001package gov.nist.secauto.oscal.lib.model; 002 003import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValue; 004import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValues; 005import gov.nist.secauto.metaschema.binding.model.annotations.BoundAssembly; 006import gov.nist.secauto.metaschema.binding.model.annotations.BoundField; 007import gov.nist.secauto.metaschema.binding.model.annotations.BoundFieldValue; 008import gov.nist.secauto.metaschema.binding.model.annotations.BoundFlag; 009import gov.nist.secauto.metaschema.binding.model.annotations.GroupAs; 010import gov.nist.secauto.metaschema.binding.model.annotations.IndexHasKey; 011import gov.nist.secauto.metaschema.binding.model.annotations.KeyField; 012import gov.nist.secauto.metaschema.binding.model.annotations.MetaschemaAssembly; 013import gov.nist.secauto.metaschema.binding.model.annotations.ValueConstraints; 014import gov.nist.secauto.metaschema.model.common.JsonGroupAsBehavior; 015import gov.nist.secauto.metaschema.model.common.constraint.IConstraint; 016import gov.nist.secauto.metaschema.model.common.datatype.adapter.TokenAdapter; 017import gov.nist.secauto.metaschema.model.common.datatype.adapter.UuidAdapter; 018import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupLine; 019import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupLineAdapter; 020import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultiline; 021import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultilineAdapter; 022import gov.nist.secauto.metaschema.model.common.util.ObjectUtils; 023import java.lang.Override; 024import java.lang.String; 025import java.util.LinkedList; 026import java.util.List; 027import java.util.UUID; 028import org.apache.commons.lang3.builder.MultilineRecursiveToStringStyle; 029import org.apache.commons.lang3.builder.ReflectionToStringBuilder; 030 031/** 032 * A type of user that interacts with the system based on an associated role. 033 */ 034@MetaschemaAssembly( 035 formalName = "System User", 036 description = "A type of user that interacts with the system based on an associated role.", 037 name = "system-user", 038 metaschema = OscalImplementationCommonMetaschema.class, 039 remarks = "Permissible values to be determined closer to the application, such as by a receiving authority." 040) 041@ValueConstraints( 042 allowedValues = { 043 @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name", values = {@AllowedValue(value = "type", description = "The type of user, such as internal, external, or general-public."), @AllowedValue(value = "privilege-level", description = "The user's privilege level within the system, such as privileged, non-privileged, no-logical-access.")}), 044 @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='type']/@value", values = {@AllowedValue(value = "internal", description = "A user account for a person or entity that is part of the organization who owns or operates the system."), @AllowedValue(value = "external", description = "A user account for a person or entity that is not part of the organization who owns or operates the system."), @AllowedValue(value = "general-public", description = "A user of the system considered to be outside")}), 045 @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='privilege-level']/@value", values = {@AllowedValue(value = "privileged", description = "This role has elevated access to the system, such as a group or system administrator."), @AllowedValue(value = "non-privileged", description = "This role has typical user-level access to the system without elevated access."), @AllowedValue(value = "no-logical-access", description = "This role has no access to the system, such as a manager who approves access as part of a process.")}), 046 @AllowedValues(level = IConstraint.Level.ERROR, target = "role-id", allowOthers = true, values = {@AllowedValue(value = "asset-owner", description = "Accountable for ensuring the asset is managed in accordance with organizational policies and procedures."), @AllowedValue(value = "asset-administrator", description = "Responsible for administering a set of assets."), @AllowedValue(value = "security-operations", description = "Members of the security operations center (SOC)."), @AllowedValue(value = "network-operations", description = "Members of the network operations center (NOC)."), @AllowedValue(value = "incident-response", description = "Responsible for responding to an event that could lead to loss of, or disruption to, an organization's operations, services or functions."), @AllowedValue(value = "help-desk", description = "Responsible for providing information and support to users."), @AllowedValue(value = "configuration-management", description = "Responsible for the configuration management processes governing changes to the asset.")