ISSUE: Some changes to Authorization 09/109/2
authorAlessandro Boch <aboch@cisco.com>
Fri, 5 Apr 2013 02:43:34 +0000 (19:43 -0700)
committerAlessandro Boch <aboch@cisco.com>
Fri, 5 Apr 2013 03:00:23 +0000 (20:00 -0700)
CHANGE:
- Fixed enum string in AppRoleLevel and added fromString() method
- Added couple of methods to IResourceAuthorization
- Have some IResourceAuthorization methods to return Status
- Changed UserManagerImpl.getUserLevel() to check against local configured users as well, instead of against only local authenticated users
- Added a couple of Junits tests

Change-Id: I713fa48afa9791a2ba1a4a837dce678d03e4c171
Signed-off-by: Alessandro Boch <aboch@cisco.com>
opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/AppRoleLevel.java
opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/IResourceAuthorization.java
opendaylight/sal/api/src/test/java/org/opendaylight/controller/sal/authorization/AuthorizationTest.java
opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/internal/UserManagerImpl.java
opendaylight/usermanager/src/test/java/org/opendaylight/controller/usermanager/internal/UserManagerImplTest.java

index aa6514c..f08fc84 100644 (file)
@@ -19,7 +19,7 @@ import java.io.Serializable;
  */
 public enum AppRoleLevel implements Serializable {
     APPADMIN(0, "App-Admin", "Application Administrator"), APPUSER(1,
-            "App-User", "Application User"), APPOPERATOR(2, "Network-Operator",
+            "App-User", "Application User"), APPOPERATOR(2, "App-Operator",
             "Application Operator"), NOUSER(255, "Unknown User", "Unknown User");
 
     private int userLevel;
@@ -43,4 +43,13 @@ public enum AppRoleLevel implements Serializable {
     public String toStringPretty() {
         return this.prettyLevel;
     }
-}
+    
+    public static AppRoleLevel fromString(String levelString) {
+       for (AppRoleLevel level : AppRoleLevel.values()) {
+               if (level.toString().equals(levelString)) {
+                       return level;
+               }
+       }
+       return null;                    
+    }
+} 
index 1609674..cabe571 100644 (file)
@@ -12,6 +12,8 @@ package org.opendaylight.controller.sal.authorization;
 import java.util.List;
 import java.util.Set;
 
+import org.opendaylight.controller.sal.utils.Status;
+
 /**
  * Interface for applications which maintain an authorization
  * database for their resources. Respective application web bundle
@@ -25,9 +27,18 @@ public interface IResourceAuthorization {
      *
      * @param role     the role name
      * @param userLevel        the user level in the application context
-     */
-    public void createRole(String role, AppRoleLevel userLevel);
+        * @return the status of the request
+        */
+    public Status createRole(String role, AppRoleLevel userLevel);
 
+    /**
+     * Remove a Role
+     * 
+     * @param role the role name
+     * @return the status of the request
+     */
+    public Status removeRole(String role);
+    
     /**
      * Return the list of roles configured for the application
      *
@@ -59,15 +70,17 @@ public interface IResourceAuthorization {
      *
      * @param groupName the name for the resource group
      * @param resources the list of resources for the group
+     * @return the status of the request
      */
-    public void createResourceGroup(String groupName, List<Object> resources);
+    public Status createResourceGroup(String groupName, List<Object> resources);
 
     /**
      * Removes a resource group
      *
      * @param groupName the name of the group
+     * @return the status of the request
      */
-    public void removeResourceGroup(String groupName);
+    public Status removeResourceGroup(String groupName);
 
     /**
      * Returns the list of resource groups configured for the application
@@ -81,10 +94,20 @@ public interface IResourceAuthorization {
      *
      * @param groupName the object expressing the resource group name and the access privilege
      * @param role the user group (role) name
+     * @return the status of the request
      */
-    public void assignResourceGroupToRole(String groupName,
+    public Status assignResourceGroupToRole(String groupName,
             Privilege privilege, String role);
 
