Authorithy checks added (abap-observability-tools#135)

* table authorization group added

* authorization package added

* abapDoc added to auth checker class

* abaplint fixes

src/zamp_auth/package.devc.xml

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="utf-8"?>
+<abapGit version="v1.0.0" serializer="LCL_OBJECT_DEVC" serializer_version="v1.0.0">
+ <asx:abap xmlns:asx="http://www.sap.com/abapxml" version="1.0">
+  <asx:values>
+   <DEVC>
+    <CTEXT>amp authorization</CTEXT>
+   </DEVC>
+  </asx:values>
+ </asx:abap>
+</abapGit>

src/zamp_auth/zamp.susc.xml

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8"?>
+<abapGit version="v1.0.0" serializer="LCL_OBJECT_SUSC" serializer_version="v1.0.0">
+ <asx:abap xmlns:asx="http://www.sap.com/abapxml" version="1.0">
+  <asx:values>
+   <TOBC>
+    <OCLSS>ZAMP</OCLSS>
+   </TOBC>
+   <TOBCT>
+    <LANGU>E</LANGU>
+    <OCLSS>ZAMP</OCLSS>
+    <CTEXT>abap-metrics-provider</CTEXT>
+   </TOBCT>
+  </asx:values>
+ </asx:abap>
+</abapGit>

src/zamp_auth/zamp_actio.auth.xml

@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="utf-8"?>
+<abapGit version="v1.0.0" serializer="LCL_OBJECT_AUTH" serializer_version="v1.0.0">
+ <asx:abap xmlns:asx="http://www.sap.com/abapxml" version="1.0">
+  <asx:values>
+   <AUTHX>
+    <FIELDNAME>ZAMP_ACTIO</FIELDNAME>
+    <ROLLNAME>ZAMP_AUTH_ACTION</ROLLNAME>
+   </AUTHX>
+  </asx:values>
+ </asx:abap>
+</abapGit>

src/zamp_auth/zamp_auth.suso.xml

@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?>
+<abapGit version="v1.0.0" serializer="LCL_OBJECT_SUSO" serializer_version="v1.0.0">
+ <asx:abap xmlns:asx="http://www.sap.com/abapxml" version="1.0">
+  <asx:values>
+   <TOBJ>
+    <OBJCT>ZAMP_AUTH</OBJCT>
+    <FIEL1>ZAMP_ACTIO</FIEL1>
+    <OCLSS>ZAMP</OCLSS>
+   </TOBJ>
+   <TOBJT>
+    <LANGU>E</LANGU>
+    <OBJECT>ZAMP_AUTH</OBJECT>
+    <TTEXT>amp authorization</TTEXT>
+   </TOBJT>
+   <TOBJVORFLG>
+    <OBJCT>ZAMP_AUTH</OBJCT>
+   </TOBJVORFLG>
+  </asx:values>
+ </asx:abap>
+</abapGit>

src/zamp_auth/zamp_auth_action.doma.xml

@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="utf-8"?>
+<abapGit version="v1.0.0" serializer="LCL_OBJECT_DOMA" serializer_version="v1.0.0">
+ <asx:abap xmlns:asx="http://www.sap.com/abapxml" version="1.0">
+  <asx:values>
+   <DD01V>
+    <DOMNAME>ZAMP_AUTH_ACTION</DOMNAME>
+    <DDLANGUAGE>E</DDLANGUAGE>
+    <DATATYPE>CHAR</DATATYPE>
+    <LENG>000020</LENG>
+    <OUTPUTLEN>000020</OUTPUTLEN>
+    <VALEXI>X</VALEXI>
+    <DDTEXT>amp auth action</DDTEXT>
+   </DD01V>
+   <DD07V_TAB>
+    <DD07V>
+     <DOMNAME>ZAMP_AUTH_ACTION</DOMNAME>
+     <VALPOS>0001</VALPOS>
+     <DDLANGUAGE>E</DDLANGUAGE>
+     <DOMVALUE_L>SCRAPER</DOMVALUE_L>
+     <DDTEXT>allowed to scrape metrics</DDTEXT>
+    </DD07V>
+    <DD07V>
+     <DOMNAME>ZAMP_AUTH_ACTION</DOMNAME>
+     <VALPOS>0002</VALPOS>
+     <DDLANGUAGE>E</DDLANGUAGE>
+     <DOMVALUE_L>PROVIDER</DOMVALUE_L>
+     <DDTEXT>allowed to provide metrics</DDTEXT>
+    </DD07V>
+    <DD07V>
+     <DOMNAME>ZAMP_AUTH_ACTION</DOMNAME>
+     <VALPOS>0003</VALPOS>
+     <DDLANGUAGE>E</DDLANGUAGE>
+     <DOMVALUE_L>DELETER</DOMVALUE_L>
+     <DDTEXT>allowed to delete metrics</DDTEXT>
+    </DD07V>
+   </DD07V_TAB>
+  </asx:values>
+ </asx:abap>
+</abapGit>

