1 package gov.nist.secauto.oscal.lib.model;
2
3 import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValue;
4 import gov.nist.secauto.metaschema.binding.model.annotations.AllowedValues;
5 import gov.nist.secauto.metaschema.binding.model.annotations.BoundAssembly;
6 import gov.nist.secauto.metaschema.binding.model.annotations.BoundField;
7 import gov.nist.secauto.metaschema.binding.model.annotations.BoundFieldValue;
8 import gov.nist.secauto.metaschema.binding.model.annotations.BoundFlag;
9 import gov.nist.secauto.metaschema.binding.model.annotations.GroupAs;
10 import gov.nist.secauto.metaschema.binding.model.annotations.IndexHasKey;
11 import gov.nist.secauto.metaschema.binding.model.annotations.KeyField;
12 import gov.nist.secauto.metaschema.binding.model.annotations.MetaschemaAssembly;
13 import gov.nist.secauto.metaschema.binding.model.annotations.ValueConstraints;
14 import gov.nist.secauto.metaschema.model.common.JsonGroupAsBehavior;
15 import gov.nist.secauto.metaschema.model.common.constraint.IConstraint;
16 import gov.nist.secauto.metaschema.model.common.datatype.adapter.TokenAdapter;
17 import gov.nist.secauto.metaschema.model.common.datatype.adapter.UuidAdapter;
18 import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupLine;
19 import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupLineAdapter;
20 import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultiline;
21 import gov.nist.secauto.metaschema.model.common.datatype.markup.MarkupMultilineAdapter;
22 import gov.nist.secauto.metaschema.model.common.util.ObjectUtils;
23 import java.lang.Override;
24 import java.lang.String;
25 import java.util.LinkedList;
26 import java.util.List;
27 import java.util.UUID;
28 import org.apache.commons.lang3.builder.MultilineRecursiveToStringStyle;
29 import org.apache.commons.lang3.builder.ReflectionToStringBuilder;
30
31
32
33
34 @MetaschemaAssembly(
35 formalName = "System User",
36 description = "A type of user that interacts with the system based on an associated role.",
37 name = "system-user",
38 metaschema = OscalImplementationCommonMetaschema.class,
39 remarks = "Permissible values to be determined closer to the application, such as by a receiving authority."
40 )
41 @ValueConstraints(
42 allowedValues = {
43 @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal')]/@name", values = {@AllowedValue(value = "type", description = "The type of user, such as internal, external, or general-public."), @AllowedValue(value = "privilege-level", description = "The user's privilege level within the system, such as privileged, non-privileged, no-logical-access.")}),
44 @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='type']/@value", values = {@AllowedValue(value = "internal", description = "A user account for a person or entity that is part of the organization who owns or operates the system."), @AllowedValue(value = "external", description = "A user account for a person or entity that is not part of the organization who owns or operates the system."), @AllowedValue(value = "general-public", description = "A user of the system considered to be outside")}),
45 @AllowedValues(level = IConstraint.Level.ERROR, target = "prop[has-oscal-namespace('http://csrc.nist.gov/ns/oscal') and @name='privilege-level']/@value", values = {@AllowedValue(value = "privileged", description = "This role has elevated access to the system, such as a group or system administrator."), @AllowedValue(value = "non-privileged", description = "This role has typical user-level access to the system without elevated access."), @AllowedValue(value = "no-logical-access", description = "This role has no access to the system, such as a manager who approves access as part of a process.")}),
