diff options
author | Rodrigo Lima <rodrigo.lima@yoppworks.com> | 2020-11-05 14:46:40 -0500 |
---|---|---|
committer | Rodrigo Lima <rodrigo.lima@yoppworks.com> | 2020-11-10 15:30:57 -0500 |
commit | 75b74e19f558ace625716118286fd38f7ad3f26a (patch) | |
tree | 6f47a6f527eb6c49abd83ad5047c205a220b76e8 | |
parent | ed7480f9107e1583e3f7628a339604bacfd9aca9 (diff) |
Filter get all pnf by owning entity if multi tenancy is enabled
Issue-ID: AAI-3214
Signed-off-by: Rodrigo Lima <rodrigo.lima@yoppworks.com>
Change-Id: I97e62e12f06938294d9969d21b4dcacae9d01d78
-rw-r--r-- | aai-core/src/main/java/org/onap/aai/introspection/sideeffect/OwnerCheck.java | 24 | ||||
-rw-r--r-- | aai-core/src/main/java/org/onap/aai/rest/db/HttpEntry.java | 15 |
2 files changed, 28 insertions, 11 deletions
diff --git a/aai-core/src/main/java/org/onap/aai/introspection/sideeffect/OwnerCheck.java b/aai-core/src/main/java/org/onap/aai/introspection/sideeffect/OwnerCheck.java index 061c6409..4ece3771 100644 --- a/aai-core/src/main/java/org/onap/aai/introspection/sideeffect/OwnerCheck.java +++ b/aai-core/src/main/java/org/onap/aai/introspection/sideeffect/OwnerCheck.java @@ -45,9 +45,19 @@ public class OwnerCheck extends SideEffect { @Override protected void processURI(Optional<String> completeUri, Entry<String, String> entry) throws AAIException { - if (serializer.getGroups() != null && !serializer.getGroups().isEmpty()) { - List<Vertex> owningEntity = self.graph().traversal() - .V(self) + if (!isAuthorized(serializer.getGroups(), self)) { + + throw new AAIException("AAI_3304", + "Group(s) :" + serializer.getGroups() + " not authorized to perform function"); + + } //else skip processing because no required properties were specified + + } + + public static boolean isAuthorized(java.util.Set<String> groups, Vertex vertex) { + if (groups != null && !groups.isEmpty()) { + List<Vertex> owningEntity = vertex.graph().traversal() + .V(vertex) .bothE("org.onap.relationships.inventory.BelongsTo") .otherV() .has("aai-node-type", "owning-entity") @@ -56,13 +66,11 @@ public class OwnerCheck extends SideEffect { if(!owningEntity.isEmpty()) { VertexProperty owningEntityName = owningEntity.get(0).property("owning-entity-name"); - if(!serializer.getGroups().contains(owningEntityName.orElseGet(null))) { - throw new AAIException("AAI_3304", - "Group(s) :" + serializer.getGroups() + " not authorized to perform function"); - } + return groups.contains(owningEntityName.orElseGet(null)); } - } //else skip processing because no required properties were specified + } + return true; } @Override diff --git a/aai-core/src/main/java/org/onap/aai/rest/db/HttpEntry.java b/aai-core/src/main/java/org/onap/aai/rest/db/HttpEntry.java index aa4fb8c8..7f3340b2 100644 --- a/aai-core/src/main/java/org/onap/aai/rest/db/HttpEntry.java +++ b/aai-core/src/main/java/org/onap/aai/rest/db/HttpEntry.java @@ -20,6 +20,7 @@ package org.onap.aai.rest.db; +import org.onap.aai.introspection.sideeffect.OwnerCheck; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import com.fasterxml.jackson.databind.JsonNode; @@ -400,16 +401,24 @@ public class HttpEntry { transactionId = request.getTransactionId(); uriTemp = request.getUri().getRawPath().replaceFirst("^v\\d+/", ""); uri = UriBuilder.fromPath(uriTemp).build(); - List<Vertex> vertTemp; + + boolean groupsAvailable = serializer.getGroups() != null && !serializer.getGroups().isEmpty(); + List<Vertex> queryResult = query.getQueryBuilder().toList(); List<Vertex> vertices; if (this.isPaginated()) { - vertTemp = query.getQueryBuilder().toList(); + List<Vertex> vertTemp = groupsAvailable ? queryResult.stream().filter((vx) -> { + return OwnerCheck.isAuthorized(groups, vx); + }).collect(Collectors.toList()) : queryResult; this.setTotalsForPaging(vertTemp.size(), this.paginationBucket); vertices = vertTemp.subList(((this.paginationIndex - 1) * this.paginationBucket), Math.min((this.paginationBucket * this.paginationIndex), vertTemp.size())); } else { - vertices = query.getQueryBuilder().toList(); + vertices = groupsAvailable && queryResult.size() > 1 ? queryResult.stream().filter((vx) -> { + return OwnerCheck.isAuthorized(groups, vx); + }).collect(Collectors.toList()) : queryResult; + } + boolean isNewVertex; HttpHeaders headers = request.getHeaders(); outputMediaType = getMediaType(headers.getAcceptableMediaTypes()); |