffstats
path: root/auth
diff options
context:
space:
mode:
Diffstat (limited to 'auth')
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/ApprovalSet.java29
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java20
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java17
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyBody.java8
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyURBody.java13
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Approvals.java11
-rw-r--r--auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/Display.java18
-rw-r--r--auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/ApprovalForm.java18
-rw-r--r--auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PendingRequestsShow.java102
-rw-r--r--auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RequestDetail.java18
10 files changed, 160 insertions, 94 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/ApprovalSet.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/ApprovalSet.java
index 500906d0..005397b2 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/ApprovalSet.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/ApprovalSet.java
@@ -76,20 +76,25 @@ public class ApprovalSet {
public Result<Void> write(AuthzTrans trans) {
StringBuilder errs = null;
- Result<FutureDAO.Data> rf = dataview.insert(trans, fdd);
- if(rf.notOK()) {
- errs = new StringBuilder();
- errs.append(rf.errorString());
+ if(ladd == null || ladd.isEmpty()) {
+ errs = new StringBuilder("No Approvers for ");
+ errs .append(fdd.memo);
} else {
- for(ApprovalDAO.Data add : ladd) {
- Result<ApprovalDAO.Data> af = dataview.insert(trans, add);
- if(af.notOK()) {
- if(errs==null) {
- errs = new StringBuilder();
- } else {
- errs.append('\n');
+ Result<FutureDAO.Data> rf = dataview.insert(trans, fdd);
+ if(rf.notOK()) {
+ errs = new StringBuilder();
+ errs.append(rf.errorString());
+ } else {
+ for(ApprovalDAO.Data add : ladd) {
+ Result<ApprovalDAO.Data> af = dataview.insert(trans, add);
+ if(af.notOK()) {
+ if(errs==null) {
+ errs = new StringBuilder();
+ } else {
+ errs.append('\n');
+ }
+ errs.append(af.errorString());
}
- errs.append(af.errorString());
}
}
}
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java
index d9e9e11e..d0b30c7c 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java
@@ -77,7 +77,7 @@ public class Analyze extends Batch {
private static final int approved=2;
- private static final String APPROVALS = "Approvals";
+ public static final String NEED_APPROVALS = "NeedApprovals";
private static final String EXTEND = "Extend";
private static final String EXPIRED_OWNERS = "ExpiredOwners";
private static final String CSV = ".csv";
@@ -87,7 +87,7 @@ public class Analyze extends Batch {
private ExpireRange expireRange;
private Date deleteDate;
private CSV.Writer deleteCW;
- private CSV.Writer approveCW;
+ private CSV.Writer needApproveCW;
private CSV.Writer extendCW;
private Range futureRange;
private final String sdate;
@@ -134,11 +134,11 @@ public class Analyze extends Batch {
// Setup New Approvals file
futureRange = ExpireRange.newFutureRange();
- File file = new File(logDir(),APPROVALS + sdate +CSV);
+ File file = new File(logDir(),NEED_APPROVALS + sdate +CSV);
CSV approveCSV = new CSV(env.access(),file);
- approveCW = approveCSV.writer();
- approveCW.row(INFO,APPROVALS,sdate,1);
- writerList.put(APPROVALS,approveCW);
+ needApproveCW = approveCSV.writer();
+ needApproveCW.row(INFO,NEED_APPROVALS,sdate,1);
+ writerList.put(NEED_APPROVALS,needApproveCW);
// Setup Extend Approvals file
file = new File(logDir(),EXTEND + sdate +CSV);
@@ -318,7 +318,7 @@ public class Analyze extends Batch {
if(p.newApprovals()
|| p.earliest() == null
|| p.earliest().after(remind)) {
- p.row(approveCW,es.getKey());
+ p.row(needApproveCW,es.getKey());
}