46 @AllowedValues(level = IConstraint.Level.ERROR, target = "role-id", allowOthers = true, values = {@AllowedValue(value = "asset-owner", description = "Accountable for ensuring the asset is managed in accordance with organizational policies and procedures."), @AllowedValue(value = "asset-administrator", description = "Responsible for administering a set of assets."), @AllowedValue(value = "security-operations", description = "Members of the security operations center (SOC)."), @AllowedValue(value = "network-operations", description = "Members of the network operations center (NOC)."), @AllowedValue(value = "incident-response", description = "Responsible for responding to an event that could lead to loss of, or disruption to, an organization's operations, services or functions."), @AllowedValue(value = "help-desk", description = "Responsible for providing information and support to users."), @AllowedValue(value = "configuration-management", description = "Responsible for the configuration management processes governing changes to the asset.")})
47 }
48 )
49 public class SystemUser {
50 @BoundFlag(
51 formalName = "User Universally Unique Identifier",
52 description = "A [machine-oriented](https://pages.nist.gov/OSCAL/concepts/identifier-use/#machine-oriented), [globally unique](https://pages.nist.gov/OSCAL/concepts/identifier-use/#globally-unique) identifier with [cross-instance](https://pages.nist.gov/OSCAL/concepts/identifier-use/#cross-instance) scope that can be used to reference this user class elsewhere in [this or other OSCAL instances](https://pages.nist.gov/OSCAL/concepts/identifier-use/#scope). The locally defined *UUID* of the `system user` can be used to reference the data item locally or globally (e.g., in an imported OSCAL instance). This UUID should be assigned [per-subject](https://pages.nist.gov/OSCAL/concepts/identifier-use/#consistency), which means it should be consistently used to identify the same subject across revisions of the document.",
53 useName = "uuid",
54 required = true,
55 typeAdapter = UuidAdapter.class
56 )
57 private UUID _uuid;
58
59
60
61
62 @BoundField(
63 formalName = "User Title",
64 description = "A name given to the user, which may be used by a tool for display and navigation.",
65 useName = "title"
66 )
67 @BoundFieldValue(
68 typeAdapter = MarkupLineAdapter.class
69 )
70 private MarkupLine _title;
71
72
73
74
75 @BoundField(
76 formalName = "User Short Name",
77 description = "A short common name, abbreviation, or acronym for the user.",
78 useName = "short-name"
79 )
80 private String _shortName;
81
82
83
84
85 @BoundField(
86 formalName = "User Description",
87 description = "A summary of the user's purpose within the system.",
88 useName = "description"
89 )
90 @BoundFieldValue(
91 typeAdapter = MarkupMultilineAdapter.class
92 )
93 private MarkupMultiline _description;
94
95 @BoundAssembly(
96 formalName = "Property",
97 description = "An attribute, characteristic, or quality of the containing object expressed as a namespace qualified name/value pair.",
98 useName = "prop",
99 maxOccurs = -1
100 )
101 @GroupAs(
102 name = "props",
103 inJson = JsonGroupAsBehavior.LIST
104 )
105 private List<Property> _props;
106
107 @BoundAssembly(
108 formalName = "Link",
109 description = "A reference to a local or remote resource, that has a specific relation to the containing object.",
110 useName = "link",
111 maxOccurs = -1
112 )
113 @GroupAs(
114 name = "links",
115 inJson = JsonGroupAsBehavior.LIST
116 )
117 private List<Link> _links;
118
119 @BoundField(
120 formalName = "Role Identifier Reference",
121 description = "Reference to a role by UUID.",
122 useName = "role-id",
123 maxOccurs = -1
124 )
125 @BoundFieldValue(
126 typeAdapter = TokenAdapter.class
127 )
128 @ValueConstraints(
129 indexHasKey = @IndexHasKey(level = IConstraint.Level.ERROR, indexName = "index-metadata-role-id", keyFields = @KeyField)
130 )
131 @GroupAs(
132 name = "role-ids",
133 inJson = JsonGroupAsBehavior.LIST
134 )
135 private List<String> _roleIds;
136
137 @BoundAssembly(
138 formalName = "Privilege",
139 description = "Identifies a specific system privilege held by the user, along with an associated description and/or rationale for the privilege.",
140 useName = "authorized-privilege",