+    /**
+     * Unassign the passed resource group from the specified role
+     * 
+     * @param group
+     * @param role
+     * @return the status of the request
+     */
+    public Status unassignResourceGroupFromRole(String group, String role);
+    
     /**
      * Returns the list of resource groups the given Role is authorized to use
      * The returning object expresses the resource group name and the access
@@ -146,7 +169,7 @@ public interface IResourceAuthorization {
      *
      * @param userName
      * @param resource
-     * @return
+     * @return the privilege the user has on the passed resource
      */
     public Privilege getResourcePrivilege(String userName, Object resource);
 
index 518e9c6..55adfda 100644 (file)
@@ -52,7 +52,7 @@ import org.opendaylight.controller.sal.utils.NodeCreator;
        @Test
        public void testAppRoleLevel() {
                AppRoleLevel appRoleLevel = AppRoleLevel.APPOPERATOR;
-               Assert.assertTrue(appRoleLevel.toString().equals("Network-Operator"));
+               Assert.assertTrue(appRoleLevel.toString().equals("App-Operator"));
                Assert.assertTrue(appRoleLevel.toNumber() == 2);
                Assert.assertTrue(appRoleLevel.toStringPretty().equals("Application Operator"));
        }
@@ -64,4 +64,14 @@ import org.opendaylight.controller.sal.utils.NodeCreator;
                Assert.assertTrue(userLevel.toNumber() == 0);
                Assert.assertTrue(userLevel.toStringPretty().equals("System Administrator"));
        }
+       
+       @Test
+       public void testAppRoleLevelFromString() {
+               Assert.assertTrue(AppRoleLevel.fromString("App-Admin") == AppRoleLevel.APPADMIN);
+               Assert.assertTrue(AppRoleLevel.fromString("App-User") == AppRoleLevel.APPUSER);
+               Assert.assertTrue(AppRoleLevel.fromString("App-Operator") == AppRoleLevel.APPOPERATOR);
+               Assert.assertTrue(AppRoleLevel.fromString(" ") == null);
+               Assert.assertTrue(AppRoleLevel.fromString("") == null);
+               Assert.assertTrue(AppRoleLevel.fromString("App-Admini") == null);               
+       }
 }
index 7147c0a..0aad599 100644 (file)
@@ -825,12 +825,20 @@ public class UserManagerImpl implements IUserManager, IObjectReader,
     @Override
     public UserLevel getUserLevel(String username) {
         // Returns the controller well-know user level for the passed user
-        if (!activeUsers.containsKey(username)) {
-            return UserLevel.NOUSER;
-        }
+       String roleName = null;
 
+       // First check in active users then in local configured users
+        if (activeUsers.containsKey(username)) {
+               roleName = activeUsers.get(username).getUserRoles().get(0);
+        } else if (localUserConfigList.containsKey(username)) {
+               roleName = localUserConfigList.get(username).getRole();
+        }
+        
+        if (roleName == null) {
+               return UserLevel.NOUSER;
+        }
+        
         // For now only one role per user is allowed
-        String roleName = activeUsers.get(username).getUserRoles().get(0);
         if (roleName.equals(UserLevel.SYSTEMADMIN.toString())) {
             return UserLevel.SYSTEMADMIN;
         }
@@ -851,7 +859,6 @@ public class UserManagerImpl implements IUserManager, IObjectReader,
             }
         }
         return UserLevel.NOUSER;
-
     }
 
     @Override
index 5b65028..ec7b136 100644 (file)
@@ -13,8 +13,10 @@ import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
+import java.util.Date;
 import java.util.concurrent.ConcurrentHashMap;
 
+import org.junit.Assert;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.opendaylight.controller.sal.authorization.AuthResultEnum;
@@ -228,4 +230,19 @@ public class UserManagerImplTest {
        public void testReadObject() {
                // fail("Not yet implemented");
        }
+       
+       @Test
+       public void testGetUserLevel() {
+               um.addLocalUser(new UserConfig("Jack", "password",
+                               UserLevel.SYSTEMADMIN.toString()));
+               um.authenticate("Jack", "password");
+               
+               um.addLocalUser(new UserConfig("John", "password",
+                               UserLevel.NETWORKOPERATOR.toString()));
+               // Run the check on authenticated user
+               Assert.assertTrue(um.getUserLevel("Jack") == UserLevel.SYSTEMADMIN);
+               // Run the check on configured users
+               Assert.assertTrue(um.getUserLevel("John") == UserLevel.NETWORKOPERATOR);
+               Assert.assertTrue(um.getUserLevel("Andrew") == UserLevel.NOUSER);
+       }
 }