From 75b74e19f558ace625716118286fd38f7ad3f26a Mon Sep 17 00:00:00 2001 From: Rodrigo Lima Date: Thu, 5 Nov 2020 14:46:40 -0500 Subject: Filter get all pnf by owning entity if multi tenancy is enabled Issue-ID: AAI-3214 Signed-off-by: Rodrigo Lima Change-Id: I97e62e12f06938294d9969d21b4dcacae9d01d78 --- .../aai/introspection/sideeffect/OwnerCheck.java | 24 ++++++++++++++-------- .../main/java/org/onap/aai/rest/db/HttpEntry.java | 15 +++++++++++--- 2 files changed, 28 insertions(+), 11 deletions(-) (limited to 'aai-core') diff --git a/aai-core/src/main/java/org/onap/aai/introspection/sideeffect/OwnerCheck.java b/aai-core/src/main/java/org/onap/aai/introspection/sideeffect/OwnerCheck.java index 061c6409..4ece3771 100644 --- a/aai-core/src/main/java/org/onap/aai/introspection/sideeffect/OwnerCheck.java +++ b/aai-core/src/main/java/org/onap/aai/introspection/sideeffect/OwnerCheck.java @@ -45,9 +45,19 @@ public class OwnerCheck extends SideEffect { @Override protected void processURI(Optional completeUri, Entry entry) throws AAIException { - if (serializer.getGroups() != null && !serializer.getGroups().isEmpty()) { - List owningEntity = self.graph().traversal() - .V(self) + if (!isAuthorized(serializer.getGroups(), self)) { + + throw new AAIException("AAI_3304", + "Group(s) :" + serializer.getGroups() + " not authorized to perform function"); + + } //else skip processing because no required properties were specified + + } + + public static boolean isAuthorized(java.util.Set groups, Vertex vertex) { + if (groups != null && !groups.isEmpty()) { + List owningEntity = vertex.graph().traversal() + .V(vertex) .bothE("org.onap.relationships.inventory.BelongsTo") .otherV() .has("aai-node-type", "owning-entity") @@ -56,13 +66,11 @@ public class OwnerCheck extends SideEffect { if(!owningEntity.isEmpty()) { VertexProperty owningEntityName = owningEntity.get(0).property("owning-entity-name"); - if(!serializer.getGroups().contains(owningEntityName.orElseGet(null))) { - throw new AAIException("AAI_3304", - "Group(s) :" + serializer.getGroups() + " not authorized to perform function"); - } + return groups.contains(owningEntityName.orElseGet(null)); } - } //else skip processing because no required properties were specified + } + return true; } @Override diff --git a/aai-core/src/main/java/org/onap/aai/rest/db/HttpEntry.java b/aai-core/src/main/java/org/onap/aai/rest/db/HttpEntry.java index aa4fb8c8..7f3340b2 100644 --- a/aai-core/src/main/java/org/onap/aai/rest/db/HttpEntry.java +++ b/aai-core/src/main/java/org/onap/aai/rest/db/HttpEntry.java @@ -20,6 +20,7 @@ package org.onap.aai.rest.db; +import org.onap.aai.introspection.sideeffect.OwnerCheck; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import com.fasterxml.jackson.databind.JsonNode; @@ -400,16 +401,24 @@ public class HttpEntry { transactionId = request.getTransactionId(); uriTemp = request.getUri().getRawPath().replaceFirst("^v\\d+/", ""); uri = UriBuilder.fromPath(uriTemp).build(); - List vertTemp; + + boolean groupsAvailable = serializer.getGroups() != null && !serializer.getGroups().isEmpty(); + List queryResult = query.getQueryBuilder().toList(); List vertices; if (this.isPaginated()) { - vertTemp = query.getQueryBuilder().toList(); + List vertTemp = groupsAvailable ? queryResult.stream().filter((vx) -> { + return OwnerCheck.isAuthorized(groups, vx); + }).collect(Collectors.toList()) : queryResult; this.setTotalsForPaging(vertTemp.size(), this.paginationBucket); vertices = vertTemp.subList(((this.paginationIndex - 1) * this.paginationBucket), Math.min((this.paginationBucket * this.paginationIndex), vertTemp.size())); } else { - vertices = query.getQueryBuilder().toList(); + vertices = groupsAvailable && queryResult.size() > 1 ? queryResult.stream().filter((vx) -> { + return OwnerCheck.isAuthorized(groups, vx); + }).collect(Collectors.toList()) : queryResult; + } + boolean isNewVertex; HttpHeaders headers = request.getHeaders(); outputMediaType = getMediaType(headers.getAcceptableMediaTypes()); -- cgit 1.2.3-korg