From 7b5da62ba81e4bb33e245add85b1c32cf2e6c8a0 Mon Sep 17 00:00:00 2001
From: Alessandro Boch <aboch@cisco.com>
Date: Thu, 4 Apr 2013 19:43:34 -0700
Subject: [PATCH] ISSUE: Some changes to Authorization

CHANGE:
- Fixed enum string in AppRoleLevel and added fromString() method
- Added couple of methods to IResourceAuthorization
- Have some IResourceAuthorization methods to return Status
- Changed UserManagerImpl.getUserLevel() to check against local configured users as well, instead of against only local authenticated users
- Added a couple of Junits tests

Change-Id: I713fa48afa9791a2ba1a4a837dce678d03e4c171
Signed-off-by: Alessandro Boch <aboch@cisco.com>
---
 .../sal/authorization/AppRoleLevel.java       | 13 +++++--
 .../authorization/IResourceAuthorization.java | 35 +++++++++++++++----
 .../sal/authorization/AuthorizationTest.java  | 12 ++++++-
 .../usermanager/internal/UserManagerImpl.java | 17 ++++++---
 .../internal/UserManagerImplTest.java         | 17 +++++++++
 5 files changed, 80 insertions(+), 14 deletions(-)

diff --git a/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/AppRoleLevel.java b/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/AppRoleLevel.java
index aa6514cd74..f08fc84a2c 100644
--- a/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/AppRoleLevel.java
+++ b/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/AppRoleLevel.java
@@ -19,7 +19,7 @@ import java.io.Serializable;
  */
 public enum AppRoleLevel implements Serializable {
     APPADMIN(0, "App-Admin", "Application Administrator"), APPUSER(1,
-            "App-User", "Application User"), APPOPERATOR(2, "Network-Operator",
+            "App-User", "Application User"), APPOPERATOR(2, "App-Operator",
             "Application Operator"), NOUSER(255, "Unknown User", "Unknown User");
 
     private int userLevel;
@@ -43,4 +43,13 @@ public enum AppRoleLevel implements Serializable {
     public String toStringPretty() {
         return this.prettyLevel;
     }
-}
+    
+    public static AppRoleLevel fromString(String levelString) {
+    	for (AppRoleLevel level : AppRoleLevel.values()) {
+    		if (level.toString().equals(levelString)) {
+    			return level;
+    		}
+    	}
+    	return null;    		
+    }
+} 
diff --git a/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/IResourceAuthorization.java b/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/IResourceAuthorization.java
index 1609674824..cabe571258 100644
--- a/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/IResourceAuthorization.java
+++ b/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/IResourceAuthorization.java
@@ -12,6 +12,8 @@ package org.opendaylight.controller.sal.authorization;
 import java.util.List;
 import java.util.Set;
 
+import org.opendaylight.controller.sal.utils.Status;
+
 /**
  * Interface for applications which maintain an authorization
  * database for their resources. Respective application web bundle
@@ -25,9 +27,18 @@ public interface IResourceAuthorization {
      *
      * @param role	the role name
      * @param userLevel	the user level in the application context
-     */
-    public void createRole(String role, AppRoleLevel userLevel);
+	 * @return the status of the request
+	 */
+    public Status createRole(String role, AppRoleLevel userLevel);
 
+    /**
+     * Remove a Role
+     * 
+     * @param role the role name
+     * @return the status of the request
+     */
+    public Status removeRole(String role);
+    
     /**
      * Return the list of roles configured for the application
      *
@@ -59,15 +70,17 @@ public interface IResourceAuthorization {
      *
      * @param groupName the name for the resource group
      * @param resources the list of resources for the group
+     * @return the status of the request
      */
-    public void createResourceGroup(String groupName, List<Object> resources);
+    public Status createResourceGroup(String groupName, List<Object> resources);
 
     /**
      * Removes a resource group
      *
      * @param groupName the name of the group
+     * @return the status of the request
      */
-    public void removeResourceGroup(String groupName);
+    public Status removeResourceGroup(String groupName);
 
     /**
      * Returns the list of resource groups configured for the application
@@ -81,10 +94,20 @@ public interface IResourceAuthorization {
      *
      * @param groupName the object expressing the resource group name and the access privilege
      * @param role the user group (role) name
+     * @return the status of the request
      */
-    public void assignResourceGroupToRole(String groupName,
+    public Status assignResourceGroupToRole(String groupName,
             Privilege privilege, String role);
 