}
} finally {
@@ -384,7 +384,7 @@ public class Analyze extends Batch {
if(r!=null) {
Approval existing = findApproval(ur);
if(existing==null) {
- ur.row(approveCW,UserRole.APPROVE_UR);
+ ur.row(needApproveCW,UserRole.APPROVE_UR);
}
}
}
@@ -427,14 +427,14 @@ public class Analyze extends Batch {
if(r!=null) {
Approval existing = findApproval(ur);
if(existing==null) {
- ur.row(approveCW,UserRole.APPROVE_UR);
+ ur.row(needApproveCW,UserRole.APPROVE_UR);
}
}
} else {
expOwner.row("owner",ur.role(), ur.user(), Chrono.dateOnlyStamp(ur.expires()));
Approval existing = findApproval(ur);
if(existing==null) {
- ur.row(approveCW,UserRole.APPROVE_UR);
+ ur.row(needApproveCW,UserRole.APPROVE_UR);
}
}
}
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java
index f4f3fda5..5a0b70a1 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java
@@ -209,7 +209,8 @@ import org.onap.aaf.misc.env.util.Chrono;
// now create Notification
for(NotifyBody nb : NotifyBody.getAll()) {
- notify(noAvg, nb);
+ int count = notify(noAvg, nb);
+ trans.info().printf("Emailed %d for %s",count,nb.name());
}
//
@@ -294,16 +295,15 @@ import org.onap.aaf.misc.env.util.Chrono;
// Update
cbl.preLoop();
lastN.update(cbl.inc(),es.getKey(),"pending","");
+ npab.inc();
}
}
}
} finally {
cbl.flush();
tt.done();
+ trans.info().printf("Notified %d persons of Pending Approvals", npab.count());
}
- trans.info().printf("Created %d Notifications", count.get());
-
-
} catch (APIException | IOException e1) {
trans.error().log(e1);
@@ -314,17 +314,15 @@ import org.onap.aaf.misc.env.util.Chrono;
}
}
- public int notify(AuthzTrans trans, NotifyBody nb) {
+ private int notify(AuthzTrans trans, NotifyBody nb) {
List<String> toList = new ArrayList<>();
List<String> ccList = new ArrayList<>();
String run = nb.type()+nb.name();
String test = dryRun?run:null;
- String last = null;
ONE_EMAIL:
for(String id : nb.users()) {
- last = id;
toList.clear();
ccList.clear();
try {
@@ -380,11 +378,6 @@ import org.onap.aaf.misc.env.util.Chrono;
trans.error().log(e);
}
}
- if(nb.count()<=1) {
- trans.info().printf("Notified %s for %s",last,run);
- } else {
- trans.info().printf("Emailed %d for %s",nb.count(),run);
- }
return nb.count();
}
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyBody.java
index bf20eb41..82c1f2cc 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyBody.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyBody.java
@@ -39,7 +39,6 @@ import java.util.TreeMap;
import org.onap.aaf.auth.batch.reports.Notify;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.cadi.Access;
-import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.misc.env.APIException;
public abstract class NotifyBody {
@@ -47,9 +46,11 @@ public abstract class NotifyBody {
private static final Map<String,NotifyBody> bodyMap = new HashMap<>();
protected Map<String,List<List<String>>> rows;
+ protected final String env;
+ protected final String gui_url;
+
private final String name;
private final String type;
- protected final String env;
private String date;
private int escalation;
private int count;
@@ -61,7 +62,8 @@ public abstract class NotifyBody {
date="";
escalation = 1;
count = 0;
- env = access.getProperty(Config.AAF_ENV,"DEVL");
+ env = access.getProperty("CASS_ENV","DEVL");
+ gui_url = access.getProperty("GUI_URL", "");
}
public void store(List<String> row) {
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyURBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyURBody.java
index 5e051e00..6f85d1bf 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyURBody.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyURBody.java
@@ -38,9 +38,10 @@ public abstract class NotifyURBody extends NotifyBody {
super(access,"ur",name);
// Default
- explanation = "The Roles for the IDs listed will expire on the dates shown. If "