src/zamp_auth/zamp_auth_action.dtel.xml

@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="utf-8"?>
+<abapGit version="v1.0.0" serializer="LCL_OBJECT_DTEL" serializer_version="v1.0.0">
+ <asx:abap xmlns:asx="http://www.sap.com/abapxml" version="1.0">
+  <asx:values>
+   <DD04V>
+    <ROLLNAME>ZAMP_AUTH_ACTION</ROLLNAME>
+    <DDLANGUAGE>E</DDLANGUAGE>
+    <DOMNAME>ZAMP_AUTH_ACTION</DOMNAME>
+    <HEADLEN>15</HEADLEN>
+    <SCRLEN1>10</SCRLEN1>
+    <SCRLEN2>15</SCRLEN2>
+    <SCRLEN3>15</SCRLEN3>
+    <DDTEXT>amp auth action</DDTEXT>
+    <REPTEXT>amp auth action</REPTEXT>
+    <SCRTEXT_S>amp auth a</SCRTEXT_S>
+    <SCRTEXT_M>amp auth action</SCRTEXT_M>
+    <SCRTEXT_L>amp auth action</SCRTEXT_L>
+    <DTELMASTER>E</DTELMASTER>
+    <REFKIND>D</REFKIND>
+   </DD04V>
+  </asx:values>
+ </asx:abap>
+</abapGit>

src/zamp_auth/zamp_auth_cust s_tabu_dis.sucu.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<abapGit version="v1.0.0" serializer="LCL_OBJECT_SUCU" serializer_version="v1.0.0">
+ <asx:abap xmlns:asx="http://www.sap.com/abapxml" version="1.0">
+  <asx:values>
+   <TBRG_AUTH>
+    <TBRG_AUTH>
+     <BRGRU>ZAMP_AUTH_CUST</BRGRU>
+     <OBJECT>S_TABU_DIS</OBJECT>
+    </TBRG_AUTH>
+   </TBRG_AUTH>
+   <TBRG_AUTHT>
+    <TBRG_AUTHT>
+     <SPRAS>E</SPRAS>
+     <BRGRU>ZAMP_AUTH_CUST</BRGRU>
+     <OBJECT>S_TABU_DIS</OBJECT>
+     <BEZEI>amp authorization customizing</BEZEI>
+    </TBRG_AUTHT>
+   </TBRG_AUTHT>
+  </asx:values>
+ </asx:abap>
+</abapGit>

