From f4993218ce5204a3e8b4527e40f71d5fdc5d1de9 Mon Sep 17 00:00:00 2001 From: Einat Vinouze Date: Tue, 28 Jan 2020 17:29:10 +0200 Subject: RoleValidatorByOwningEntity permits by PermissionPropertiesOwningEntity PermissionPropertiesOwningEntity is sharing a parent interface with PermissionPropertiesServiceType: WithPermissionProperties. Issue-ID: VID-758 Change-Id: I90c04cb8d4331d68329f3a12329244f09c6bc184 Signed-off-by: Einat Vinouze Signed-off-by: Ittay Stern --- .../org/onap/vid/controller/AaiController2.java | 4 +- .../controller/AsyncInstantiationController.java | 8 +++- .../vid/model/ServiceInstanceSearchResult.java | 4 +- .../org/onap/vid/roles/PermissionProperties.kt | 29 ++++++++++--- .../src/main/java/org/onap/vid/roles/Role.java | 27 +++++------- .../main/java/org/onap/vid/roles/RoleProvider.java | 15 +++---- .../java/org/onap/vid/roles/RoleValidator.java | 5 --- .../vid/roles/RoleValidatorByOwningEntity.java | 26 ++++++++++-- .../RoleValidatorBySubscriberAndServiceType.java | 16 ++++++-- .../org/onap/vid/roles/RoleValidatorFactory.java | 5 +-- .../java/org/onap/vid/services/AaiServiceImpl.java | 6 +-- .../onap/vid/controller/LoggerControllerTest.java | 8 ++-- .../vid/controller/ServicePermissionsTest.java | 4 +- .../vid/roles/AlwaysValidRoleValidatorTest.java | 3 +- .../java/org/onap/vid/roles/RoleProviderTest.java | 17 +++++--- .../vid/roles/RoleValidatorByOwningEntityTest.java | 48 +++++++++++++++++----- ...oleValidatorBySubscriberAndServiceTypeTest.java | 32 +++++++++------ .../onap/vid/roles/RoleValidatorsComposerTest.java | 2 +- 18 files changed, 169 insertions(+), 90 deletions(-) diff --git a/vid-app-common/src/main/java/org/onap/vid/controller/AaiController2.java b/vid-app-common/src/main/java/org/onap/vid/controller/AaiController2.java index dcbd9b9e4..2d7a9253e 100644 --- a/vid-app-common/src/main/java/org/onap/vid/controller/AaiController2.java +++ b/vid-app-common/src/main/java/org/onap/vid/controller/AaiController2.java @@ -33,7 +33,7 @@ import org.onap.vid.model.aaiTree.Network; import org.onap.vid.model.aaiTree.RelatedVnf; import org.onap.vid.model.aaiTree.VpnBinding; import org.onap.vid.properties.Features; -import org.onap.vid.roles.PermissionProperties; +import org.onap.vid.roles.PermissionPropertiesSubscriberAndServiceType; import org.onap.vid.roles.RoleProvider; import org.onap.vid.services.AaiService; import org.springframework.beans.factory.annotation.Autowired; @@ -95,7 +95,7 @@ public class AaiController2 extends VidRestrictedBaseController { final boolean isEditPermitted = roleProvider .getUserRolesValidator(request) - .isServicePermitted(new PermissionProperties(subscriberId, serviceType)); + .isServicePermitted(new PermissionPropertiesSubscriberAndServiceType(subscriberId, serviceType)); return new Permissions(isEditPermitted); } diff --git a/vid-app-common/src/main/java/org/onap/vid/controller/AsyncInstantiationController.java b/vid-app-common/src/main/java/org/onap/vid/controller/AsyncInstantiationController.java index 4b03ea4d9..ce8bbb50c 100644 --- a/vid-app-common/src/main/java/org/onap/vid/controller/AsyncInstantiationController.java +++ b/vid-app-common/src/main/java/org/onap/vid/controller/AsyncInstantiationController.java @@ -33,7 +33,7 @@ import org.onap.vid.model.ServiceInfo; import org.onap.vid.model.serviceInstantiation.ServiceInstantiation; import org.onap.vid.mso.MsoResponseWrapper2; import org.onap.vid.properties.Features; -import org.onap.vid.roles.PermissionProperties; +import org.onap.vid.roles.AllPermissionProperties; import org.onap.vid.roles.RoleProvider; import org.onap.vid.roles.RoleValidator; import org.onap.vid.services.AsyncInstantiationBusinessLogic; @@ -169,7 +169,11 @@ public class AsyncInstantiationController extends VidRestrictedBaseController { private void throwExceptionIfAccessDenied(ServiceInstantiation request, HttpServletRequest httpServletRequest, String userId) { if (featureManager.isActive(Features.FLAG_1906_INSTANTIATION_API_USER_VALIDATION)) { RoleValidator roleValidator = roleProvider.getUserRolesValidator(httpServletRequest); - if (!roleValidator.isServicePermitted(new PermissionProperties(request.getGlobalSubscriberId(), request.getSubscriptionServiceType()))) { + if (!roleValidator.isServicePermitted(new AllPermissionProperties( + request.getGlobalSubscriberId(), + request.getSubscriptionServiceType(), + request.getOwningEntityId())) + ) { throw new AccessDeniedException(String.format("User %s is not allowed to make this request", userId)); } } diff --git a/vid-app-common/src/main/java/org/onap/vid/model/ServiceInstanceSearchResult.java b/vid-app-common/src/main/java/org/onap/vid/model/ServiceInstanceSearchResult.java index 01cc11d95..2665313d7 100644 --- a/vid-app-common/src/main/java/org/onap/vid/model/ServiceInstanceSearchResult.java +++ b/vid-app-common/src/main/java/org/onap/vid/model/ServiceInstanceSearchResult.java @@ -22,9 +22,9 @@ package org.onap.vid.model; import com.fasterxml.jackson.annotation.JsonProperty; import org.apache.commons.lang3.StringUtils; -import org.onap.vid.roles.WithPermissionProperties; +import org.onap.vid.roles.WithPermissionPropertiesSubscriberAndServiceType; -public class ServiceInstanceSearchResult implements WithPermissionProperties { +public class ServiceInstanceSearchResult implements WithPermissionPropertiesSubscriberAndServiceType { private final String SUBSCRIBER_ID_FRONTEND_ALIAS = "globalCustomerId"; diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/PermissionProperties.kt b/vid-app-common/src/main/java/org/onap/vid/roles/PermissionProperties.kt index f62b98aef..dbdd41326 100644 --- a/vid-app-common/src/main/java/org/onap/vid/roles/PermissionProperties.kt +++ b/vid-app-common/src/main/java/org/onap/vid/roles/PermissionProperties.kt @@ -3,15 +3,32 @@ package org.onap.vid.roles import org.onap.vid.aai.ServiceSubscription -interface WithPermissionProperties { +interface WithPermissionProperties + +interface WithPermissionPropertiesSubscriberAndServiceType: WithPermissionProperties { val subscriberId: String? val serviceType: String? } -data class PermissionProperties( - override val subscriberId: String, - override val serviceType: String -) : WithPermissionProperties { - constructor(serviceSubscription: ServiceSubscription, subscriberId: String) : this(subscriberId, serviceSubscription.serviceType) +interface WithPermissionPropertiesOwningEntity: WithPermissionProperties { + val owningEntityId: String? +} + + +data class AllPermissionProperties( + override val subscriberId: String?, + override val serviceType: String?, + override val owningEntityId: String? +): WithPermissionPropertiesOwningEntity, WithPermissionPropertiesSubscriberAndServiceType + +data class PermissionPropertiesOwningEntity( + override val owningEntityId: String? +): WithPermissionPropertiesOwningEntity + +data class PermissionPropertiesSubscriberAndServiceType( + override val subscriberId: String?, + override val serviceType: String? +) : WithPermissionPropertiesSubscriberAndServiceType { + constructor(serviceSubscription: ServiceSubscription, subscriberId: String?) : this(subscriberId, serviceSubscription.serviceType) } diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/Role.java b/vid-app-common/src/main/java/org/onap/vid/roles/Role.java index 3d94dc00a..3de894480 100644 --- a/vid-app-common/src/main/java/org/onap/vid/roles/Role.java +++ b/vid-app-common/src/main/java/org/onap/vid/roles/Role.java @@ -20,49 +20,44 @@ package org.onap.vid.roles; -/** - * Created by Oren on 7/1/17. - */ - public class Role { - private EcompRole ecompRole; + private final EcompRole ecompRole; + + private final String subscriberId; - private String subscriberId; + private final String serviceType; - private String serviceType; + private final String tenant; - private String tenant; + private final String owningEntityId; - public Role(EcompRole ecompRole, String subscriberId, String serviceType, String tenant) { + public Role(EcompRole ecompRole, String subscriberId, String serviceType, String tenant, String owningEntityId) { this.ecompRole = ecompRole; this.subscriberId = subscriberId; this.serviceType = serviceType; this.tenant = tenant; + this.owningEntityId = owningEntityId; } public EcompRole getEcompRole() { return ecompRole; } - public String getSubscriberId() { return subscriberId; } - public void setSubscriberId(String subscriberId) { - this.subscriberId = subscriberId; - } - public String getServiceType() { return serviceType; } - public String getTenant() { return tenant; } - + public String getOwningEntityId() { + return owningEntityId; + } } diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java index d9f2fdedf..c35f5f704 100644 --- a/vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java +++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java @@ -42,11 +42,6 @@ import org.onap.vid.services.AaiService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; - -/** - * Created by Oren on 7/1/17. - */ - @Component public class RoleProvider { @@ -147,11 +142,13 @@ public class RoleProvider { public Role createRoleFromStringArr(String[] roleParts, String rolePrefix) throws RoleParsingException { String globalCustomerID = replaceSubscriberNameToGlobalCustomerID(roleParts[0], rolePrefix); + String owningEntityId = translateOwningEntityNameToOwningEntityId(roleParts[0]); + try { if (roleParts.length > 2) { - return new Role(EcompRole.READ, globalCustomerID, roleParts[1], roleParts[2]); + return new Role(EcompRole.READ, globalCustomerID, roleParts[1], roleParts[2], owningEntityId); } else { - return new Role(EcompRole.READ, globalCustomerID, roleParts[1], null); + return new Role(EcompRole.READ, globalCustomerID, roleParts[1], null, owningEntityId); } } catch (ArrayIndexOutOfBoundsException e) { if (roleParts.length > 0) @@ -165,6 +162,10 @@ public class RoleProvider { } + private String translateOwningEntityNameToOwningEntityId(String owningEntityName) { + return owningEntityName; // TODO: translate to id + } + public RoleValidator getUserRolesValidator(HttpServletRequest request) { return roleValidatorFactory.by(getUserRoles(request)); } diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java index 7b7401a01..14c027392 100644 --- a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java +++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java @@ -21,13 +21,8 @@ package org.onap.vid.roles; -import java.util.List; -import org.apache.commons.lang3.StringUtils; -import org.onap.portalsdk.core.util.SystemProperties; - public interface RoleValidator { - boolean isSubscriberPermitted(String subscriberId); boolean isServicePermitted(WithPermissionProperties serviceInstanceSearchResult); diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByOwningEntity.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByOwningEntity.java index 50fc1091e..8d73dc400 100644 --- a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByOwningEntity.java +++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByOwningEntity.java @@ -21,10 +21,25 @@ package org.onap.vid.roles; +import java.util.List; +import org.apache.commons.lang3.StringUtils; + public class RoleValidatorByOwningEntity implements RoleValidator{ - public boolean isOwningEntityIdPermitted(String owningEntityId){ - return false; + private final List userRoles; + + RoleValidatorByOwningEntity(List roles) { + this.userRoles = roles; + } + + private boolean isOwningEntityIdPermitted(String owningEntityId) { + if (StringUtils.isEmpty(owningEntityId)) { + return false; + } + + return userRoles.stream().anyMatch(userRole -> + StringUtils.equals(userRole.getOwningEntityId(), owningEntityId) + ); } @Override @@ -34,7 +49,12 @@ public class RoleValidatorByOwningEntity implements RoleValidator{ @Override public boolean isServicePermitted(WithPermissionProperties permissionProperties) { - return false; + if (permissionProperties instanceof WithPermissionPropertiesOwningEntity) { + String owningEntityId = ((WithPermissionPropertiesOwningEntity) permissionProperties).getOwningEntityId(); + return isOwningEntityIdPermitted(owningEntityId); + } else { + return false; + } } @Override diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceType.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceType.java index 1e0f9f461..24a00f6e8 100644 --- a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceType.java +++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceType.java @@ -21,6 +21,7 @@ package org.onap.vid.roles; import java.util.List; +import org.apache.commons.lang3.StringUtils; public class RoleValidatorBySubscriberAndServiceType implements RoleValidator { @@ -42,14 +43,21 @@ public class RoleValidatorBySubscriberAndServiceType implements RoleValidator { @Override public boolean isServicePermitted(WithPermissionProperties permissionProperties) { - for (Role role : userRoles) { - if (role.getSubscriberId().equals(permissionProperties.getSubscriberId()) && role.getServiceType().equals(permissionProperties.getServiceType())) { - return true; - } + if (permissionProperties instanceof WithPermissionPropertiesSubscriberAndServiceType) { + return isServicePermitted( + (WithPermissionPropertiesSubscriberAndServiceType) permissionProperties + ); } return false; } + private boolean isServicePermitted(WithPermissionPropertiesSubscriberAndServiceType permissionProperties) { + return userRoles.stream().anyMatch(userRole -> + StringUtils.equals(userRole.getSubscriberId(), permissionProperties.getSubscriberId()) + && StringUtils.equals(userRole.getServiceType(), permissionProperties.getServiceType()) + ); + } + @Override public boolean isTenantPermitted(String subscriberId, String serviceType, String tenantName) { for (Role role : userRoles) { diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorFactory.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorFactory.java index f4334b1be..b171ad7e7 100644 --- a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorFactory.java +++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorFactory.java @@ -2,8 +2,7 @@ * ============LICENSE_START======================================================= * VID * ================================================================================ - * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved. - * Modifications Copyright (C) 2018 - 2019 Nokia. All rights reserved. + * Copyright (C) 2017 - 2020 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -54,7 +53,7 @@ public class RoleValidatorFactory { else if (featureManager.isActive(Features.FLAG_2006_USER_PERMISSIONS_BY_OWNING_ENTITY)){ return new RoleValidatorsComposer( new RoleValidatorBySubscriberAndServiceType(roles), - new RoleValidatorByOwningEntity() + new RoleValidatorByOwningEntity(roles) ); } else { diff --git a/vid-app-common/src/main/java/org/onap/vid/services/AaiServiceImpl.java b/vid-app-common/src/main/java/org/onap/vid/services/AaiServiceImpl.java index 66c0e6c04..696aca5ea 100644 --- a/vid-app-common/src/main/java/org/onap/vid/services/AaiServiceImpl.java +++ b/vid-app-common/src/main/java/org/onap/vid/services/AaiServiceImpl.java @@ -85,7 +85,7 @@ import org.onap.vid.model.aaiTree.NodeType; import org.onap.vid.model.aaiTree.RelatedVnf; import org.onap.vid.model.aaiTree.VpnBinding; import org.onap.vid.model.aaiTree.VpnBindingKt; -import org.onap.vid.roles.PermissionProperties; +import org.onap.vid.roles.PermissionPropertiesSubscriberAndServiceType; import org.onap.vid.roles.RoleValidator; import org.onap.vid.utils.Intersection; import org.onap.vid.utils.Logging; @@ -268,7 +268,7 @@ public class AaiServiceImpl implements AaiService { AaiResponse subscriberResponse = aaiClient.getSubscriberData(subscriberId, omitServiceInstances); for (ServiceSubscription serviceSubscription : subscriberResponse.getT().serviceSubscriptions.serviceSubscription) { serviceSubscription.isPermitted = roleValidator.isServicePermitted( - new PermissionProperties(serviceSubscription, subscriberResponse.getT().globalCustomerId)); + new PermissionPropertiesSubscriberAndServiceType(serviceSubscription, subscriberResponse.getT().globalCustomerId)); } return subscriberResponse; @@ -312,7 +312,7 @@ public class AaiServiceImpl implements AaiService { if (serviceSubscriptions != null) { for (ServiceSubscription serviceSubscription : serviceSubscriptions.serviceSubscription) { - serviceSubscription.isPermitted = roleValidator.isServicePermitted(new PermissionProperties(serviceSubscription, subscriberId)); + serviceSubscription.isPermitted = roleValidator.isServicePermitted(new PermissionPropertiesSubscriberAndServiceType(serviceSubscription, subscriberId)); results.addAll(getSearchResultsForSingleSubscription( serviceSubscription, subscriberId, instanceIdentifier, subscriberName, serviceSubscription.serviceType, roleValidator) diff --git a/vid-app-common/src/test/java/org/onap/vid/controller/LoggerControllerTest.java b/vid-app-common/src/test/java/org/onap/vid/controller/LoggerControllerTest.java index f0d840929..6f584ed3d 100644 --- a/vid-app-common/src/test/java/org/onap/vid/controller/LoggerControllerTest.java +++ b/vid-app-common/src/test/java/org/onap/vid/controller/LoggerControllerTest.java @@ -66,7 +66,7 @@ public class LoggerControllerTest { @Test public void shouldThrowNotAuthorizedException_whenUserIsNotAuthorizedToGetLogs() throws Exception { - List list = ImmutableList.of(new Role(EcompRole.READ, "subName1", "servType1", "tenant1")); + List list = ImmutableList.of(new Role(EcompRole.READ, "subName1", "servType1", "tenant1", "owningEntityId")); given(provider.getUserRoles(argThat(req -> req.getRequestedSessionId().equals("id1")))).willReturn(list); given(provider.userPermissionIsReadLogs(list)).willReturn(false); @@ -80,7 +80,7 @@ public class LoggerControllerTest { @Test public void shouldReturnLastAndOneBeforeLogLines_whenLimitIs2() throws Exception { - List list = ImmutableList.of(new Role(EcompRole.READ, "subName1", "servType1", "tenant1")); + List list = ImmutableList.of(new Role(EcompRole.READ, "subName1", "servType1", "tenant1", "owningEntityId")); given(provider.getUserRoles(argThat(req -> req.getRequestedSessionId().equals("id1")))).willReturn(list); given(provider.userPermissionIsReadLogs(list)).willReturn(true); @@ -96,7 +96,7 @@ public class LoggerControllerTest { @Test public void shouldReturnEmptyString_whenLogFileIsEmpty() throws Exception { - List list = ImmutableList.of(new Role(EcompRole.READ, "subName1", "servType1", "tenant1")); + List list = ImmutableList.of(new Role(EcompRole.READ, "subName1", "servType1", "tenant1", "owningEntityId")); given(provider.getUserRoles(argThat(req -> req.getRequestedSessionId().equals("id1")))).willReturn(list); given(provider.userPermissionIsReadLogs(list)).willReturn(true); @@ -111,7 +111,7 @@ public class LoggerControllerTest { @Test public void shouldReturnEmptyString_whenDebugLogFileIsEmpty() throws Exception { - List list = ImmutableList.of(new Role(EcompRole.READ, "subName1", "servType1", "tenant1")); + List list = ImmutableList.of(new Role(EcompRole.READ, "subName1", "servType1", "tenant1", "owningEntityId")); given(provider.getUserRoles(argThat(req -> req.getRequestedSessionId().equals("id1")))).willReturn(list); given(provider.userPermissionIsReadLogs(list)).willReturn(true); diff --git a/vid-app-common/src/test/java/org/onap/vid/controller/ServicePermissionsTest.java b/vid-app-common/src/test/java/org/onap/vid/controller/ServicePermissionsTest.java index 9f436b703..3b7dbfbb8 100644 --- a/vid-app-common/src/test/java/org/onap/vid/controller/ServicePermissionsTest.java +++ b/vid-app-common/src/test/java/org/onap/vid/controller/ServicePermissionsTest.java @@ -31,7 +31,7 @@ import static org.mockito.Mockito.when; import org.jetbrains.annotations.NotNull; import org.onap.vid.aai.model.Permissions; -import org.onap.vid.roles.PermissionProperties; +import org.onap.vid.roles.PermissionPropertiesSubscriberAndServiceType; import org.onap.vid.roles.RoleProvider; import org.onap.vid.roles.RoleValidator; import org.springframework.mock.web.MockHttpServletRequest; @@ -54,7 +54,7 @@ public class ServicePermissionsTest { RoleProvider roleProvider = mock(RoleProvider.class); RoleValidator roleValidator = mock(RoleValidator.class); when(roleProvider.getUserRolesValidator(any())).thenReturn(roleValidator); - when(roleValidator.isServicePermitted(new