diff options
Diffstat (limited to 'auth')
10 files changed, 160 insertions, 94 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/ApprovalSet.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/ApprovalSet.java index 500906d0..005397b2 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/ApprovalSet.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/ApprovalSet.java @@ -76,20 +76,25 @@ public class ApprovalSet { public Result<Void> write(AuthzTrans trans) { StringBuilder errs = null; - Result<FutureDAO.Data> rf = dataview.insert(trans, fdd); - if(rf.notOK()) { - errs = new StringBuilder(); - errs.append(rf.errorString()); + if(ladd == null || ladd.isEmpty()) { + errs = new StringBuilder("No Approvers for "); + errs .append(fdd.memo); } else { - for(ApprovalDAO.Data add : ladd) { - Result<ApprovalDAO.Data> af = dataview.insert(trans, add); - if(af.notOK()) { - if(errs==null) { - errs = new StringBuilder(); - } else { - errs.append('\n'); + Result<FutureDAO.Data> rf = dataview.insert(trans, fdd); + if(rf.notOK()) { + errs = new StringBuilder(); + errs.append(rf.errorString()); + } else { + for(ApprovalDAO.Data add : ladd) { + Result<ApprovalDAO.Data> af = dataview.insert(trans, add); + if(af.notOK()) { + if(errs==null) { + errs = new StringBuilder(); + } else { + errs.append('\n'); + } + errs.append(af.errorString()); } - errs.append(af.errorString()); } } } diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java index d9e9e11e..d0b30c7c 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java @@ -77,7 +77,7 @@ public class Analyze extends Batch { private static final int approved=2; - private static final String APPROVALS = "Approvals"; + public static final String NEED_APPROVALS = "NeedApprovals"; private static final String EXTEND = "Extend"; private static final String EXPIRED_OWNERS = "ExpiredOwners"; private static final String CSV = ".csv"; @@ -87,7 +87,7 @@ public class Analyze extends Batch { private ExpireRange expireRange; private Date deleteDate; private CSV.Writer deleteCW; - private CSV.Writer approveCW; + private CSV.Writer needApproveCW; private CSV.Writer extendCW; private Range futureRange; private final String sdate; @@ -134,11 +134,11 @@ public class Analyze extends Batch { // Setup New Approvals file futureRange = ExpireRange.newFutureRange(); - File file = new File(logDir(),APPROVALS + sdate +CSV); + File file = new File(logDir(),NEED_APPROVALS + sdate +CSV); CSV approveCSV = new CSV(env.access(),file); - approveCW = approveCSV.writer(); - approveCW.row(INFO,APPROVALS,sdate,1); - writerList.put(APPROVALS,approveCW); + needApproveCW = approveCSV.writer(); + needApproveCW.row(INFO,NEED_APPROVALS,sdate,1); + writerList.put(NEED_APPROVALS,needApproveCW); // Setup Extend Approvals file file = new File(logDir(),EXTEND + sdate +CSV); @@ -318,7 +318,7 @@ public class Analyze extends Batch { if(p.newApprovals() || p.earliest() == null || p.earliest().after(remind)) { - p.row(approveCW,es.getKey()); + p.row(needApproveCW,es.getKey()); } } } finally { @@ -384,7 +384,7 @@ public class Analyze extends Batch { if(r!=null) { Approval existing = findApproval(ur); if(existing==null) { - ur.row(approveCW,UserRole.APPROVE_UR); + ur.row(needApproveCW,UserRole.APPROVE_UR); } } } @@ -427,14 +427,14 @@ public class Analyze extends Batch { if(r!=null) { Approval existing = findApproval(ur); if(existing==null) { - ur.row(approveCW,UserRole.APPROVE_UR); + ur.row(needApproveCW,UserRole.APPROVE_UR); } } } else { expOwner.row("owner",ur.role(), ur.user(), Chrono.dateOnlyStamp(ur.expires())); Approval existing = findApproval(ur); if(existing==null) { - ur.row(approveCW,UserRole.APPROVE_UR); + ur.row(needApproveCW,UserRole.APPROVE_UR); } } } diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java index f4f3fda5..5a0b70a1 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java @@ -209,7 +209,8 @@ import org.onap.aaf.misc.env.util.Chrono; // now create Notification for(NotifyBody nb : NotifyBody.getAll()) { - notify(noAvg, nb); + int count = notify(noAvg, nb); + trans.info().printf("Emailed %d for %s",count,nb.name()); } // @@ -294,16 +295,15 @@ import org.onap.aaf.misc.env.util.Chrono; // Update