}) 047 } 048) 049public class SystemUser { 050 @BoundFlag( 051 formalName = "User Universally Unique Identifier", 052 description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this user class elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#scope). The locally defined *UUID* of the `system user` can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.", 053 useName = "uuid", 054 required = true, 055 typeAdapter = UuidAdapter.class 056 ) 057 private UUID _uuid; 058 059 /** 060 * "A name given to the user, which may be used by a tool for display and navigation." 061 */ 062 @BoundField( 063 formalName = "User Title", 064 description = "A name given to the user, which may be used by a tool for display and navigation.", 065 useName = "title" 066 ) 067 @BoundFieldValue( 068 typeAdapter = MarkupLineAdapter.class 069 ) 070 private MarkupLine _title; 071 072 /** 073 * "A short common name, abbreviation, or acronym for the user." 074 */ 075 @BoundField( 076 formalName = "User Short Name", 077 description = "A short common name, abbreviation, or acronym for the user.", 078 useName = "short-name" 079 ) 080 private String _shortName; 081 082 /** 083 * "A summary of the user's purpose within the system." 084 */ 085 @BoundField( 086 formalName = "User Description", 087 description = "A summary of the user's purpose within the system.", 088 useName = "description" 089 ) 090 @BoundFieldValue( 091 typeAdapter = MarkupMultilineAdapter.class 092 ) 093 private MarkupMultiline _description; 094 095 @BoundAssembly( 096 formalName = "Property", 097 description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.", 098 useName = "prop", 099 maxOccurs = -1 100 ) 101 @GroupAs( 102 name = "props", 103 inJson = JsonGroupAsBehavior.LIST 104 ) 105 private List<Property> _props; 106 107 @BoundAssembly( 108 formalName = "Link", 109 description = "A reference to a local or remote resource, that has a specific relation to the containing object.", 110 useName = "link", 111 maxOccurs = -1 112 ) 113 @GroupAs( 114 name = "links", 115 inJson = JsonGroupAsBehavior.LIST 116 ) 117 private List<Link> _links; 118 119 @BoundField( 120 formalName = "Role Identifier Reference", 121 description = "Reference to a role by UUID.", 122 useName = "role-id", 123 maxOccurs = -1 124 ) 125 @BoundFieldValue( 126 typeAdapter = TokenAdapter.class 127 ) 128 @ValueConstraints( 129 indexHasKey = @IndexHasKey(level = IConstraint.Level.ERROR, indexName = "index-metadata-role-id", keyFields = @KeyField) 130 ) 131 @GroupAs( 132 name = "role-ids", 133 inJson = JsonGroupAsBehavior.LIST 134 ) 135 private List<String> _roleIds; 136 137 @BoundAssembly( 138 formalName = "Privilege", 139 description = "Identifies a specific system privilege held by the user, along with an associated description and/or rationale for the privilege.", 140 useName = "authorized-privilege", 141 maxOccurs = -1 142 ) 143 @GroupAs( 144 name = "authorized-privileges", 145 inJson = JsonGroupAsBehavior.LIST 146 ) 147 private List<AuthorizedPrivilege> _authorizedPrivileges; 148 149 @BoundField( 150 formalName = "Remarks", 151 description = "Additional commentary about the containing object.", 152 useName = "remarks" 153 ) 154 @BoundFieldValue( 155 typeAdapter = MarkupMultilineAdapter.class 156 ) 157 private MarkupMultiline _remarks; 158 159 public SystemUser() { 160 } 161 162 public UUID getUuid() { 163 return _uuid; 164 } 165 166 public void setUuid(UUID value) { 167 _uuid = value; 168 } 169 170 public MarkupLine getTitle() { 171 return _title; 172 } 173 174 public void setTitle(MarkupLine value) { 175 _title = value; 176 } 177 178 public String getShortName() { 179 return _shortName; 180 } 181 182 public void setShortName(String value) { 183 _shortName = value; 184 } 185 186 public MarkupMultiline getDescription() { 187 return _description; 188 } 189 190 public void setDescription(MarkupMultiline value) { 191 _description = value; 192 } 193 194 public List<Property> getProps() { 195 return _props; 196 } 197 198 public void setProps(List<Property> value) { 199 _props = value; 200 } 201 202 /** 203 * Add a new {@link Property} item to the underlying collection. 