Enable Organizations to have a subset of users the user roles of which do not expire
Issue-ID: AAF-1149
Signed-off-by: Sean Hassan <sean.hassan@att.com>
Change-Id: Iaf04456abe78f2cb7972587b50f00bcaac3f83aa
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java
index ff2c72a..3a813ec 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java
@@ -438,7 +438,12 @@
if(r!=null) {
Approval existing = findApproval(ur);
if(existing==null) {
- ur.row(needApproveCW,UserRole.APPROVE_UR);
+ if (org.isUserExpireExempt(ur.user(), ur.expires())) {
+ ur.row(notCompliantCW, UserRole.UR);
+ } else {
+ ur.row(needApproveCW, UserRole.APPROVE_UR,
+ "Expired user role! Membership expired " + Chrono.dateOnlyStamp(ur.expires()));
+ }
}
}
}
diff --git a/auth/auth-cass/pom.xml b/auth/auth-cass/pom.xml
index e061f06..2b46581 100644
--- a/auth/auth-cass/pom.xml
+++ b/auth/auth-cass/pom.xml
@@ -123,6 +123,11 @@
<artifactId>slf4j-log4j12</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.onap.aaf.authz</groupId>
+ <artifactId>aaf-auth-deforg</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
<plugins>
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java
index 5a27e5e..5a66be8 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/PermLookup.java
@@ -82,7 +82,7 @@
List<UserRoleDAO.Data> lurdd = new ArrayList<>();
Date now = new Date();
for (UserRoleDAO.Data urdd : userRoles.value) {
- if (urdd.expires.after(now)) { // Remove Expired
+ if (urdd.expires.after(now) || trans.org().isUserExpireExempt(user, urdd.expires)) { // Remove Expired
lurdd.add(urdd);
}
}
diff --git a/auth/auth-cass/src/test/java/org/onap/aaf/auth/dao/hl/JU_PermLookup.java b/auth/auth-cass/src/test/java/org/onap/aaf/auth/dao/hl/JU_PermLookup.java
index f5d22ba..1d82505 100644
--- a/auth/auth-cass/src/test/java/org/onap/aaf/auth/dao/hl/JU_PermLookup.java
+++ b/auth/auth-cass/src/test/java/org/onap/aaf/auth/dao/hl/JU_PermLookup.java
@@ -49,6 +49,7 @@
import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.misc.env.LogTarget;
+import org.onap.aaf.org.DefaultOrg;
@RunWith(MockitoJUnitRunner.class)
@@ -130,13 +131,17 @@
Result<List<UserRoleDAO.Data>> retVal1 = Mockito.mock(Result.class);
retVal1.value = new ArrayList<UserRoleDAO.Data>();
UserRoleDAO.Data dataObj = Mockito.mock( UserRoleDAO.Data.class);
-
dataObj.expires = new Date();
retVal1.value.add(dataObj);
Mockito.doReturn(true).when(retVal1).isOKhasData();
+
Mockito.doReturn(retVal1).when(userRoleDAO).readByUser(trans,"");
- PermLookup cassExecutorObj =PermLookup.get(trans, q,"");
+
+ DefaultOrg org = Mockito.mock(DefaultOrg.class);
+ when(trans.org()).thenReturn(org);
+
+ PermLookup cassExecutorObj = PermLookup.get(trans, q,"");
Result<List<UserRoleDAO.Data>> userRoles = cassExecutorObj.getUserRoles();
//System.out.println(""+userRoles.status);
@@ -151,7 +156,11 @@
Mockito.doReturn(false).when(retVal1).isOKhasData();
Mockito.doReturn(retVal1).when(userRoleDAO).readByUser(trans,"");
- PermLookup cassExecutorObj =PermLookup.get(trans, q,"");
+
+ DefaultOrg org = Mockito.mock(DefaultOrg.class);
+ when(trans.org()).thenReturn(org);
+
+ PermLookup cassExecutorObj = PermLookup.get(trans, q,"");
Result<List<UserRoleDAO.Data>> userRoles = cassExecutorObj.getUserRoles();
// System.out.println("output is"+userRoles.status);
@@ -174,7 +183,11 @@
retVal1.value.add(dataObj);
Mockito.doReturn(true).when(retVal1).isOKhasData();
Mockito.doReturn(retVal1).when(userRoleDAO).readByUser(trans,"");
- PermLookup cassExecutorObj =PermLookup.get(trans, q,"");
+
+ DefaultOrg org = Mockito.mock(DefaultOrg.class);
+ when(trans.org()).thenReturn(org);
+
+ PermLookup cassExecutorObj = PermLookup.get(trans, q,"");
Result<List<UserRoleDAO.Data>> userRoles = cassExecutorObj.getUserRoles();
//System.out.println(userRoles.status);
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java
index f34ed15..795231e 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java
@@ -348,6 +348,16 @@
public void setTestMode(boolean dryRun);
+ /**
+ * Evaluates a user to determine if they are exempt from role expiration.
+ * Returns true if true, false is false. Default implementation is always false.
+ *
+ * @param user
+ * @param expires
+ * @return
+ */
+ public boolean isUserExpireExempt(String user, Date expires);
+
public static final Organization NULL = new Organization()
{
private final GregorianCalendar gc = new GregorianCalendar(1900, 1, 1);
@@ -586,6 +596,11 @@
return null;
}
+ @Override
+ public boolean isUserExpireExempt(String user, Date expires) {
+ return false;
+ }
+
};
}
diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
index 1822e99..c7f3b1c 100644
--- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
+++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
@@ -705,4 +705,9 @@
return 0;
}
}
+
+ @Override
+ public boolean isUserExpireExempt(String user, Date expires) {
+ return false;
+ }
}