PermissionProperties(subscriberId, serviceType))).thenReturn(expected); + when(roleValidator.isServicePermitted(new PermissionPropertiesSubscriberAndServiceType(subscriberId, serviceType))).thenReturn(expected); AaiController2 aaiController2 = new AaiController2(null, roleProvider, null, null); diff --git a/vid-app-common/src/test/java/org/onap/vid/roles/AlwaysValidRoleValidatorTest.java b/vid-app-common/src/test/java/org/onap/vid/roles/AlwaysValidRoleValidatorTest.java index 4b511fe52..6826b1e4a 100644 --- a/vid-app-common/src/test/java/org/onap/vid/roles/AlwaysValidRoleValidatorTest.java +++ b/vid-app-common/src/test/java/org/onap/vid/roles/AlwaysValidRoleValidatorTest.java @@ -33,7 +33,8 @@ public class AlwaysValidRoleValidatorTest { @Test public void testIsServicePermitted() { - assertTrue(new AlwaysValidRoleValidator().isServicePermitted(new PermissionProperties("any", "any"))); + WithPermissionProperties emptyPermissionProperties = new WithPermissionProperties() {}; + assertTrue(new AlwaysValidRoleValidator().isServicePermitted(emptyPermissionProperties)); } @Test diff --git a/vid-app-common/src/test/java/org/onap/vid/roles/RoleProviderTest.java b/vid-app-common/src/test/java/org/onap/vid/roles/RoleProviderTest.java index 3935349c0..8d81c929c 100644 --- a/vid-app-common/src/test/java/org/onap/vid/roles/RoleProviderTest.java +++ b/vid-app-common/src/test/java/org/onap/vid/roles/RoleProviderTest.java @@ -22,7 +22,6 @@ package org.onap.vid.roles; import static org.assertj.core.api.Assertions.assertThat; -import static org.hamcrest.CoreMatchers.is; import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.when; import static org.mockito.MockitoAnnotations.initMocks; @@ -32,7 +31,6 @@ import java.util.List; import java.util.Map; import javax.servlet.http.HttpServletRequest; import org.assertj.core.util.Lists; -import org.hamcrest.CoreMatchers; import org.mockito.Mock; import org.onap.vid.aai.AaiResponse; import org.onap.vid.aai.exceptions.RoleParsingException; @@ -117,7 +115,7 @@ public class RoleProviderTest { @Test public void shouldProperlyRetrieveUserRolesWhenPermissionIsDifferentThanRead() { - Role expectedRole = new Role(EcompRole.READ, SAMPLE_SUBSCRIBER_ID, SAMPLE_SERVICE, SAMPLE_TENANT); + Role expectedRole = new Role(EcompRole.READ, SAMPLE_SUBSCRIBER_ID, SAMPLE_SERVICE, SAMPLE_TENANT, owningEntityId()); setSubscribers(); List userRoles = roleProvider.getUserRoles(request); @@ -138,13 +136,14 @@ public class RoleProviderTest { @Test public void shouldReturnNotReadOnlyPermissionWhenRolesArePresent() { - assertThat(roleProvider.userPermissionIsReadOnly(Lists.list(new Role(EcompRole.READ, SAMPLE_SUBSCRIBER, SAMPLE_SERVICE, SAMPLE_TENANT)))).isFalse(); + assertThat(roleProvider.userPermissionIsReadOnly(Lists.list(new Role( + EcompRole.READ, SAMPLE_SUBSCRIBER, SAMPLE_SERVICE, SAMPLE_TENANT, owningEntityId())))).isFalse(); } @Test public void userShouldHavePermissionToReadLogsWhenServiceAndTenantAreCorrect() { - Role withoutPermission = new Role(EcompRole.READ, SAMPLE_SUBSCRIBER, SAMPLE_SERVICE, SAMPLE_TENANT); - Role withPermission = new Role(EcompRole.READ, SAMPLE_SUBSCRIBER, SERVICE_TYPE_LOGS, TENANT_PERMITTED); + Role withoutPermission = new Role(EcompRole.READ, SAMPLE_SUBSCRIBER, SAMPLE_SERVICE, SAMPLE_TENANT, owningEntityId()); + Role withPermission = new Role(EcompRole.READ, SAMPLE_SUBSCRIBER, SERVICE_TYPE_LOGS, TENANT_PERMITTED, owningEntityId()); assertThat(roleProvider.userPermissionIsReadLogs(Lists.list(withoutPermission, withPermission))).isTrue(); } @@ -159,6 +158,12 @@ public class RoleProviderTest { assertThat(result).isEqualTo(expectedRoleValidator); } + private String owningEntityId() { + // while translateOwningEntityNameToOwningEntityId does nothing, no translation happens. + // this will be changed later. + return SAMPLE_SUBSCRIBER; + } + private void setSubscribers() { Subscriber subscriber = new Subscriber(); subscriber.subscriberName = SAMPLE_SUBSCRIBER; diff --git a/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorByOwningEntityTest.java b/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorByOwningEntityTest.java