- + "allowed to expire, the ID will no longer authorized in that role.<br><br>"
- + "If the ID is for a current <b><i>Application</i></b>, this <b><i>WILL</i></b> cause an outage.";
+ explanation = "The Roles for the IDs associated with you will expire on the dates shown. If "
+ + "allowed to expire, the ID will no longer authorized in that role on that date.<br><br>"
+ + "It is the responsibility of the Designated Approvers to approve, but you can monitor "
+ + "their progress by clicking the ID Link.";
}
@Override
@@ -83,8 +84,10 @@ public abstract class NotifyURBody extends NotifyBody {
println(sb,indent,"<tr>");
indent+=2;
name = printCell(sb,indent,fullname,name);
- fqi = printCell(sb,indent,row.get(1),fqi);
- printCell(sb,indent,row.get(2)+'.'+row.get(3));
+ String rid = row.get(1);
+ String fqiCell = "<a href=\"" + gui_url + "/myrequests\">" + rid + "</a>";
+ fqi = printCell(sb,indent,fqiCell,fqi);
+ printCell(sb,indent,row.get(2));
Date expires = new Date(Long.parseLong(row.get(6)));
printCell(sb,indent,Chrono.niceUTCStamp(expires));
indent-=2;
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Approvals.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Approvals.java
index f307ddf1..57def168 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Approvals.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Approvals.java
@@ -40,6 +40,7 @@ import org.onap.aaf.auth.batch.helpers.BatchDataView;
import org.onap.aaf.auth.batch.helpers.NS;
import org.onap.aaf.auth.batch.helpers.Role;
import org.onap.aaf.auth.batch.helpers.UserRole;
+import org.onap.aaf.auth.batch.reports.Analyze;
import org.onap.aaf.auth.dao.cass.UserRoleDAO;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.layer.Result;
@@ -87,7 +88,7 @@ public class Approvals extends Batch {
}
}
} else {
- f = new File(logDir(), "Approvals"+Chrono.dateOnlyStamp()+".csv");
+ f = new File(logDir(), Analyze.NEED_APPROVALS+Chrono.dateOnlyStamp()+".csv");
if(f.exists()) {
csvList.add(new CSV(env.access(),f).processAll());
} else {
@@ -109,10 +110,10 @@ public class Approvals extends Batch {
Pending p = Pending.create();
Holder<Integer> count = new Holder<>(0);
- for(CSV approveCSV : csvList) {
- TimeTaken tt = trans.start("Processing %s's UserRoles",Trans.SUB,approveCSV.name());
+ for(CSV neeedApproveCSV : csvList) {
+ TimeTaken tt = trans.start("Processing %s's UserRoles",Trans.SUB,neeedApproveCSV.name());
try {
- approveCSV.visit(row -> {
+ neeedApproveCSV.visit(row -> {
switch(row.get(0)) {
case UserRole.APPROVE_UR:
UserRoleDAO.Data urdd = UserRole.row(row);
@@ -151,7 +152,7 @@ public class Approvals extends Batch {
}
trans.info().printf("Processed %d UserRoles", count.get());
- tt = trans.start("Processing %s's UserRoles",Trans.SUB,approveCSV.name());
+ tt = trans.start("Writing Approvals to %s",Trans.SUB,neeedApproveCSV.name());
int cnt = 0;
try {
for(Entry<String, Pending> es : mpending.entrySet()) {
diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/Display.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/Display.java
index c25d6641..de1a8461 100644
--- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/Display.java
+++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/Display.java
@@ -26,10 +26,12 @@ import java.util.Enumeration;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.onap.aaf.auth.common.Define;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.rserv.HttpCode;
import org.onap.aaf.auth.rserv.HttpMethods;
import org.onap.aaf.misc.env.Slot;
+import org.onap.aaf.misc.xgen.html.HTMLGen;
public class Display {
private final Page get;
@@ -98,7 +100,9 @@ public class Display {
for (int i=0; i<slots.length;++i) {
int idx = fields[i].indexOf("[]");
if (idx<0) { // single value
- trans.put(slots[i], req.getParameter(fields[i]));
