*/
public enum AppRoleLevel implements Serializable {
APPADMIN(0, "App-Admin", "Application Administrator"), APPUSER(1,
- "App-User", "Application User"), APPOPERATOR(2, "Network-Operator",
+ "App-User", "Application User"), APPOPERATOR(2, "App-Operator",
"Application Operator"), NOUSER(255, "Unknown User", "Unknown User");
private int userLevel;
public String toStringPretty() {
return this.prettyLevel;
}
-}
+
+ public static AppRoleLevel fromString(String levelString) {
+ for (AppRoleLevel level : AppRoleLevel.values()) {
+ if (level.toString().equals(levelString)) {
+ return level;
+ }
+ }
+ return null;
+ }
+}
import java.util.List;
import java.util.Set;
+import org.opendaylight.controller.sal.utils.Status;
+
/**
* Interface for applications which maintain an authorization
* database for their resources. Respective application web bundle
*
* @param role the role name
* @param userLevel the user level in the application context
- */
- public void createRole(String role, AppRoleLevel userLevel);
+ * @return the status of the request
+ */
+ public Status createRole(String role, AppRoleLevel userLevel);
+ /**
+ * Remove a Role
+ *
+ * @param role the role name
+ * @return the status of the request
+ */
+ public Status removeRole(String role);
+
/**
* Return the list of roles configured for the application
*
*
* @param groupName the name for the resource group
* @param resources the list of resources for the group
+ * @return the status of the request
*/
- public void createResourceGroup(String groupName, List<Object> resources);
+ public Status createResourceGroup(String groupName, List<Object> resources);
/**
* Removes a resource group
*
* @param groupName the name of the group
+ * @return the status of the request
*/
- public void removeResourceGroup(String groupName);
+ public Status removeResourceGroup(String groupName);
/**
* Returns the list of resource groups configured for the application
*
* @param groupName the object expressing the resource group name and the access privilege
* @param role the user group (role) name
+ * @return the status of the request
*/
- public void assignResourceGroupToRole(String groupName,
+ public Status assignResourceGroupToRole(String groupName,
Privilege privilege, String role);
+ /**
+ * Unassign the passed resource group from the specified role
+ *
+ * @param group
+ * @param role
+ * @return the status of the request
+ */
+ public Status unassignResourceGroupFromRole(String group, String role);
+
/**
* Returns the list of resource groups the given Role is authorized to use
* The returning object expresses the resource group name and the access
*
* @param userName
* @param resource
- * @return
+ * @return the privilege the user has on the passed resource
*/
public Privilege getResourcePrivilege(String userName, Object resource);
@Test
public void testAppRoleLevel() {
AppRoleLevel appRoleLevel = AppRoleLevel.APPOPERATOR;
- Assert.assertTrue(appRoleLevel.toString().equals("Network-Operator"));
+ Assert.assertTrue(appRoleLevel.toString().equals("App-Operator"));
Assert.assertTrue(appRoleLevel.toNumber() == 2);
Assert.assertTrue(appRoleLevel.toStringPretty().equals("Application Operator"));
}
Assert.assertTrue(userLevel.toNumber() == 0);
Assert.assertTrue(userLevel.toStringPretty().equals("System Administrator"));
}
+
+ @Test
+ public void testAppRoleLevelFromString() {
+ Assert.assertTrue(AppRoleLevel.fromString("App-Admin") == AppRoleLevel.APPADMIN);
+ Assert.assertTrue(AppRoleLevel.fromString("App-User") == AppRoleLevel.APPUSER);
+ Assert.assertTrue(AppRoleLevel.fromString("App-Operator") == AppRoleLevel.APPOPERATOR);
+ Assert.assertTrue(AppRoleLevel.fromString(" ") == null);
+ Assert.assertTrue(AppRoleLevel.fromString("") == null);
+ Assert.assertTrue(AppRoleLevel.fromString("App-Admini") == null);
+ }
}
@Override
public UserLevel getUserLevel(String username) {
// Returns the controller well-know user level for the passed user
- if (!activeUsers.containsKey(username)) {
- return UserLevel.NOUSER;
- }
+ String roleName = null;
+ // First check in active users then in local configured users
+ if (activeUsers.containsKey(username)) {
+ roleName = activeUsers.get(username).getUserRoles().get(0);
+ } else if (localUserConfigList.containsKey(username)) {
+ roleName = localUserConfigList.get(username).getRole();
+ }
+
+ if (roleName == null) {
+ return UserLevel.NOUSER;
+ }
+
// For now only one role per user is allowed
- String roleName = activeUsers.get(username).getUserRoles().get(0);
if (roleName.equals(UserLevel.SYSTEMADMIN.toString())) {
return UserLevel.SYSTEMADMIN;
}
}
}
return UserLevel.NOUSER;
-
}
@Override
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
+import java.util.Date;
import java.util.concurrent.ConcurrentHashMap;
+import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.opendaylight.controller.sal.authorization.AuthResultEnum;
public void testReadObject() {
// fail("Not yet implemented");
}
+
+ @Test
+ public void testGetUserLevel() {
+ um.addLocalUser(new UserConfig("Jack", "password",
+ UserLevel.SYSTEMADMIN.toString()));
+ um.authenticate("Jack", "password");
+
+ um.addLocalUser(new UserConfig("John", "password",
+ UserLevel.NETWORKOPERATOR.toString()));
+ // Run the check on authenticated user
+ Assert.assertTrue(um.getUserLevel("Jack") == UserLevel.SYSTEMADMIN);
+ // Run the check on configured users
+ Assert.assertTrue(um.getUserLevel("John") == UserLevel.NETWORKOPERATOR);
+ Assert.assertTrue(um.getUserLevel("Andrew") == UserLevel.NOUSER);
+ }
}