src/zamp_auth/zcl_amp_auth_checker.clas.abap

@@ -0,0 +1,68 @@
+CLASS zcl_amp_auth_checker DEFINITION
+  PUBLIC
+  FINAL
+  CREATE PUBLIC .
+
+  PUBLIC SECTION.
+
+    "! <p class="shorttext synchronized" lang="en">authority check scraping metrics</p>
+    "! check if user is allowed to scrape metrics via SICF
+    "! @parameter is_allowed | <p class="shorttext synchronized" lang="en">abap_true if authority check is successful
+    "! </p>
+    METHODS is_scraping_allowed
+      RETURNING VALUE(is_allowed) TYPE flag.
+    "! <p class="shorttext synchronized" lang="en">authority check providing metrics</p>
+    "! check if user is allowed to provide metrics
+    "! @parameter is_allowed | <p class="shorttext synchronized" lang="en">abap_true if authority check is successful
+    "! </p>
+    METHODS is_providing_allowed
+      RETURNING VALUE(is_allowed) TYPE flag.
+    "! <p class="shorttext synchronized" lang="en">authority check deleting metrics</p>
+    "! check if user is allowed to delete metrics from the metrics store
+    "! @parameter is_allowed | <p class="shorttext synchronized" lang="en">abap_true if authority check is successful
+    "! </p>
+    METHODS is_deleting_allowed
+      RETURNING VALUE(is_allowed) TYPE flag.
+
+  PROTECTED SECTION.
+  PRIVATE SECTION.
+ENDCLASS.
+
+
+
+CLASS zcl_amp_auth_checker IMPLEMENTATION.
+  METHOD is_scraping_allowed.
+
+    AUTHORITY-CHECK OBJECT 'ZAMP_AUTH'
+      ID 'ZAMP_ACTIO' FIELD 'PROVIDER'.
+    IF sy-subrc = 0.
+      is_allowed = abap_true.
+    ELSE.
+      is_allowed = abap_false.
+    ENDIF.
+
+  ENDMETHOD.
+
+  METHOD is_providing_allowed.
+
+    AUTHORITY-CHECK OBJECT 'ZAMP_AUTH'
+      ID 'ZAMP_ACTIO' FIELD 'SCRAPER'.
+    IF sy-subrc = 0.
+      is_allowed = abap_true.
+    ELSE.
+      is_allowed = abap_false.
+    ENDIF.
+
+  ENDMETHOD.
+
+  METHOD is_deleting_allowed.
+    AUTHORITY-CHECK OBJECT 'ZAMP_AUTH'
+      ID 'ZAMP_ACTIO' FIELD 'DELETER'.
+    IF sy-subrc = 0.
+      is_allowed = abap_true.
+    ELSE.
+      is_allowed = abap_false.
+    ENDIF.
+  ENDMETHOD.
+
+ENDCLASS.

src/zamp_auth/zcl_amp_auth_checker.clas.xml

@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="utf-8"?>
+<abapGit version="v1.0.0" serializer="LCL_OBJECT_CLAS" serializer_version="v1.0.0">
+ <asx:abap xmlns:asx="http://www.sap.com/abapxml" version="1.0">
+  <asx:values>
+   <VSEOCLASS>
+    <CLSNAME>ZCL_AMP_AUTH_CHECKER</CLSNAME>
+    <LANGU>E</LANGU>
+    <DESCRIPT>contains all authorithy checks</DESCRIPT>
+    <STATE>1</STATE>
+    <CLSCCINCL>X</CLSCCINCL>
+    <FIXPT>X</FIXPT>
+    <UNICODE>X</UNICODE>
+   </VSEOCLASS>
+   <DESCRIPTIONS>
+    <SEOCOMPOTX>
+     <CLSNAME>ZCL_AMP_AUTH_CHECKER</CLSNAME>
+     <CMPNAME>IS_DELETING_ALLOWED</CMPNAME>
+     <LANGU>E</LANGU>
+     <DESCRIPT>authority check deleting metrics</DESCRIPT>
+    </SEOCOMPOTX>
+    <SEOCOMPOTX>
+     <CLSNAME>ZCL_AMP_AUTH_CHECKER</CLSNAME>
+     <CMPNAME>IS_PROVIDING_ALLOWED</CMPNAME>
+     <LANGU>E</LANGU>
+     <DESCRIPT>authority check providing metrics</DESCRIPT>
+    </SEOCOMPOTX>
+    <SEOCOMPOTX>
+     <CLSNAME>ZCL_AMP_AUTH_CHECKER</CLSNAME>
+     <CMPNAME>IS_SCRAPING_ALLOWED</CMPNAME>
+     <LANGU>E</LANGU>
+     <DESCRIPT>authority check scraping metrics</DESCRIPT>
+    </SEOCOMPOTX>
+   </DESCRIPTIONS>
+  </asx:values>
+ </asx:abap>
+</abapGit>

src/zamp_collector/zcl_amp_c_bal_logs.clas.abap

@@ -96,4 +96,4 @@ CLASS zcl_amp_c_bal_logs IMPLEMENTATION.
                      ELSE msgty ).
   ENDMETHOD.
 