204 * @param item the item to add 205 * @return {@code true} 206 */ 207 public boolean addProp(Property item) { 208 Property value = ObjectUtils.requireNonNull(item,"item cannot be null"); 209 if (_props == null) { 210 _props = new LinkedList<>(); 211 } 212 return _props.add(value); 213 } 214 215 /** 216 * Remove the first matching {@link Property} item from the underlying collection. 217 * @param item the item to remove 218 * @return {@code true} if the item was removed or {@code false} otherwise 219 */ 220 public boolean removeProp(Property item) { 221 Property value = ObjectUtils.requireNonNull(item,"item cannot be null"); 222 return _props == null ? false : _props.remove(value); 223 } 224 225 public List<Link> getLinks() { 226 return _links; 227 } 228 229 public void setLinks(List<Link> value) { 230 _links = value; 231 } 232 233 /** 234 * Add a new {@link Link} item to the underlying collection. 235 * @param item the item to add 236 * @return {@code true} 237 */ 238 public boolean addLink(Link item) { 239 Link value = ObjectUtils.requireNonNull(item,"item cannot be null"); 240 if (_links == null) { 241 _links = new LinkedList<>(); 242 } 243 return _links.add(value); 244 } 245 246 /** 247 * Remove the first matching {@link Link} item from the underlying collection. 248 * @param item the item to remove 249 * @return {@code true} if the item was removed or {@code false} otherwise 250 */ 251 public boolean removeLink(Link item) { 252 Link value = ObjectUtils.requireNonNull(item,"item cannot be null"); 253 return _links == null ? false : _links.remove(value); 254 } 255 256 public List<String> getRoleIds() { 257 return _roleIds; 258 } 259 260 public void setRoleIds(List<String> value) { 261 _roleIds = value; 262 } 263 264 /** 265 * Add a new {@link String} item to the underlying collection. 266 * @param item the item to add 267 * @return {@code true} 268 */ 269 public boolean addRoleId(String item) { 270 String value = ObjectUtils.requireNonNull(item,"item cannot be null"); 271 if (_roleIds == null) { 272 _roleIds = new LinkedList<>(); 273 } 274 return _roleIds.add(value); 275 } 276 277 /** 278 * Remove the first matching {@link String} item from the underlying collection. 279 * @param item the item to remove 280 * @return {@code true} if the item was removed or {@code false} otherwise 281 */ 282 public boolean removeRoleId(String item) { 283 String value = ObjectUtils.requireNonNull(item,"item cannot be null"); 284 return _roleIds == null ? false : _roleIds.remove(value); 285 } 286 287 public List<AuthorizedPrivilege> getAuthorizedPrivileges() { 288 return _authorizedPrivileges; 289 } 290 291 public void setAuthorizedPrivileges(List<AuthorizedPrivilege> value) { 292 _authorizedPrivileges = value; 293 } 294 295 /** 296 * Add a new {@link AuthorizedPrivilege} item to the underlying collection. 297 * @param item the item to add 298 * @return {@code true} 299 */ 300 public boolean addAuthorizedPrivilege(AuthorizedPrivilege item) { 301 AuthorizedPrivilege value = ObjectUtils.requireNonNull(item,"item cannot be null"); 302 if (_authorizedPrivileges == null) { 303 _authorizedPrivileges = new LinkedList<>(); 304 } 305 return _authorizedPrivileges.add(value); 306 } 307 308 /** 309 * Remove the first matching {@link AuthorizedPrivilege} item from the underlying collection. 310 * @param item the item to remove 311 * @return {@code true} if the item was removed or {@code false} otherwise 312 */ 313 public boolean removeAuthorizedPrivilege(AuthorizedPrivilege item) { 314 AuthorizedPrivilege value = ObjectUtils.requireNonNull(item,"item cannot be null"); 315 return _authorizedPrivileges == null ? false : _authorizedPrivileges.remove(value); 316 } 317 318 public MarkupMultiline getRemarks() { 319 return _remarks; 320 } 321 322 public void setRemarks(MarkupMultiline value) { 323 _remarks = value; 324 } 325 326 @Override 327 public String toString() { 328 return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString(); 329 } 330}