+ if(asUser(trans, req,fields[i])) {
+ trans.put(slots[i], req.getParameter(fields[i]));
+ }
} else { // multi value
String[] array = new String[30];
String field=fields[i].substring(0, idx);
@@ -125,7 +129,17 @@ public class Display {
page.replay(context,trans,resp.getOutputStream(),"general");
}
- @Override
+ /**
+ * When the field is "as_user", make sure permission is granted
+ */
+ private boolean asUser(AuthzTrans trans, HttpServletRequest req, String field) {
+ if("as_user".equals(field)) {
+ return req.isUserInRole(Define.ROOT_NS()+"|access|*|*");
+ }
+ return true;
+ }
+
+ @Override
public boolean no_cache() {
return no_cache;
}
diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/ApprovalForm.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/ApprovalForm.java
index 0c984e4d..e047a22a 100644
--- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/ApprovalForm.java
+++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/ApprovalForm.java
@@ -66,7 +66,7 @@ public class ApprovalForm extends Page {
// Package on purpose
static final String NAME="Approvals";
static final String HREF = "/gui/approve";
- static final String[] FIELDS = new String[] {"line[]","user","delegate_of"};
+ static final String[] FIELDS = new String[] {"line[]","user","delegate_of","as_user"};
public ApprovalForm(final AAF_GUI gui, final Page ... breadcrumbs) throws APIException, IOException {
@@ -121,10 +121,12 @@ public class ApprovalForm extends Page {
private static final String[] headers = new String[] {"Identity","Request","Approve","Deny"};
private Slot sUser;
private Slot sAsDelegate;
+ private Slot sAsUser;
public Model(AuthzEnv env) {
sUser = env.slot(NAME+".user");
sAsDelegate = env.slot(NAME+".delegate_of");
+ sAsUser = env.slot(NAME + ".as_user");
}
@Override
@@ -135,7 +137,15 @@ public class ApprovalForm extends Page {
@Override
public Cells get(final AuthzTrans trans, final AAF_GUI gui) {
final String userParam = trans.get(sUser, null);
- final String asDelegate = trans.get(sAsDelegate, trans.user());
+
+ final String asDelegate = trans.get(sAsDelegate, null);
+ final String approver;
+ if(asDelegate==null) {
+ approver = trans.get(sAsUser,trans.user());
+ } else {
+ approver = asDelegate;
+ }
+
ArrayList<AbsCell[]> rv = new ArrayList<>();
String msg = null;
TimeTaken tt = trans.start("AAF Get Approvals for Approver",Env.REMOTE);
@@ -145,7 +155,7 @@ public class ApprovalForm extends Page {
int numLeft = gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Integer>() {
@Override
public Integer code(Rcli<?> client) throws CadiException, ConnectException, APIException {
- Future<Approvals> fa = client.read("/authz/approval/approver/"+asDelegate,gui.getDF(Approvals.class));
+ Future<Approvals> fa = client.read("/authz/approval/approver/"+approver,gui.getDF(Approvals.class));
int numLeft = 0;
if (fa.get(AAF_GUI.TIMEOUT)) {
@@ -266,7 +276,6 @@ public class ApprovalForm extends Page {
userCell = new TextToolTipCell(user,title);
}
}
- prevUser=user;
// userCell = new RefCell(prevUser,
// TODO_ILM_INFO+user.substring(0, user.length()-domainOfApprover.length()),
// true,
@@ -275,6 +284,7 @@ public class ApprovalForm extends Page {
} else {
userCell = new TextCell(prevUser==null?user:prevUser);
}
+ prevUser=user;
AbsCell[] sa = new AbsCell[] {
userCell,
new TextCell(appr.getMemo()),
diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PendingRequestsShow.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PendingRequestsShow.java
index 22c3fd4d..41711db2 100644
--- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PendingRequestsShow.java
+++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PendingRequestsShow.java
@@ -30,6 +30,7 @@ import java.util.Comparator;
import java.util.List;
import java.util.UUID;
