summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRodrigo Lima <rodrigo.lima@yoppworks.com>2020-11-05 14:46:40 -0500
committerRodrigo Lima <rodrigo.lima@yoppworks.com>2020-11-10 15:30:57 -0500
commit75b74e19f558ace625716118286fd38f7ad3f26a (patch)
tree6f47a6f527eb6c49abd83ad5047c205a220b76e8
parented7480f9107e1583e3f7628a339604bacfd9aca9 (diff)
Filter get all pnf by owning entity if multi tenancy is enabled
Issue-ID: AAI-3214 Signed-off-by: Rodrigo Lima <rodrigo.lima@yoppworks.com> Change-Id: I97e62e12f06938294d9969d21b4dcacae9d01d78
-rw-r--r--aai-core/src/main/java/org/onap/aai/introspection/sideeffect/OwnerCheck.java24
-rw-r--r--aai-core/src/main/java/org/onap/aai/rest/db/HttpEntry.java15
2 files changed, 28 insertions, 11 deletions
diff --git a/aai-core/src/main/java/org/onap/aai/introspection/sideeffect/OwnerCheck.java b/aai-core/src/main/java/org/onap/aai/introspection/sideeffect/OwnerCheck.java
index 061c6409..4ece3771 100644
--- a/aai-core/src/main/java/org/onap/aai/introspection/sideeffect/OwnerCheck.java
+++ b/aai-core/src/main/java/org/onap/aai/introspection/sideeffect/OwnerCheck.java
@@ -45,9 +45,19 @@ public class OwnerCheck extends SideEffect {
@Override
protected void processURI(Optional<String> completeUri, Entry<String, String> entry)
throws AAIException {
- if (serializer.getGroups() != null && !serializer.getGroups().isEmpty()) {
- List<Vertex> owningEntity = self.graph().traversal()
- .V(self)
+ if (!isAuthorized(serializer.getGroups(), self)) {
+
+ throw new AAIException("AAI_3304",
+ "Group(s) :" + serializer.getGroups() + " not authorized to perform function");
+
+ } //else skip processing because no required properties were specified
+
+ }
+
+ public static boolean isAuthorized(java.util.Set<String> groups, Vertex vertex) {
+ if (groups != null && !groups.isEmpty()) {
+ List<Vertex> owningEntity = vertex.graph().traversal()
+ .V(vertex)
.bothE("org.onap.relationships.inventory.BelongsTo")
.otherV()
.has("aai-node-type", "owning-entity")
@@ -56,13 +66,11 @@ public class OwnerCheck extends SideEffect {
if(!owningEntity.isEmpty()) {
VertexProperty owningEntityName = owningEntity.get(0).property("owning-entity-name");
- if(!serializer.getGroups().contains(owningEntityName.orElseGet(null))) {
- throw new AAIException("AAI_3304",
- "Group(s) :" + serializer.getGroups() + " not authorized to perform function");
- }
+ return groups.contains(owningEntityName.orElseGet(null));
}
- } //else skip processing because no required properties were specified
+ }
+ return true;
}
@Override
diff --git a/aai-core/src/main/java/org/onap/aai/rest/db/HttpEntry.java b/aai-core/src/main/java/org/onap/aai/rest/db/HttpEntry.java
index aa4fb8c8..7f3340b2 100644
--- a/aai-core/src/main/java/org/onap/aai/rest/db/HttpEntry.java
+++ b/aai-core/src/main/java/org/onap/aai/rest/db/HttpEntry.java
@@ -20,6 +20,7 @@
package org.onap.aai.rest.db;
+import org.onap.aai.introspection.sideeffect.OwnerCheck;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.fasterxml.jackson.databind.JsonNode;
@@ -400,16 +401,24 @@ public class HttpEntry {
transactionId = request.getTransactionId();
uriTemp = request.getUri().getRawPath().replaceFirst("^v\\d+/", "");
uri = UriBuilder.fromPath(uriTemp).build();
- List<Vertex> vertTemp;
+
+ boolean groupsAvailable = serializer.getGroups() != null && !serializer.getGroups().isEmpty();
+ List<Vertex> queryResult = query.getQueryBuilder().toList();
List<Vertex> vertices;
if (this.isPaginated()) {
- vertTemp = query.getQueryBuilder().toList();
+ List<Vertex> vertTemp = groupsAvailable ? queryResult.stream().filter((vx) -> {
+ return OwnerCheck.isAuthorized(groups, vx);
+ }).collect(Collectors.toList()) : queryResult;
this.setTotalsForPaging(vertTemp.size(), this.paginationBucket);
vertices = vertTemp.subList(((this.paginationIndex - 1) * this.paginationBucket),
Math.min((this.paginationBucket * this.paginationIndex), vertTemp.size()));
} else {
- vertices = query.getQueryBuilder().toList();
+ vertices = groupsAvailable && queryResult.size() > 1 ? queryResult.stream().filter((vx) -> {
+ return OwnerCheck.isAuthorized(groups, vx);
+ }).collect(Collectors.toList()) : queryResult;
+
}
+
boolean isNewVertex;
HttpHeaders headers = request.getHeaders();
outputMediaType = getMediaType(headers.getAcceptableMediaTypes());