cbl.preLoop(); lastN.update(cbl.inc(),es.getKey(),"pending",""); + npab.inc(); } } } } finally { cbl.flush(); tt.done(); + trans.info().printf("Notified %d persons of Pending Approvals", npab.count()); } - trans.info().printf("Created %d Notifications", count.get()); - - } catch (APIException | IOException e1) { trans.error().log(e1); @@ -314,17 +314,15 @@ import org.onap.aaf.misc.env.util.Chrono; } } - public int notify(AuthzTrans trans, NotifyBody nb) { + private int notify(AuthzTrans trans, NotifyBody nb) { List<String> toList = new ArrayList<>(); List<String> ccList = new ArrayList<>(); String run = nb.type()+nb.name(); String test = dryRun?run:null; - String last = null; ONE_EMAIL: for(String id : nb.users()) { - last = id; toList.clear(); ccList.clear(); try { @@ -380,11 +378,6 @@ import org.onap.aaf.misc.env.util.Chrono; trans.error().log(e); } } - if(nb.count()<=1) { - trans.info().printf("Notified %s for %s",last,run); - } else { - trans.info().printf("Emailed %d for %s",nb.count(),run); - } return nb.count(); } diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyBody.java index bf20eb41..82c1f2cc 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyBody.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyBody.java @@ -39,7 +39,6 @@ import java.util.TreeMap; import org.onap.aaf.auth.batch.reports.Notify; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.cadi.Access; -import org.onap.aaf.cadi.config.Config; import org.onap.aaf.misc.env.APIException; public abstract class NotifyBody { @@ -47,9 +46,11 @@ public abstract class NotifyBody { private static final Map<String,NotifyBody> bodyMap = new HashMap<>(); protected Map<String,List<List<String>>> rows; + protected final String env; + protected final String gui_url; + private final String name; private final String type; - protected final String env; private String date; private int escalation; private int count; @@ -61,7 +62,8 @@ public abstract class NotifyBody { date=""; escalation = 1; count = 0; - env = access.getProperty(Config.AAF_ENV,"DEVL"); + env = access.getProperty("CASS_ENV","DEVL"); + gui_url = access.getProperty("GUI_URL", ""); } public void store(List<String> row) { diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyURBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyURBody.java index 5e051e00..6f85d1bf 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyURBody.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyURBody.java @@ -38,9 +38,10 @@ public abstract class NotifyURBody extends NotifyBody { super(access,"ur",name); // Default - explanation = "The Roles for the IDs listed will expire on the dates shown. If " - + "allowed to expire, the ID will no longer authorized in that role.<br><br>" - + "If the ID is for a current <b><i>Application</i></b>, this <b><i>WILL</i></b> cause an outage."; + explanation = "The Roles for the IDs associated with you will expire on the dates shown. If " + + "allowed to expire, the ID will no longer authorized in that role on that date.<br><br>" + + "It is the responsibility of the Designated Approvers to approve, but you can monitor " + + "their progress by clicking the ID Link."; } @Override @@ -83,8 +84,10 @@ public abstract class NotifyURBody extends NotifyBody { println(sb,indent,"<tr>"); indent+=2; name = printCell(sb,indent,fullname,name); - fqi = printCell(sb,indent,row.get(1),fqi); - printCell(sb,indent,row.get(2)+'.'+row.get(3)); + String rid = row.get(1); + String fqiCell = "<a href=\"" + gui_url + "/myrequests\">" + rid + "</a>"; + fqi = printCell(sb,indent,fqiCell,fqi); + printCell(sb,indent,row.get(2)); Date expires = new Date(Long.parseLong(row.get(6))); printCell(sb,indent,Chrono.niceUTCStamp(expires)); indent-=2; diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Approvals.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Approvals.java index f307ddf1..57def168 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Approvals.