+import org.onap.aaf.auth.env.AuthzEnv;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.gui.AAF_GUI;
import org.onap.aaf.auth.gui.BreadCrumbs;
@@ -47,6 +48,7 @@ import org.onap.aaf.cadi.client.Rcli;
import org.onap.aaf.cadi.client.Retryable;
import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.Env;
+import org.onap.aaf.misc.env.Slot;
import org.onap.aaf.misc.env.TimeTaken;
import org.onap.aaf.misc.xgen.Cache;
import org.onap.aaf.misc.xgen.DynamicCode;
@@ -59,48 +61,65 @@ public class PendingRequestsShow extends Page {
public static final String HREF = "/gui/myrequests";
public static final String NAME = "MyRequests";
static final String WEBPHONE = "http://webphone.att.com/cgi-bin/webphones.pl?id=";
+ static final String[] FIELDS = new String[] {"as_user"}; // as_user Checked in Display
+ private static final String AS_USER=NAME+".as_user";
public PendingRequestsShow(final AAF_GUI gui, final Page ... breadcrumbs) throws APIException, IOException {
- super(gui.env, NAME,HREF, NO_FIELDS,
+ super(gui.env, NAME,HREF, FIELDS,
new BreadCrumbs(breadcrumbs),
- new NamedCode(true,"expedite") {
- @Override
- public void code(final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException {
- cache.dynamic(hgen, new DynamicCode<HTMLGen, AAF_GUI, AuthzTrans>() {
- @Override
- public void code(final AAF_GUI gui, final AuthzTrans trans, final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException {
- hgen
- .leaf("p", "class=expedite_request").text("These are your submitted Requests that are awaiting Approval. ")
- .br()
- .text("To Expedite a Request: ")
- .leaf("a","href=#expedite_directions","onclick=divVisibility('expedite_directions');")
- .text("Click Here").end()
- .divID("expedite_directions", "style=display:none");
- hgen
- .incr(HTMLGen.OL)
- .incr(HTMLGen.LI)
- .leaf("a","href="+ApprovalForm.HREF+"?user="+trans.user(), "id=userApprove")
- .text("Copy This Link")
- .end()
- .end()
- .incr(HTMLGen.LI)
- .text("Send it to the Approver Listed")
- .end()
- .end()
- .text("NOTE: Using this link, the Approver will only see your requests. You only need to send this link once!")
- .end()
- .end();
- }
- });
- }
- },
- new Table<AAF_GUI,AuthzTrans>("Pending Requests",gui.env.newTransNoAvg(),new Model(), "class=std")
+ new TopOfPage(gui.env,true, "expedite"),
+ new Table<AAF_GUI,AuthzTrans>("Pending Requests",gui.env.newTransNoAvg(),new Model(gui.env), "class=std")
);
-
-
}
- /**
+ private static final class TopOfPage extends NamedCode {
+ private Slot sAsUser;
+
+ private TopOfPage(AuthzEnv env, boolean no_cache, String name) {
+ super(no_cache, name);
+ sAsUser = env.slot(AS_USER);
+ }
+
+ @Override
+ public void code(final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException {
+ cache.dynamic(hgen, new DynamicCode<HTMLGen, AAF_GUI, AuthzTrans>() {
+ @Override
+ public void code(final AAF_GUI gui, final AuthzTrans trans, final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException {
+ String user = trans.get(sAsUser,null);
+ if(user==null) {
+ user=trans.user();
+ } else {
+ hgen.incr(HTMLGen.H3,"class=center").text("Displaying for " + user).end();
+ }
+
+ hgen
+ .leaf(HTMLGen.P, "class=expedite_request").text("These are your submitted Requests that are awaiting Approval. ")
+ .br()
+ .text("To Expedite a Request: ")
+ .leaf("a","href=#expedite_directions","onclick=divVisibility('expedite_directions');")
+ .text("Click Here").end()
+ .divID("expedite_directions", "style=display:none");
+
+ hgen
+ .incr(HTMLGen.OL)
+ .incr(HTMLGen.LI)
+ .leaf("a","href="+ApprovalForm.HREF+"?user="+user, "id=userApprove")
+ .text("Copy This Link")
+ .end()
+ .end()
+ .incr(HTMLGen.LI)
+ .text("Send it to the Approver Listed")
+ .end()
+ .end()
+ .text("NOTE: Using this link, the Approver will only see your requests. You only need to send this link once!")