+    /**
+     * Unassign the passed resource group from the specified role
+     * 
+     * @param group
+     * @param role
+     * @return the status of the request
+     */
+    public Status unassignResourceGroupFromRole(String group, String role);
+    
     /**
      * Returns the list of resource groups the given Role is authorized to use
      * The returning object expresses the resource group name and the access
@@ -146,7 +169,7 @@ public interface IResourceAuthorization {
      *
      * @param userName
      * @param resource
-     * @return
+     * @return the privilege the user has on the passed resource
      */
     public Privilege getResourcePrivilege(String userName, Object resource);
 
diff --git a/opendaylight/sal/api/src/test/java/org/opendaylight/controller/sal/authorization/AuthorizationTest.java b/opendaylight/sal/api/src/test/java/org/opendaylight/controller/sal/authorization/AuthorizationTest.java
index 518e9c607c..55adfdac51 100644
--- a/opendaylight/sal/api/src/test/java/org/opendaylight/controller/sal/authorization/AuthorizationTest.java
+++ b/opendaylight/sal/api/src/test/java/org/opendaylight/controller/sal/authorization/AuthorizationTest.java
@@ -52,7 +52,7 @@ import org.opendaylight.controller.sal.utils.NodeCreator;
 	@Test
 	public void testAppRoleLevel() {
 		AppRoleLevel appRoleLevel = AppRoleLevel.APPOPERATOR;
-		Assert.assertTrue(appRoleLevel.toString().equals("Network-Operator"));
+		Assert.assertTrue(appRoleLevel.toString().equals("App-Operator"));
 		Assert.assertTrue(appRoleLevel.toNumber() == 2);
 		Assert.assertTrue(appRoleLevel.toStringPretty().equals("Application Operator"));
 	}
@@ -64,4 +64,14 @@ import org.opendaylight.controller.sal.utils.NodeCreator;
 		Assert.assertTrue(userLevel.toNumber() == 0);
 		Assert.assertTrue(userLevel.toStringPretty().equals("System Administrator"));
 	}
+	
+	@Test
+	public void testAppRoleLevelFromString() {
+		Assert.assertTrue(AppRoleLevel.fromString("App-Admin") == AppRoleLevel.APPADMIN);
+		Assert.assertTrue(AppRoleLevel.fromString("App-User") == AppRoleLevel.APPUSER);
+		Assert.assertTrue(AppRoleLevel.fromString("App-Operator") == AppRoleLevel.APPOPERATOR);
+		Assert.assertTrue(AppRoleLevel.fromString(" ") == null);
+		Assert.assertTrue(AppRoleLevel.fromString("") == null);
+		Assert.assertTrue(AppRoleLevel.fromString("App-Admini") == null);		
+	}
 }
diff --git a/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/internal/UserManagerImpl.java b/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/internal/UserManagerImpl.java
index 7147c0ac0f..0aad599222 100644
--- a/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/internal/UserManagerImpl.java
+++ b/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/internal/UserManagerImpl.java
@@ -825,12 +825,20 @@ public class UserManagerImpl implements IUserManager, IObjectReader,
     @Override
     public UserLevel getUserLevel(String username) {
         // Returns the controller well-know user level for the passed user
-        if (!activeUsers.containsKey(username)) {
-            return UserLevel.NOUSER;
-        }
+    	String roleName = null;
 
+    	// First check in active users then in local configured users
+        if (activeUsers.containsKey(username)) {
+        	roleName = activeUsers.get(username).getUserRoles().get(0);
+        } else if (localUserConfigList.containsKey(username)) {
+        	roleName = localUserConfigList.get(username).getRole();
+        }
+        
+        if (roleName == null) {
+        	return UserLevel.NOUSER;
+        }
+        
         // For now only one role per user is allowed
-        String roleName = activeUsers.get(username).getUserRoles().get(0);
         if (roleName.equals(UserLevel.SYSTEMADMIN.toString())) {
             return UserLevel.SYSTEMADMIN;
         }
@@ -851,7 +859,6 @@ public class UserManagerImpl implements IUserManager, IObjectReader,
             }
         }
         return UserLevel.NOUSER;
-
     }
 
     @Override
diff --git a/opendaylight/usermanager/src/test/java/org/opendaylight/controller/usermanager/internal/UserManagerImplTest.java b/opendaylight/usermanager/src/test/java/org/opendaylight/controller/usermanager/internal/UserManagerImplTest.java
index 5b65028ca4..ec7b136039 100644
--- a/opendaylight/usermanager/src/test/java/org/opendaylight/controller/usermanager/internal/UserManagerImplTest.java
+++ b/opendaylight/usermanager/src/test/java/org/opendaylight/controller/usermanager/internal/UserManagerImplTest.java
@@ -13,8 +13,10 @@ import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
+import java.util.Date;
 import java.util.concurrent.ConcurrentHashMap;
 
+import org.junit.Assert;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.opendaylight.controller.sal.authorization.AuthResultEnum;
@@ -228,4 +230,19 @@ public class UserManagerImplTest {
 	public void testReadObject() {
 		// fail("Not yet implemented");
 	}
+	
+	@Test
+	public void testGetUserLevel() {
+		um.addLocalUser(new UserConfig("Jack", "password",
+				UserLevel.SYSTEMADMIN.toString()));
+		um.authenticate("Jack", "password");
+		
+		um.addLocalUser(new UserConfig("John", "password",
+				UserLevel.NETWORKOPERATOR.toString()));
+		// Run the check on authenticated user
+		Assert.assertTrue(um.getUserLevel("Jack") == UserLevel.SYSTEMADMIN);
+		// Run the check on configured users
+		Assert.assertTrue(um.getUserLevel("John") == UserLevel.NETWORKOPERATOR);
+		Assert.assertTrue(um.getUserLevel("Andrew") == UserLevel.NOUSER);
+	}
 }
-- 
2.36.6