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Approvals.java @@ -40,6 +40,7 @@ import org.onap.aaf.auth.batch.helpers.BatchDataView; import org.onap.aaf.auth.batch.helpers.NS; import org.onap.aaf.auth.batch.helpers.Role; import org.onap.aaf.auth.batch.helpers.UserRole; +import org.onap.aaf.auth.batch.reports.Analyze; import org.onap.aaf.auth.dao.cass.UserRoleDAO; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.layer.Result; @@ -87,7 +88,7 @@ public class Approvals extends Batch { } } } else { - f = new File(logDir(), "Approvals"+Chrono.dateOnlyStamp()+".csv"); + f = new File(logDir(), Analyze.NEED_APPROVALS+Chrono.dateOnlyStamp()+".csv"); if(f.exists()) { csvList.add(new CSV(env.access(),f).processAll()); } else { @@ -109,10 +110,10 @@ public class Approvals extends Batch { Pending p = Pending.create(); Holder<Integer> count = new Holder<>(0); - for(CSV approveCSV : csvList) { - TimeTaken tt = trans.start("Processing %s's UserRoles",Trans.SUB,approveCSV.name()); + for(CSV neeedApproveCSV : csvList) { + TimeTaken tt = trans.start("Processing %s's UserRoles",Trans.SUB,neeedApproveCSV.name()); try { - approveCSV.visit(row -> { + neeedApproveCSV.visit(row -> { switch(row.get(0)) { case UserRole.APPROVE_UR: UserRoleDAO.Data urdd = UserRole.row(row); @@ -151,7 +152,7 @@ public class Approvals extends Batch { } trans.info().printf("Processed %d UserRoles", count.get()); - tt = trans.start("Processing %s's UserRoles",Trans.SUB,approveCSV.name()); + tt = trans.start("Writing Approvals to %s",Trans.SUB,neeedApproveCSV.name()); int cnt = 0; try { for(Entry<String, Pending> es : mpending.entrySet()) { diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/Display.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/Display.java index c25d6641..de1a8461 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/Display.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/Display.java @@ -26,10 +26,12 @@ import java.util.Enumeration; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.onap.aaf.auth.common.Define; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.rserv.HttpCode; import org.onap.aaf.auth.rserv.HttpMethods; import org.onap.aaf.misc.env.Slot; +import org.onap.aaf.misc.xgen.html.HTMLGen; public class Display { private final Page get; @@ -98,7 +100,9 @@ public class Display { for (int i=0; i<slots.length;++i) { int idx = fields[i].indexOf("[]"); if (idx<0) { // single value - trans.put(slots[i], req.getParameter(fields[i])); + if(asUser(trans, req,fields[i])) { + trans.put(slots[i], req.getParameter(fields[i])); + } } else { // multi value String[] array = new String[30]; String field=fields[i].substring(0, idx); @@ -125,7 +129,17 @@ public class Display { page.replay(context,trans,resp.getOutputStream(),"general"); } - @Override + /** + * When the field is "as_user", make sure permission is granted + */ + private boolean asUser(AuthzTrans trans, HttpServletRequest req, String field) { + if("as_user".equals(field)) { + return req.isUserInRole(Define.ROOT_NS()+"|access|*|*"); + } + return true; + } + + @Override public boolean no_cache() { return no_cache; } diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/ApprovalForm.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/ApprovalForm.java index 0c984e4d..e047a22a 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/ApprovalForm.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/ApprovalForm.java @@ -66,7 +66,7 @@ public class ApprovalForm extends Page { // Package on purpose static final String NAME="Approvals"; static final String HREF = "/gui/approve"; - static final String[] FIELDS = new String[] {"line[]","user","delegate_of"}; + static final String[] FIELDS = new String[] {"line[]","user","delegate_of","as_user"}; public ApprovalForm(final AAF_GUI gui, final Page ... breadcrumbs) throws APIException, IOException { @@ -121,10 +121,12 @@ public class ApprovalForm extends Page { private static final String[] headers = new String[] {"Identity","Request","Approve","Deny"}; private Slot sUser; private Slot sAsDelegate; + private Slot sAsUser; public Model(AuthzEnv env) { sUser = env.slot(NAME+".user"); sAsDelegate = env.slot(NAME+".delegate_of"); + sAsUser = env.slot(NAME + ".as_user"); } @Override @@ -135,7 +137,15 @@ public class ApprovalForm extends Page { @Override public Cells get(final AuthzTrans trans, final AAF_GUI gui) { final String userParam = trans.get(sUser, null); - final String asDelegate = trans.get(sAsDelegate, trans.user()); + + final String asDelegate = trans.get(sAsDelegate, null); + final String approver; + if(asDelegate==null) { + approver = trans.get(sAsUser,trans.user()); + } else { + approver = asDelegate; + } + ArrayList<AbsCell[]> rv = new ArrayList<>(); String msg = null; TimeTaken tt = trans.start("AAF Get Approvals for Approver",Env.REMOTE); @@ -145,7 +155,7 @@ public class ApprovalForm extends Page { int numLeft = gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Integer>() { @Override public Integer code(Rcli<?