-ENDCLASS.
+ENDCLASS.

src/zamp_customizing/zampv_config_prov.tobj.xml

@@ -26,7 +26,7 @@
    <TOBJ>
     <TDDAT>
      <TABNAME>ZAMPV_CONFIG_PRO</TABNAME>
-     <CCLASS>&amp;NC&amp;</CCLASS>
+     <CCLASS>ZAMP_AUTH_CUST</CCLASS>
     </TDDAT>
     <TVDIR>
      <TABNAME>ZAMPV_CONFIG_PRO</TABNAME>

src/zamp_customizing/zampv_config_scev.tobj.xml

@@ -26,7 +26,7 @@
    <TOBJ>
     <TDDAT>
      <TABNAME>ZAMPV_CONFIG_SCE</TABNAME>
-     <CCLASS>&amp;NC&amp;</CCLASS>
+     <CCLASS>ZAMP_AUTH_CUST</CCLASS>
     </TDDAT>
     <TVDIR>
      <TABNAME>ZAMPV_CONFIG_SCE</TABNAME>

src/zamp_provider/zamp_metrics_provider.prog.abap

@@ -9,4 +9,8 @@ PARAMETERS scenario TYPE zamp_config_scen-metric_scenario.
 
 START-OF-SELECTION.
 
-  NEW zcl_amp_strategist( )->provide_metrics( scenario ).
+  IF NEW zcl_amp_auth_checker( )->is_providing_allowed( ) = abap_true.
+    NEW zcl_amp_strategist( )->provide_metrics( scenario ).
+  ELSE.
+    MESSAGE 'no authority' TYPE 'E'.
+  ENDIF.

src/zamp_scraper/zcl_amp_scraper.clas.abap

@@ -18,26 +18,37 @@ CLASS zcl_amp_scraper IMPLEMENTATION.
     DATA url_parameteres    TYPE tihttpnvp.
     DATA content_type       TYPE string.
 
-    "just to check the whole list of parameters in the debugger
-    server->request->get_form_fields( CHANGING fields  = url_parameteres ).
+    IF NEW zcl_amp_auth_checker( )->is_scraping_allowed( ) = abap_true.
 
-    DATA(scenario) = server->request->get_form_field( name = 'scenario' ).
+      "just to check the whole list of parameters in the debugger
+      server->request->get_form_fields( CHANGING fields  = url_parameteres ).
 
-    SELECT *
-      FROM zamp_store
-      INTO TABLE @metric_store
-      WHERE metric_scenario = @scenario.
+      DATA(scenario) = server->request->get_form_field( name = 'scenario' ).
 
-    DATA(converter) = NEW zcl_amp_customizing_base( scenario = CONV #( scenario ) )->get_metric_converter( ).
+      SELECT *
+        FROM zamp_store
+        INTO TABLE @metric_store
+        WHERE metric_scenario = @scenario.
 
+      DATA(converter) = NEW zcl_amp_customizing_base( scenario = CONV #( scenario ) )->get_metric_converter( ).
 
-    DATA(cdata) = converter->convert( EXPORTING
-                                        metric_store = metric_store
-                                      IMPORTING
-                                        content_type = content_type ).
 
-    server->response->set_cdata( cdata ).
-    server->response->set_content_type( content_type ).
+      DATA(cdata) = converter->convert( EXPORTING
+                                          metric_store = metric_store
+                                        IMPORTING
+                                          content_type = content_type ).
+
+      server->response->set_cdata( cdata ).
+      server->response->set_content_type( content_type ).
+      server->response->set_status( code   = '200'
+                              reason = 'metrics provided' ).
+
+    ELSE.
+      server->response->set_cdata( |no authority| ).
+      server->response->set_status( code   = '401'
+                                    reason = 'no authority' ).
+
+    ENDIF.
 
   ENDMETHOD.
 

src/zamp_store/zamp_clear_zamp_store.prog.abap

@@ -5,4 +5,8 @@
 *&---------------------------------------------------------------------*
 REPORT zamp_clear_zamp_store.
 
-DELETE FROM zamp_store.
+IF NEW zcl_amp_auth_checker( )->is_deleting_allowed( ) = abap_true.
+  DELETE FROM zamp_store.
+ELSE.
+  MESSAGE 'no authority' TYPE 'E'.
+ENDIF.