+ .end()
+ .end();
+ }
+ });
+ }
+ }
+
+ /**
* Implement the Table Content for Requests by User
*
* @author Jeremiah
@@ -108,8 +127,13 @@ public class PendingRequestsShow extends Page {
*/
private static class Model extends TableData<AAF_GUI,AuthzTrans> {
final long NUM_100NS_INTERVALS_SINCE_UUID_EPOCH = 0x01b21dd213814000L;
+ private final Slot sAsUser;
private static final String[] headers = new String[] {"Request Date","Status","Memo","Approver"};
+ public Model(AuthzEnv env) {
+ sAsUser = env.slot(AS_USER);
+ }
+
@Override
public String[] headers() {
return headers;
@@ -122,9 +146,11 @@ public class PendingRequestsShow extends Page {
gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {
@Override
public Void code(Rcli<?> client)throws CadiException, ConnectException, APIException {
+ final String user = trans.get(sAsUser,trans.user());
+
TimeTaken tt = trans.start("AAF Get Approvals by User",Env.REMOTE);
try {
- Future<Approvals> fa = client.read("/authz/approval/user/"+trans.user(),gui.getDF(Approvals.class));
+ Future<Approvals> fa = client.read("/authz/approval/user/"+user,gui.getDF(Approvals.class));
if (fa.get(5000)) {
tt.done();
tt = trans.start("Load Data", Env.SUB);
@@ -142,7 +168,7 @@ public class PendingRequestsShow extends Page {
String prevTicket = null;
for (Approval a : approvals) {
String approver = a.getApprover();
- String approverShort = approver.substring(0,approver.indexOf('@'));
+// String approverShort = approver.substring(0,approver.indexOf('@'));
AbsCell tsCell = null;
String ticket = a.getTicket();
diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RequestDetail.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RequestDetail.java
index 090b6e3c..8628d4be 100644
--- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RequestDetail.java
+++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RequestDetail.java
@@ -28,6 +28,9 @@ import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.UUID;
+import javax.servlet.http.HttpServletRequest;
+
+import org.onap.aaf.auth.common.Define;
import org.onap.aaf.auth.env.AuthzEnv;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.gui.AAF_GUI;
@@ -94,9 +97,18 @@ public class RequestDetail extends Page {
);
if (fa.get(AAF_GUI.TIMEOUT)) {
- if (!trans.user().equals(fa.value.getApprovals().get(0).getUser())) {
- return Cells.EMPTY;
- }
+ Approval app = fa.value.getApprovals().get(0);
+ if(app==null) {
+ return Cells.EMPTY;
+ } else {
+ if (!(trans.user().equals(app.getUser()) ||
+ trans.user().equals(app.getApprover()))) {
+ HttpServletRequest req = trans.get(gui.slot_httpServletRequest,null);
+ if(req==null || !req.isUserInRole(Define.ROOT_NS()+"|access|*|*")) {
+ return Cells.EMPTY;
+ }
+ }
+ }
tt.done();
tt = trans.start("Load Data", Env.SUB);
boolean first = true;