> client) throws CadiException, ConnectException, APIException { - Future<Approvals> fa = client.read("/authz/approval/approver/"+asDelegate,gui.getDF(Approvals.class)); + Future<Approvals> fa = client.read("/authz/approval/approver/"+approver,gui.getDF(Approvals.class)); int numLeft = 0; if (fa.get(AAF_GUI.TIMEOUT)) { @@ -266,7 +276,6 @@ public class ApprovalForm extends Page { userCell = new TextToolTipCell(user,title); } } - prevUser=user; // userCell = new RefCell(prevUser, // TODO_ILM_INFO+user.substring(0, user.length()-domainOfApprover.length()), // true, @@ -275,6 +284,7 @@ public class ApprovalForm extends Page { } else { userCell = new TextCell(prevUser==null?user:prevUser); } + prevUser=user; AbsCell[] sa = new AbsCell[] { userCell, new TextCell(appr.getMemo()), diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PendingRequestsShow.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PendingRequestsShow.java index 22c3fd4d..41711db2 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PendingRequestsShow.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/PendingRequestsShow.java @@ -30,6 +30,7 @@ import java.util.Comparator; import java.util.List; import java.util.UUID; +import org.onap.aaf.auth.env.AuthzEnv; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.gui.AAF_GUI; import org.onap.aaf.auth.gui.BreadCrumbs; @@ -47,6 +48,7 @@ import org.onap.aaf.cadi.client.Rcli; import org.onap.aaf.cadi.client.Retryable; import org.onap.aaf.misc.env.APIException; import org.onap.aaf.misc.env.Env; +import org.onap.aaf.misc.env.Slot; import org.onap.aaf.misc.env.TimeTaken; import org.onap.aaf.misc.xgen.Cache; import org.onap.aaf.misc.xgen.DynamicCode; @@ -59,48 +61,65 @@ public class PendingRequestsShow extends Page { public static final String HREF = "/gui/myrequests"; public static final String NAME = "MyRequests"; static final String WEBPHONE = "http://webphone.att.com/cgi-bin/webphones.pl?id="; + static final String[] FIELDS = new String[] {"as_user"}; // as_user Checked in Display + private static final String AS_USER=NAME+".as_user"; public PendingRequestsShow(final AAF_GUI gui, final Page ... breadcrumbs) throws APIException, IOException { - super(gui.env, NAME,HREF, NO_FIELDS, + super(gui.env, NAME,HREF, FIELDS, new BreadCrumbs(breadcrumbs), - new NamedCode(true,"expedite") { - @Override - public void code(final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException { - cache.dynamic(hgen, new DynamicCode<HTMLGen, AAF_GUI, AuthzTrans>() { - @Override - public void code(final AAF_GUI gui, final AuthzTrans trans, final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException { - hgen - .leaf("p", "class=expedite_request").text("These are your submitted Requests that are awaiting Approval. ") - .br() - .text("To Expedite a Request: ") - .leaf("a","href=#expedite_directions","onclick=divVisibility('expedite_directions');") - .text("Click Here").end() - .divID("expedite_directions", "style=display:none"); - hgen - .incr(HTMLGen.OL) - .incr(HTMLGen.LI) - .leaf("a","href="+ApprovalForm.HREF+"?user="+trans.user(), "id=userApprove") - .text("Copy This Link") - .end() - .end() - .incr(HTMLGen.LI) - .text("Send it to the Approver Listed") - .end() - .end() - .text("NOTE: Using this link, the Approver will only see your requests. You only need to send this link once!") - .end() - .end(); - } - }); - } - }, - new Table<AAF_GUI,AuthzTrans>("Pending Requests",gui.env.newTransNoAvg(),new Model(), "class=std") + new TopOfPage(gui.env,true, "expedite"), + new Table<AAF_GUI,AuthzTrans>("Pending Requests",gui.env.newTransNoAvg(),new Model(gui.env), "class=std") ); - - } - /** + private