index 8d7a1b97a..d84ac6edd 100644 --- a/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorByOwningEntityTest.java +++ b/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorByOwningEntityTest.java @@ -20,15 +20,23 @@ package org.onap.vid.roles; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.MatcherAssert.assertThat; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.withSettings; import static org.testng.Assert.assertFalse; +import com.google.common.collect.ImmutableList; import org.testng.annotations.BeforeMethod; +import org.testng.annotations.DataProvider; import org.testng.annotations.Test; public class RoleValidatorByOwningEntityTest { private static final String OWNING_ENTITY_ID = "owningEntityId"; private static final String SUBSCRIBER_NAME = "subscriber_name"; + private static final String NOT_MATCHING_OWNING_ENTITY_ID = "notMatchingOwningEntityId"; + private static final String SERVICE_TYPE = "serviceType"; private static final String GLOBAL_CUSTOMER_ID = "globalCustomerId"; private static final String TENANT_NAME = "tenantName"; @@ -37,13 +45,9 @@ public class RoleValidatorByOwningEntityTest { private RoleValidatorByOwningEntity roleValidatorByOwningEntity; @BeforeMethod - public void setup(){ - roleValidatorByOwningEntity = new RoleValidatorByOwningEntity(); - } - - @Test - public void testIsOwningEntityIdPermitted() { - assertFalse(roleValidatorByOwningEntity.isOwningEntityIdPermitted(OWNING_ENTITY_ID)); + public void setup() { + final Role SAMPLE_ROLE = new Role(EcompRole.READ, "", "", "", OWNING_ENTITY_ID); + roleValidatorByOwningEntity = new RoleValidatorByOwningEntity(ImmutableList.of(SAMPLE_ROLE)); } @Test @@ -52,13 +56,35 @@ public class RoleValidatorByOwningEntityTest { } @Test - public void testIsServicePermitted() { - assertFalse(roleValidatorByOwningEntity.isServicePermitted(new PermissionProperties(SUBSCRIBER_NAME, SERVICE_TYPE))); + public void isServicePermitted_owningEntityMatch_returnTrue() { + PermissionPropertiesOwningEntity permittedOwningEntity = + new PermissionPropertiesOwningEntity(OWNING_ENTITY_ID); + + assertThat(roleValidatorByOwningEntity.isServicePermitted(permittedOwningEntity), is(true)); + } + + @DataProvider + public static Object[][] nonMatchingPermissionProperties() { + return new Object[][]{ + {new PermissionPropertiesOwningEntity(NOT_MATCHING_OWNING_ENTITY_ID)}, + {new PermissionPropertiesOwningEntity("")}, + {new WithPermissionProperties() {}}, + {mock(PermissionPropertiesOwningEntity.class, + withSettings().name("PermissionPropertiesOwningEntity with null owningEntityId"))}, + {new PermissionPropertiesSubscriberAndServiceType(OWNING_ENTITY_ID, OWNING_ENTITY_ID)}, + }; + } + + @Test(dataProvider = "nonMatchingPermissionProperties") + public void isServicePermitted_nonMatchingPermissionProperties_returnFalse(WithPermissionProperties permissionProperties) { + assertThat(permissionProperties.toString(), roleValidatorByOwningEntity.isServicePermitted( + permissionProperties + ), is(false)); } @Test public void testIsTenantPermitted() { - assertFalse(roleValidatorByOwningEntity.isTenantPermitted(GLOBAL_CUSTOMER_ID , SERVICE_TYPE, TENANT_NAME)); + assertFalse(roleValidatorByOwningEntity.isTenantPermitted(GLOBAL_CUSTOMER_ID, SERVICE_TYPE, TENANT_NAME)); } -} \ No newline at end of file +} diff --git a/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceTypeTest.java b/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceTypeTest.java index d90ea51a9..b6958cd67 100644 --- a/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceTypeTest.java +++ b/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceTypeTest.java @@ -24,10 +24,7 @@ package org.onap.vid.roles; import static org.assertj.core.api.Assertions.assertThat; import com.google.common.collect.ImmutableList; -import com.google.common.collect.ImmutableMap; import java.util.List; -import java.util.Map; -import org.onap.vid.mso.rest.RequestDetails; import org.testng.annotations.BeforeMethod; import org.testng.annotations.Test; @@ -38,20 +35,17 @@ public class RoleValidatorBySubscriberAndServiceTypeTest { private static final String SAMPLE_SERVICE_TYPE = "sampleServiceType"; private static final String NOT_MATCHING_TENANT = "notMatchingTenant"; private static final String SAMPLE_TENANT = "sampleTenant"; + private static final String SOME_OWNING_ENTITY_ID = "someOwningEntityId"; - private static final Role SAMPLE_ROLE = new Role(EcompRole.READ, SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE, SAMPLE_TENANT); + private static final Role SAMPLE_ROLE = new Role( + EcompRole.READ, SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE, SAMPLE_TENANT, SOME_OWNING_ENTITY_ID); private List roles = ImmutableList.of(SAMPLE_ROLE); - private Map subscriberInfo = ImmutableMap.of("globalSubscriberId", SAMPLE_SUBSCRIBER); - private Map requestParameters = ImmutableMap.of("subscriptionServiceType", SAMPLE_SERVICE_TYPE); - private Map requestDetailsProperties = ImmutableMap.of("subscriberInfo", subscriberInfo, "requestParameters", requestParameters); - private RequestDetails requestDetails; private RoleValidatorBySubscriberAndServiceType roleValidatorBySubscriberAndServiceType; @BeforeMethod public void setUp() { roleValidatorBySubscriberAndServiceType = new RoleValidatorBySubscriberAndServiceType(roles); - requestDetails = new RequestDetails(); } @Test @@ -66,19 +60,33 @@ public class RoleValidatorBySubscriberAndServiceTypeTest { @Test public void shouldPermitServiceWhenNamesMatches() { - assertThat(roleValidatorBySubscriberAndServiceType.isServicePermitted(new PermissionProperties(SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE))).isTrue(); + assertThat(roleValidatorBySubscriberAndServiceType.isServicePermitted( + new PermissionPropertiesSubscriberAndServiceType(SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE))).isTrue(); } + @Test + public void isServicePermitted_serviceWithAllPermissionProperties_isPermitted() { + assertThat(roleValidatorBySubscriberAndServiceType.isServicePermitted( + new AllPermissionProperties(SAMPLE_SUBSCRIBER, SAMPLE_SERVICE_TYPE, SOME_OWNING_ENTITY_ID))).isTrue(); + } @Test public void shouldNotPermitServiceWhenSubscriberNameNotMatches() { assertThat( - roleValidatorBySubscriberAndServiceType.isServicePermitted(new PermissionProperties(NOT_MATCHING_SUBSCRIBER, SAMPLE_SERVICE_TYPE))).isFalse(); + roleValidatorBySubscriberAndServiceType.isServicePermitted( + new PermissionPropertiesSubscriberAndServiceType(NOT_MATCHING_SUBSCRIBER, SAMPLE_SERVICE_TYPE))).isFalse(); } @Test public void shouldNotPermitServiceWhenServiceTypeNotMatches() { - assertThat(roleValidatorBySubscriberAndServiceType.isServicePermitted(new PermissionProperties(SAMPLE_SUBSCRIBER, NOT_MATCHING_SUBSCRIBER))).isFalse(); + assertThat(roleValidatorBySubscriberAndServiceType.isServicePermitted( + new PermissionPropertiesSubscriberAndServiceType(SAMPLE_SUBSCRIBER, NOT_MATCHING_SUBSCRIBER))).isFalse(); + } + + @Test + public void isServicePermitted_owningEntityPermissionProperties_isNotPermitted() { + assertThat(roleValidatorBySubscriberAndServiceType.isServicePermitted( + new PermissionPropertiesOwningEntity(SAMPLE_SUBSCRIBER))).isFalse(); } @Test diff --git a/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorsComposerTest.java b/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorsComposerTest.java index 91ea953fb..c0892dafb 100644 --- a/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorsComposerTest.java +++ b/vid-app-common/src/test/java/org/onap/vid/roles/RoleValidatorsComposerTest.java @@ -43,7 +43,7 @@ public class RoleValidatorsComposerTest { public static Object[][] allInterfaceFunctions() { return Stream.>of( (RoleValidator o) -> o.isSubscriberPermitted("subscriberId"), - (RoleValidator o) -> o.isServicePermitted(new PermissionProperties("subscriberId", "serviceType")), + (RoleValidator o) -> o.isServicePermitted(new WithPermissionProperties() {}), (RoleValidator o) -> o.isTenantPermitted("subscriberId", "serviceType", "tenantName") ).map(it -> new Object[]{it}).collect(toList()).toArray(new Object[][]{}); } -- cgit 1.2.3-korg