From d131f7ed38fd65d7f04b7d71368ba03e9000665c Mon Sep 17 00:00:00 2001
From: Instrumental <jonathan.gathman@att.com>
Date: Wed, 27 Nov 2019 15:57:10 -0600
Subject: Fixes from Regression Tests

Issue-ID: AAF-1058
Change-Id: I7d3ace9cef69a163c2ec0c9a48583fdfa9ca20af
Signed-off-by: Instrumental <jonathan.gathman@att.com>
---
 .../src/main/java/org/onap/aaf/auth/dao/hl/Question.java     | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

(limited to 'auth/auth-cass/src')

diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
index 1809686a..39578f83 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
@@ -786,11 +786,17 @@ public class Question {
                     return Result.err(Status.ERR_BadData,
                             "[%s] cannot be a delegate for self", dd.user);
                 }
-                if (!isUser    && !isGranted(trans, trans.user(), ROOT_NS,DELG,
-                                org.getDomain(), Question.CREATE)) {
-                    return Result.err(Status.ERR_Denied,
+                if (!isUser) {
+                	String supportedDomain = org.supportedDomain(dd.user);
+                	if(supportedDomain==null) {
+                        return Result.err(Status.ERR_Denied,
+                                "[%s] may not create a delegate for the domain for [%s]",
+                                trans.user(), dd.user);
+                	} else if(!isGranted(trans, trans.user(), ROOT_NS,DELG,supportedDomain,Question.CREATE)) {
+                		return Result.err(Status.ERR_Denied,
                             "[%s] may not create a delegate for [%s]",
                             trans.user(), dd.user);
+                	}
                 }
                 break;
             case read:
-- 
cgit 1.2.3-korg