From ba989d05eca8d2a98c51ed9d38c4c3345db23349 Mon Sep 17 00:00:00 2001
From: Instrumental <jonathan.gathman@att.com>
Date: Wed, 26 Jun 2019 07:05:51 -0500
Subject: Changes from Onsite Tests

Issue-ID: AAF-857
Change-Id: I3fbed32ff5b2bb8f05f4f932c8dc2f4012c8b429
Signed-off-by: Instrumental <jonathan.gathman@att.com>
---
 .../java/org/onap/aaf/auth/dao/cass/RoleDAO.java   | 35 ++++++++++++------
 .../java/org/onap/aaf/auth/dao/hl/Question.java    | 43 ++++++++++++++--------
 2 files changed, 51 insertions(+), 27 deletions(-)

(limited to 'auth/auth-cass')

diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/RoleDAO.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/RoleDAO.java
index e31e1e6a..a5fa7a77 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/RoleDAO.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cass/RoleDAO.java
@@ -110,6 +110,7 @@ public class RoleDAO extends CassDAOImpl<AuthzTrans,RoleDAO.Data> {
         	if(ns==null) {
         		sb.append('.');
         	} else {
+        		sb.append(ns);
             	sb.append(ns.indexOf('@')<0?'.':':'); 
         	}
         	sb.append(name);
@@ -129,19 +130,29 @@ public class RoleDAO extends CassDAOImpl<AuthzTrans,RoleDAO.Data> {
          * @return
          */
         public static Result<Data> decode(AuthzTrans trans, Question q, String r) {
-            String[] ss = Split.splitTrim('|', r,2);
             Data data = new Data();
-            if (ss[1]==null) { // older 1 part encoding must be evaluated for NS
-                Result<NsSplit> nss = q.deriveNsSplit(trans, ss[0]);
-                if (nss.notOK()) {
-                    return Result.err(nss);
-                }
-                data.ns=nss.value.ns;
-                data.name=nss.value.name;
-            } else { // new 4 part encoding
-                data.ns=ss[0];
-                data.name=ss[1];
-            }
+        	if(r.indexOf('@')>=0) {
+        		int colon = r.indexOf(':');
+        		if(colon<0) {
+        			return Result.err(Result.ERR_BadData, "%s is not a valid Role",r);
+        		} else {
+        			data.ns=r.substring(0, colon);
+        			data.name=r.substring(++colon);
+        		}
+        	} else {
+	            String[] ss = Split.splitTrim('|', r,2);
+	            if (ss[1]==null) { // older 1 part encoding must be evaluated for NS
+	                Result<NsSplit> nss = q.deriveNsSplit(trans, ss[0]);
+	                if (nss.notOK()) {
+	                    return Result.err(nss);
+	                }
+	                data.ns=nss.value.ns;
+	                data.name=nss.value.name;
+	            } else { // new 4 part encoding
+	                data.ns=ss[0];
+	                data.name=ss[1];
+	            }
+        	}
             return Result.ok(data);
         }
 
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
index d40c2ea0..ae6f371b 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
@@ -325,13 +325,22 @@ public class Question {
         return permDAO.readByType(trans, nss.value.ns, nss.value.name);
     }
 
-    public Result<List<PermDAO.Data>> getPermsByName(AuthzTrans trans,
-            String type, String instance, String action) {
-        Result<NsSplit> nss = deriveNsSplit(trans, type);
-        if (nss.notOK()) {
-            return Result.err(nss);
-        }
-        return permDAO.read(trans, nss.value.ns, nss.value.name, instance,action);
+    public Result<List<PermDAO.Data>> getPermsByName(AuthzTrans trans, String type, String instance, String action) {
+    	if(type.indexOf('@') >= 0) {
+    		int colon = type.indexOf(':');
+    		if(colon>=0) {
+    			return permDAO.read(trans, type.substring(0, colon),type.substring(colon+1), instance,action);
+    		} else {
+    			return Result.err(Result.ERR_BadData, "%s is malformed",type);
+    		}
+    	} else {
+	        Result<NsSplit> nss = deriveNsSplit(trans, type);
+	        if (nss.notOK()) {
+	            return Result.err(nss);
+	        }
+	        
+	        return permDAO.read(trans, nss.value.ns, nss.value.name, instance,action);
+    	}
     }
 
     public Result<List<PermDAO.Data>> getPermsByRole(AuthzTrans trans, String role, boolean lookup) {
@@ -377,8 +386,14 @@ public class Question {
         return Result.ok(perms);
     }
 
-    public Result<List<RoleDAO.Data>> getRolesByName(AuthzTrans trans,
-            String role) {
+    public Result<List<RoleDAO.Data>> getRolesByName(AuthzTrans trans, String role) {
+    	if(role.startsWith(trans.user()) ) {
+    		if(role.endsWith(":user")) {
+    			return roleDAO.read(trans,trans.user(), "user");
+    		} else {
+    			return Result.err(Result.ERR_BadData,"%s is a badly formatted role",role);
+    		}
+    	}
         Result<NsSplit> nss = deriveNsSplit(trans, role);
         if (nss.notOK()) {
             return Result.err(nss);
@@ -415,12 +430,7 @@ public class Question {
         if (r.isOKhasData()) {
             return Result.ok(r.value.get(0));
         } else {
-            int dot;
-            if (child==null) {
-                return Result.err(Status.ERR_NsNotFound, "No Namespace");
-            } else {
-                dot = child.lastIndexOf('.');
-            }
+            int dot = child.lastIndexOf('.');
             if (dot < 0) {
                 return Result.err(Status.ERR_NsNotFound, "No Namespace for [%s]", child);
             } else {
@@ -561,6 +571,9 @@ public class Question {
     }
 
     public Result<NsDAO.Data> mayUser(AuthzTrans trans, String user, RoleDAO.Data rdd, Access access) {
+    	if(trans.user().equals(rdd.ns)) {
+    		return Result.ok((NsDAO.Data)null);
+    	}
         Result<NsDAO.Data> rnsd = deriveNs(trans, rdd.ns);
         if (rnsd.isOK()) {
             return mayUser(trans, user, rnsd.value, rdd, access);
-- 
cgit 1.2.3-korg