141 maxOccurs = -1
142 )
143 @GroupAs(
144 name = "authorized-privileges",
145 inJson = JsonGroupAsBehavior.LIST
146 )
147 private List<AuthorizedPrivilege> _authorizedPrivileges;
148
149 @BoundField(
150 formalName = "Remarks",
151 description = "Additional commentary about the containing object.",
152 useName = "remarks"
153 )
154 @BoundFieldValue(
155 typeAdapter = MarkupMultilineAdapter.class
156 )
157 private MarkupMultiline _remarks;
158
159 public SystemUser() {
160 }
161
162 public UUID getUuid() {
163 return _uuid;
164 }
165
166 public void setUuid(UUID value) {
167 _uuid = value;
168 }
169
170 public MarkupLine getTitle() {
171 return _title;
172 }
173
174 public void setTitle(MarkupLine value) {
175 _title = value;
176 }
177
178 public String getShortName() {
179 return _shortName;
180 }
181
182 public void setShortName(String value) {
183 _shortName = value;
184 }
185
186 public MarkupMultiline getDescription() {
187 return _description;
188 }
189
190 public void setDescription(MarkupMultiline value) {
191 _description = value;
192 }
193
194 public List<Property> getProps() {
195 return _props;
196 }
197
198 public void setProps(List<Property> value) {
199 _props = value;
200 }
201
202
203
204
205
206
207 public boolean addProp(Property item) {
208 Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
209 if (_props == null) {
210 _props = new LinkedList<>();
211 }
212 return _props.add(value);
213 }
214
215
216
217
218
219
220 public boolean removeProp(Property item) {
221 Property value = ObjectUtils.requireNonNull(item,"item cannot be null");
222 return _props == null ? false : _props.remove(value);
223 }
224
225 public List<Link> getLinks() {
226 return _links;
227 }
228
229 public void setLinks(List<Link> value) {
230 _links = value;
231 }
232
233
234
235
236
237
238 public boolean addLink(Link item) {
239 Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
240 if (_links == null) {
241 _links = new LinkedList<>();
242 }
243 return _links.add(value);
244 }
245
246
247
248
249
250
251 public boolean removeLink(Link item) {
252 Link value = ObjectUtils.requireNonNull(item,"item cannot be null");
253 return _links == null ? false : _links.remove(value);
254 }
255
256 public List<String> getRoleIds() {
257 return _roleIds;
258 }
259
260 public void setRoleIds(List<String> value) {
261 _roleIds = value;
262 }
263
264
265
266
267
268
269 public boolean addRoleId(String item) {
270 String value = ObjectUtils.requireNonNull(item,"item cannot be null");
271 if (_roleIds == null) {
272 _roleIds = new LinkedList<>();
273 }
274 return _roleIds.add(value);
275 }
276
277
278
279
280
281
282 public boolean removeRoleId(String item) {
283 String value = ObjectUtils.requireNonNull(item,"item cannot be null");
284 return _roleIds == null ? false : _roleIds.remove(value);
285 }
286
287 public List<AuthorizedPrivilege> getAuthorizedPrivileges() {
288 return _authorizedPrivileges;
289 }
290
291 public void setAuthorizedPrivileges(List<AuthorizedPrivilege> value) {
292 _authorizedPrivileges = value;
293 }
294
295
296
297
298
299
300 public boolean addAuthorizedPrivilege(AuthorizedPrivilege item) {
301 AuthorizedPrivilege value = ObjectUtils.requireNonNull(item,"item cannot be null");
302 if (_authorizedPrivileges == null) {
303 _authorizedPrivileges = new LinkedList<>();
304 }
305 return _authorizedPrivileges.add(value);
306 }
307
308
309
310
311
312
313 public boolean removeAuthorizedPrivilege(AuthorizedPrivilege item) {
314 AuthorizedPrivilege value = ObjectUtils.requireNonNull(item,"item cannot be null");
315 return _authorizedPrivileges == null ? false : _authorizedPrivileges.remove(value);
316 }
317
318 public MarkupMultiline getRemarks() {
319 return _remarks;
320 }
321
322 public void setRemarks(MarkupMultiline value) {
323 _remarks = value;
324 }
325
326 @Override
327 public String toString() {
328 return new ReflectionToStringBuilder(this, MultilineRecursiveToStringStyle.MULTI_LINE_STYLE).toString();
329 }
330 }