static final class TopOfPage extends NamedCode { + private Slot sAsUser; + + private TopOfPage(AuthzEnv env, boolean no_cache, String name) { + super(no_cache, name); + sAsUser = env.slot(AS_USER); + } + + @Override + public void code(final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException { + cache.dynamic(hgen, new DynamicCode<HTMLGen, AAF_GUI, AuthzTrans>() { + @Override + public void code(final AAF_GUI gui, final AuthzTrans trans, final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException { + String user = trans.get(sAsUser,null); + if(user==null) { + user=trans.user(); + } else { + hgen.incr(HTMLGen.H3,"class=center").text("Displaying for " + user).end(); + } + + hgen + .leaf(HTMLGen.P, "class=expedite_request").text("These are your submitted Requests that are awaiting Approval. ") + .br() + .text("To Expedite a Request: ") + .leaf("a","href=#expedite_directions","onclick=divVisibility('expedite_directions');") + .text("Click Here").end() + .divID("expedite_directions", "style=display:none"); + + hgen + .incr(HTMLGen.OL) + .incr(HTMLGen.LI) + .leaf("a","href="+ApprovalForm.HREF+"?user="+user, "id=userApprove") + .text("Copy This Link") + .end() + .end() + .incr(HTMLGen.LI) + .text("Send it to the Approver Listed") + .end() + .end() + .text("NOTE: Using this link, the Approver will only see your requests. You only need to send this link once!") + .end() + .end(); + } + }); + } + } + + /** * Implement the Table Content for Requests by User * * @author Jeremiah @@ -108,8 +127,13 @@ public class PendingRequestsShow extends Page { */ private static class Model extends TableData<AAF_GUI,AuthzTrans> { final long NUM_100NS_INTERVALS_SINCE_UUID_EPOCH = 0x01b21dd213814000L; + private final Slot sAsUser; private static final String[] headers = new String[] {"Request Date","Status","Memo","Approver"}; + public Model(AuthzEnv env) { + sAsUser = env.slot(AS_USER); + } + @Override public String[] headers() { return headers; @@ -122,9 +146,11 @@ public class PendingRequestsShow extends Page { gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() { @Override public Void code(Rcli<?> client)throws CadiException, ConnectException, APIException { + final String user = trans.get(sAsUser,trans.user()); + TimeTaken tt = trans.start("AAF Get Approvals by User",Env.REMOTE); try { - Future<Approvals> fa = client.read("/authz/approval/user/"+trans.user(),gui.getDF(Approvals.class)); + Future<Approvals> fa = client.read("/authz/approval/user/"+user,gui.getDF(Approvals.class)); if (fa.get(5000)) { tt.done(); tt = trans.start("Load Data", Env.SUB); @@ -142,7 +168,7 @@ public class PendingRequestsShow extends Page { String prevTicket = null; for (Approval a : approvals) { String approver = a.getApprover(); - String approverShort = approver.substring(0,approver.indexOf('@')); +// String approverShort = approver.substring(0,approver.indexOf('@')); AbsCell tsCell = null; String ticket = a.getTicket(); diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RequestDetail.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RequestDetail.java index 090b6e3c..8628d4be 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RequestDetail.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RequestDetail.java @@ -28,6 +28,9 @@ import java.text.SimpleDateFormat; import java.util.ArrayList; import java.util.UUID; +import javax.servlet.http.HttpServletRequest; + +import org.onap.aaf.auth.common.Define; import org.onap.aaf.auth.env.AuthzEnv; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.gui.AAF_GUI; @@ -94,9 +97,18 @@ public class RequestDetail extends Page { ); if (fa.get(AAF_GUI.TIMEOUT)) { - if (!trans.user().equals(fa.value.getApprovals().get(0).getUser())) { - return Cells.EMPTY; - } + Approval app = fa.value.getApprovals().get(0); + if(app==null) { + return Cells.EMPTY; + } else { + if (!(trans.user().equals(app.getUser()) || + trans.user().equals(app.getApprover()))) { + HttpServletRequest req = trans.get(gui.slot_httpServletRequest,null); + if(req==null || !req.isUserInRole(Define.ROOT_NS()+"|access|*|*")) { + return Cells.EMPTY; + } + } + } tt.done(); tt = trans.start("Load Data", Env.SUB); boolean first = true; |